Electronic Health Record Vendors Use Gag Clauses to Hide Lethal Bugs in the IT Systems They Sell

Lambert here: Despite its tone, this post is a happy dance, and a victory for critical thinking skills; author Silversteinhas been saying for years what Politico just got round to noticing. And has it ever occurred to anyone that one reason Obama’s stim pack had such a muted effect was that $30 billion of it went to lousy IT? And can’t we throw some EHR executives in jail under RICO or something?

By Scot Silverstein, MD, Medical doctor, and Medical Informatics professional via NIH-sponsored postdoctoral fellowship at Yale School of Medicine. Expertise in clinical IT design, implementation, refinement to meet clinician needs, and remediation of HIT projects in difficulty in both hospitals and the pharmaceutical industry. Independent expert witness on health IT-related medical malpractice and related issues. Former Director of Scientific Information Resources and The Merck Index (of chemicals, drugs, and biologicals) at Merck Research Labs. Faculty, Drexel University, College of Information Science and Technology, Philadelphia, PA. Architect of Drexel’s Graduate Certificate Program in Healthcare Informatics. Cross posted from the Health Care Renewal website

I have not blogged on EHR issues in some time, despite some interesting source material such as:

• “Evidence Summary: Electronic Health Records (EHRs)” at http://www.ohri.ca/kta/docs/KTA-EHR-Evidence-Review.pdf ;
• “Electronic Health Records Software Often Written without Doctors’ Input” at http://www.scientificamerican.com/article/electronic-health-records-software-often-written-without-doctors-input/ ; and
• “Avoiding Expensive And Consequential Health Care Decisions Based On Weak Research Designs” [e.g., EHR expansion – ed.] at http://healthaffairs.org/blog/2015/08/31/avoiding-expensive-and-consequential-health-care-decisions-based-on-weak-research-designs/.

These can be read at the links above, and are self-explanatory.

A new Politico investigation and article, however, is worth writing about:

Politico
Doctors barred from discussing safety glitches in U.S.-funded software
Darius Tahir
09/11/15
http://www.politico.com/story/2015/09/doctors-barred-from-discussing-safety-glitches-in-us-funded-software-213553

President Barack Obama’s stimulus put taxpayers on the hook for $30 billion in electronic medical records, many of which have turned out to be technological disasters.

But don’t expect to hear about the problems from doctors or hospitals. Most of them are under gag orders not to discuss the specific failings of their systems — even though poor technology in hospitals can have lethal consequences.

[Change the “can” to “does”, e.g., ECRI Deep Dive, http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html – ed.]

A POLITICO investigation found that some of the biggest firms marketing electronic record systems inserted “gag clauses” in their taxpayer-subsidized contracts, effectively forbidding health care providers from talking about glitches that slow their work and potentially jeopardize patients.

[E.g., see http://hcrenewal.blogspot.com/search/label/glitch – ed.]

POLITICO obtained 11 contracts through public record requests from hospitals and health systems in New York City, California, and Florida that use six of the biggest vendors of digital record systems. With one exception, each of the contracts contains a clause protecting potentially large swaths of information from public exposure. This is the first time the existence of the gag clauses has been conclusively documented.

I note this Politico article appears six years after the seminal JAMA article on hold harmless and defects nondisclosure clauses:

• “Health Care Information Technology Vendors’ “Hold Harmless” Clause – Implications for Patients and Clinicians” by Koppel and Kreda, JAMA 2009;301(12):1276-1278), http://medecon.pbworks.com/f/IT%20Accountability%20JAMA09.pdf,

as well as:

• this author’s followup JAMA Letter to the Editor “Healthcare IT, Hospital Responsibilities, and Joint Commission Standards” (can be seen in its entirety at http://jama.jamanetwork.com/article.aspx?articleid=184302) pointing out that such clauses and those who signed them were in violation of Joint Commission safety standards.
• (I published a longer version at http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=koppel_kreda. Also see my 2009 post at http://hcrenewal.blogspot.com/2009/03/health-care-information-technology.html).

In that 2009 JAMA Letter to the Editor I observed:

… In their Commentary, Dr Koppel and Mr Kreda made clear the problems associated with applying the customs and traditions of business software contracting and sales (where “hold harmless” and “keep defects secret” clauses are commonplace) to health care information technology (HIT) as if they are the same. I believe that ignoring their differences has likely created an epidemic of violations of hospital governing body responsibilities and Joint Commission standards for health care organization leadership.

In 2015 I stand by these assertions. Computer and business personnel – through arrogance, selfishness, narrow-mindedness and other issues – have made a mess assuming that business software practices apply to clinical medicine and healthcare IT. In the latter domain, however, increased clinical stress and hypervigilance due to bugs clinicians have to work around (that might have been fixed sooner), lessening their performance and increasing risk, and patient injury and death has been the result of a belief that clinical computing is just a niche area of business computing. (I’ve been making this point for at least 15 years, I might add.)

