Article Text

Download PDFPDF

Exploring the roots of unintended safety threats associated with the introduction of hospital ePrescribing systems and candidate avoidance and/or mitigation strategies: a qualitative study
  1. Hajar Mozaffar1,
  2. Kathrin M Cresswell2,
  3. Robin Williams3,
  4. David W Bates4,
  5. Aziz Sheikh2
  1. 1 Business School, University of Edinburgh, Edinburgh, UK
  2. 2 Centre for Medical informatics, Usher Institute of Population Health Sciences and Informatics, The University of Edinburgh, Edinburgh, UK
  3. 3 Institute for the Study of Science, Technology and Innovation, The University of Edinburgh, Edinburgh, UK
  4. 4 Brigham and Women's Hospital, Boston, Massachusetts, USA
  5. 5 Division of Community Health Sciences, University of Edinburgh, Edinburgh, UK
  1. Correspondence to Dr Hajar Mozaffar, Business School, University of Edinburgh, 29 Buccleuch Place, Edinburgh EH8 9JS, UK; h.mozaffar{at}, h.mozaffar{at}


Objective Hospital electronic prescribing (ePrescribing) systems offer a wide range of patient safety benefits. Like other hospital health information technology interventions, however, they may also introduce new areas of risk. Despite recent advances in identifying these risks, the development and use of ePrescribing systems is still leading to numerous unintended consequences, which may undermine improvement and threaten patient safety. These negative consequences need to be analysed in the design, implementation and use of these systems. We therefore aimed to understand the roots of these reported threats and identify candidate avoidance/mitigation strategies.

Methods We analysed a longitudinal, qualitative study of the implementation and adoption of ePrescribing systems in six English hospitals, each being conceptualised as a case study. Data included semistructured interviews, observations of implementation meetings and system use, and a collection of relevant documents. We analysed data first within and then across the case studies.

Results Our dataset included 214 interviews, 24 observations and 18 documents. We developed a taxonomy of factors underlying unintended safety threats in: (1) suboptimal system design, including lack of support for complex medication administration regimens, lack of effective integration between different systems, and lack of effective automated decision support tools; (2) inappropriate use of systems—in particular, too much reliance on the system and introduction of workarounds; and (3) suboptimal implementation strategies resulting from partial roll-outs/dual systems and lack of appropriate training. We have identified a number of system and organisational strategies that could potentially avoid or reduce these risks.

Conclusions Imperfections in the design, implementation and use of ePrescribing systems can give rise to unintended consequences, including safety threats. Hospitals and suppliers need to implement short- and long-term strategies in terms of the technology and organisation to minimise the unintended safety risks.

  • Decision support, computerized
  • Information technology
  • Patient safety

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.


The prescribing and administration of medicine is a complex process involving multiple healthcare professionals, often working across different locations and performing a wide range of medicine-related activities including initiating, monitoring, dispensing, administering, switching, stopping and discharge planning.1–3 These prescribing procedures can create potential patient safety threats through, for example, missed doses, late delivery of drugs, non-adherence to policies, and confusion between similar drug names.4–6 Electronic prescribing (ePrescribing) systems are increasingly being implemented in clinical settings in an attempt to reduce these risks and enhance patient safety.7–12 These have been defined as ‘The utilisation of electronic systems to facilitate and enhance the communication of a prescription or medicine order, aiding the choice, administration and supply of a medicine through knowledge and decision support, and providing a robust audit trail for the entire medicines use process’.13

While many safety benefits may exist, studies show that the adoption of new hospital health information technology (HIT) also involves many sociotechnical challenges,14 ,15 which can limit these benefits. In some instances, the introduction of a system can result in new types of error in drug prescribing and administration, such as selection of wrong drugs or doses.16–21 Such unintended consequences can be the result of inconsistencies in interfaces and data entry forms,22 suboptimal decision support tools,23 or clinicians' negligence in entering data or appropriately responding to alerts.23 ,24 A series of studies have highlighted various types of unintended consequence, among which generation of new kinds of errors that may negatively affect patient safety is of particular concern.25–27

While this previous work has been valuable, it does not yet provide a systematic analysis of the range of safety hazards in terms of the underpinning factors that gave rise to them (eg, safety hazard: administration of wrong drugs; underpinning factor: poor user interface design). To understand the roots of safety threats, detailed investigation is required of the interactions of HIT with its organisational setting15 ,28 ,29 through qualitative research strategies.9 ,15 ,20 ,28 ,30

Previous papers arising from the current investigation, which discussed various aspects of system design, implementation and use, including user engagement strategies,31 workarounds,32 integration and interfacing strategies,33 and partial implementation,34 ,35 had highlighted unintended outcomes, including potential risks as well as failures to achieve expected safety improvements. We therefore revisited the large body of ethnographic evidence generated from the cases to review the evidence for roots of reported unintended safety threats associated with the introduction of ePrescribing in design, implementation and use, in order to develop a taxonomy of these factors, and use these insights to shed light on possible risk mitigation strategies.


