The Dutch Safety Board observes that, while hospitals are becoming increasingly dependent on IT systems, their awareness of the risks of IT failures has not kept pace with this dependency. In order to improve their management of the risks to patients, hospitals need to pay more attention to the prevention of IT failures, the resolution of these failures, and mitigating the consequences of IT failures for patient safety.
IT dependency of healthcare processes
The healthcare provided in hospitals is increasingly dependent on the proper functioning of hospital IT systems. This investigation has revealed how IT failures can jeopardize patient safety. The Dutch Safety Board has identified starting points for hospitals to identify the risks of IT outages at an early stage and effectively manage the consequences of these outages for patient safety. On the one hand, they need to focus more on the prevention of computer system failures, while on the other they need to improve their response to the consequences of an IT failure.
The frequency and duration of known IT failures in hospitals reveals that this is a widespread issue. The Dutch Safety Board has therefore decided not to limit its recommendations to the three hospitals investigated, but to address all hospitals in the Netherlands. To encourage hospitals to approach the issue as a sector, and learn from and with each other to adequately manage the risks of IT outages, the Dutch Safety Board has decided to direct its recommendations at the two largest sector associations. The Dutch Safety Board also sees a role for the Health and Youth Care Inspectorate (IGJ) in this.
To the Dutch Association of Hospitals (NVZ) and the Dutch Federation of University Medical Centres (NFU):
1. Ensure that your members:
- Periodically identify the dependencies between healthcare and IT, including the possible risks for patients associated with IT failures, to ensure adequate preparedness for IT failures.
- Periodically test IT systems (and combinations of systems) to ensure that critical healthcare processes can continue to function under all circumstances. Also conduct training exercises for emergency scenarios whereby the hospital’s IT systems fail. Involve the suppliers of the systems in these exercises and tests where appropriate.
- Conduct evaluations after every serious IT failure in which the damage (and increased risk of damage) to both patients in the hospital and diverted patients is analysed in depth. Involve the partners in the healthcare chain where necessary.
- Publicly demonstrate their accountability for all three of these aspects on an annual basis.
2. Ensure that hospitals approach the issue as a sector and learn from and with each other.
3. Develop a practical tool for hospitals to manage the risks of IT outages, taking into account the starting points mentioned in this report.
4. Ascertain whether the safety of patients is sufficiently guaranteed in the event of an IT outage that affects several hospital locations in a region.
To the Health and Youth Care Inspectorate (IGJ):
5. Integrate the starting points in the above recommendations in the regulatory supervision of hospitals.
Patiëntveiligheid onder druk bij ICT-uitval in ziekenhuizen