Eduovisual
Patient Safety & Systems-Based Practice
Electronic health record safety: alert fatigue and workarounds
— Sentinel event review reveals a critical alert was fired but overridden
— Repeated near-misses with same medication or order set
— Documentation conflicts (copy-pasted exam from prior admission no longer matches patient)
— Wrong-patient orders ("juxtaposition errors" from multiple charts open)
— Delayed action on critical labs because results buried in inbox
— Transitions of care (admission, discharge, handoff)
— High-volume order entry (ED, OR, ICU)
— Verbal/telephone orders entered by proxy
— After-hours coverage with unfamiliar patients
Board pearl: Alert fatigue is a systems-based practice failure, not an individual clinician deficiency — Step 3 expects you to identify the system fix (alert tiering, specificity tuning, hard-stop calibration), not blame the prescriber. The Joint Commission lists CDS optimization as a National Patient Safety Goal priority for medication safety.
— Warfarin + TMP-SMX interaction alert overridden → INR 9, GI bleed
— Penicillin allergy alert overridden without allergy reconciliation → anaphylaxis
— Renal dose adjustment alert dismissed → AKI from gabapentin or enoxaparin
— Physical exam states "no murmur" copied across 8 days, but new aortic stenosis missed
— Problem list carries "DVT" indefinitely; patient continued on anticoagulation 2 years later
— Allergy "amoxicillin – rash as infant" never updated; appropriate antibiotics withheld lifelong
— Two charts open in adjacent tabs; potassium ordered on wrong MRN
— Mitigation: patient verification ("retract-and-reorder") tools, forcing functions requiring re-entry of patient identifiers
— Nurse scans a printed barcode taped to the workstation instead of the patient's wristband (defeats BCMA safety)
— Resident uses attending's login because their own access is restricted (defeats audit trail)
— Pharmacist enters verbal order "per protocol" without prescriber co-signature
— How many charts were open simultaneously?
— Was the alert interruptive (modal) or passive (banner)?
— Did the clinician read the alert text or click through reflexively?
— Was there a recent EHR update changing alert thresholds?
— Time of event (handoff, night shift, high census)?
Key distinction: A workaround reflects a usability problem (the system is harder than the safe path); a violation reflects intent to bypass safety. Step 3 favors redesign over discipline — fix the workflow that made the workaround rational.
— Sticky notes with passwords on monitors (credential workaround)
— Printed patient lists with handwritten orders (parallel paper system)
— Multiple browser tabs/charts open (wrong-patient risk)
— Workstation in high-traffic corridor (interruption-driven errors)
— Time-to-dismiss <2 seconds = "click-through" behavior, alert not read
— Override reason field auto-filled with "see note" or single character (poor specificity)
— Same clinician overrides same alert >5×/shift (alert no longer functioning as designed)
— Note signed at 03:14 contains exam findings from 14:00 prior day (copy-forward)
— Identical assessment paragraph across 6 consecutive notes (template inertia)
— Medication reconciliation completed in <30 seconds across 12-drug regimen (rubber-stamp)
— Use of free-text orders bypassing structured order sets
— Verbal orders entered hours after administration
— "Standing" PRN orders without indication
— Chart access patterns inconsistent with care relationship → privacy breach risk
— High volume of after-hours orders by single clinician → fatigue/coverage gap
— Repeated retract-and-reorder events on same patient → wrong-patient near-misses
Step 3 management: When a sentinel event involves EHR use, the immediate response is preserve audit logs, sequester the affected workstation configuration, and convene an RCA within 45 days (Joint Commission standard). Do not "discipline first" — the data trail is the evidence base.
— Alert override rate: Total overrides ÷ total alerts fired. Benchmark: drug-drug alerts >90% override = signal of poor specificity.
— Alert burden: Alerts per clinician per shift. >40/shift in primary care or >100 in ICU correlates with fatigue.
— Time-to-dismiss median: <3 seconds suggests reflexive dismissal without cognitive engagement.
