Safety investigation of serious disruptions in the information systems of the Hospital District of Helsinki and Uusimaa on 7 and 8 November 2017 completed – the usability of health care information systems must be ensured
The Safety Investigation Authority has completed its investigation into the disruptions in the information systems of the Hospital District of Helsinki and Uusimaa (HUS) on 7 and 8 November 2017. The Authority issues four safety recommendations for the prevention of similar disruptions in the future and for the improvement of patient safety and the emergency preparedness of the health care sector.
On 21 March 2018, the Ministry of Social Affairs and Health presented the Safety Investigation Authority with a request for an investigation, which was taken into account when considering whether to begin an investigation in accordance with the Safety Investigation Act .
The data communications network of the Hospital District of Helsinki and Uusimaa (HUS) suffered a disruption at 12.15 p.m. on 7 November 2017. The HUS-wide disruption continued until the evening. The most serious detrimental effect of the disruption manifested in the Uranus patient information system, due to which patients had to be treated with incomplete information. There were also problems in the automated laboratory’s systems, the birth information system, the nurse call system, landline telephones and the pharmacy robot. The disruptions had an impact on the treatment of nearly every patient, and the treatment of seriously ill patients was at particular risk.
A new disruption affecting only the patient information system occurred at 9.13 a.m. on the next day, 8 November 2017. Use of the system was slow and entirely impossible in places. This disruption persisted until 4.30 p.m., so its impact was felt during the busiest hours of the hospitals.
The data communications disruptions were related to the chassis switch, a vital component in the patient information system. The chassis switch was nearing the end of its service life and had been in continuous use for eight years. Software and hardware updates had been neglected. Plans had been made for replacing the hardware, but they had been postponed. The first symptoms of the disruptions had manifested two weeks before the incidents under investigation.
Information systems require proper maintenance and hospitals need to prepare for emergency operations without information systems
The Safety Investigation Authority recommends that the Ministry of Social Affairs and Health should instruct the hospital districts in defining the criticality of the most vital information systems and their components from the perspective of patient safety. The reliability of the systems must be ensured and this matter must also be addressed in future health care reforms.
Secondly, the Safety Investigation Authority recommends that the Ministry of Social Affairs and Health should ensure that all health care operators have maintenance, update and replacement programmes in place for information systems and their components. Update needs must be monitored. The decision-making process on maintenance needs must be clarified to avoid delays.
The chassis switch was nearing the end of its service life. The device had been on for several years. The manufacturer was aware of the possibility of the failure that occurred, and had offered both software and hardware updates for the switch. The updates had not been implemented, and replacement of the switch had been postponed. The age and extended continuous use of the device increased the risks caused by measures performed on the switch, which had raised the threshold for performing an update. The device was crucial for the operations of the hospital district, so the district generally tries to avoid any interruptions in its use. Scheduled updates can be made without interruptions in service, but they can lead to various unexpected problems. The situation becomes increasingly difficult as maintenance operations are postponed.
- In the future, it will be essential to identify critical information systems and their critical components. Once this has been done, the reliability of the systems classified as most critical must be ensured through, for example, redundancy, planned temporary solutions, spare parts, special components and active monitoring and maintenance measures. Appropriate maintenance, replacements and updates must also be ensured. In this manner, the timely implementation of required component and software updates can be ensured. In this case, these procedures had not been followed in all respects, concludes investigator-in-charge Kai Valonen.
The Safety Investigation Authority also recommends that the Ministry of Social Affairs and Health should ensure that wards with particular patient safety risks have continuity plans in place, information systems have been taken into account in the plans, the measures, instructions and purchases required by the plans have been carried out and the implementation of the plans is practised regularly. Sufficient supervision of preparedness must be ensured in future health care reforms.
- Hospitals must prepare for operating without information systems in emergencies. Our dependency on various information systems is increasing constantly. Functional, planned, rehearsed and generally known alternative operating methods for ensuring patient safety and the ability of the hospital to operate in all situations are vital in the event of an emergency. In the end, this can boil down to a pen-paper-courier system if it comes to that. The Safety Investigation Authority's investigation into these serious disruptions revealed room for improvement in the continuity plans of hospitals and wards, says Executive Director Veli-Pekka Nurmi.
The operating capabilities of the various units varied during the service breaks, and they were not able to use all the methods at their disposal. Some obvious methods that should be devised for service interruptions include the use of personnel to deliver information, capabilities to make changes to shifts, prioritisation of functions, devices and documents to replace information systems and options for using the systems through another connection.
Furthermore, the Safety Investigation Authority recommends that the Ministry of Social Affairs and Health should oversee the development of a data collection and sharing system for the health care sector, with the purpose of collecting the relevant information on all incidents that cause serious risks to patient safety and formulating and publishing the relevant conclusions on improving safety for the benefit of the whole sector. Several serious information system disruptions have occurred in the health care sector. There would be much to learn from these incidents, but the health care sector is lacking a systematic model for learning from incidents, both in Finland and abroad. No proper summaries of such incidents are available. The availability of data is partly hindered by considerations of confidentiality related to the IT solutions and preparedness plans, but the reporting of public information would nevertheless be possible. This need is not limited to information system disruptions alone, but applies equally to all incidents that place general patient safety at risk in one way or another.
Executive Director Veli-Pekka Nurmi, tel. +358295150701
Chief Safety Investigator Kai Valonen, tel. +358295150707.