Monday, September 14, 2015

Politico 2015: EHR sellers using “gag clauses” (despite Koppel/Kreda's 2009 JAMA article on EHR nondisclosure clauses, and my 2009 JAMA Letter to the Editor on how these clauses violate Joint Commission safety standards)

I have not blogged on EHR issues in some time, despite some interesting source material such as:

These can be read at the links above, and are self-explanatory.

A new Politico investigation and article, however, is worth writing about:
Doctors barred from discussing safety glitches in U.S.-funded software
Darius Tahir

President Barack Obama’s stimulus put taxpayers on the hook for $30 billion in electronic medical records, many of which have turned out to be technological disasters.

But don’t expect to hear about the problems from doctors or hospitals. Most of them are under gag orders not to discuss the specific failings of their systems — even though poor technology in hospitals can have lethal consequences. 

[Change the "can" to "does", e.g., ECRI Deep Dive, - ed.]

A POLITICO investigation found that some of the biggest firms marketing electronic record systems inserted “gag clauses” in their taxpayer-subsidized contracts, effectively forbidding health care providers from talking about glitches that slow their work and potentially jeopardize patients.

[E.g., see - ed.]

POLITICO obtained 11 contracts through public record requests from hospitals and health systems in New York City, California, and Florida that use six of the biggest vendors of digital record systems. With one exception, each of the contracts contains a clause protecting potentially large swaths of information from public exposure. This is the first time the existence of the gag clauses has been conclusively documented.

I note this Politico article appears six years after the seminal JAMA article on hold harmless and defects nondisclosure clauses:

as well as:

In that 2009 JAMA Letter to the Editor I observed:

... In their Commentary, Dr Koppel and Mr Kreda made clear the problems associated with applying the customs and traditions of business software contracting and sales (where “hold harmless” and “keep defects secret” clauses are commonplace) to health care information technology (HIT) as if they are the same. I believe that ignoring their differences has likely created an epidemic of violations of hospital governing body responsibilities and Joint Commission standards for health care organization leadership.

In 2015 I stand by these assertions.  Computer and business personnel - through arrogance, selfishness, narrow-mindedness and other issues - have made a mess assuming that business software practices apply to clinical medicine and healthcare IT.  In the latter domain, however, increased clinical stress and hypervigilance due to bugs clinicians have to work around (that might have been fixed sooner), lessening their performance and increasing risk, and patient injury and death has been the result of a belief that clinical computing is just a niche area of business computing.  (I've been making this point for at least 15 years, I might add.)

Such contractual practices endanger patients, and in 2015 are reckless, negligent and inexcusable.
Recklessness means the person knew (or should have known) that his or her action were likely to cause harm. Negligence means that the person acted in violation of a duty to someone else, with the breach of that duty causing harm to someone else.

More from the Politico article:

Vendors say such restrictions target only breaches of intellectual property and are invoked rarely.

IP breaches?  While I understand the business issues at hand, in reality this is farcical.  There is little unique and valuable IP in these if one EHR vendor would really copy off another EHR vendor's screens.  I've seen many EHRs and their instruction manuals and in my opinion there's little worth stealing from any of these look-alike systems.

But doctors, researchers and members of Congress contend they stifle important discussions, including disclosures that problems exist. In some cases, they say, the software’s faults can have lethal results, misleading doctors and nurses who rely upon it for critical information in life-or-death situations.

Change the "can" to "do."  See ECRI link above, posts such as at, and as readers here know, I have one less living relative thanks to EHR faults.  (I know of others that I cannot discuss.)

Critics say the clauses – which POLITICO documented in contracts with Epic Systems, Cerner, Siemens (now part of Cerner), Allscripts, eClinicalWorks and Meditech – have kept researchers from understanding the scope of the failures.

I actually refute that.  I believe many researchers (in the field of Medical Informatics, at least) were blinded by their own wishful thinking about health IT and their own misplaced overconfidence in computing.  My writings for a decade and that of many other "iconoclasts", based on experience and insight from other fields in which we worked, clearly raising huge red flags, were derided or summarily ignored.  For instance, see my post "The Dangers of Critical Thinking in A Politicized, Irrational Culture" from almost exactly five years ago at  There was enough data to ascertain that major problems were extant.

Even the ECRI Deep Dive EHR safety study referenced above, now at least three years old, finding 171 IT mishaps in 9 weeks in just 36 hospitals voluntarily reported, causing 8 significant harms and 3 possible deaths, is rarely cited by the "researchers."  See

... Sheldon Whitehouse (D-RI) asked a panel of witnesses [during a HELP committee hearing earlier this summer], including Allscripts CEO Paul Black: “Can anyone on this panel see a single reason why these contracts should have gag clauses in them?”  No one ventured a reason.

Perhaps, I ask, because it would be hard to say something like "Senator, our computers have more rights than patients, and we don't give a damn about patient harm as long as the $$$ keep rolling in, and payouts for screw-ups that do make it to court are manageable", Ford Pinto-style, in such a setting?