— Override reason distribution: High proportion of "other" or blank reasons = low CDS value.
— Repeat-alert rate: Same alert firing >3× for same patient-clinician dyad = failed alert design.
— BCMA scan compliance (target >95%); low compliance flags barcode workarounds
— Copy-paste rate in notes (some EHRs flag; >50% copied content is problematic)
— Verbal order rate (target <10% of orders outside codes/sterile procedures)
— Shared login detection via concurrent session analytics
— Contextual inquiry / shadowing — observe 4–8 hour clinician sessions
— Focus groups with end users to surface unreported workarounds
— Voluntary event reporting (e.g., RL Solutions, Datix) — but underreports by 10–100×
— FMEA (Failure Mode and Effects Analysis) for proposed CDS before deployment
— Trigger tools (e.g., IHI Global Trigger Tool) flag charts for adverse drug events
— Pharmacy intervention logs identify recurring near-misses
— AHRQ Common Formats for patient safety organizations (PSOs)
— FDA MedWatch if device/software defect suspected
— ONC SAFER guides for self-assessment of EHR safety
Board pearl: A high alert override rate alone is not diagnostic of fatigue — it may reflect appropriately specific alerts firing rarely with high override. Pair override rate with positive predictive value of the alert (how often the override caused harm vs. how often it prevented harm).
— Heuristic evaluation: usability experts score interface against Nielsen's 10 principles
— Cognitive walkthrough: simulate a novice user completing a critical task (e.g., heparin order)
— Eye-tracking studies: quantify whether alert text is fixated on or skipped
— Think-aloud protocols: clinicians verbalize reasoning during simulated tasks
— Pre-deployment testing of new order sets in a sandbox environment
— "Day-in-the-life" simulations stress-test alert volume under realistic loads
— Wrong-patient scenarios with juxtaposed charts to test forcing functions
— Sensitivity: Does the alert fire when it should? (e.g., for true contraindications)
— Specificity: Does it suppress when inappropriate? (e.g., not firing for prior tolerance)
— Positive predictive value: Of fired alerts, what % led to a beneficial action?
— Target PPV typically >20% for interruptive alerts; lower thresholds acceptable for passive alerts
— Right information, to the right person, in the right CDS intervention format, through the right channel, at the right point in workflow
— Natural language processing of free-text fields to detect circumvented structured data
— Pattern mining of audit logs (e.g., consistent late-night batch order entry)
— Comparing order timestamps to documentation timestamps for retrospective entry
— ONC SAFER Guides (9 self-assessment domains)
— Leapfrog CPOE Evaluation Tool — biennial benchmark
— ECRI Institute Top 10 Health Technology Hazards list
Key distinction: Interruptive (modal) alerts stop workflow and demand action → high cognitive cost, reserve for life-threatening issues. Passive (inline/banner) alerts are advisory → use for educational or low-stakes prompts. Misclassification drives fatigue.
— Tier 1 (hard stop): Cannot proceed without override justification + co-signature. Reserve for fatal interactions (e.g., IV vincristine route error, known anaphylactic allergy). <1% of alerts.
— Tier 2 (interruptive with override): Stops workflow, requires reason. Use for clinically significant DDIs, renal dosing failures, duplicate therapy. ~5–10% of alerts.
— Tier 3 (passive/inline): Banner or sidebar; no workflow stop. Use for guideline reminders, monitoring suggestions. Majority of CDS.
— Score each alert: severity of potential harm × probability of harm without alert × specificity of trigger
— Retire alerts with override rate >95% AND no documented prevented harm
— Use commercial drug knowledge base tuning (First Databank, Lexicomp severity levels — keep only "severe" or "contraindicated")
— Establish a multidisciplinary CDS governance committee (informatics, pharmacy, nursing, physicians, safety officer)
— Quarterly alert review with mandatory retirement of low-value alerts
— User feedback loop: every alert has "report this alert" button → committee review
— One-chart-at-a-time policy or warning when opening second chart
— Distinct visual themes per patient to reduce juxtaposition errors
— Read-back and verify for high-risk verbal orders
— Dedicated, quiet medication prep zones to reduce interruption-driven workarounds
— Onboarding training on CDS rationale (not just clicks)
— Personal dashboard showing one's own override patterns vs. peers
Step 3 management: When asked to reduce alert fatigue on a hospital quality exam item, the best first step is almost always convene a multidisciplinary CDS governance team to audit and tier existing alerts, not "educate prescribers" or "discipline overrides."