This study was part of a large prospective programme of work on the deployment of ePrescribing systems in hospitals in England. We undertook a series of longitudinal multi-site case studies36 ,37 to investigate procurement, implementation and adoption of ePrescribing systems in English hospitals. All data were transcribed, analysed and reported anonymously.

Ethics approval

This work was reviewed by the National Health Service (NHS) Health Research Authority National Research Ethics Service. We obtained institutional review board approval from The University of Edinburgh Research Ethics Committee.

Sampling and recruitment

For the purpose of the larger ePrescribing research programme, purposeful sampling38 ,39 was used to select six English case study hospitals that were either planning to implement or had recently implemented an ePrescribing system. We used criterion sampling40 to ensure that we covered systems developed in different countries (England and abroad). We selected sites that had implemented/were implementing a range of standalone applications (discrete systems that must be interfaced to connect to other HIT) and hospital-wide (integrated) packages. These were identified through a scoping study of the English ePrescribing market.41 This selection, which was undertaken for the purposes of the overall study, also helped us to investigate different dimensions causing unintended safety risks in systems with differing architectures.

Then, in each site, we conducted purposive and snowball sampling of individual participants,39 by contacting the director of pharmacy or chief pharmacist for HIT as the initial point of contact, to recruit a diverse range of stakeholders, including providers (eg, doctors, pharmacists and nurses) and implementation team members for interviews and observations. In this process, we recruited a maximum variation sample42 including a wide range of respondents encompassing varying levels of seniority, different professions and different viewpoints. This included clinical users (consultants, junior doctors, nurses, pharmacists and other health professionals), decision makers and managers (implementation teams, information technology specialists), technical support staff and system suppliers.

Data collection

We used a combination of methods to collect data from each study site (table 1, adapted from our earlier papers,32 ,34 summarises the data collection methods and sites).

Table 1

Summary of data collection sites

Semistructured interviews (with open-ended questions) were the main method of data collection. The interviews were conducted (by HM and KMC) between December 2011 and August 2015 (ranging from 15 min to 2 hours). The interview guides (see box 1 for a summary) were designed around topics surrounding organisational context and system, user expectations and experiences (positive and negative), implementation process and challenges, and perceived and actual changes to work practices. The guides were then tailored to the roles and organisations of individuals. We supplemented these with over 35 hours of observation of implementation meetings as well as following users as they used the system. In addition, we collected organisational documents, including project plans, risk logs and business cases, related to the interviews.

Box 1

Summary of interview guide

▸ Description of background, position, organisational context, and system

▸ Expectations from system

▸ Experiences of system in use

▸ Perceived benefits/trade-offs of using system

▸ Patient safety risks not eliminated by use of system

▸ Expectations from system supplier (developer)

▸ User–supplier relationships

▸ Implementation strategy and challenges

Data collection started before implementation for four sites. Additional data collection was repeated soon (a few days to 1 month) after the initial roll-out and then again 6–12 months after implementation. For ‘embedded’ sites (two hospitals that had implemented the systems before the beginning of our research, A and D), data collection was conducted twice with an approximately 2-year gap between the two data collection periods.

Data analysis

We used inductive and deductive analysis in this study. Initially, the lead researchers (HM, KMC) coded individual case study data using NVivo 10. The recurring codes formed categories and themes.40 ,43 We drew on the Biography of Artefacts framework44 ,45 and considered issues arising across the lifecycle of system design, implementation and use (the deductive component). Our earlier studies31–35 had highlighted how diverse problems arising in each of these phases could give rise to unintended consequences including safety threats. Unintended consequences were a recurrent theme; however, an overarching understanding of their character and causes was not yet available. We therefore determined to revisit our extensive database of ethnographic interviews. We purposefully explored the interviews to extract all available information about negative unintended consequences, their underlying factors, and possible mitigation/avoidance strategies. During this process, we also recorded emerging themes (the inductive component). Then we compared the emerging findings of each case with other cases in data analysis meetings (HM, KMC, RW) to form the final set of themes. This involved discussion of disconfirming evidence by the extended research team, to minimise the risk of researcher bias. The use of different methods allowed us to triangulate the emerging findings to produce a robust understanding of the results.46


We analysed 214 interviews (163 interviewees) and 24 observations (35 hours) and collected 18 documents. We identified different causes of safety threats and some of the unanticipated safety-related consequences resulting from the introduction of ePrescribing systems (table 2). We also highlighted some of the strategies used by adopters of these systems to avoid or reduce the effect of these risks.

Table 2

Taxonomy of roots of unintended safety threats associated with the introduction of ePrescribing systems

Origins of safety threats associated with the introduction of ePrescribing

New areas of potential safety risks became apparent as systems were adopted in hospitals. Our analysis highlighted the various circumstances that triggered these. We categorised these into three main underlying potential problems: (i) inadequacies in system design; (ii) inappropriate system use; and (iii) problems in implementation strategies and infrastructures. We explore these three areas in detail below.

