Health IT needs checklists too

Checklists. (Picture from the CDC.)

"We'd still like to see increasing maturity of data security function -- from a checklist compliance approach to an organization-wide risk management approach," said Lisa Gallagher, senior director of privacy and security for HIMSS.

Amen to that.

I have been following checklists in health care off-and-on for a few years now, and the idea is so simple -- and so easy to implement -- that it's amazing anyone resists.

Peter Pronovost, the MacArthur Genius who first brought the idea to the fore, found that doctors resisted using a checklist for reasons of control and because they thought they didn't need them. Data proved otherwise, and hospitals that use checklists for infection control have dropped their infection rates sharply.

Could the same thing work in health IT?

It probably could, but it will take coordination between vendors and customers. Vendors should create checklists, use them in training, take feedback, post them in user group settings, and refine them steadily with user input.

HIMSS says a simple health IT data breach can cost a practice $1.5 million, just from fines. The report says 84% of breaches since 2003 have been down to "low tech" problems like lost laptops, lost back-ups, and improperly-disposed of documents.

These are precisely the kinds of problems checklists are designed to uncover and prevent. Yes, it seems pedantic, time-consuming, a pain. But if you expect the guy or gal flying you to Cleveland to use one, why don't you?