— Suppress alerts for clinically insignificant interactions (e.g., minor pharmacokinetic interactions with wide therapeutic index drugs)
— Retain "contraindicated" and "severe-monitor closely" tiers only
— Add context awareness: suppress warfarin-NSAID alert if PRN topical NSAID; fire for systemic
— Implement tolerance logic: suppress repeat alerts if patient has tolerated the combination >30 days
— Distinguish true allergy (anaphylaxis, SJS) from intolerance (nausea) in structured fields
— Cross-sensitivity logic: penicillin allergy → only fire cephalosporin alert for type I, and only for 1st/2nd gen
— Allergy reconciliation prompt at admission with structured reaction type entry
— Auto-populate creatinine clearance using Cockcroft-Gault or eGFR
— Suggest specific dose, not just "adjust dose" (actionable CDS)
— Suppress if dose already in adjusted range
— Class-based (not just identical drug) — e.g., two PPIs
— Suppress if planned cross-taper documented
— Anticoagulants, insulin, opioids, chemotherapy, concentrated electrolytes
— Independent double-check at order and administration
— Standardized concentrations and order sets
— Tall-man lettering (hydrOXYzine vs. hydrALAZINE)
— Indication-required prescribing (forces clinician to state purpose)
Board pearl: Indication-based prescribing — requiring the clinician to enter the indication at the time of order — is a powerful safety intervention. It enables better DDI logic (alerts can be tailored), better patient education, and downstream deprescribing.
— CPOE with structured order sets for high-risk scenarios (sepsis, DKA, stroke, chemotherapy)
— Default doses set to safest reasonable option, not maximum
— Forcing functions: weight-based pediatric dosing cannot proceed without current weight
— Dose range checking with hard stops above lethal thresholds
— ID verification reentry when opening a second chart concurrently
— Patient photo on banner bar
— Distinct color coding for similarly named patients ("name alert")
— Retract-and-reorder measure (Adelman et al.) — quantifies wrong-patient ordering rates
— Scan patient wristband + medication at bedside
— Hard stop on mismatch
— Auto-document time and dose
— Pitfall: workarounds (printed barcodes, scanning post-administration) — audit scan rates and locations
— Hard limits prevent lethal infusion rates
— Soft limits prompt verification
— Interoperability with EHR (auto-program pump from order) eliminates manual transcription
— Order → pharmacy verification → dispensing → BCMA → administration documentation, all linked
— Limit copy-paste (some institutions display copied text in a distinct color)
— Auto-flag notes with >50% copied content for review
— Note templates with required fields and prohibition of carrying forward unverified data
— Critical result acknowledgment with timeout escalation
— Inbox sub-folders by urgency; mandatory close-the-loop for abnormal results post-discharge
— Result routing that follows the patient (covering provider), not just the orderer
CCS pearl: On a CCS-style systems item, when a critical lab fires and the ordering provider is off-service, the correct action is escalation per closed-loop policy to the covering clinician with documented acknowledgment — not "leave message in EHR inbox."