Inadequacies in system design

Problems in system design such as lack of functionality, low performance, limited integration of the system, poor fit with hospital working practices, and problems in user interfaces resulted in concerns about new potential safety threats.

Concerns about lack of access to accurate timely information: In one case, we found that data on the system were not updated in real time, as it was accessed by different users in parallel—a doctor and a nurse could access a patient's record concurrently and perform conflicting actions which the system did not stop. This problem arose because of a shortcoming in the system design/architecture, which caused a threat to patient safety, as it meant that the information on one screen (ie, administration of drugs) was not the finally approved information. Such issues could lead to missed doses or duplicate orders.One safety issue […] was that the nurse had loaded up a patient, started doing a drug round and one of the other doctors cancelled a medication but the nurse hadn't refreshed her screen prior to administering it so she administered it when it was actually cancelled. […] it was only when I came onto my shift later that I found out what had happened but […] I think that's pretty dangerous generally but it's apparently the way it has to work. (Site K, Junior doctor, Post-implementation, Integrated)

It is important to note that this is not an easy problem to solve—preventing simultaneous access by providers to a patient record can similarly create problems and introduce delays, by preventing users who need access to the system from getting it.

Concerns about poor system performance: Participants expressed concerns about poor performance of the system, which they believed would slow down the prescribing and medicine administration processes. One example was that the users had to open a drop-down menu and look into the details of drugs (one by one) and only then were they able to select the drug. They then had to fill in the following fields one by one (eg, dosage, unit of measure), which was considered very time consuming compared with hand-written prescriptions of drugs.I'm very much looking at it as a clinician, I cannot afford to spend five minutes trying to prescribe a bag of fluid. I don't have time and I have too many patients to see, whereas they're obviously looking at it very much from a safety point of view. I want to be safe but I'm also aware that if I'm taking too much time to do stuff I'm not safe because I'm getting frustrated […] if I was just writing it I would just know in my head, write it down, done. (Site J, Consultant, Post-implementation, Integrated)

Arduous/slow operation procedures in turn could lead users to resort to shortcuts and workarounds,32 which could generate unintended safety risks. Sometimes, concerns that entering data into the system was time consuming would disrupt work routines and lead people to enter data in batches rather than real time, or delegate data entry to others. Systems that were slow or hard to use also diverted the time and attention of clinicians from other tasks.

Concerns about poorly designed user interfaces: Users expressed concerns about how poorly designed user interfaces and poor usability contributed to unsafe practices and, as a result, increased potential for human error.Things are being missed… because of the lack of sort of visual prompts. (Site J, Nurse, Implementation, Integrated)

Such issues were exacerbated when the design of the interfaces did not allow the various kinds of information in the system needed by particular health professionals at particular points in the care process to be easily accessed or captured in one screen. This required users to navigate between multiple screens. This increased scope for overlooking data or misremembering data dispersed across multiple screens, which were harder to scan than previous files of paper reports and could thus increase risks.You can see what people came in on with a bit of filtering but it's again not as intuitive as the paper model where you had the kind of, the admission meds on the back in one simple list. (Site J, Consultant, Post-implementation, Integrated)

In another instance, concerns were expressed that the poor interface led to a lack of clarity/transparency about when certain processes, such as discontinuation of medications, should take place.There's a challenge that from a pharmacist point of view that you might not know that drugs might get stopped unless you look at the discontinued or you look at the admin section, if you're only ever looking at the active drugs which I know some people probably don't think to look at all… and because it's not on a paper chart in front of you where it's crossed through you have to make sure you look for it really… (Site C, Clinical pharmacist, Post-implementation, Standalone)

Concerns about lack of support for complex medication administration regimens: Many users also highlighted that the systems are not well designed to support certain complex medication administration regimens. Such issues resulted in users adopting workarounds. For instance, in cases where the time for administering drug A depended on the time of administration of drug B, the system did not automatically calculate and update the time for drug A. This therefore had to be carried out manually by the person who had administered drug B.Another safety issue […] is around paediatric oncology where we've got timing of certain medicines. An example is with methotrexate they give the methotrexate and they have to start folic acid at a certain time after the methotrexate but when they prescribe the folic acid on ePrescribing they don't know what time the methotrexate is going to be started so they can't prescribe it with a certain time and they were finding that it wasn't happening and they haven't really found a good way to get around that. So the way they are getting round it at the moment is that the nurses have to be given prescribing rights for that drug so that they can add the time or amend the time when they know what time it needs to be given…. (Site C, Chief pharmacist, Post-implementation, Standalone)

Before the adoption of ePrescribing, user activities revolved around well-understood heuristics of complex medication administrations. The introduction of ePrescribing systems that did not offer full solutions for complex prescribing and administration called for a change in already existing arithmetic and drug administration activities, which could be time consuming and sometimes generated new risks.

