School of Population Health

The safety of e-health

The risks which e-health may pose to patient safety are widely acknowledged but largely unexplored. Little evidence has been published about the causes of harm or its consequences for service delivery and patient outcomes. Our program monitors e-health safety using reports of critical incidents and automated methods for surveillance of IT systems. We are also investigating models for the safety governance of e-health.

Incident detection

The systematic analysis of incidents is well-established medical practice. Incidents can trigger root- cause analyses in health services, or provide early warnings of unexpected drug reactions or infectious outbreaks. Our research extends these methods to incidents associated with e‑health (i.e. patient harm due to a software error or difficulty in using software), and we are pioneering this approach internationally. The goals of this project are to:

  • detect IT incidents
  • develop a robust classification for IT incidents
  • use this to track the evolving causes of IT-related harm in Australia
  • promulgate the classification internationally.

We are currently working with state health departments in New South Wales and South Australia. We plan to extend our work to the other states and territories to track IT incidents in hospitals nationwide. For general practice, we have developed a new incident-monitoring system called TechWatch which was deployed to general practitioners across Australia in 2012. Incidents can be reported to TechWatch either online or over the phone to trained operators.

Incident classification

Since 2009 we have analysed 1,385 IT incidents in Australia, the United States and the United Kingdom. The methods our research has generated have become the de facto international standard to detect and classify e-health incidents. By mid-2013 our classification had been used to examine 4,883 incidents, including by governments in the US and UK. In 2012 the Pennsylvania Patient Safety Authority used our classification system to examine one of the largest repositories of incidents in the US, and issued a Patient Safety Advisory in December 2012 with specific recommendations for the procurement, implementation and use of IT systems. At the same time the ECRI Institute, a US federal patient safety organisation, used our classification to undertake an in-depth analysis of incidents nationally (called a Deep Dive™). In the UK our classification system has been adopted by the National Health Service in Wales and we are currently working with the Health and Social Care Information Centre in England to examine incidents from one of the largest civilian IT programs ever undertaken worldwide.

Automated identification of incident reports

Ten percent of admissions to Australian acute-care hospitals are associated with harm to patients (adverse events). The reporting of incidents (near misses and adverse events) by health professionals is now well established and the rate of reporting continues to increase. Current methods, which rely on retrospective manual review of incident reports, do not permit timely detection of safety problems and can no longer keep up with this growing volume of data. In New South Wales alone, more than 120,000 patient-safety incidents were reported in 2009.  We are evaluating text classification methods to capture incident reports automatically by type and risk rating. The goal is to track ten types of patient-safety problems nationally working with St Vincent’s Hospital, Sydney, the NSW Clinical Excellence Commission and South Australia Health. Working with the Australian Commission on Safety and Quality in Health Care (ACSQHC) we have shown that text classifiers based on simple machine-learning techniques such as naïve Bayes and support vector machines can be effective in automatically identifying incidents in two priority areas – clinical handover and patient identification. More recently we have shown the feasibility of using this technique to identify IT incidents.

Automated surveillance of IT systems

Currently, most safety problems are detected when health professionals report incidents.

Since they are not expert in technology, many software problems either go undetected, or are detected only after an adverse event. Moreover, clinical IT systems are made up of multiple disparate components which interact to produce new emergent behaviours that only become evident after they are deployed in the real world. Based on syndromic surveillance methods used for the early detection of disease outbreaks, our research monitors IT systems in real time to detect early any software and user generated errors in clinical information that might lead to an adverse event. The goal is to develop a surveillance framework for the early detection of e-health-related adverse events, so as to minimise risks to patient safety. Specifically, the research aims to develop:

  • fault-detection methodologies to facilitate automated detection of e-health-related adverse events in real time
  • intelligent predictive models to forecast potential future e-health-related adverse events.

E-health safety governance

Historically e-health or clinical software systems have not been subject to regulation – unlike software embedded in medical devices (an ECG system, for example). Moreover, little evidence is available to shape regulations and governance strategies for e-health. The goals of this research are to investigate models for the governance of e-health.

Most recently we led, with colleagues from the UK, the US and Europe, a comparative review of the safety governance for e-health in six countries – Australia, the US, England, Canada, Denmark and The Netherlands. The review examined a broad range of national initiatives including guidelines, standards, certification, regulation and incident monitoring, and found significant gaps in the safety governance of e-health. We are currently working with the Australian Commission on Safety and Quality in Health Care to review the international evidence about the monitoring of, and response to, clinical incidents associated with e-health.

Project Members
image - 1350448792 Farah Magrabi
Associate Professor Farah Magrabi
Short-Term Employee
image - Img 0587
Professor Enrico Coiera
Visiting Professor
Head, WHO Collaborating Centre on eHealth
Ph +61 2 9065 9898
Project Collaborators: External

Professor Bill Runciman
Australian Patient Safety Foundation ( and the University of South Australia

Professor Michael Kidd
Flinders University, Australian Patient Safety Foundation, Australian Commission on Safety & Quality in Healthcare, St Vincent's Hospital, NSW Clinical Excellence Commission, UK Health & Social Care Information Centre