Characteristics of health IT outage and suggested risk management strategies: An analysis of historical incident reports in China

• Healthcare has become increasingly dependent on using information technologies.
• Unexpected downtime of health IT could result in catastrophic consequences.
• Public outage reports available on the internet can be a valuable source of data.
• Risk assessments and institutionalization of contingency plans are essential.
• There is a critical need for establishing a systematic outage reporting mechanism.

BackgroundThe healthcare industry has become increasingly dependent on using information technology (IT) to manage its daily operations. Unexpected downtime of health IT systems could therefore wreak havoc and result in catastrophic consequences. Little is known, however, regarding the nature of failures of health IT.ObjectiveTo analyze historical health IT outage incidents as a means to better understand health IT vulnerabilities and inform more effective prevention and emergency response strategies.MethodsWe studied news articles and incident reports publicly available on the internet describing health IT outage events that occurred in China. The data were qualitatively analyzed using a deductive grounded theory approach based on a synthesized IT risk model developed in the domain of information systems.ResultsA total of 116 distinct health IT incidents were identified. A majority of them (69.8%) occurred in the morning; over 50% caused disruptions to the patient registration and payment collection functions of the affected healthcare facilities. The outpatient practices in tertiary hospitals seem to be particularly vulnerable to IT failures. Software defects and overcapacity issues, followed by malfunctioning hardware, were among the principal causes.ConclusionsUnexpected health IT downtime occurs more and more often with the widespread adoption of electronic systems in healthcare. Risk identification and risk assessments are essential steps to developing preventive measures. Equally important is institutionalization of contingency plans as our data show that not all failures of health IT can be predicted and thus effectively prevented. The results of this study also suggest significant future work is needed to systematize the reporting of health IT outage incidents in order to promote transparency and accountability.