Concerns about lack of effective integration between different systems: In addition, integration issues between different systems could potentially generate serious safety threats.33 Improper transfer of information between different systems or system modules could lead to a change in meaning of information, resulting in serious threats such as loss of data, misinterpretation, or differences in units of measure. This was a very immediate threat with non-integrated applications that needed interfacing to allow data transfer. One example reported concerned a lack of effective information transfer between ePrescribing and the accident and emergency (A&E) system.… currently there's no transfer of that information directly, it's like starting [to enter information] again… there's nothing actually prescribed electronically [in A&E] that you can see so you start a new inpatient encounter… you could prescribe a drug that someone has already had for example. That sort of interfacing is something which they are looking at… they have got some sort of solution to that. (Site D, Consultant, Post-implementation, Integrated)

Integration issues were even more complicated where patients were transferred between hospital units that had several unintegrated systems (including computer- and paper-based systems), which required patients' data to be manually passed on between them. We also observed similar issues in hospitals that had implemented two different systems for their general prescribing and specialty department prescribing (eg, chemotherapy), where users had to repeatedly enter the same medication in two systems, which could lead to error in data entry in multiple systems.

Concerns about lack of effective automated decision support tools: All studied ePrescribing systems provided suggestions and automated calculations for medication dosing, which were assumed by users to comply with prescribing standards and policies (based on predefined parameters). However, in some cases, the system could calculate doses based on particular parameters and generate a variety of suggested options, which users might be tempted to select without consideration, even when incorrect. Such cases, if not appropriately checked by health professionals, could result in serious patient harm.They're prescribing overdoses of paracetamol […] it does it by their weight, works it out according to their weight but then you can only ever give a maximum of a gram and they ended up having one thousand three hundred and something milligrams… (Site C, Clinical pharmacist, Post-implementation, Standalone)

Inappropriate use of system

Systems had the potential to be unsafe as the result of unanticipated user interactions with the system. This could occur through user behaviour flaws and system rules not preventing the flaws.

Concerns about incorrect data entry: This included entry of wrong data, selection of wrong options, or clicking incorrect check boxes. In some sites, users selected the wrong medication or wrong doses because of the similarity of names and presentations.So there was one where there was a protocol for acquired pneumonia that automatically prescribed I think either penicillin or clarithromycin. So I saw a couple of patients on my ward where the doctor wanted to prescribe clarithromycin so they typed in clarith but instead of choosing just clarithromycin they'd accidentally chosen the protocol one so that automatically adds in [other drugs] as well… (Site C, Clinical pharmacist, Post-implementation, Standalone)

Similar cases resulting from inappropriate interface design and user oversight were observed. For instance, we observed a case where doctors selected the correct medicine in the first instance, but unintentional rolling of the ‘scroll wheel’ on the mouse caused the selection to be unintentionally changed.

Concerns about alert fatigue: In order to increase patient safety, systems generated a large number of events, of various levels of significance, to highlight potential drug–drug interactions and allergies and reduce the number of inappropriate prescriptions in general. The consequent proliferation of alerts, many of which highlighted matters that did not have serious consequences, impaired the usability of the system, as the need to acknowledge these made it harder to complete tasks.47 In response, some users (at hospital or individual level) tended to create workarounds by switching off alerts or just clicking through them without reading them.A lot of alerts do get ignored because they come up every five seconds about things that are really irrelevant, clinically irrelevant […] people just click through them to get rid of them. (Site C, Clinical pharmacist, Implementation, Standalone)

This could have a negative impact on the safety of the system and lead to new risks such as duplicate prescriptions or overlooking of important drug–drug interactions.I think that's [ignoring alerts] probably what happened a lot of the time because you still see therapeutic duplicates prescribed, if they were paying attention that wouldn't happen. (Site C, Clinical pharmacist, Implementation, Standalone)

In essence, this issue had roots in design (ie, alerts popping up at inappropriate times), implementation (ie, which alerts are turned on or off) and inappropriate use (ie, ignoring them).

Concerns about too much reliance on the system: Various health professionals expressed concern that some clinical staff (younger physicians in particular) might rely on predefined values in the ePrescribing system to determine length of treatment, units of measure, or the usual doses. The displayed values in the system were, however, usually based on the pharmacy default setups, which might not be appropriate for particular patients.But I do find a lot more errors in drug doses and frequencies that are prescribed because where things have got an automatic dose or automatic frequency, quite often a doctor will say they want them… and it will automatically come up with a dose which is 40 mls a day, click OK and they won't actually double check that that's the dose that the patient should be on. (Site C, Clinical pharmacist, Post-implementation, Standalone)

In this way, there were concerns that health professionals might rely ‘too much’ on the system, without applying their working knowledge and experience, and ignore the possibility of errors and follow suboptimal prescribing practices.Well I think there will be safeguards; it will be very difficult, there will be at least a warning if you're going to prescribe a drug that someone's allergic to beforehand but I don't think there will be any safeguards for doctors being lazy. (Site K, Junior doctor, Pre-implementation, Integrated)

The negative result of this over-reliance on systems could be prescription of wrong doses or, in more extreme cases, prescription of wrong drugs or duplicate orders.

