If you read health care news all day every day, you are bound to come away feeling that epic battles are being waged on multiple fronts, each with potential dire implications to individual citizens, the nation as a whole, and perhaps the entire planet. As is customary in the biz, epic battles have heroes and most importantly a rotating cast of villains, selected by directors and producers to advance the story line along paths most preferred by the financiers, who buy advertising time on what should be billed as the biggest political show on earth (note to Aaron Sorkin).
Recently the public camera, which frequently pans the health IT landscape to remind us that old EHR vendors play evil Goliaths to the innovatively disruptive iPhone app Davids, keeps zooming in on a couple of supposedly damning trees and shrubs, while artfully glossing over the forest.
The fairly recent “information blocking” witch hunt, is just the latest salvo in the lengthy interoperability make believe wars, launched by the HITECH Act back in 2009. The indisputable facts are that even before the government saw fit to ramp up its intervention in health care information exchange, interoperability was ubiquitous. Millions of messages were flying back and forth each day, be it electronic billing, electronic prescribing, electronic lab orders and results, a variety of inpatient activities, or the increasingly electronic transfer of clinical documentation. There were plenty of standards too, such as HL7, ASTM X12, NCPDP, DICOM, and protocols for electronic faxing and secure email. There were “single sign on” standards and even a standard for synchronizing context between software applications (CCOW).
There were clearinghouses for specific electronic messages, interface engines, local information exchange hubs, and edge appliances to connect software to medical devices. There were physician portals, a few patient portals, and early experiments to send text messages to patients, before texting became an English verb and before smart phones were a thing. It was a market-driven work in progress, and it was poised to explode in intensity and magnitude.
But this was not what the government needed, nor was it what Silicon Valley wanted. There was too much reliance on human intelligence, and the information wasn’t really “data.” It would have been difficult at that point in time to tag and index everything the way Google likes it, or the way researchers and surveillance agencies prefer to slice and dice it. We’ve come a long way since those early days, and now the government is seeking tips about “information blocking” from anonymous informers.
The other red herring vigorously waved by the media now is the language of EHR contracts. Not all of it, but one tiny portion that is supposedly indicative of how EHR vendors are the scum of this earth. Not only do the behemoth EHR vendors engage in blocking information exchange, but they also have contractual “gag orders not to discuss the specific failings of their systems,” with potentially “lethal consequences” to patients. The POLITICO article contends that limitation on disclosure of broadly defined intellectual property is somehow preventing users from reporting adverse events. Here is an illustration of what the most excessive “gag clause” might look like (slightly enhanced):
Under penalty of death, Thou shall not alter, assign, broadcast, circulate, commercially exploit, convey, copy, create derivative works from, customize, damage, decompile, delete, demonstrate, derive source code, disassemble, display, disseminate, distribute, download or otherwise electronically transmit or receive, export, encumber, give away, insert in any content aggregation network, lease, lend, license, loan, localize, modify, publish, record, rent, reproduce, re-sell, re-license, reuse, reverse engineer, sell, sublicense, time-share, transfer, translate, transmit, or interfere with the operation of any Software or Documentation nor attempt, allow or facilitate any of the foregoing, or permit any third party or the general public to access, view, observe the operation of or use all or portions of any Software or Documentation, etc. etc. etc.
Paranoid? Perhaps. Effective? Not really. Stealing screen designs used to be rampant in the industry. Note, however, that nowhere does it “gag” anybody from saying whatever they want to say about the vendor and/or its software. It certainly does not prevent a user from reporting bugs, errors or problems to whoever is soliciting such reports, as long as the report does not contain screenshots or excerpts from manuals.
Does it have a chilling effect on users? I doubt it, considering that most users have no access to, or don’t bother to read, contract language. Anecdotal evidence suggests that physicians and researchers in large organizations are discouraged by administration from publicly beating up on their EHR, with or without screenshots. This makes perfect sense, since the relationship between health systems and EHR vendors is an ongoing partnership and some business decorum needs to be maintained (by both sides).
Speaking of interoperability and EHR contracts, how about looking at some artifacts that failed to garner outrage from the politically correct health care leadership and its media outlets? Deep down in the weeds of your EHR contract, or the Business Associate Agreement attached to it, you will find some form of the following language:
“Client grants to Company an irrevocable, nonexclusive, perpetual, royalty-free right and license to use or disclose to others, all data de-identified in accordance with applicable law, including the HIPAA Privacy Rule, for any purpose.”
Pause and ponder. How does it make you feel?
It is important to note that “de-identified in accordance with applicable law” refers to patient data, not physician information, which need not be de-identified at all. It is also important to note that the opposite of de-identified is re-identified, which is increasingly feasible nowadays, no matter how HIPAA compliant the de-identification process might be.
So here, in one fell swoop you just donated your entire work product to the EHR vendor, and obligated your patients to do the same without their knowledge. It is one thing to exchange data for services when you use a “free” product, and quite another to be taken for an extra ride after you shell out tens and hundreds of thousands, or many millions, of dollars for the pleasure.
Just so we are clear, this is not peculiar to remotely hosted (cloud) EHRs. Even if you host your EHR on your own servers, vendors usually can and do reserve the right to access and extract your data. We don’t know how many EHR vendors actually go to the trouble of extracting data and we don’t know how many are currently “sharing” these data with third parties, and how many are just hoarding it for rainy days? We have no idea where the data is going, or who the buyers are, and what those buyers do with the data.
It is also hard to quantify the precise monetary value of this involuntary concession medical facilities provide to (most, not all) EHR vendors on a continuous basis. But it is even harder to understand the complete lack of outrage, from health systems themselves, from physicians, from “patient advocates”, and finally, from the various media outlets supposedly functioning for the benefit of the public.
There is little doubt in my mind that at least some EHR data ends up in the ominous dossiers of data aggregators, and some unabashedly advertise that it does. The funny part, if you can find any humor in this story, is that what goes around comes around, literally.
As health care continues its march towards vertical and horizontal integration, the largest EHR clients are beginning to assume increasing responsibilities for total cost of care. This requires the purchase of sophisticated actuarial and predictive analytics tools, along with massive databases of scrubbed and aggregated data about their consumer markets, because it is now imperative for hospitals and doctors to differentiate between patients who are “Birkenstocks and Beemers” and those who are just “Small Town Shallow Pockets”. The irony, of course, is that these innovative health systems are paying small fortunes for information built partially from data extracted free of charge from their own systems, and sold by EHR vendors to various aggregators.
Where is the outrage then? There is none, because the righteous outrage machine is operated by those who benefit financially from stripping people of their privacy rights and businesses of their intellectual property rights. Information blocking was invented because Silicon Valley does not wish to pay for formatting and extracting data from existing repositories. Gag orders were summoned to the fore by academic researchers who need to spice up their EHR bashing papers and books with colorful illustrations, to drive home the message that their untested ideas are theoretically superior, and thus should be generously funded by the public.
In both cases, the outrage machine inserted its standard FUD messaging about “saving lives,” and as always, it is working to perfection.
The wholesale stealing and selling of private patient information (which is tantamount to legalized hacking) elicits no outrage campaigns, because when it comes to defrauding the public, David, Goliath, the entire health care melodrama cast, its producers and financiers, all have a rare yet bountiful alignment of pecuniary interests.
Latest posts by Margalit Gur-Arie (see all)
- Democratizing Medicine - January 7, 2016
- The Imperative of a National Health Identifier - December 8, 2015
- The Effects of Digital Health on the Moral Universe - November 3, 2015