— Average 80-year-old takes 8–10 medications → exponentially more DDI alerts
— Most alerts overridden; Beers Criteria alerts have high specificity but moderate clinical adoption
— STOPP/START integration into CDS improves potentially inappropriate prescribing detection
— eGFR-based alerts may overestimate function in sarcopenic elderly (low creatinine production)
— Consider cystatin C or measured CrCl for high-risk drugs (DOACs, gabapentin)
— Auto-calculator should display CrCl, not just eGFR, for drug dosing
— Highest-yield CDS intervention in this population
— Multi-source reconciliation (pharmacy fill data via Surescripts, patient interview, prior records)
— Discharge reconciliation prevents 50% of post-discharge ADEs in elderly
— Long problem lists obscure active issues → problem list pruning workflows
— Inactive medications carried forward → annual deprescribing review prompts
— Child-Pugh class rarely auto-calculated; alerts often miss hepatic dose adjustments
— Manual prompt for INR, albumin, bilirubin review on high-risk drugs
— POLST/MOLST integration into EHR with prominent banner
— Suppress aggressive screening reminders (mammography, colonoscopy) in patients with limited prognosis to reduce both fatigue and patient harm
— Hard stop on contraindicated interventions (e.g., dialysis in comfort-care patient)
Step 3 management: For a polypharmacy elderly patient discharging from hospital, the EHR should trigger (1) medication reconciliation, (2) Beers/STOPP review, (3) deprescribing prompt for high-risk drugs, (4) closed-loop PCP notification with med list within 48 hours. Generic "follow up in 2 weeks" is insufficient.
— Weight-based dosing is non-negotiable — orders should not proceed without a current weight (forcing function)
— Display dose in mg AND mg/kg with concentration to prevent tenfold errors
— Hard stops on doses exceeding adult maximums regardless of weight calc
— Age-appropriate drug list filtering (e.g., no codeine <12 years, no aspirin in viral illness)
— Look-alike pediatric concentrations (e.g., heparin flush 10 U/mL vs. 10,000 U/mL) — standardize and use barcode
— Growth-chart integrated alerts for failure to thrive, obesity
— Teratogenicity alerts must be tied to a documented pregnancy status; outdated status causes false alerts → fatigue
— REMS-required drugs (isotretinoin, thalidomide) need hard-stop CDS with iPLEDGE/program integration
— Lactation safety scoring (LactMed) integration for postpartum prescribing
— Suppress contraception alerts in pregnant patients (specificity failure example)
— Mental health record segmentation — 42 CFR Part 2 protections for SUD records require granular access controls; workarounds (printing notes) violate federal law
— Suicide risk screening (Columbia Protocol) integration with closed-loop response workflows
— Controlled substance prescribing with PDMP integration (state mandates)
— After-visit summaries auto-generated in patient's preferred language
— Audit that interpreter use is documented for non-English speakers
— Tracking communication needs (visual, auditory, cognitive) in structured EHR fields
— Alert clinicians at chart open
Board pearl: A pediatric tenfold dosing error is a never event. The combination of weight-based forcing functions + dose range checking + standardized concentrations + BCMA reduces these errors by >80%. Step 3 will reward the multi-layered answer over any single intervention.
— Wrong drug, wrong dose, wrong route, wrong patient, wrong time
— EHR-attributable ADE rate: ~0.5–1% of admissions experience EHR-mediated harm
— High-alert drugs disproportionately implicated (insulin, opioids, anticoagulants)
— Critical results lost in inbox volume → delayed cancer diagnosis is the archetypal malpractice scenario
— Copy-forward propagation of incorrect diagnoses (e.g., "history of MI" never substantiated)
— Alert fatigue causing dismissal of sepsis early-warning scores
— ~1 in 1,000 orders may be entered on wrong patient when multiple charts open
— Consequences range from duplicate labs to wrong-site procedures
— Inappropriate chart access (snooping) — HIPAA violations, civil monetary penalties
— Shared logins → audit trail destruction, regulatory exposure
— Phishing/ransomware exploiting credential workarounds
— Note bloat (copy-forward) reduces clinical signal-to-noise → downstream provider misses key findings
— Billing/fraud exposure when copied content inflates E&M coding
— Legal exposure: "the chart was internally inconsistent" undermines defense
— Burnout correlated with EHR time, inbox volume, after-hours documentation ("pajama time")
— Cognitive overload during alert storms
— Moral injury from feeling the system impedes safe care
— Eye contact diverted to screen during visits
— Patients receive after-visit summaries with auto-generated content unrelated to their visit (trust erosion)
— Downtime events; insufficient downtime procedures cause cascading errors
Key distinction: Active errors (wrong dose entered) are visible at the sharp end; latent errors (poorly designed alert that nobody acts on) live in the system. Both are EHR safety issues, but Step 3 emphasizes addressing latent system failures, which prevent many active errors downstream.