Concerns about introduction of workarounds: Workarounds (or locally initiated change of work practices) developed by users could sometimes increase potential for unintended safety threats. These workarounds were generally designed to overcome inadequacies in system design such as lack of integration or poor interface design. For instance, some users recorded patient medication data on paper and entered them into the system in batches. This occurred in both administration of medication by nurses and prescription of medicine by doctors. Another example was medicine reconciliation on admission, which was not being performed systematically, as the system had slowed down the work of pharmacy technicians who were no longer able to check patients' drugs on admission.We just write PODs [Patient's Own Drugs] now we don't write the number […] we used to physically write 38 pods so we knew exactly how many they had when they came in and then when they go home we had a rough idea of what they had because we used to record it on the actual drug chart but now we don't even record it on the drug chart. (Site K, Head pharmacy technician, Post-implementation, Integrated)

Concerns about changes in work organisation: Some clinicians (eg, pharmacists) raised concerns that reliance on the system would reduce bedside visits, which could lead to them being less informed about the effects of the medications they had prescribed.You can even do it without going up to the ward, you know, there's a danger that you'll end up doing that, because you can see the chart from our desk you'll sit and do it there… I think there was that risk that people might become a bit lax and stay at their desk and do it all quickly… (Site C, Pharmacist, Implementation, Standalone)

Furthermore, some clinicians, in particular consultants, delegated their work to others. Consultants may have delegated prescription to junior doctors previously—so this may simply carry forward an existing risky practice—although this would become more visible with computerisation. However, the practice could lead to delays in data entry, meaning that the data are no longer real time, leading to further safety risks.

Problems arising from implementation strategies and infrastructure

Concerns about partial roll-out/dual systems: Safety threats could also arise where difficulties experienced in system implementation and roll-out result in partial roll-outs or phased/delayed implementation. This could lead to new risks (over and above failure to achieve projected safety benefits because of late or partial implementation). This includes dual (paper and electronic) systems operating in parallel in different functions or different parts of the hospital.All outpatients are still paper and I think if patients go for certain procedures they might still use paper, ICU [Intensive Care Unit] still use paper but on my ward, yeah so all fluids are still on paper, any type of continuous infusion is on a paper. (Site C, Clinical pharmacist, Post-implementation, Standalone)

This could readily give rise to information-transfer problems, which could in turn lead to threats to patient safety.There's the continuing risk of having two systems in operation so the interface between having paper and electronic is always difficult. (Site J, Information and communication technology programme manager, Post-implementation, Integrated)

In addition, users were sometimes either continuing to use paper charts (after go-live), thus perpetuating the risks associated with dual systems as well as not making full use of functionalities. Individual non-use of systems arose in some cases simply because the user was not registered to log-on to the system. Furthermore, agency staff were occasionally found not to use the system, as they lacked training and confidence in its use and were not fully aware of the safety implications of non-use.…sometimes people use the paper charts as well […] I thought it was unsafe… particularly with agency staff who adopt sort of a I'm not very good I don't need to use this system […] anyone who is going to work at the hospital has to be able to use the system […] because it's a safety issue. (Site K, Junior doctor, Post-implementation, Integrated)

Concerns about lack of appropriate training: Lack of appropriate training was seen as potentially inhibiting effective and safe use of the system—particularly as the system was not intuitive to use.The training is so complex and the system is so unintuitive that I don't think it's the type of training that sort of persists in the memory. You really only learn it by using it and that's always a slight risk. (Site J, Consultant, Post-implementation, Integrated)

Difficulties in training were not only due to the complexity of the system, but also to organisational issues. There were potential risks during any transition period when ‘new users’ (eg, new recruits, junior doctors and agency staff) had to learn how to use the system and understand its peculiarities through day-to-day use.Considering we've a whole new batch of doctors starting next month […] there's again going to be a learning curve. (Site J, Nurse, Post-implementation, Integrated)

Concerns about system failure: Issues also arose from system failures or weaknesses in the wider information infrastructure. There were concerns that suitable alternative prescribing and drug administration procedures were not in place during system downtime. These could become more critical as the systems became more embedded and end-users became accustomed to, and reliant on, the system.There was an issue most recently, the whole [system] went down for two hours on a weekend which is just a catastrophe in a sense because you can't do anything, you can't administer any medicine. (Site K, Junior doctor, Post-implementation, Integrated)

Strategies to avoid/mitigate unintended safety threats

In order to avoid safety threats or mitigate their unintended consequences, we found a range of short- and long-term strategies adopted by hospitals. There were also calls for suppliers to redesign and improve parts of their systems to better respond to user needs. We have categorised these strategies into two main groups: technological and organisational (table 3).

