• Patient safety
• Healthcare quality improvement
• Quality improvement

For decades we have looked hopefully to electronic health records (EHRs) to aid efforts to make healthcare safer.1 Early research gave basis to this hope: automated alerts and reminders were shown to improve preventive and chronic illness care,2 electronic records could be better organised and more easily delivered where needed,3 automated computerised decision support (CDS) can help make diagnoses4 and plan treatments,5 and computerised practitioner order entry (CPOE) was shown to reduce risk for serious adverse drug events.6

Since 2009, the USA has joined other countries in broadly adopting EHRs.7 ,8 Through the meaningful use programme, and other efforts, use of CPOE has also grown tremendously. This transition has not been easy and has uncovered weaknesses in EHRs, including problems with usability,9 interruption of workflow,10 and concerns for altered interaction with patients.11 We are discovering that the transition from paper to electronic records is a long, difficult journey that is far from complete. There is an enormous need for improvements in EHRs, and efforts to do so are reinvigorated by evidence that we have made not made as much progress in patient safety in the last decade as we had hoped.12

The difficult question is how to make these improvements. In part, the answer is that we get better by gathering data and learning from them. In this issue, the paper by Schiff et al13 contributes to that effort. They have carefully studied and categorised a sample of over 10 000 errors in which CPOE played a role from among 1 million medication errors reported in the United States Pharmacopeia MEDMARX database. They meticulously analysed and categorised these CPOE-related errors, and then created scenarios to test whether similar errors could occur when entering orders into the current generation of CPOE systems. They found that most of these erroneous orders could be placed, some very easily, into modern CPOE systems. For example, one could prescribe pioglitazone, a member of a class of medications for diabetes known to cause fluid retention and thus potentially exacerbate heart failure, for patients with heart failure, though one would hope such an order would at least be flagged for review. The authors are to be commended for this effort, especially since they are the first to take advantage of this CPOE experience collected in MEDMARX.

We should not overlook that self-reporting systems such as MEDMARX usually contain a small biased subset of the full population of problems.14 Those reporting errors were usually not those entering orders, so the database contains mostly second-hand reports, some lacking sufficient detail. Even after the enormous effort this study represents, we have only a partial view into CPOE problems and how they might be solved. In a medium sized hospital over 10 000 orders will be entered in a day,15 and there are over 5000 hospitals in the USA, so there is ample experience to tap.

It will surprise some—particularly those who do not use these systems—that many of these errors are not caught by CPOE systems in use today. How can it possibly be that current CPOE systems don't catch seemingly simple problems in orders, problems that were reported over a decade ago? The short answer is that erroneous orders should be caught, and risk for harm avoided. However as with many short answers, there are more complex sides to this question. EHRs are extremely complex, and problems with them span all EHR functionality such as displaying results, allowing notes to be entered quickly and accurately, reconciling medications, and ordering many services other than medications, such as imaging and laboratory tests. EHR usability must be improved, they must better fit workflow, and be faster to use. So there is lots to improve, and these improvements are often more difficult than they seem. Improvements are undertaken by developers also taxed with complying with evolving incentive regulations and requirements such as ICD-10.

Some CPOE CDS does work well: most EHRs will alert the prescriber when ordering a drug to which the patient is allergic, provided the allergy is entered in the EHR. It was just this type of error that was dramatically reduced in an early, frequently cited study on benefits of CPOE.6 But take the example of ordering pioglitazone, in a patient with heart failure. How do we know from the EHR record that a patient has heart failure? We can use the electronic problem list, but despite encouragement for decades,16 problem lists were not used in most places, and they are often inaccurate.17 And so an alert to avoid pioglitazone may be misplaced.

Other CDS rules are too simple: drug–drug interaction alerts in commercial EHRs rarely consider patient age, renal function, or other basic information we would expect to be checked before stopping a clinician in mid-order to read an alert. The consequence is that clinicians override these alerts,18 ,19 occasionally missing a truly helpful alert as a result.20 Even checking orders for dose limit errors—a dose an order of magnitude too high, for example—is still uncommon. So there is lots to do, lots to improve, and the list lengthens daily.

This does not let us off the hook. EHRs won't improve unless we study them, collect data on what went wrong, and—importantly—resolve to use those data to make the EHR systems better. This work can’t be left to entirely to EHR vendors, and should occur in a framework to ensure that the most pressing issues are tackled first. An important lesson from this paper not called out by the authors is that these errors were described up to 12 years ago, but not leveraged for improvement of CPOE systems until now.

Despite findings of weaknesses in current EHR systems, this paper should not make us feel pessimistic, nor to lose hope that EHRs will make healthcare safer. We have the potential to do much more, and to move more rapidly to improve safety. We have learned from our experience of the last 5 years, in which use of CPOE has become widespread in our country, and now we have a platform on which to apply safety features that if wisely crafted could benefit far more people than was true a decade ago. So in this sense this paper represents a great opportunity for safety.

We need more such information about problems with CPOE, and when collected, we need more studies like this to learn all we can from them. Then we need to iteratively refine CPOE and EHRs until they achieve their promise.