Managing health IT risks: reflections and recommendations

Mark Sujan


Health information technology (IT) offers exciting opportunities for providing novel services to patients, and for improving the quality and safety of care.  However, the introduction of IT can lead to unintended consequences, and create opportunities for failure, which can have significant effects on patient safety.  In this paper I argue that many health IT patient safety risks are probably quite predictable, but are often not considered at the time.  This puts patients at risk, and it threatens the successful adoption of health IT.  I recommend that healthcare providers focus on strengthening their processes for organisational learning, promote proactive risk management strategies, and make risk management decisions transparent and explicit.         


Digital health; Risk; Safety; Security; electronic health record

Full Text:



NHS England. Five-Year Forward View. London, UK: NHS England, 2014. Available from: Accessed 15 February 2018.

Department of Health. Making IT Work: Harnessing the Power of Health Information Technology to Improve Care in England. London, UK: Department of Health, 2016.

Honeyman M, Dunn P and McKenna H. A Digital NHS? An Introduction to the Digital Agenda and Plans for Implementation. London, UK: The King’s Fund, 2016.

Imison C, Castle-Clarke S, Watson R and Edwards N. Delivering the Benefits of Digital Health Care. London, UK: Nuffield Trust, 2016.

Institute of Medicine. Crossing the Quality Chasm: A New Health System for the 21st Century. Washington, DC: National Academy of Sciences, 2001.

Institute of Medicine. Health IT and Patient Safety: Building Safer Systems for Better Care. Washington, DC: National Academy of Sciences, 2012.

Black AD, Car J, Pagliari C, Anandan C, Cresswell K, Bokun T, et al. The impact of eHealth on the quality and safety of health care: a systematic overview. PLoS Medicine 2011;8(1):e1000387. Available from: PMid:21267058; PMCid:PMC3022523. Epub 2011/01/27. eng.

Brenner SK, Kaushal R, Grinspan Z, Joyce C, Kim I, Allard RJ, et al. Effects of health information technology on patient outcomes: a systematic review. Journal of the American Medical Informatics Association 2016;23(5):1016–36. Available from: PMid:26568607. Epub 2015/11/17. eng.

Ranji SR, Rennke S and Wachter RM. Computerised provider order entry combined with clinical decision support systems to improve medication safety: a narrative review. BMJ Quality & Safety 2014;23(9):773–80. Available from: PMid:24728888.

Ash JS, Sittig DF, Dykstra RH, Guappone K, Carpenter JD and Seshadri V. Categorizing the unintended sociotechnical consequences of computerized provider order entry. International Journal of Medical Informatics 2007;76(1):S21–7. Available from: PMid:16793330. Epub 2006/06/24. eng.

Househ M, Borycki E and Kushniruk A. Empowering patients through social media: the benefits and challenges. Health Informatics Journal 2014;20(1):50–58.

Koppel R, Metlay JP, Cohen A, Abaluck B, Localio AR, Kimmel SE, et al. Role of computerized physician order entry systems in facilitating medication errors. The Journal of the American Medical Association 2005;293(10):1197–203. Available from: PMid:15755942. Epub 2005/03/10. eng.

Mozaffar H, Cresswell KM, Williams R, Bates DW and Sheikh A. Exploring the roots of unintended safety threats associated with the introduction of hospital ePrescribing systems and candidate avoidance and/or mitigation strategies: a qualitative study. BMJ Quality & Safety 2017;26(9):722–33. Available from:

Singh H and Sittig DF. Measuring and improving patient safety through health information technology: The Health IT Safety Framework. BMJ Quality & Safety 2016;25(4):226–32. Available from: PMid:26369894; PMCid:PMC4819641.

Smart A. Nanaimo doctors defy IHealth, dump software. Times Colonist 2016, 28 April 2016.

Sood H, NcNeil K and Keogh B. Chief clinical information officers: clinical leadership for a digital age. British Medical Journal 2017;358:j3295.