Table 3

Strategies to overcome unintended safety threats

Technological strategies

System design enhancement: Improvement in software design was seen by the interviewees as an essential element for improving the safety of systems. The hospitals believed that the developers needed to be aware of the limitations of their technologies as well as the demands of the English market, and address safety risks and ways to mitigate them. In particular, they emphasised the need for more flexibility, better decision support tools, better integration and information transfer between ePrescribing and other HIT systems, better user-interface design, and improved functionalities around data entry/capturing, transaction, alerting and reporting.I would hope … that the system will become a little more user friendly and intuitive. In particular, just the discoverability of commonly used medications, so it shouldn't require me looking through 10 different options to select a drug … there should be some intelligence in the software to do that. (Site J, Nurse, Post-implementation, Integrated system)

Extension of system: Participants also mentioned that hospitals must have plans for short- to medium- and long-term optimisation of systems. These plans could include integration with primary care (long term), implementation and integration with further decision support tools (long term, particularly in standalone applications), and internal enhancement of reporting functionalities (short to medium term)… we're confident within the next six months to a year the GP [General Practitioners] prescribing system will feed into the secondary care ePrescribing system and there will be a feed back out as well. (Site E, Consultant, Pre-implementation, Standalone system)

Organisational strategies

Alert management: Hospitals adopted various strategies in dealing with alert fatigue. Some decided to turn off many of the alerts at the early stages to encourage user acceptance/system use (short term), with the hope that they could be revisited and turned on in future when necessary.No we've turned off the vast majority of our alerts. So we have, we've got alerts for a few things but very few things because you get alert fatigue and then actually people just don't look at them. (Site J, Consultant, Implementation, Integrated System)

In some cases, where users bypassed the alerts, the system was set to ask them for a reason. Participants believed this would lessen the possibility of alert ignorance. Participants also identified national/international ‘levels’ of alerts or risks as a way of providing better grounds for deciding which alerts need to be turned on or off (long term). Many hospitals did not have decision support teams in place. Such new organisational structures can be introduced in hospitals during and after implementation. The role of such a team would be to evaluate, and make decisions on, turning the alerts on/off.

Change of practices: HIT can introduce new work processes that offer scope to standardise or improve certain care routines. Thus, participants stated that work practices needed to be modified in order to use the system to its maximum capacity, which could lead to better patient safety outcomes.It's about change and it's about continuous improvement and doing what's right for the patient at the end of the day so if a new system provides a better way of working which is safer and is more beneficial to the end point of the patient bedside and it will be more efficient for the workers I don't see why we shouldn't do it. (Site K, Lead pharmacist for information technology, Pre-implementation, Integrated system)

This asserts the need for improvement of technology and organisation in tandem.35

Assessment of workarounds: Formal ongoing assessment of workarounds adopted by hospitals at both individual and organisational level (which we discussed in detail in an earlier publication)32 can mitigate new areas of risk and enhance culture of use. Some workarounds that were seen as essential to the effective use of the systems and had been assessed and determined not to generate additional risks were approved. Other workarounds were perceived as more problematic and not sanctioned.A workaround was brought up which was declined for governance reasons which I completely supported it wasn't the correct workaround… (Site J, Lead pharmacist for information technology, Implementation, Integrated system)

Analysis of incident reporting tools: Hospitals encouraged voluntary reporting of errors to identify their occurrences and find resolutions.… but any particular incidents will be reported as an incident through the [incident reporting] system and then they're automatically picked up by the medicines safety officer so he sees all incidents… And then they'll go to the meeting and be discussed and they'll look is it a one off, is there a training issue, is there a problem with the way the system is set up, can we make any adjustments to it or is it something that the company need to do? (Site C, Chief pharmacist, Post-implementation, Standalone System)

Such ongoing mechanisms are essential for collecting information that could be used to improve the system and the work processes around it28 ,48 ,49 over longer periods of system use. Software applications were deployed by some hospitals to systematically keep track of issues and concerns and to plan and act accordingly.

Training/user awareness: Finally, hospitals need to devote attention to improving individuals' performance by ‘communicating’ potential safety risks among adopters and providing ‘continuous’ training.49–51 This needs to be an ongoing strategy (both short and long term), which could be started from the early stages of planning and procurement and continued as an ongoing process after the system go-live.We know we have to do that [move to ePrescribing system] quite carefully and with the appropriate training and support… (Site C, Clinical effectiveness and medicine management, Pre-implementation, Standalone system)


Overview of findings

A range of unintended safety threats associated with the introduction of ePrescribing systems were reported by the participants of this study. They were rooted in inadequacies in design, use or implementation strategies (or a combination of the three). This is an instance of ‘the problem of many hands’52 in design and use of HIT systems: a problem arises because of the existence of multiple actors where it is difficult to hold any single actor responsible for these effects. We show that multiple organisations (including suppliers and adopters) need to take action to help mitigate the negative safety consequences of ePrescribing systems.