— Sentinel event (death, permanent harm, severe temporary harm) → notify risk management, file with Joint Commission within 45 days, RCA mandatory
— Patient harm not yet realized but imminent (e.g., wrong drug ordered, caught by pharmacy) → near-miss report, system-level investigation
— Privacy breach affecting ≥500 individuals → HHS Office for Civil Rights notification within 60 days; <500 logged and reported annually
— Suspected EHR software defect → vendor notification + FDA MedWatch (some CDS qualifies as medical device software under 21st Century Cures)
— Frontline clinician → charge nurse / supervisor → patient safety officer → CMIO/CMO → executive review → board quality committee
— Voluntary reporting systems must protect reporters (non-punitive culture is essential)
— Multidisciplinary team within 72 hours of identification
— Focus on system factors, not individual blame (Just Culture framework)
— Use 5 Whys or fishbone diagrams
— Output: action plan with assigned owners, deadlines, and effectiveness measures
— Federal protection under Patient Safety and Quality Improvement Act (PSQIA) for shared safety data
— Encourages reporting by limiting legal discoverability
— Ethical and often legally required to disclose harm — "CANDOR" (Communication and Optimal Resolution) approach
— Apologize, explain what happened, what is being done to prevent recurrence
— Many states have apology laws protecting expressions of sympathy
— Joint Commission Sentinel Event Database
— AHRQ Common Formats via PSO
— State health department mandates vary
CCS pearl: When a CCS-like vignette describes a near-miss caught by pharmacy (e.g., wrong-patient heparin order), the correct next step set is (1) cancel the order, (2) verify no harm to either patient, (3) file safety report, (4) notify patient safety officer — not "counsel the resident." Just Culture > punitive response.
— No alert fired because the rule didn't exist
— Example: drug-disease alert missing (NSAID in CKD)
— Fix: build new CDS, not retire old
— Specific to one poorly designed alert, not systemic fatigue
— Example: pregnancy teratogen alert firing on every male patient due to data field error
— Fix: targeted alert logic repair
— Documentation problem, not alert problem
— Fix: copy-paste policy, template redesign
— Critical lab not acted on because lost in inbox volume
— Distinct from interruptive alert fatigue — this is passive information overload
— Fix: result categorization, closed-loop acknowledgment, team-based inbox coverage
— Confusing dropdowns, ambiguous units, default errors
— Fix: usability testing, redesign — not alert tuning
— Outside records not integrated → duplicate testing, missed history
— Fix: HIE participation, C-CDA exchange, FHIR APIs
— Scheduled or unscheduled outages; paper backups inconsistently used
— Fix: downtime procedures, drills, redundant systems
— Wrong scope of practice granted; trainee accessing attending functions
— Fix: role-based access control review
— Shared accounts, generic logins → cannot reconstruct events
— Fix: individual credentialing, multi-factor authentication
Board pearl: When the stem says "alert was overridden and patient harmed," the issue is alert fatigue or alert design. When the stem says "no alert fired and patient harmed," the issue is CDS gap. Read carefully — the fix is opposite.
