VA Watchdog dot Org report prompts VAOIG investigation of VA's bug-ridden software upgrade.

by Larry Scott, VA Watchdog dot Org

This story began in early January of this year when VA Watchdog dot Org presented an exclusive report about a dangerous bug in VA's VistA / CPRS software:

"When switching from a patient's record to a second patient's record ... the first patient's information may still be displayed in the second patient's ... display, impacting patient care decisions."

Because the VA would not respond to our inquiries about this problem, we turned the information over to Hope Yen, reporter for the Associated Press, knowing that AP clout could break free more information from the VA.  And, it worked.

A week later, Hope Yen wrote:

Patients at Veterans Affairs health centers around the country were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to software glitches that showed faulty displays of their electronic health records.

Thanks go to Hope Yen for her great work on this story.

Then, the VA tried to downplay the problem with their bureaucratic spin machine:

Problems with the Veterans Affairs Department’s electronic health-record system that resulted in nine reported medical errors have been fixed, according to the VA.

A day later, Rep. Bob Filner (D-CA), Chairman of the House Committee on Veterans' Affairs, sensing a "headline moment," jumped into the fray:

"VA continues to discover problems and attempts to fix them quietly and internally, and then downplays them as inconsequential and nonthreatening," said Rep. Bob Filner, D-Calif.

And, web sites that follow VA information technology picked up the story:

The chairman of the House committee overseeing the Veterans Affairs Department sharply criticized the agency on Thursday for not publicly disclosing it found a software bug in a computer system in August that resulted in not discontinuing drug administration to nine patients.

Filner, as usual, did not follow through and there was no investigation on his part.

But, just two days after the first AP report, then VA Secretary Dr. James Peake, requested a VAOIG investigation regarding this problem.  Now, we have that report:

Review of Defects in VA’s Computerized Patient Record System Version 27 and Associated Quality of Care Issues -- Report Number 09-01033-155, 6/29/2009 | Summary | Report (PDF)

The Executive Summary is posted below, and as usual, the details in the full report are definitely worth reading.

-------------------------

Executive Summary

Introduction

The VA Office of Inspector General’s Offices of Healthcare Inspections and Audits performed a review, at the request of the former Secretary of Veterans Affairs, to evaluate testing and deployment of Computerized Patient Record System (CPRS) version 27 (v27). This upgrade was developed and released to provide clinical users with improved access to required functionality, enhancements to improve clinical practice, and system changes to meet accessibility standards. The purposes of this review were to identify the processes supporting the planning, testing, authorization, and implementation of CPRS v27; identify system development control deficiencies; and determine whether Veterans Health Administration (VHA) developed appropriate action plans in response to CPRS v27 defects. Additionally, we assessed the associated risk to patients and VHA actions in response.

Results

Based on our review of the Project Management Team’s software development methodology, we determined that its process for testing and implementing CPRS v27 did not effectively mitigate risks, associated software functionality defects, and the potential adverse impacts on patient safety. Specifically, we noted that:

• VA’s limited site participation during Alpha/Beta testing was not sufficient to identify and resolve significant CPRS v27 software defects such as the improper listing of discontinuance orders and inaccurate presentation of medical records;

• Field testing teams were not comprised of fully dedicated system end users and programmers to readily identify and resolve significant functionality defects during Alpha/Beta testing;

• Alpha testing did not incorporate full system and integration testing to resolve significant functionality defects, which were subsequently identified during production (Beta) testing of CPRS v27; and

• VA’s national rollout approach of CPRS did not provide sufficient opportunity to identify and resolve software defects associated with major version releases of CPRS.

Without implementing appropriate corrective actions and risk mitigation strategies, the Department will not be able to readily identify and resolve significant CPRS software defects during field testing, which may adversely impact the medical services provided and patient safety at VA medical centers throughout the country.

In connection with the associated risks to patient safety, we found that through notification by medical facilities of incorrect patient information displaying in CPRS, clinicians were advised to review patient records for any inconsistencies, and a national software correction was implemented. We noted that:

• No irregularities were subsequently reported and

• Three medical facilities reported intravenous (IV) infusions administered after having been ordered discontinued by the provider, but no patients suffered adverse effects.

Because inpatients throughout VA medical facilities may have been at risk of receiving prolonged IV infusions, we identified CPRS orders for all heparin (blood-thinning medication that could cause serious complications if given too long) infusions from the dates of installation of CPRS v27 through October 31, 2008, the date of the Patient Safety Advisory regarding discontinued IV orders. We found that:

• There was no indication of definite adverse outcomes in any of these patients as a result of the prolonged administration of heparin and

• In the case of one patient with active bleeding, documentation was insufficient to determine whether prolonged heparin infusion had adverse consequences. We could not exclude the possibility of short-term adverse effects in this patient, but found no evidence to suggest long-term effects.
We found an unwarranted delay in issuance of Patient Safety Advisory AD09-04 following multiple reports of inappropriate continuation of IV fluids. Regarding issuance of additional preliminary Patient Safety Advisories, we found that there were no explicit criteria for determining how soon advisories are issued after CPRS problems have been judged to be significant threats to patient safety.

Recommendations

Recommendation 1:

We recommended that the Acting Under Secretary for Health and Acting Assistant Secretary for Information and Technology develop a process to ensure that the selection of Alpha/Beta test sites adequately represents how different VA medical facilities utilize CPRS, while considering the depth and complexity of software changes associated with major releases of CPRS.

Recommendation 2:

We recommended that the Acting Under Secretary for Health and Acting Assistant Secretary for Information and Technology establish fully dedicated CPRS testing teams, comprised of system end users and programmers, to augment Alpha/Beta testing of CPRS and to improve the quality and depth of field testing.

Recommendation 3:

We recommended that the Acting Under Secretary for Health and Acting Assistant Secretary for Information and Technology implement full system functionality and integration testing of CPRS during the Alpha testing to reduce the risk that CPRS functionality defects will adversely effect patient safety during production (Beta) testing.

Recommendation 4:

We recommended that the Acting Under Secretary for Health and Acting Assistant Secretary for Information and Technology adopt a phased implementation approach for installing major releases of CPRS to more effectively mitigate patient safety risks associated with software development defects.

Recommendation 5:

We recommended that the Under Secretary for Health establish explicit criteria for determining how soon safety advisories are issued after CPRS problems have been judged to be significant threats to patient safety.

Comments

The Acting Assistant Secretary for Information and Technology and the Acting Under Secretary for Health concurred with the findings and recommendations. See Appendix A, beginning on page 19, for the response from the Office of Information and Technology. The response from VHA is in Appendix B, beginning on page 23. Both organizations submitted

-------------------------

TOPICS: veterans, veterans' benefits, VA, Department of Veterans' Affairs, VAOIG, defective software, VistA, CPRS