Enhancements in system design by suppliers, including improvement of existing functionalities, improvement of decision support and alerting tools, better interface designs, and enhanced integration and transferability of data between modules and systems, were seen as the key enablers of improved patient safety outcomes. Likewise, adopters also implemented strategies (short-term, long-term and ongoing) to mitigate the potential risks associated with unintended safety threats. The aim of these strategies was to improve the culture of use (ie, through training and user awareness, encouraging incident reporting, and change in work practices), enhancing system implementation strategies (ie, through better implementation planning and assessment of workarounds) and optimising systems (ie, through upgrades and system extension).

On this basis, we suggest initially that there is a need for hospitals to understand and communicate the safety benefits of ePrescribing as well as potential unintended consequences and safety threats. Communicating safety relates to encouraging uptake and proper use of systems, with their wide-ranging benefits, as well as augmenting awareness of new areas of possible risk (also known as ‘promoting safety’ in the wider patient safety context:28 explicitly recognising areas of risk). This should be followed by ongoing efforts to enable safety, which refers to mechanisms used to improve systems and their implementation and use.

Strengths and limitations

Our study has provided longitudinal insights into some of the most common causes of unintended safety risks associated with implementation and use of ePrescribing systems. It further highlights the strategies used by adopting organisations to minimise the potential risk of these safety threats. The in-depth multi-case study, which explored the interplay between technical, organisational and individual aspects of system implementation and use, allowed us to investigate the complex implications and interlinked areas of safety threats in design and use of these systems. Our purposeful sampling strategy, which led to inclusion of several hospitals using various types of system at different points of implementation and adoption phase, enabled us to reveal a wide range of origins of unintended safety threats. We have analysed a large longitudinal qualitative dataset drawing on perspectives of various actors around multiple international systems. The findings are therefore likely to be generalisable beyond England.

The limitation of the work is that the paper focuses on perceived risks. Further quantitative work is now required to evaluate the actual frequency and effects of these unintended threats to patient safety and professional practices. In addition, the findings of this paper come from analysis of six hospitals implementing ePrescribing systems. Additional studies encompassing a wider range of settings and HITs need to be carried out to validate (and expand) the findings around safety threats associated with introduction of HIT systems in hospital settings more generally.

Considering the findings in light of the existing literature

The literature shows that, besides the widely discussed benefits of using ePrescribing systems,53–55 there are also unintended safety risks involved in introducing such systems in healthcare settings.18 ,24 ,25 ,27 ,56–60 We propose that, despite the advances in this area, it is still important to understand the roots of these unintended threats to be able to address the existing and newly reported problems in the development and use of these systems. In this study we responded to the call for identification of the causes of possible new areas of risk, and their social–technical reasons, introduced by ePrescribing systems,9 ,15 ,28 with a particular focus on implementation in hospitals in England.

The literature points to inconsistencies in the behaviour of data entry controls, suboptimal screen layout,22 alert fatigue, insufficient decision support rules,23 lack of integration between different systems and modules,20 and clinicians' oversight24 as causes of new potential safety threats introduced by adoption of computerised physician order entry/clinical decision support systems. Our findings have contributed to a better understanding of the unintended safety threats in several ways. First, the literature has a focus on implementation and use of systems in the USA. Our study broadens this by showing that similar unintended risks occur in English settings (although some of the underlying causes are different because of the diversity of systems and greater reliance on overseas suppliers). Second, we distinguish between the safety threats and their associated causes and show that each underlying factor may result in one of several of the unanticipated negative safety outcomes. Third, we expand on the causes of safety threats by revealing issues such as low performance or misuse of defaults. Fourth, we categorise the causes into three groups: (1) inadequacies in system design; (2) inappropriate system use; and (3) problems arising from implementation strategies. Finally, we have identified the various short- and longer-term strategies used by adopting hospitals to overcome and/or reduce the negative effect of these safety threats. Through this wider lens (ie, identification of safety threats, explanation of why they occur, and identifying the risk mitigation strategies) we show possible ways to minimise the occurrence, or negative effects, of some of these problems (some in the short term and others over a longer term). The strategies used by adopting hospitals point to the need for a ‘positive safety culture’17 or ‘practitioners needing to do the right thing’28 whereby care providers report and learn from unintended safety threats. Our study has provided important data on the difficulties associated with inappropriate use, inadequate design and problematic implementation strategies. We have shown that, in order to achieve better patient safety outcomes, hospitals need to take the opportunity to enhance the design of applications,55 ,61–63 increase end-user use-efficiency and perceptions of effectiveness, and improve the implementation process. This shows that the findings associated with inappropriate use of electronic health record systems16 ,64 are also valid for the use of ePrescribing systems. This confirms the findings of our earlier study that, to achieve patient safety while using complex technologies, it is necessary to address the evolution of user organisations and technologies in tandem.35 While recent studies confirm this by explaining the roles of power and politics in enhancing patient safety,28 ,48 we take this one step further to explain the ongoing short- and long-term strategies that need to be adopted by adopters and suppliers (including developers and implementers) of health technologies.

