In this digital age, health software is becoming increasingly important for the delivery of healthcare. Unlike medical devices, unregulated software has not had the benefit of tried-and-true standards to help promote patient safety and health. Now, the Association for the Advancement of Medical Instrumentation (AAMI) has released the provisional standard HIT 1000-4, Application of Human Factors Engineering. It’s the latest in a suite of provisional standards designed not only for health software developers, but also for vendors, healthcare delivery organizations, end-users, and everyone in-between.

“Standards for medical device software already exist, but these are focused on compliance with medical device regulations. Much of health software in the U.S. does not fall under those regulations and much of that software is modified by the users when it is incorporated into their larger health IT systems,” says Joe Lewelling, senior advisor on content and strategy at AAMI. “What makes this whole suite of provisional standards different is that we’re acknowledging that the end users, especially in a clinical setting, have an important role to play.”

“For medical devices, the standards tend to focus mostly on what manufacturers need to do to create a safe product. By comparison, software is more complicated,” added Neil Gardner, a health IT consultant who was instrumental in creating the suite. “Because of the degree to which software is customizable and integrated into health IT systems at a local level, we really had to look at the full life cycle of health IT software and systems and address these new standards to all the various players that need to be involved to ensure the health IT solutions being implemented are safe and effective.”

The first of the suite, HIT 1000-1, Fundamental concepts, principles, and requirements, debuted as a provisional American national standard in 2018. It outlines the need for standardized quality systems, risk management, and usability in the largely unguided wild west that is software development.

“As someone who works in information technologies for a hospital system, I can’t say ‘show me the IT safety standards.’ There aren’t any,” says David Classen, MD, co-chair of the AAMI Health IT Committee. “For the most part, we are really creating these standards from the ground up.”

HIT 1000-3, which debuted in late 2019, focuses on risk management. The risks that come with improperly curated medical records are crucial for developers to understand; while those who implement, use, and modify the software need to know the best routes for mitigating risk. The new HIT 1000-4 touches on a complimentary side of this ecosystem. It outlines how a software’s developers and the parties installing it should work closely with end users, such as clinicians, to ensure the products are easy to use and understand. This is important because risk management practices only work if a product is implemented and used correctly.

The authors emphasize that there is no “one size fits all” for health IT systems. Digital medical records help aggregate and organize patient history. Other programs may be used to network the constantly changing collection of medical devices in a hospital. Trouble arises when the expectations of health professionals do not align with the know-how of developers or even the IT staff integrating the system. Additionally, when a program needs to be modified to meet new needs, developers are often involved only after a problem arises.

“Imagine if an airline decided to modify the programming of a Boeing 747, and never once worked with Boeing engineers to do so,” says Classen. “It’s inconceivable! And yet, for medical software, this happens all the time.”

HIT 1000-4 helps to remedy this by assigning responsibility throughout a program’s life cycle. During the development stage, business owners, users, and implementers are expected to work together to outline expectations for the software. Similarly, when an acquired program is being added into a system, the professionals integrating it are expected to communicate with users and developers. Even during the end of an obsolete program’s life cycle, business owners, IT staff, and users are expected to be equally aware of the hazards that come with decommissioning the software.

“Human factors—the way that clinicians and patients use and potentially misuse software—is an aspect of health information technology that U.S. authorities are particularly interested in,” adds Lewelling.

He explained that the end-goal is for HIT 1000-4 and its sister documents to serve as foundations to build more comprehensive standards on an international stage. Gardner, who served for more than 25 years in a provincial Ministry of Health in Canada, is looking forward to this future.

“Just like medical device providers, health IT systems providers are becoming international in scope,” Gardner says. “If we can move to more consistent standards across the world, we’ll all be able to more effectively learn from one another to make these products and their implementations as safe and effective as possible.”