Friday, December 18, 2009

Arguments for Maintaining the Health IT Status Quo on Defects Nondisclosure Clauses

As I wrote at Healthcare Renewal here, I recently posted a web petition "Transparency and Openness in Electronic Patient Records and Other Healthcare Information Technology Systems" at http://www.webpetitions.com/cgi-bin/print_petition.cgi?99504454 , calling for an end to Nondisclosure Clauses [of defects, problems, EHR-related adverse events, etc.] in HIT contracts. The petition reads:

We, the undersigned, believe in transparency, accuracy, and accountability in scientific research, especially in matters related to healthcare.

We believe contractual nondisclosure clauses [1] that prohibit or restrain unfettered disclosure and dissemination of information about healthcare information technology problems related to bugs, design defects, suboptimal user interfaces, other factors that can adversely affect care, and the adverse events and near accidents these problems cause, are unethical.

We believe that patients and clinicians have a right to knowledge of healthcare information technology problems and defects that can distract clinicians and/or reduce clinician effectiveness and productivity. We also believe that hospital governance personnel have the fiduciary responsibility as well as obligation under Joint Commission safety standards to protect patients, clinicians and others working within and for their organizations from the potential consequences of healthcare information technology problems [2].

We believe that only through transparency about healthcare information technology can medical ethics be maintained, the rights of patients to the best possible care be protected and medical science advanced.

Therefore, we call for such clauses to be refused by governance bodies, vendors of healthcare information technology to refrain from including such clauses in their contracts, and the U.S. Congress to prohibit nondisclosure clauses related to medical devices and healthcare information technology.

Furthermore, retaliatory actions against those who in good faith report such matters or incidents should be prohibited.

[1] Koppel R, Kreda D. Health Care Information Technology Vendors' "Hold Harmless" Clause: Implications for Patients and Clinicians, JAMA. 2009;301(12):1276-1278.

[2] Silverstein S. "Health Care Information Technology, Hospital Responsibilities, and Joint Commission Standards." Letter to the Editor, JAMA. 2009; 302: 382.

As I had spelled out many months ago at "Health Care Information Technology Vendors' Hold Harmless and Keep Defects Secret Clauses" here, and in a July 22, 2009 letter to the editor in JAMA entitled "Health Care Information Technology, Hospital Responsibilities, and Joint Commission Standards", I believe these clauses:

  • Are responsible for stagnation in health IT industry thinking that requires an unrelenting focus on the needs of clinicians and patients;
  • Cause hospital executives to violate their fiduciary and Joint Commission safety obligations to patients and staff;
  • Perhaps even put clinicians themselves in a conflict of interest with their own professional ethics (that call for widely sharing information about potential risks to patients).

The Joint Commission nor any other healthcare regulatory body has done anything about such contract clauses since that time, to the best of my knowledge despite being made aware of these issues by direct email to JC leadership.

I've noted few signatures to the petition so far, but have received some feedback and noted other justifications for maintenance of the status quo. The arguments fall into several categories that defend the status quo of HIT defect/problem nondisclosure clauses. The categories of argument include:

  • Legal arguments (or perhaps I should say 'legalistic'): e.g., HIT is not a "medical device", is not regulated, therefore such clauses are nobody's business but the seller and buyer.
  • Semantic arguments (arguing about words): e.g., the Joint Commission safety standards calling for "the organization to communicate information related to safety and quality to those who need it, including staff, licensed independent practitioners, patients, families, and external interested parties" really do not mean communication to other healthcare organizations, regulatory bodies, the press, etc.
  • Corporatist arguments: the clauses are needed to protect the industry and protect "innovation" - however, innovation without adherence to patient's rights and medical ethics is not innovation at all in my mind (cf. the Tuskegee Study of Syphilis).
  • Statist arguments: e.g., we know what's best for medicine, and even if HIT today does have problems and hurt people, it's for the greater future good that their diffusion should be unimpeded by free dissemination of information on downsides.
  • Logically fallacious or irrational arguments: e.g., the circular argument that there's no reason to prohibit nondisclosure clauses about HIT defects and patient incidents, since these problems do not occur in the first place -- or if they occur patient harm is "always" averted by clinicians.

While these type of arguments are interesting and may make for excellent debate, (and medical ethicist George Annas at BU taught his medical students, myself included, well on such issues): none of these arguments are aligned to the ethics, customs and traditions of medicine and the oaths taken by its practitioners.

The oaths taken by healthcare IT companies (i.e., to the speculators investing in this technology) leave much to be desired in that regard.

On the other hand, here is a sentinel reason for supporting their quick abolishment, a strong informatics-based reason to abolish nondisclosure clauses:

As admissions such as "We are unable to share documents [relating to likely problematic EHR's - ed.] as our contract with XXXX includes a confidentiality clause" at http://www.computerweekly.com/blogs/tony_collins/2009/11/claim-of-censorship-over-cerne.html indicate, to the point of rejecting a FOI request for information, there are unknowns in health IT (as Tim the proprietor at Histalk wryly noted, the refusal probably is not on the grounds of having glowing praise to report).

How many other data points have not made it to the literature, either peer reviewed or press? Does anyone know definitively?

Do we really know that Medical Informatics research therefore represents a valid sampling of the events that transpire when HIT is designed and implemented?

A parallel and currently controversial issue in pharma is the deliberate suppression of negative or neutral clinincal trials results, with an emphasis on the positive, to protect a drug candidate or an actual drug in postmarketing surveillance. Does this not potentially taint the science?


-- SS

1 comment:

Anonymous said...

We are suppose to have faith in HIT when via the WSJ Health Blog we learn:


December 16, 2009, 1:02 PM ET

UCSF Doc Falls for Phishing Scam, Exposes Patient Data


By James A. White
A faculty doc at UC San Francisco fell for an email phishing scam, opening up access to personal information on some 600 patients and others to hackers, the university said yesterday.


How can we have faith in HIT when even the oldest and simplest of tactics is used to open up persona data to use by those with criminal intent.

Steve Lucas