Blandford A, Furniss D and Vincent C. Patient safety and interactive medical devices: realigning work as imagined and work as done. Clinical Risk 2014;20(5):107–10. Available from: PMid:25866466; PMCid:PMC4361486.

Cook R, Nemeth C and Dekker S. What went wrong at the Beatson Oncology Centre. In: Hollnagel E, Nemeth C and Dekker S (Eds.), Resilience Engineering Perspectives: Remaining Sensitive to the Possibility of Failure (pp. 225–36). Farnham, UK: Ashgate, 2008.

Vincent CJ and Blandford A. How do health service professionals consider human factors when purchasing interactive medical devices? A qualitative interview study. Applied Ergonomics 2017;59(Part A):114–22.

Thimbleby H, Lewis A and Williams J. Making healthcare safer by understanding, designing and buying better IT. Clinical Medicine 2015;15(3):258–62. Available from: PMid:26031976.

Wears RL, Cook RI and Perry SJ. Automation, interaction, complexity, and failure: a case study. Reliability Engineering & System Safety 2006;91(12):1494–501. Available from:

Sujan MA, Koornneef F, Chozos N, Pozzi S and Kelly T. Safety cases for medical devices and health IT: involving healthcare organisations in the assurance of safety. Health Informatics Journal 2013;19(3):165–82. Available from: PMid:23981393.

Dixon-Woods M and Pronovost PJ. Patient safety and the problem of many hands. BMJ Quality & Safety 2016;25(7):485–88.

Hopkins Tanne J. When Jesica died. British Medical Journal 2003;326(7391):717. PMid:PMC1125622.

Kapur N, Parand A, Soukup T, Reader T and Sevdalis N. Aviation and healthcare: a comparative review with implications for patient safety. JRSM Open 2016;7(1):2054270415616548. Available from: PMid:26770817; PMCid:PMC4710114.

Dean B, Schachter M, Vincent C and Barber N. Prescribing errors in hospital inpatients: their incidence and clinical significance. Quality & Safety in Health Care 2002;11(4):340–4. Availble from: PMid:12468694; PMCid:PMC1758003. Epub 2002/12/07. eng.

Lewis TL and Wyatt JC. mHealth and mobile medical apps: a framework to assess risk and promote safer use. Journal of Medical Internet Research 2014;16(9):e210. PMid:25223398.

Sujan MA, Chessum P, Rudd M, Fitton L, Inada-Kim M, Cooke MW, et al. Managing competing organizational priorities in clinical handover across organizational boundaries. Journal of Health Services Research & Policy 2015;20(1):17–25.

Peerally MF, Carr S, Waring J and Dixon-Woods M. The problem with root cause analysis. BMJ Quality & Safety 2017;26(5):417–422. Available from: PMid:27340202; PMCid:PMC5530340.

Sujan MA, Huang H and Braithwaite J. Learning from incidents in health care: critique from a safety-II perspective. Safety Science 2017;99:115–21. Availble from:

Sujan M and Furniss D. Organisational reporting and learning systems: innovating inside and outside of the box. Clinical Risk 2015;21(1):7–12.

Sujan M, Pozzi S and Valbonesi C. Reporting and learning: from extraordinary to ordinary. In: Braithwaite J, Wears R and Hollnagel E (Eds.), Resilient Health Care III: Reconciling Work-as-Imagined with Work-as-Done. Farnham, UK: Ashgate, 2016. Available from: PMCid:PMC4750306.

Department of Health. An Organisation with a Memory. London, UK: The Stationery Office, 2000.

Kohn LT, Corrigan JM and Donaldson MS. To Err Is Human: Building a Safer Health System. Washington, DC: The National Academies Press, 2000.

National Advisory Group on the Safety of Patients in England. A Promise to Learn – A Commitment to Act. London, UK: Department of Health, 2013.

Anderson JE and Kodate N. Learning from patient safety incidents in incident review meetings: organisational factors and indicators of analytic process effectiveness. Safety Science 2015;80:105–14. Available from:

Lawton R and Parker D. Barriers to incident reporting in a healthcare system. Quality & Safety in Health Care 2002;11(1):15–8. Available from: PMid:12078362; PMCid:PMC1743585. Epub 2002/06/25. eng.

