Improving patient safety has rightly been prioritised by healthcare providers^1–3 and increasing attention is being given to the use of information technology-based solutions to reduce the disease burden associated with medical errors.⁴ Patients in England are in a potentially strong position to benefit given the major investment taking place through the NHS Connecting for Health’s National Programme for Information Technology.^5–7

This benefit may be realised most readily in primary care where, despite almost universal use in the UK,⁸ clinical computer systems have important deficiencies in relation to patient safety.⁹ A particular problem relates to the design of hazard alerts and a study from the US has usefully explored the views of primary care clinicians on this issue.¹⁰

In our study we interviewed a wide range of expert stakeholders to identify their views on the most important ways in which the use of general practice computer systems could be improved to enhance safety in primary care.

METHODS

Research team

Members of the research team have extensive knowledge of the individuals and organisations in the UK with an established interest and expertise in matters relating to the safety of general practice computer systems. They also have a breadth of relevant disciplinary expertise in informatics, primary care, pharmacy, psychology and social sciences.

Participants and setting

Research ethics committee approval was obtained for the study. We drew up a sampling frame to ensure that a wide range of expert stakeholders were included. This involved approaching academics, the main computer system vendors and drug database suppliers, and a number of relevant organisations (see table 1).

Using a snowballing approach, we also identified additional participants thought likely to offer important insights based on suggestions made in earlier interviews. Furthermore, in order to provide a user perspective, we purposefully selected general practitioners known, from our previous studies, to have a range of experiences of using clinical computer systems. We did not approach other members of the primary healthcare team or patients.

DATA GENERATION AND ANALYSIS

Semistructured interviews were conducted with stakeholders, in a setting of their choosing, using individualised topic guides tailored to gain the most from participants.¹¹ The main approach taken in the interviews was to enquire, in an open-ended manner, about participants’ views on the safety of general practice computer systems and how improvements could be made. Between one and three people were interviewed at each session and the interviewers encouraged participants to talk openly about any issues raised. All interviews were conducted face-to-face by AA and/or BS in 2003 and lasted between 45 minutes and two hours. Interviews were, with permission, audio-taped and transcribed verbatim together with accompanying detailed field notes.

Data analysis continued throughout the course of the field work. Two members of the team (AA and BS) independently read all transcripts and, using the constant comparison method,¹² identified and agreed on emerging themes. BS coded the transcripts accordingly using Microsoft Word. We did not use specialist qualitative analysis software. In order to increase rigour, the preliminary coded transcripts were divided between the four other team members (AS, CM, IB and ST) for comment on the emerging themes and appropriateness of coding. Having discussed the transcripts, the team members agreed on the final coding frame. Interviews continued until saturation was achieved in relation to the themes identified. As we reached the end of our interviews it was clear that no new themes were emerging.

RESULTS

All of the individuals and/or organisations approached agreed to participate in the study. In total, we interviewed 31 people (24 male and 7 female) in 25 interview sessions (see table 1). We identified four main themes and seven subthemes (see table 2).

DESIGNING SYSTEMS TO ENHANCE SAFETY

Accurate and relevant information for clinical decision-making

Many of the participants stressed the importance of designing clinical computer systems to provide relevant information at the point of decision-making. They noted that prerequisites for this include having accurate information about the patient already coded into the computer system and a sound underlying knowledge-base that can be accessed by the system before safety-critical decisions are made.

These points were highlighted by participants when discussing the importance of drug ontologies. These ontologies provide the knowledge base to enable computer systems to recognise the characteristics of a drug, relate these to information about the patient, and alert the prescriber to potential hazards. It was however made clear that problems can occur in relation to the appropriateness of the information held in the drug ontology, the level of detail used for recording the characteristics of drugs and whether clinical computer systems make full use of the information available.

Several participants (interviews 6, 7 and 25) suggested that drug database suppliers tend to include virtually all cautions, contraindications and potential drug interactions in their drug ontologies even when evidence for these is not strong. Their concern was that this leads to prescribers being alerted about unimportant issues which then diminishes the impact of more serious alerts.

Three participants were critical of database suppliers in relation to the above issues, while two acknowledged the difficulties involved in deciding not to include information about potential hazards given risks of litigation should a patient be harmed.