— Handoff failure (I-PASS not used) → information lost regardless of EHR quality
— Verbal order miscommunication
— Fix: structured handoff tools, read-back protocols
— Inadequate nurse-to-patient ratios → BCMA workarounds rational
— Fix: staffing standards, workflow redesign, not more CDS
— Hierarchical environment where junior staff don't speak up about errors
— Fix: TeamSTEPPS, psychological safety training, Just Culture
— New hire never trained on specific EHR module
— Fix: onboarding curriculum, competency verification
— Wrong concentration available on unit → error regardless of order accuracy
— Fix: standardized concentrations, automated dispensing cabinet configuration
— Noise, interruptions, lighting at workstation
— Fix: quiet zones, "do not disturb" vests during med prep
— Health literacy, language barriers, complex social situations
— Not blameworthy — system must accommodate
— Pharmaceutical labeling errors (LASA at the source)
— Fix: FDA reporting, formulary substitution
— Absence of state PDMP, lack of interoperability mandates
— Fix: advocacy, policy engagement
Key distinction: A patient receives wrong medication. Is the root cause (a) EHR alert overridden, (b) verbal order misheard, (c) wrong vial pulled from Pyxis, or (d) handoff omission? Each has a different fix. Step 3 RCA questions reward identifying the specific upstream cause rather than blanket "improve communication."
— CDS governance committee with quarterly alert review
— EHR safety committee reporting to patient safety / quality structure
— Clinical content review for order sets at minimum every 2 years or with guideline change
— Every new alert deployed with pre-defined success metrics and sunset date
— Retirement criteria specified in advance (e.g., "retire if override rate >90% at 12 months without documented prevented harm")
— In-EHR "report this alert" button
— Monthly clinician advisory group meetings
— Annual EHR satisfaction survey (validated tools: KLAS Arch Collaborative, NASA-TLX)
— Dashboards comparing clinician override patterns to peers
— Pajama-time tracking with offered coaching
— Sprint teams (intensive optimization for individual clinicians/clinics)
— Scribes or AI ambient documentation to offload note burden
— Inbox triage protocols and team-based inbox management
— Just Culture algorithm consistently applied to events
— Annual safety culture survey (AHRQ HSOPS)
— Celebrate "good catches" via near-miss reporting
— Participate in user groups
— Submit enhancement requests
— Share de-identified safety data through EHR Association
— ONC certification updates
— Information blocking rule compliance
— 21st Century Cures Act patient access requirements
Step 3 management: The single most evidence-based long-term intervention is a standing multidisciplinary CDS governance process with mandatory alert review cycles. Pick this answer when offered.
— Alert override rate by alert type
— Number of alerts retired or modified
— Critical result acknowledgment time (target <60 min)
— BCMA scan compliance (>95%)
— Verbal order rate (<10% non-emergent)
— Copy-paste percentage in notes
— Medication reconciliation completion at transitions (100%)
— ADE rate per 1,000 patient-days
— Wrong-patient order rate (retract-and-reorder measure)
— Diagnostic delay events
— Sentinel events involving EHR
— HCAHPS communication scores
— Time to order entry (should not lengthen excessively)
— Clinician burnout scores (Maslach, Mini-Z)
— Workaround prevalence (qualitative)
— Pajama time (after-hours EHR use) tracked individually with offered support
— Inbox volume per clinician (target ranges by specialty)
— Documentation time per encounter
— Annual burnout assessment with confidential coaching
— Patient portal use rates (equity-stratified to avoid widening disparities)
— After-visit summary readability scores
— Closed-loop test result communication (patient acknowledgment)
— Annual EHR safety refresher
— New-feature competency at rollout
— Just-in-time learning for low-volume tasks
— PDSA cycles on individual alerts
— Annual SAFER Guide self-assessment
— Participation in benchmarking collaboratives
Board pearl: Burnout and alert fatigue reinforce each other — burned-out clinicians are more likely to click-through alerts; high alert burden contributes to burnout. Interventions targeting one help the other. On exam: pick the answer that addresses both clinician and system simultaneously.
— Distinguish human error (console), at-risk behavior (coach), and reckless behavior (discipline)
— A clinician who overrides an alert that fires 100×/day exhibiting at-risk behavior → coach AND fix the alert
— A clinician who shares password and accesses unrelated charts → reckless → disciplinary
— Documentation of consent must reflect the actual conversation, not auto-populated text
— Auto-generated consent forms that include procedures not discussed = invalid consent and fraud exposure
— Step 3 scenario: A copy-forwarded note states risks were discussed; the patient denies it. The copied text is legally indefensible.