Sujan M, Huang H and Braithwaite J. Why do healthcare organisations struggle to learn from experience? A safety-II perspective. In: Mollo V and Falzon P (Eds), Healthcare Systems Ergonomics and Patient Safety (pp. 342–48). Geneva, Switzerland: International Ergonomics Association, 2016. PMCid:PMC4750306.

Cochrane D. Review of the Functioning of iHealth: Nanaimo Regional General Hospital, Oceanside Health Centre and Dufferin Place. Victoria, Canada: Ministry of Health, 2016.

Wears RL and Berg M. Computer technology and clinical work: still waiting for Godot. The Journal of the American Medical Association 2005;293(10):1261–63. Available from: PMid:15755949. Epub 2005/03/10. eng.

Dekker SWA and Breakey H. ‘Just culture:’ improving safety by achieving substantive, procedural and restorative justice. Safety Science 2016;85:187–93.

Sujan M, Spurgeon P and Cooke M. Translating tensions into safe practices through dynamic trade-offs: the secret second handover. In: Wears R, Hollnagel E and Braithwaite J (Eds.), The Resilience of Everday Clinical Work (pp. 11–22). Farnham, UK: Asghate, 2015.

Fairbanks RJ, Wears RL, Woods DD, Hollnagel E, Plsek P and Cook RI. Resilience and resilience engineering in health care. Joint Commission Journal on Quality and Patient Safety/Joint Commission Resources 2014;40(8):376–83. PMid:25208443. Epub 2014/09/12. eng.

Sujan M, Spurgeon P and Cooke M. The role of dynamic trade-offs in creating safety—A qualitative study of handover across care boundaries in emergency care. Reliability Engineering & System Safety 2015;141:54–62. Epub 13/05/2015.

Sujan MA. A novel tool for organisational learning and its impact on safety culture in a hospital dispensary. Reliability Engineering & System Safety 2012;101:21–34. Available from:

Sujan MA, Ingram C, McConkey T, Cross S and Cooke MW. Hassle in the dispensary: pilot study of a proactive risk monitoring tool for organisational learning based on narratives and staff perceptions. BMJ Quality & Safety 2011;20(6):549–56. Available from: PMid:21398689.

Kelly N, Blake S and Plunkett A. Learning from excellence in healthcare: a new approach to incident reporting. Archives of Disease in Childhood 2016;101:788–91.

Sujan M. An organisation without a memory: a qualitative study of hospital staff perceptions on reporting and organisational learning for patient safety. Reliability Engineering & System Safety 2015;144:45–52.

Sujan MA, Habli I, Kelly TP, Gühnemann A, Pozzi S and Johnson CW. How can health care organisations make and justify decisions about risk reduction? Lessons from a cross-industry review and a health care stakeholder consensus development process. Reliability Engineering & System Safety 2017;161:1–11.

Spurgeon P, Flanagan H, Cooke M, Sujan M, Cross S and Jarvis R. Creating safer health systems: lessons from other sectors and an account of an application in the safer clinical systems programme. Health Services Management Research 2017;30(2):85–93. Available from: PMid:28539084.

Coiera E, Aarts J and Kulikowski C. The dangerous decade. Journal of the American Medical Informatics Association 2012;19(1):2–5. PMid:PMC3240771.

Schiff GD, Hickman TT, Volk LA, Bates DW and Wright A. Computerised prescribing for safer medication ordering: still a work in progress. BMJ Quality & Safety 2016;25(5):315–19. Available from: PMid:26515444. Epub 2015/10/31. eng.

Walker JM, Carayon P, Leveson N, Paulus RA, Tooker J, Chin H, et al. EHR safety: the way forward to safe and effective systems. Journal of the American Medical Informatics Association 2008;15(3):272–77. Available from: PMid:18308981; PMCid:PMC2409999. Epub 2008/03/01. eng.