 “[…] you get far too much information, far too much feedback on things that you will […] regard as trivial and the net result is that the important point is lost with the trivia.” Medical litigation expert (interview 12)
 “… if you’re doing the authorising of the knowledge, you need to cover your backside and so you put in everything that potentially happened.” Systems vendor (interview 7)

A suggested solution was to grade alerts according to severity. However, other participants argued for developing more sophisticated approaches to the ways in which medical knowledge is incorporated into computer systems and how those systems support patient safety.


 “… we need medical knowledge engineered just as well as the system’s engineered and instead of forcing medical output into glossy journals it ought to be forced into modern engineering where it actually will be assimilated.” Expert in IT applied to health care (interview 4)
 “… we need to understand much more deeply, formally [patient safety] so that we can build software which is not only able to do the problem but separately is skilled at thinking about hazards, threats, risks, safety issues that will affect the patient.” Expert in computerised decision support (interview 20)

Another issue highlighted was computer system vendors not making full use of the drug ontologies available to them. For example, participants noted that the drug database used by most general practice computer systems in the UK contains information on contraindications and yet very few system vendors link this information to morbidity codes. As a result, most systems do not provide general practitioners with a comprehensive set of alerts for contraindications. Several participants argued that this issue could be resolved with relatively small investments of computer programmer time.

Taking account of human ergonomics

The psychologists in our sample highlighted the need to take account of ergonomics in the design of hazard alert messages. For example, they noted the importance of factors such as colour, font size, shapes and the positioning of alert messages on the computer screen as well as the use of signal words, such as “caution” or “warning”. They went on to say:


 “It’s about perception, it’s about integration […] with people’s mental models and then it’s about behavioural compliance, […] it’s about the whole system.” Psychologist (interview 25)

Others however pointed out that clinical computer systems appear to take little account of these factors in the design of alert messages (interviews 14, 22 and 24).

While several participants highlighted the need to take more account of human ergonomics in system design (interviews 10, 22 and 25), others noted the challenges that system vendors face:


 “You’re dealing with a very narrow vertical market—UK General Practice—and there has neither been the time nor the money to actually [design systems ergonomically] because invariably you will have to have more iterations of your software.” Expert in IT applied to health care (interview 4)

Audit trails

Participants noted that current clinical computer systems do not provide audit trails for actions taken by prescribers following hazard alerts, even though there are audit trails for other aspects of clinical care. Several participants felt that there would be advantages to having audit trails for hazard alerts (interviews 2, 10, 12 and 14), particularly if they gave prescribers opportunities to record why they had overridden potentially important alerts.

While it is technically possible to include these audit trails, some participants cautioned against having too many situations where users are required to justify their reasons for an action as this may not always have the desired effect:


 “... And previous work that other people have done on asking people to put in justifications as to why they do something have resulted in a great deal of recording of ASDFG [the typing of meaningless letters].” Expert in computerised clinical decision support (interview 9)

Enabling accurate transfer of information between clinical computer systems

Several participants noted that there are problems currently with transferring information between different types of clinical computer system (interviews 4, 6, 9, 22 and 24), particularly if the systems have different approaches to the coding of clinical concepts and medicines. This can lead to either loss or corruption of information with potentially serious consequences for patient safety.

Additionally, because of the difficulties associated with transferring information between different clinical computer systems, participants noted that it is current practice to simply print out the computer record when a patient moves from one general practice to another. This means that the new practice has to invest time in recreating the electronic record and in doing so may miss important information or make errors in the transcription of information.

Several participants suggested that in order to minimise the problems associated with the transfer of information between computer systems it was important to have one drug dictionary and one coding system for recording morbidity implemented throughout the NHS (interviews 1, 6, 9 and 23). The idea behind a common drug dictionary is that all drug preparations will have a unique identifier and all systems will use this identifier when communicating with each other. The idea underpinning one coding system for recording morbidity is that clinical information can be transferred accurately between systems (including those in secondary care) without the need for mapping to different codes.

MAKING BEST USE OF COMPUTERISED SAFETY FEATURES

Some participants pointed out that clinical computer systems already have a number of important safety features, but these are often compromised by practices not making best use of them (interviews 3, 4 and 22). The main problems noted were in relation to morbidity coding and the use of computerised call, recall and reminder systems.