Such contractual practices endanger patients, and in 2015 are reckless, negligent and inexcusable.

http://injury.findlaw.com/accident-injury-law/recklessness.html Recklessness means the person knew (or should have known) that his or her action were likely to cause harm. Negligence means that the person acted in violation of a duty to someone else, with the breach of that duty causing harm to someone else.

More from the Politico article:

Vendors say such restrictions target only breaches of intellectual property and are invoked rarely.

IP breaches? While I understand the business issues at hand, in reality this is farcical. There is little unique and valuable IP in these systems…as if one EHR vendor would really copy off another EHR vendor’s screens. I’ve seen many EHRs and their instruction manuals and in my opinion there’s little worth stealing from any of these look-alike systems.

But doctors, researchers and members of Congress contend they stifle important discussions, including disclosures that problems exist. In some cases, they say, the software’s faults can have lethal results, misleading doctors and nurses who rely upon it for critical information in life-or-death situations.

Change the “can” to “do.” See ECRI link above, posts such as at http://hcrenewal.blogspot.com/2011/09/sweet-death-that-wasnt-very-sweet-how_24.html, and as readers here know, I have one less living relative thanks to EHR faults. (I know of others that I cannot discuss.)

Critics say the clauses — which POLITICO documented in contracts with Epic Systems, Cerner, Siemens (now part of Cerner), Allscripts, eClinicalWorks and Meditech — have kept researchers from understanding the scope of the failures.

I actually refute that. I believe many researchers (in the field of Medical Informatics, at least) were blinded by their own wishful thinking about health IT and their own misplaced overconfidence in computing. My writings for a decade and that of many other “iconoclasts”, based on experience and insight from other fields in which we worked, clearly raising huge red flags, were derided or summarily ignored. For instance, see my post “The Dangers of Critical Thinking in A Politicized, Irrational Culture” from almost exactly five years ago at http://hcrenewal.blogspot.com/2010/09/dangers-of-critical-thinking-in.html. There was enough data to ascertain that major problems were extant.

Even the ECRI Deep Dive EHR safety study referenced above, now at least three years old, finding 171 IT mishaps in 9 weeks in just 36 hospitals voluntarily reported, causing 8 significant harms and 3 possible deaths, is rarely cited by the “researchers.” See http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html.

… Sheldon Whitehouse (D-RI) asked a panel of witnesses [during a HELP committee hearing earlier this summer], including Allscripts CEO Paul Black: “Can anyone on this panel see a single reason why these contracts should have gag clauses in them?” No one ventured a reason.

Perhaps, I ask, because it would be hard to say something like “Senator, our computers have more rights than patients, and we don’t give a damn about patient harm as long as the $$$ keep rolling in, and payouts for screw-ups that do make it to court are manageable“, Ford Pinto-style, in such a setting?

After POLITICO disclosed its findings, an aide to HELP Chairman Lamar Alexander (R-Tenn.) said the committee would look at the issue, “exploring potentially harmful effects of these clauses — including how they could inhibit interoperability.”

The interoperability issue is a diversion if not a non-sequitur. Dreamers still believe billions will be magically saved, and lives saved, via “interoperability”, ironically at a time when basic operability is poorly achieved.

Let me state this clearly: health IT will always be a major cost center and will never result in the mass cost savings attributed by the pundits to it. From experience, I state that is a pipe dream, a fantasy, a risible statement consistent with a mania over the technology. The issues in medicine that cost dear money are complex, and are not amenable to solution via cybernetic miracles.

See http://hcrenewal.blogspot.com/2012/09/wsj-koppel-and-soumerai-major-glitch.html for more on this issue:

… a comprehensive evaluation of the scientific literature has confirmed what many researchers suspected: The savings claimed by government agencies and vendors of health IT are little more than hype.

To conduct the study, faculty at McMaster University in Hamilton, Ontario, and its programs for assessment of technology in health — and other research centers, including in the U.S. — sifted through almost 36,000 studies of health IT. The studies included information about highly valued computerized alerts — when drugs are prescribed, for instance — to prevent drug interactions and dosage errors. From among those studies the researchers identified 31 that specifically examined the outcomes in light of the technology’s cost-savings claims.

With a few isolated exceptions, the preponderance of evidence shows that the systems had not improved health or saved money.

Rather than saving money, the industry is sucking in some of that $17 or so trillion the United States just doesn’t have (http://www.usdebtclock.org/). See for instance “The Machinery Behind Health-Care Reform: How an Industry Lobby Scored a Swift, Unexpected Victory by Channeling Billions to Electronic Records“, Washington Post, by Robert O’Harrow Jr., May 16, 2009.