Potts HW, Anderson JE, Colligan L, Leach P, Davis S and Berman J. Assessing the validity of prospective hazard analysis methods: a comparison of two techniques. BMC Health Services Research 2014;14(1):41. Available from: PMid:24467813; PMCid:PMC3906758.

Dean Franklin B, Shebl NA and Barber N. Failure mode and effects analysis: too little for too much? BMJ Quality & Safety 2012;21(7):607–11. Available from: PMid:22447819. Epub 2012/03/27. eng.

DeRosier J, Stalhandske E, Bagian JP and Nudell T. Using health care failure mode and effect analysis: the VA National Center for Patient Safety’s prospective risk analysis system. The Joint Commission Journal on Quality Improvement 2002;28(5):248–67. PMid:12053459. Epub 2002/06/11. eng.

Apkon M, Leonard J, Probst L, DeLizio L and Vitale R. Design of a safer approach to intravenous drug infusions: failure mode effects analysis. Quality & Safety in Health Care 2004;13(4):265–71. Available from: PMid:15289629; PMCid:PMC1743853. Epub 2004/08/04. eng.

Steinberger DM, Douglas SV and Kirschbaum MS. Use of failure mode and effects analysis for proactive identification of communication and handoff failures from organ procurement to transplantation. Progress in Transplantation 2009;19(3):208–14. Available from:; PMid:19813481. Epub 2009/10/10. eng.

Sujan M, Spurgeon P, Inada-kim M, Rudd M, Fitton L, Horniblow S, et al. Clinical handover within the emergency care pathway and the potential risks of clinical handover failure (ECHO): primary research. Health Services and Delivery Research 2014;2(5).

Chana N, Porat T, Whittlesea C and Delaney B. Improving specialist drug prescribing in primary care using task and error analysis: an observational study. The British Journal of General Practice: The Journal of the Royal College of General Practitioners 2017;67(656):e157–e67. PMid:28193619; PMCid:PMC5325657. Epub 2017/02/15. eng.

Parand A, Faiella G, Franklin BD, Johnston M, Clemente F, Stanton NA, et al. A prospective risk assessment of informal carers’ medication administration errors within the domiciliary setting. Ergonomics 2018;61(1):104–21.

Lane R, Stanton NA and Harrison D. Applying hierarchical task analysis to medication administration errors. Applied Ergonomics 2006;37(5):669–79. Available from: PMid:16182230. Epub 2005/09/27. eng.

Sujan MA, Habli I, Kelly TP, Pozzi S and Johnson CW. Should healthcare providers do safety cases? Lessons from a cross-industry review of safety case practices. Safety Science 2016;84:181–89.

Sujan M, Spurgeon P, Cooke M, Weale A, Debenham P and Cross S. The development of safety cases for healthcare services: practical experiences, opportunities and challenges. Reliability Engineering & System Safety 2015;140:200–7. Epub 08/04/2015.

Health & Social Care Information Centre. Clinical risk management: its application in the manufacture of health IT systems – implementation guidance (SCCI 0129) 2016. Available from: Accessed 6 February 2018.

Health & Social Care Information Centre. Clinical risk management: its application in the deployment and use of health IT systems – implementation guidance (SCCI 0160) 2016. Available from: Accessed 6 February 2018.

Coiera EW and Westbrook JI. Should clinical software be regulated? The Medical Journal of Australia 2007;186(11):607–8.

Cortez NG, Cohen IG and Kesselheim AS. FDA regulation of mobile health technologies. New England Journal of Medicine 2014;371(4):372–79. Available from: PMid:25054722.

Thompson BM and Brodsky I. Should the FDA regulate mobile medical apps? British Medical Journal 2013;347



  • There are currently no refbacks.

This is an open access journal, which means that all content is freely available without charge to the user or their institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles in this journal starting from Volume 21 without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open accessFor permission regarding papers published in previous volumes, please contact us.

Privacy statement: The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.

Online ISSN 2058-4563 - Print ISSN 2058-4555. Published by BCS, The Chartered Institute for IT