Recording data accurately

Participants noted that correct coding of clinical information provides an important resource that can be accessed for clinical care, computerised prompts and audit. If, however, practices do not reliably code information in an accurate way, computerised safety features may not work. For example, if morbidities are not entered onto the computer system, or if they are entered as “free text”, this limits the accessibility of information and hazard alerts cannot work.


 “[...] Morbidity is coded very differently in different practices. Some practices are strict about it, but some practices rely on some staff or doctors, which is fine until they go for a holiday … then the standard drops down.” Salaried GP working with several clinical computer systems (interview 14)
 “… you’re sometimes entering stuff in free text which is actually stuff that you should be coding with a particular Read code.” GP expert user of computerised patient call and recall (interview 24)

In light of these issues several participants stressed the importance of encouraging practices to pay greater attention to accurate and comprehensive clinical coding (interviews 6, 9, 14 and 24). Others noted that coding systems could be improved. For example, one participant said “there are about three ways in which you can record allergies” [interview 21], not all of which result in allergy alerts on all systems.

Call, recall and reminders

Clinical computer systems already have features that can alert users about patients that need to be called for review and to remind users of actions that need to be taken. If used properly, these are important safety features, but participants pointed out that many practices are not using them in a sophisticated way to support patient safety.


 “... on all of the systems you can set reports to run at regular, [...] intervals. [...] That’s already there, not necessarily widely used because a lot of people don’t understand reporting—it’s a complexity too far for an awful lot of GPs.” Expert in IT applied to primary health care (interview 22)

Training for safe and effective use of computer systems

Several participants commented on the variability of computer skills among GPs and a paucity of training in the use of computerised safety features (interviews 4, 8, 14 and 19).


 “[I] never had any training on warning messages. It seems … these things just come out of system [...] there may be some more safety features available on the system, but [I] would not know about them because [I have] never received specific [safety] training for the system.” GP with moderate experience of using clinical computer systems (interview 19)

One stakeholder felt that the solution lies in designing systems to make it “easy to do the right thing”, thus minimising the need for training:


 “I really think if you have to train people to use it [the GP computer system] properly you’re building in hazard. It shouldn’t be: all the things you need to be trained for should be designed out or designed in.” Expert in patient safety in primary care (interview 2)

In contrast, others felt that however good the system might be there would always be the need for training:


 “... I really do think anybody who thinks that you can get away with an intuitive system doesn’t understand the business we’re in.” Expert in IT applied to primary healthcare (interview 22)

Suggestions were made for addressing training needs including the use of proformas to identify individual training needs and the provision of training tailored to those needs. One participant (interview 5) felt that the onus for provision of training should be on the computer system suppliers. Another highlighted the need for training in the use of different systems for GPs working in more than one surgery (interview 14).

REGULATIONS AND STANDARDS

Many of the stakeholders said that it was important to have new regulations governing the safety features that should be available on GP computer systems (interviews 4, 6, 9 and 25). System suppliers acknowledged that they would be more likely to make changes regarding safety features if mandated to do so. There was a tension, however, between the need for standardisation and the desire of computer system vendors to have “commercial edge” in terms of appearance and functions.


 “You get into big difficulties if […] different manufacturers implement different systems, […] what people push for is a standardized system that everybody’s implementing the same warning system so it looks the same.” Psychologist undertaking human factors research (interview 25)
 “It’s discretion of the system supplier about the interface, what the information they want to present to the users, […] unless there is a standard or mandation like ‘there must be this and this’…” Database supplier (interview 6)

SAFETY CULTURE

Several stakeholders stressed the importance of raising safety awareness and developing safety culture in general practice:


 “… there [is] that need for cultural change and you only have to look at the way repeat prescriptions are signed off in a lot of places. And that doctor’s signature is pretty meaningless on many things.” Medical litigation expert (interview 12)
 “I do think there’s a very big educational issue around safety in general, it’s around the culture, it’s around thinking safety, it’s around making sure it’s a priority in the workplace.” Expert in patient safety in primary care (interview 2)

One participant (interview 12) drew an analogy with anaesthetics, in which there had been a culture of turning off alarms because anaesthetists felt them to be unnecessary. Over time it became clear that this approach was putting patients at risk; as anaesthetists have come to accept the benefits of alarms, patient safety has improved. It was felt that patients will not fully benefit from the safety features of clinical computer systems until safety culture becomes more firmly embedded in general practice.