To achieve patient safety while using complex technologies, we need to go beyond technical issues and consider strategies that can be used by adopters, implementers and suppliers of health technologies. The multiplicity of causes of safety risks, the diverse nature of problems (technical and non-technical), and the complexity of practices (pressures, resource issues, clinical uncertainties, etc) in the health sector mandates this act of understanding the possible (and new) safety threats and finding solutions by internal and external actors. Work has been carried out to provide guidelines for best practices in how to create medication orders on electronic systems to minimise risk.65 These guidelines can be used by suppliers of international HITs to offer systems that are less prone to patient safety risks. Our work, however, identifies technological and organisational strategies that could be adopted by hospitals to avoid/mitigate risk.

Implications for policy, practice and future research

This work has several implications for policymakers and practitioners. On the one hand, suppliers of ePrescribing systems need to raise awareness of the safety limitations of their products and, by focusing on the causes of safety threats, address weaknesses in system design. On the other hand, adopters need to pay particular attention to improving the culture of use by organising appropriate staff training and engagement, and also by assessing the processes offered by the systems and redesigning work practices where systems' processes are more advantageous. The implementers should also perform continuous monitoring and evaluation of the implementation process and identify possible needs for change in terms of the implementation strategies, system design and user engagement. For instance, parallel running of paper and electronic systems should be minimised, where possible, to avoid the risk of multiple data entry/retrieval sources.

We also highlight that carrying out these solutions is not straightforward and involves a range of trade-offs. In terms of system design, while some systems (in particular integrated applications) offer enhanced system functionalities (eg, better decision support tools and seamless transfer of data between different modules), they may also have several drawbacks such as higher costs, more complicated implementation procedures, and limited potential for adaptation to particular practices of user organisations. Furthermore, there is a trade-off between being an early adopter of a less mature system and waiting to implement a more mature system (ie, postponing system adoption until a better system is available on the market). Although postponing system adoption could lead to implementation of a system with better functionalities, it also means later achievement of many of the potential benefits of ePrescribing systems. Furthermore, being an early adopter could create opportunities to influence the design of a system when it is new on the market and potentially more open to change. In terms of improving culture of use and individuals’ performance, users may need to be removed from their daily routines to attend training sessions. This may be particularly problematic in the case of agency workers and temporary staff. Although there are possibilities for improving implementation strategies, some of the proposed changes are complicated.


This study builds on previous work on possible negative unintended safety consequences of introducing ePrescribing systems and develops a taxonomy of their underlying roots in system design, implementation and use. Short- and long-term technological and organisational strategies need to be developed and implemented by both adopting hospitals and suppliers of the systems. Essential to this is promoting safety, in order to better anticipate potentially adverse consequences, and enabling safety, in order to potentially minimise their risks.


We gratefully acknowledge the input from our Independent Programme Steering Committee, which is chaired by Prof Denis Protti and has Prof Sir Munir Pirmohamed, Prof Bryony Dean Franklin, Ms Eva Leach, Ms Rosemary Humphreys, and Ms Ailsa Donnelly as members. We also gratefully acknowledge the input of Rosemary Porteous (RP), who transcribed the discussions. Members of the Programme Team are: Dr Ann Robertson, Prof Jill Schofield, Prof Jamie Coleman, Ms Ann Slee, Prof David Bates, Dr Zoe Morrison, Mr Alan Girling, Mr Antony Chuter, Dr Laurence Blake, Prof Anthony Avery, Prof Richard Lilford, Dr Sarah Slight, Ms Sonal Shah, Ms Ndeshi Salema, Mr Sam Watson, and Dr Lucy McCloughan.



  • Contributors AS and RW conceived the study. HM and KMC performed the data collection. HM led the data analysis and wrote the paper. HM, KMC and RW performed further data analysis. All authors critically commented on the paper. All authors read and approved the final manuscript.

  • Funding This article has drawn on a programme of independent research funded by the National Institute for Health Research (NIHR) under its Programme Grants for Applied Research scheme (RP-PG-1209-10099). The views expressed are those of the authors and not necessarily those of the NHS, the NIHR or the Department of Health. AS is supported by the Farr Institute.

  • Competing interests None declared.

  • Ethics approval The University of Edinburgh's Research Ethics Committee.

  • Provenance and peer review Not commissioned; externally peer reviewed.