The ECRI Institute last week released its 15th annual list of the “Top 10 Health Technology Hazards,” identifying cyberattacks as the top technology risk health care organizations face
Access our cybersecurity resource library
For the list, ECRI focuses on “generic hazards,” or the problems that can arise from the risks inherent in the use of certain medical technologies. The list does not discuss the risks tied to specific models or suppliers.
To select the topics, ECRI engineers, scientists, clinicians, and other patient safety analysts nominate topics for consideration based on their own knowledge and expertise gained through:
- Investigating incidents
- Testing medical devices in the ECRI lab
- Observing operations and assessing hospital practices
- Reviewing the literature
- Speaking with clinicians, clinical engineers, technology managers, purchasing staff, health systems administrators, and device suppliers
After the topics have been nominated, professionals from various ECRI program areas, as well as external advisors, evaluate the nominations and select their top 10. Then, ECRI uses their feedback to create the final list, while weighing factors including the hazards’ breadth, severity, frequency, insidiousness, preventability, and potential for publicity. Although any one of the criteria could warrant a nomination to the list, all ECRI’s selected topics must be preventable to some degree.
The ‘top 10 health technology hazards for 2022’
1. Cybersecurity attacks: These attacks not only interfere with business operations but can also disrupt patient care, posing a significant threat of physical harm. ECRI suggests creating a robust security program to help protect critical devices and systems during a cyberattack and developing a plan for sustaining patient care in the event of an attack.
2. Supply chain issues: When facilities cannot obtain products, they risk the inability to treat patients and protect their staff—a scenario that could lead to injury, illness, or even death among patients and clinicians, according to ECRI.
3. Damaged infusion pumps: It may be difficult to identify pump damage because it may not trigger an alarm or be visibly apparent. According to ECRI, clinical staff must remain alert and be knowledgeable about the signs of infusion pump damage, as well as how to respond when damage is detected. Nurse educators, central equipment distribution, clinical engineering, and pump manufacturers can also work to avoid these problems and keep patients safe.
4. Insufficient emergency stockpiles: If a facility’s stockpile is unable to meet the needs of the community during a crisis, health care organizations could risk being unable to care for patients or protect their staff. According to ECRI, organizations should work to develop and manage an emergency stockpile that can handle the needs of a future crisis.
5. Telehealth shortcomings: Many telehealth programs were implemented quickly during the pandemic, without adequate consideration for workflow and human factors. To optimize long-term telehealth care-delivery models, ECRI recommends organizations address factors that could lead to poor outcomes for both patients and for providers, including ease of use and data management.
6. Failure to follow syringe pump best practices: Misconceptions surrounding the practices required to accurately deliver low flows within the confines of the technology’s limitations remain an issue in many organizations—often resulting in both overinfusions and underinfusions. ECRI advises organizations to adopt standardized drug concentrations and reducing lag by using the pump’s priming features.
7. AI-based image distortions: AI-based image reconstruction can result in instabilities and limitations that manifest in several forms—often posing a threat to diagnostic outcomes. According to ECRI, providers must “be acutely aware of the technology’s limitations” and applicability before use.
8. Poor duodenoscope reprocessing: The failure to adequately reprocess contaminated duodenoscopes between uses can put patients at risk. To address these concerns, ECRI recommends organizations closely assess “the workflow, the workspace and surfaces, and the expected turnaround times” for reprocessing.
9. Medical gowns that do not protect the wearer: When ECRI tested disposable gowns, the results raised concerns about manufacturing quality—particularly in gowns from nontraditional suppliers—that do not sufficiently protect the wearer. According to ECRI, organizations must carefully vet gown suppliers and manufacturers, as well as educate users about which gowns are best for which tasks.
10. Wi-Fi connectivity issues: Failure to actively manage and maintain wi-fi systems can lead to wireless communication failures or unreliable connections that open the door for workarounds that can circumvent a system’s safety features. ECRI recommends reducing these risks by maintaining Wi=Fi systems, allocating bandwidth carefully, and monitoring the network. (ECRI’s “Top 10 Health Technology Hazards for 2022” list, 1/18; Cohen, Modern Healthcare, 1/19)