Back to Politico:

… Take Cerner’s agreement with LA County’s Department of Health Services, signed in November 2012 and worth up to $370 million. It defines the vendor’s confidential information as “source code, prices, trade secrets, mask works, databases, designs and techniques, models, displays and manuals.” Such information can only be revealed with “prior written consent.” The protections cover the provider company, and its employees.

Such agreements, which are typical of the contracts examined by POLITICO, “contain broad protections for intellectual property and related confidentiality and non-disclosure language which can inhibit or discourage reporting of EHR adverse events,” said Elisabeth Belmont, corporate counsel at MaineHealth.

Belmont said she had also seen non-disparagement wordings that prohibit providers from disseminating negative information about the vendor or its software. POLITICO found no direct evidence of such clauses.

“Non-disparagement wording?”

How about good old-fashioned Orwellian thought control? See my Oct,. 2013 post ‘Words that Work: Singing Only Positive – And Often Unsubstantiated – EHR Praise As “Advised” At The University Of Arizona Health Network’ at http://hcrenewal.blogspot.com/2013/10/words-that-work-singing-only-positive.html.

… The executive branch — the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services are responsible for the subsidy program — has done little about the clauses, though providers and researchers have been grumbling about them since the 2011 Institute of Medicine report warning that “[t]hese types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks.”

…Agency officials say they deplore the clauses but lack the capacity to directly address the problem. “We strongly oppose ‘gag clauses’ and other practices that prevent providers and other health IT customers and users from freely discussing problems and other aspects of their health IT,” an ONC spokesman said.

But, he continued, ONC cannot police them. The clauses take a variety of forms, and the extent to which vendors invoke them varies, making enforcement difficult — particularly for a small agency that doesn’t have investigative or police powers.

A small agency that doesn’t have investigative or police powers? Really? Yet – ONC is a promoter of the non-regulatory “Safety Center” concept as a solution to health IT safety risks. See for instance http://hcrenewal.blogspot.com/2014/04/fda-on-health-it-risk-reckless-or.html. Their response above to Politico seems disingenuous.

What follows in the Politico article is vendor excuses and soothing reassurances, like this one:

… Epic executives said they encourage open discussion. “With permission,
we very frequently allow folks to share information around the
software,” said Epic’s vice president for client success, Eric Helsher.

I’ll surmise I would not be able to easily get detailed information on the ten thousand EPIC “issues” I highlighted at my Nov. 2013 post “We’ve resolved 6,036 issues and have 3,517 open issues”: extolling EPIC EHR Virtues at University of Arizona Health System”, http://hcrenewal.blogspot.com/2013/11/weve-resolved-6036-issues-and-have-3517.html, for publication on this blog.

… a lot of problems may go under-reported. That offends [Dr. Bob] Wachter, who says the patient safety world “takes it as religion” that information be shared as widely as possible.

“These are worlds colliding. You can understand why a technology business would put restrictions on screenshots. But we’re not making widgets here, we’re taking care of sick people,” he said.

“At some level, I’d say, ‘How dare they?'”

“At some level?” What level, exactly?

How about the life-and-death level?

Worlds colliding, indeed; the aforementioned business-IT world and the clinical world. I would drop the “at some level” phrase, though, and also go back to my 2009 JAMA letter observation that I repeat once again:

… In their Commentary, Dr Koppel and Mr Kreda made clear the problems associated with applying the customs and traditions of business software contracting and sales (where “hold harmless” and “keep defects secret” clauses are commonplace) to health care information technology (HIT) as if they are the same. I believe that ignoring their differences has likely created an epidemic of violations of hospital governing body responsibilities and Joint Commission standards for health care organization leadership.

Health IT companies are simply not team players in medicine. Their heavy-handedness and narrow thinking has harmed and killed patients. How many in total?

Last year I spoke to a half dozen US House members and a dozen or so aides of House members who could not attend. I was accompanied by two Plaintiff’s lawyers (yes, Plaintiff’s lawyers) who told their own tales of EHR-mediated catastrophes whose survivors they had represented. They were there for that purpose, to inform the US Reps that health IT was killing people.

Extrapolating the ECRI Deep Dive study figures and adding in other known cases, the true level of harms is anything but pretty.

It would be a very useful exercise to measure it explicitly rather than using the Ostrich approach (see for instance my post “FDA on health IT risk: “We don’t know the magnitude of the risk, and what we do know is the tip of the iceberg, but health IT is of ‘sufficiently low risk’ that we don’t need to regulate it” (http://hcrenewal.blogspot.com/2014/04/fda-on-health-it-risk-reckless-or.html).

However, obtaining the data in a robust matter could result in those reporting the data violating EHR gag and non-disparagement clauses.

We must respect the rights of the computers…

— SS

Addendum: the Politico article, unfortunately, while a major piece, did not cite Koppel/Kreda or their pioneering 2009 JAMA article. I surmise this was an oversight.