— Reportable conditions (TB, STIs, suspected abuse) — EHR should prompt but not override clinician judgment
— Failure to report due to alert dismissal = potential professional liability
— Discharge summary auto-population that omits pending labs is a common malpractice trigger
— Closed-loop communication of pending results to PCP within 24–48 hours of discharge is the standard
— Document the specific clinician notified, not "PCP informed"
— Audit log review for inappropriate access (employee snooping, celebrity charts) is mandatory
— Shared logins violate HIPAA accountability requirements
— Patients have right to access their records (21st Century Cures Act information blocking rule prohibits unreasonable delays)
— Ethical duty to disclose extends to system-caused harm, not only individual errors
— CANDOR-style disclosure: acknowledge, apologize, explain, prevent recurrence
— Algorithm bias in CDS (race-adjusted eGFR, screening reminders) can perpetuate disparities
— Audit CDS performance across demographic groups
Step 3 pearl: A discharged patient's culture grows MRSA two days post-discharge; the result sits in the discharging hospitalist's inbox while they're on vacation. The hospital is legally and ethically obligated to have a closed-loop coverage system that escalates within hours — not "wait until clinician returns." This is the canonical EHR safety malpractice scenario.
Key distinction: Quality measure (process you control) vs. outcome (result you aim for). On Step 3, alert override rate is a process metric; ADE rate is an outcome metric — track both.
"A hospitalized patient on warfarin develops GI bleed after starting TMP-SMX. Chart review shows a drug-interaction alert was overridden. Of 47 similar alerts fired to this clinician that week, 46 were overridden. What is the best initial step?"
— Answer pattern: Convene CDS governance to review and tier the alert (system fix), not discipline the prescriber.
"A resident enters a potassium replacement order on patient A while patient B's chart is also open. Two minutes later they retract and reorder on the correct patient. No harm occurred. What is the most appropriate action?"
— Answer pattern: Report as near-miss; implement chart juxtaposition prevention (ID reentry, distinct visual themes). Not discipline.
"A patient's mammography report showing BIRADS 4 is filed to the ordering clinician's EHR inbox. The clinician is on a 4-week sabbatical. The patient presents 8 months later with metastatic breast cancer. What system failure occurred?"
— Answer pattern: Failure of closed-loop result management with coverage; institute auto-routing to covering clinician with acknowledgment requirement.
"A patient's discharge summary auto-populates 'no allergies' from a copied prior note. The patient, who has a documented penicillin anaphylaxis, receives amoxicillin from their PCP and develops anaphylaxis. What contributed most?"
— Answer pattern: Documentation integrity failure due to uncritical copy-forward; medication reconciliation and allergy review required at every transition.
"Nurses on a busy med-surg unit are observed scanning a printed barcode taped to the workstation instead of the patient's wristband. BCMA scan compliance is 98%; ADE rate is rising. What is the next step?"
— Answer pattern: Investigate why the workaround is rational (workflow, equipment, staffing); fix the upstream cause. The metric is misleading.
"A clinician at the 95th percentile for after-hours EHR use also has the highest alert override rate in the group. What intervention is most likely to improve both?"
— Answer pattern: EHR optimization sprint (training, template redesign, alert tuning, inbox triage) — addresses both burnout and safety.
Step 3 management heuristic: When the answer choices include "educate the clinician," "discipline the clinician," "remove the EHR alert," and "convene multidisciplinary review to redesign the system" — the last option almost always wins.
Alert fatigue and workarounds are system-level patient safety hazards driven by poorly tuned clinical decision support and ill-designed workflows, requiring multidisciplinary CDS governance, tiered alerting, closed-loop processes, and Just Culture — not individual blame — to mitigate.