Article • Appeal to healthcare providers and medical device vendors

ECRI reports top 10 health technology hazards for 2023

ECRI’s annual top ten technology hazard list alerts hospitals and healthcare providers of situations, products, and procedures they need to diligently monitor and/or take steps to improve. This non-profit technology Pennsylvania research firm has worked for over 50 years to make healthcare safer.

Report: Cynthia E. Keen

Image source: Adobe Stock/lumerb

The list reflects the organization’s collective judgment about the health technology risks that should be given immediate attention in 2023, although many identified risks of prior years remain important, such as preparing for cybersecurity incidents, the number one threat of the 2022 report. 

This year, ECRI has expanded its scope beyond healthcare providers. It is challenging medical device vendors themselves to improve product design and manufacturing, to expand safety measures, to enhance quality control procedures, and to communicate more effectively with end users, who may be patients as well as healthcare providers.

No. 1 – Gaps in recalls for at-home medical devices

Failure to inform patients of recalls for at-home medical devices they are using can harm them, cause mistrust and/or confusion, and/or motivate them to inappropriately stop using the device. This is an increasingly serious issue as healthcare treatment moves into the home setting.

ECRI recommends that manufacturers provide patients with easy device registration instructions, maintain updated databases of device distribution, and write simply worded recall notices. Hospitals should maintain their own independent databases and enforce a policy for patients to be promptly notified when a recall of a device they are using occurs.

No. 2 – Defective single-use medical devices


Image source: Adobe Stock/Яна Дюбенкова

ECRI has received a steadily escalating number of reports about defective single-use products, which include compromised sterility of catheters, needles, and procedure kits, cracked tubing and connectors, and incorrect product labelling. However minor or infrequent, these can lead to waste, healthcare-acquired infection, delays, and/or incorrect treatment. It is imperative that healthcare staff report these deficiencies and that healthcare organizations act upon them. Recommended actions includes identifying new suppliers and pressuring manufacturers to improve quality and QC so that defective products will not endanger end users.

No. 3 – Inappropriate use of automated dispensing medication cabinet overrides

Automatic dispensing cabinets (ADCs) provide patient-specific medications to caregivers that have been reviewed by a pharmacist to identify contraindications, patient allergies, unsafe dosing, medication duplication, or other potential risks. Manual overrides can cause errors, including the wrong medication type, dose, or strength. Hospitals need to record and monitor use of the override feature by staff members and patient purpose to enforce override usage only when critically needed.

No. 4 – Undetected venous needle dislodgement or access-bloodline separation during haemodialysis

Either of these conditions can cause a massive loss of blood, leading to severe injury or death. Haemodialysis machines may not have a venous pressure monitor alarm. ECRI recommends use of a blood leakage detector at the vascular access site, especially if haemodialysis is being done at home. Needles and connections should be regularly checked and visible.

ECRI reports top 10 health technology hazards for 2023

Image source: Adobe Stock/HNFOTO

No. 5 – Cybersecurity risks associated with cloud-based clinical systems

Just because a clinical system is “in the cloud” of a vendor doesn’t mean that a hospital should not be diligent that it is adequately protected. ECRI recommends that healthcare organizations assess how a cloud provider safeguards the functionality of its system, and the confidentiality and availability of patient data should it be cyberattacked. Hospitals need to implement and rigorously maintain internal security controls to reduce risk.

No. 6 – Inflatable pressure infusers (IPIs) can be dangerous and cause embolisms

IPIs used to administer fluids can create an increased risk of infusing air from an IV bag into a patient if air is not purged from the bag before use, and if the bag is allowed to be compressed completely flat by the IPI during use. To avoid the risk of causing a potentially fatal embolism, ECRI recommends avoiding the use of IPIs for continuous infusion through vascular sheaths and catheters that terminate in the left heart.

No. 7 – Confusing ventilator cleaning and disinfecting requirements

Squarely blaming vendors, ECRI recommends that instructions about cleaning and disinfecting ventilators between patients be clearly specified, well documented, realistically achievable and understood. Incomplete and confusing instructions can cause cross-contamination.

No. 8 – Electrosurgery units can cause serious burns

Operators should be fully trained on their safe use need to understand the risks.

No. 9 – Cardiac telemetry monitoring should be limited to cardiac patients

ECRI has identified a trend in telemetry monitoring of non-cardiac patients as a “safety net” and strongly recommends against this practice. It can lead to inappropriate, excessive alarm triggers and even unrecognized critical events. Hospitals should establish and enforce guidelines defining when telemetry monitoring should be prescribed and when it should be discontinued.

No. 10 – Mandate reporting of all medical device-related issues

Hospitals must require reporting of all medical device-related issues, however infrequent or minimal they may seem. ECRI recommends that barriers to reporting need to be identified and eliminated, and that the reporting process be as simple as possible and efficient to use. A staff culture reinforcing the importance and need to report problems needs to be established and nurtured.


Read all latest stories

Related articles


Article • Underestimated risk

Cybersecurity threat to remote monitoring devices

Remote monitoring devices and pacemakers supporting patients with conditions such as heart failure could be vulnerable to cyberattack, according to a leading cardiology expert.


Article •

CeBIT’s theme: Work and Life with the Cloud

The new cloud hovering over the IT industry bodes pleasant and sunny business weather. Reason enough for the organisers of CeBIT 2011, the large international IT event held in Hanover this March, to…


Article •

TeraRecon’s iNtuition Cloud enters Europe

The global software provider TeraRecon is recognised for strong clinical applications containing advanced image processing and 3-D visualisation for CT, MRI and PET. Since May 2010, this Silicon…

Related products

Subscribe to Newsletter