← Back to Insights
October 31, 2023
Download PDF 
David Burda
Economics Outcomes System Dynamics

Burda on Healthcare: Dead Patient Walking

Butch Cassidy:   “What’s the matter with you?

Sundance Kid:   “I can’t swim!

Butch Cassidy:   “Are you crazy? The fall will probably kill ’ya.

—From Butch Cassidy and the Sundance Kid

There was a time when all patients had to worry about was getting the wrong drug, having the wrong organ removed or contracting a deadly infection. Today, patients have to survive a gauntlet of lethal risks even before they sit on an exam table, take a ride on a gurney or lay down in a hospital bed.

Let’s run through these potentially deadly risks and see if we make it to the end of this column alive.

Supply Chain Shortages

ECRI, the Pennsylvania-based patient safety organization, and its affiliate, the Institute for Safe Medication Practices, released a five-page report on Oct. 13 on how supply chain shortages are affecting patient care. The report is based on an ECRI/ISMP survey of pharmacists, pharmacy techs, procurement specialists, physicians and nurses — all working at hospitals.

Sixty percent of the respondents said that 20 or more prescription drugs, single-use supplies or pieces of durable medical equipment were in short supply at their hospital during the previous six months before the survey, which ECRI/ISMP conducted in July. How did the shortages compromise patient care?

  • 49% said the shortages delayed patient treatment.
  • 32% said they treated patients but not with the recommended drug or treatment for a patient’s medical condition.
  • 24% said a drug, device or supply shortage led to at least one medical or medication error.
  • 21% said a drug shortage caused them to prescribe a less effective drug.
  • 5% said a drug, device or supply shortage led to an adverse patient outcome like an infection.

“Survey respondents conveyed a real sense of crisis, frustration and anger associated with the ongoing depletion of resources and threats to patient safety that these shortages impose,” the report said.

Just think how patients feel.

Ransomware Attacks

Three researchers from the School of Public Health at the University of Minnesota published a 34-page research paper on the Social Science Research Network on Oct. 4 on how ransomware attacks affect both hospitals and hospital patients. They mashed up data on 74 ransomware attacks on 163 hospitals from 2016 through 2021 with data from Medicare fee-for-service claims from those hospitals.

Here’s what they found:

  • Patient emergency room, inpatient and outpatient volume dropped 17% to 25%, depending on the setting, immediately after a ransomware attack.
  • Patient revenue dropped 19% to 41% immediately after a ransomware attack.
  • The inpatient mortality rate increased by about 21% for patients who were in the hospital at the time of a ransomware attack compared with patients in a hospital not hit by an attack.
  • A ransomware attack did not affect 30-day mortality rates or 30-day readmission rates.

“Ransomware attacks increase the likelihood of in-hospital mortality for patients already admitted on the date of attack discovery. The magnitude of this mortality effect was large, but comparable to effects observed in other examples of capacity strain, such as nursing strikes,” the researchers said.

Further and even more disturbing: “Mortality effects are most pronounced for patients at hospitals experiencing the most severe ransomware attacks and for patients of color. The latter finding is consistent with emerging literature showing that underserved patient populations bear the brunt of the negative consequences when health care providers experience capacity strain.”

As if patients of color didn’t have enough problems with the healthcare system.

Also, bonus creative points to the researchers for calling their paper: “Hacked to Pieces? The Effects of Ransomware Attacks on Hospitals and Patients.” Cleaver. I mean, clever!

Poor EHR System Useability

Researchers from the University of Utah, UC San Diego Health, UCSF, Brigham and Women’s Hospital and Harvard looked at the correlation between electronic health record (EHR) system useability and a hospital’s performance on health IT safety measures. The study pool included 112 hospitals and nearly 6,000 frontline physicians who used the EHR systems at those hospitals. The researchers surveyed those physicians on eight EHR useability measures and compared the results with how well the hospitals scored on 10 health IT drug safety measures.

Here’s what they found:

  • The average score on the drug safety measures was 0.673 on a scale of 0 (worst) to 1 (best).
  • The average score on the EHR useability measures was 3.377 on a scale of 1 (best) to 5 (worst).
  • When useability scores were higher, so were drug safety scores.
  • When useability scores were lower, so were drug safety scores.

“We found a positive association between the safety performance of EHRs using an objective, nationally endorsed standard and frontline users’ perceptions of EHR useability and experience,” the researchers concluded in their study, published Sept. 11 in JAMA Network Open.

Further: “Both health systems and vendors need to consider useability not only as critical for the frontline users, but also as a critical safety issue in the design, development, implementation, and maintenance of these complex EHR systems.”

