Breaking News

Recalls in at-home medical devices and cybersecurity risks top 2023 health tech hazards list

Photo by Tima Miroshnichenko via pexels

The nonprofit patient-safety organization ECRI in January released its annual report of the top 10 health technology hazards for 2023. The list — compiled by the organization from member surveys, literature reviews, tests in their lab and investigations of patient safety incidents — can give journalists covering hospitals, health IT and/or patient safety a good primer on trends to watch and is a rich source for story ideas. 

Topping this year’s list was a concern that gaps in recalls for at-home medical devices can cause patient confusion and harm. Accurate and understandable information about medical device recalls often does not reach patients using those devices, the authors noted, and this information gap continues to grow.

 Device manufacturers seldom have direct communication with home care patients, and health care providers may not proactively contact their patients about recalls. As a result, patients may not learn about recalls until long after they were issued, and sometimes from potentially unreliable sources like social media. 

Even if patients do receive a notification, the language may be laden with jargon, and they may get confused about whether their device is affected or what to do about it. ECRI challenged manufacturers to provide users with easy-to-follow device registration instructions, write simply-worded recalls, maintain an up-to-date database of devices, and designate staff to ensure that any recalls reach home-based users.

Some other technology hazards on the 2023 list include:

Growing number of defective single-use medical devices (#2). Single-use medical devices proliferate in health care. ECRI has received reports of cracked tubing and connectors, incorrect product labeling, or compromised sterility of needles and catheters. The organization challenged manufacturers to revisit and improve quality control processes to prevent defective products from reaching the market.

Inappropriate use of automated dispensing cabinet overrides (#3). Automated dispensing cabinets — computerized medicine cabinets for hospitals often located on patient floors — are designed to be accessed using specific protocols. Practitioners enter their credentials to unlock the cabinet and can select patient-specific medications already reviewed and verified by pharmacists. In emergencies, these steps can be overridden for quick access to medications. But some institutions are overriding the process routinely, potentially putting patients at risk, the authors said.

Failure to manage cybersecurity risks associated with cloud-based clinical systems (#5). Health care organizations that store data like patient electronic medical records in the cloud often rely on external companies to ensure the security and reliability of that information — and to handle any security events to restore service. But health facilities need to understand the risk of any disruption in patient care and plan for the possibility, the authors noted. A security breach to the cloud-based service could lead to a loss of availability or integrity of that service, or possible breaches of patients’ protected health information (PHI). Health care entities should implement appropriate internal security controls to reduce risks, they said.

Confusion surrounding ventilator cleaning and disinfection requirements can lead to cross-contamination (#7). No one doubts the importance of needing to effectively clean and disinfect ventilators, the components of which can be contaminated by exhaled gasses and airway secretions. But reprocessing instructions provided by manufacturers of the devices can be incomplete or confusing, which can leave staff in charge of reprocessing confused about which pieces need cleaning and disinfection, how to do it properly and how frequently it should occur. ECRI challenged manufacturers to ensure that instructions for cleaning and disinfecting ventilator components are complete, clear, well-documented and achievable.

Underreporting device-related issues may risk recurrence (#10). Reporting medical device-related problems is critical to keeping patients and staff safe, but for a variety of reasons problems aren’t always reported using the appropriate channels. As a result, broken, malfunctioning or poorly manufactured or designed devices may remain in use, potentially contributing to patient harms. To minimize disruptions to patient care, health care organizations need to identify and eliminate barriers to reporting and make the reporting process as easy as possible, the authors said.

The other items on the list were:

  • Undetected venous needle dislodgement or access-bloodline separation during hemodialysis can lead to death (#4);
  • Inflatable pressure infusers can deliver fatal air emboli from IV solution bags (#6);
  • Common misconceptions about electrosurgery can lead to serious burns (#8);
  • Overuse of cardiac telemetry can lead to clinician cognitive overload and missed critical events (#9).

The full report is available to ECRI members, but journalists can download an executive brief summarizing the main highlights.

Additional resources