Developing a strong safety culture is, however, a major challenge as emphasised by one participant who stressed the importance of using change management methods to address safety issues.


 “So there’s an issue around culture change first of all and managing that. And then giving people the tools to manage the culture change. Now there are tools around on GP systems but they’re not coherent, they’re not all the same and they’re not complete and they haven’t been, if you like, modernised.” Policy maker (interview 23)

Several participants noted that patients have an important role to play and that involving patients can act as an additional check to prevent serious errors (interviews 9, 10 and 22).

DISCUSSION

We have identified a number of important ways in which the design, use and regulation of safety features on general practice computer systems could be improved to enhance patient safety. Our findings are of particular relevance to the NHS Connecting for Health’s National Programme for IT.⁶

Some issues identified by this study are being addressed already in the UK. For example a single drug dictionary is being developed for the NHS,¹³ and NHS Connecting for Health is addressing the need to take account of ergonomics in the design of computerised alerts.¹⁴ In addition the GP2GP record transfer project is addressing many of the problems of transferring safely electronic records between general practices.¹⁵

There are challenges, however, in other areas. For example, while it is technically possible to link computerised morbidity codes to drug databases to allow for contraindication alerts we are not aware of NHS Connecting for Health prioritising this issue. In addition, while the National Institute for Health and Clinical Excellence (NICE) in the UK is examining the possibility of introducing a new computerised decision support system for the NHS,¹⁶ there is an urgent need to improve the underlying knowledge base upon which these systems are based. In addition there is an important need for NHS Connecting for Health to work with drug database suppliers to ensure that the numbers of spurious and unimportant alerts are reduced.

Another challenge is that of education, training and support¹⁰ for the numerous and increasing users of clinical computer systems. These systems already have a number of important safety features, but many of these are not being used effectively. When newer systems are introduced there will continue to be a need for training and support, even if those systems are more intuitive to use.¹⁷

Part of the education and training task is to develop safety culture in general practice to help ensure that practices are motivated and organised to take full advantage of their computer systems and any training they receive. In the UK, NHS Connecting for Health’s Primary Care Information Service (PRIMIS+)¹⁸ and bodies such as the National Patient Safety Agency have an important role here. It will also be important for NHS Connecting for Health to persuade general practices of the benefits of new systems in light of difficulties in convincing NHS managers.⁷

Standard setting and regulation will also be important and commissioning briefs from NHS Connecting for Health will need to be specific enough to ensure that computer system suppliers provide all the safety features that are deemed important. In safety-critical areas such as allergies, it is vital that alert messages are displayed in a standard format, based on best practice in human ergonomics, irrespective of the computer system that is being used.

In addition, it will be important to pay attention to wider issues concerning the development and implementation of computerised safety solutions. For example, Berg has argued for a “sociotechnical” approach¹⁹ whereby the ways in which healthcare workers think and act, and the sometimes “messy” nature of healthcare work, is taken more fully into account when designing computer systems. While the supposedly “rational” approach used by IT systems may seem attractive, it is argued that IT solutions will not be effective unless users are put “central stage” in an iterative process of design, implementation and evaluation.¹⁹

MAIN STRENGTHS AND LIMITATIONS OF OUR STUDY

We successfully conducted interviews with all of the participants in our carefully constructed sampling frame. The wealth of expertise and richness of experiences of participants allowed a critical, in-depth, multidimensional picture to emerge which should prove timely and relevant to policy makers and healthcare agencies charged with improving patient safety. Although our study was conducted in the UK it has relevance to the many other countries that are developing national programmes for information technology in health care.²⁰ Indeed, while the NHS is addressing many of the issues identified by our study, it will be important for other countries to take these issues on board, particularly if their own programmes are less well developed.

Our study focused mainly on expert stakeholders with relatively few front-line general practitioners. The clear majority of stakeholders were male. Non-medical members of the primary healthcare team and patients were not included. As such the study has not fully explored all perspectives on how the safety of general practice computer systems might be improved. In particular, the focus has been on technical solutions rather than the ways in which computer systems could be used in a safer way.

CONCLUSIONS

There are considerable opportunities for improving patient safety using general practice computer systems. Key challenges include improving the knowledge base for clinical decision support, paying greater attention to human ergonomics in system design, improved education and training, the introduction of new regulations supporting patient safety and improving safety culture in general practice.