Instead of asking doctors where they went to medical school, we should ask them if they like their EHR systems.

Cybersecurity Attacks

A cybersecurity compliance company called Proofpoint teamed up with the Ponemon Institute, an IT security research firm, and published a 59-page report on Oct. 11 called Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023. The report is based on a survey of 653 healthcare IT and security practitioners.

Eighty-eight percent of the respondents said their organization was hit with a cybersecurity attack in the past 12 months with the four most common attacks being: cloud compromise, ransomware (see above), supply chain (see above) and business email compromise.

Of those victimized by the four most common attacks:

  • 66% of the respondents said the attacks disrupted patient care.
  • 57% of the respondents said the attacks delayed procedures and tests, resulting in poor patient outcomes.
  • 50% of the respondents said the attacks increased medical procedure complications.
  • 23% of the respondents said the attacks increased patient mortality rates.

“We found that the four types of analyzed attacks show a direct negative impact on patient safety and wellbeing,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a press release.

There’s that word “mortality” again. It means what you think it means.

Prior Authorization Delays

The American Medical Association (AMA), whose members generally don’t like health insurance companies, on March 13, released the results of its 2022 AMA Prior Authorization (PA) Physician Survey. The survey, which the AMA administered in December 2022, asked a representative sample of 1,001 practicing physicians, about how they felt about needing PA from health insurers before they could treat their patients. Sixty percent of the respondents were medical specialists and 40% were primary care physicians.

Here’s what they had to say about PA and patient care:

  • 56% said PA “always” or “often” delayed a patient’s access to necessary care.
  • 28% said PA “always” or “often” resulted in a patient abandoning a recommended course of treatment.
  • 25% said PA led to the hospitalization of a patient (see everything above).
  • 19% said PA required an intervention to prevent permanent impairment or harm to a patient.
  • 9% said PA led to a patient disability, permanent bodily damage, congenital anomaly/birth defect or death.

“Health plans continue to inappropriately impose bureaucratic prior authorization policies that conflict with evidence-based clinical practices, waste vital resources, jeopardize quality care and harm patients,” said AMA President Jack Resneck Jr., M.D., said in a press release.

Death means what you think it means, too.

What Patients Can Do to Protect Themselves

Supply chain shortages. Ransomware attacks. Clunky EHRs. Cybersecurity attacks. Prior authorization delays. And that’s all before you fall out of bed, feel a used sponge in your abdomen or get C. diff.

What can patients do to protect themselves? Given that all five of the operational risks are outside of patients’ control, probably nothing. These are all system problems that incumbent healthcare industry segments and organizations are failing to address.

The only thing you can do is stay healthy or as healthy as possible.

Thanks for reading.

About the Author

David Burda

David Burda began covering healthcare in 1983 and hasn’t stopped since. Dave writes this monthly column “Burda on Healthcare,” contributes weekly blog posts, manages our weekly newsletter 4sight Friday, and hosts our weekly Roundup podcast. Dave believes that healthcare is a business like any other business, and customers — patients — are king. If you do what’s right for patients, good business results will follow.

Dave’s personnel experiences with the healthcare system both as a patient and family caregiver have shaped his point of view. It’s also been shaped by covering the industry for 40 years as a reporter and editor. He worked at Modern Healthcare for 25 years, the last 11 as editor.

Prior to Modern Healthcare, he did stints at the American Medical Record Association (now AHIMA) and the American Hospital Association. After Modern Healthcare, he wrote a monthly column for Twin Cities Business explaining healthcare trends to a business audience, and he developed and executed content marketing plans for leading healthcare corporations as the editorial director for healthcare strategies at MSP Communications.

When he’s not reading and writing about healthcare, Dave spends his time riding the trails of DuPage County, IL, on his bike, tending his vegetable garden and daydreaming about being a lobster fisherman in Maine. He lives in Wheaton, IL, with his lovely wife of 40 years and his three children, none of whom want to be journalists or lobster fishermen.

Recent Posts

How Healthcare Revolutionaries Think: 10 Questions with Matt Marek
Welcome to the latest installment of 4sight Health’s series, How Healthcare Revolutionaries Think. Our interview series profiles healthcare… Read More
By May 21, 2024
Cashing in on DIY Health Risk Assessments?
My mom is 85, and she still lives alone in the same house that me and my sister… Read More
By May 15, 2024
A Relatively Short Anecdote About Patient Leakage
Healthcare has more industry jargon than most. One of my least favorite terms is “patient leakage.” That occurs… Read More
By May 8, 2024