After POLITICO disclosed its findings, an aide to HELP Chairman Lamar Alexander (R-Tenn.) said the committee would look at the issue, “exploring potentially harmful effects of these clauses – including how they could inhibit interoperability.”

The interoperability issue is a diversion if not a non-sequitur.  Dreamers still believe billions will be magically saved, and lives saved, via "interoperability", ironically at a time when basic operability is poorly achieved.

Let me state this clearly:  health IT will always be a major cost center and will never result in the mass cost savings attributed by the pundits to it.  From experience, I state that is a pipe dream, a fantasy, a risible statement consistent with a mania over the technology.  The issues in medicine that cost dear money are complex, and are not amenable to solution via cybernetic miracles.

See for more on this issue:

... a comprehensive evaluation of the scientific literature has confirmed what many researchers suspected: The savings claimed by government agencies and vendors of health IT are little more than hype.

To conduct the study, faculty at McMaster University in Hamilton, Ontario, and its programs for assessment of technology in health—and other research centers, including in the U.S.—sifted through almost 36,000 studies of health IT. The studies included information about highly valued computerized alerts—when drugs are prescribed, for instance—to prevent drug interactions and dosage errors. From among those studies the researchers identified 31 that specifically examined the outcomes in light of the technology's cost-savings claims.

With a few isolated exceptions, the preponderance of evidence shows that the systems had not improved health or saved money.

Rather than saving money, the industry is sucking in some of that $17 or so trillion the United States just doesn't have (  See for instance "The Machinery Behind Health-Care Reform: How an Industry Lobby Scored a Swift, Unexpected Victory by Channeling Billions to Electronic Records", Washington Post, by Robert O'Harrow Jr., May 16, 2009.

Back to Politico:

... Take Cerner’s agreement with LA County’s Department of Health Services, signed in November 2012 and worth up to $370 million. It defines the vendor’s confidential information as “source code, prices, trade secrets, mask works, databases, designs and techniques, models, displays and manuals.” Such information can only be revealed with “prior written consent.” The protections cover the provider company, and its employees.

Such agreements, which are typical of the contracts examined by POLITICO, “contain broad protections for intellectual property and related confidentiality and non-disclosure language which can inhibit or discourage reporting of EHR adverse events,” said Elisabeth Belmont, corporate counsel at MaineHealth.

Belmont said she had also seen non-disparagement wordings that prohibit providers from disseminating negative information about the vendor or its software. POLITICO found no direct evidence of such clauses.

"Non-disparagement wording?"

How about good old-fashioned Orwellian thought control?  See my Oct,. 2013 post 'Words that Work: Singing Only Positive - And Often Unsubstantiated - EHR Praise As "Advised" At The University Of Arizona Health Network' at

... The executive branch—the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services are responsible for the subsidy program— has done little about the clauses, though providers and researchers have been grumbling about them since the 2011 Institute of Medicine report warning that “[t]hese types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks.”

...Agency officials say they deplore the clauses but lack the capacity to directly address the problem. “We strongly oppose ‘gag clauses’ and other practices that prevent providers and other health IT customers and users from freely discussing problems and other aspects of their health IT,” an ONC spokesman said.

But, he continued, ONC cannot police them. The clauses take a variety of forms, and the extent to which vendors invoke them varies, making enforcement difficult – particularly for a small agency that doesn’t have investigative or police powers.

A small agency that doesn’t have investigative or police powers?  Really?  Yet - ONC is a promoter of the non-regulatory "Safety Center" concept as a solution to health IT safety risks.  See for instance  Their response above to Politico seems disingenuous.

What follows in the Politico article is vendor excuses and soothing reassurances, like this one:

... Epic executives said they encourage open discussion. “With permission, we very frequently allow folks to share information around the software,” said Epic’s vice president for client success, Eric Helsher.

I'll surmise I would not be able to easily get detailed information on the ten thousand EPIC "issues" I highlighted at my Nov. 2013 post "We’ve resolved 6,036 issues and have 3,517 open issues": extolling EPIC EHR Virtues at University of Arizona Health System",, for publication on this blog.

... a lot of problems may go under-reported. That offends [Dr. Bob] Wachter, who says the patient safety world “takes it as religion” that information be shared as widely as possible.

“These are worlds colliding. You can understand why a technology business would put restrictions on screenshots. But we’re not making widgets here, we’re taking care of sick people,” he said.

“At some level, I’d say, ‘How dare they?’”

"At some level?"  What level, exactly?

How about the life-and-death level?

Worlds colliding, indeed; the aforementioned business-IT world and the clinical world.  I would drop the "at some level" phrase, though, and also go back to my 2009 JAMA letter observation that I repeat once again: 

... In their Commentary, Dr Koppel and Mr Kreda made clear the problems associated with applying the customs and traditions of business software contracting and sales (where “hold harmless” and “keep defects secret” clauses are commonplace) to health care information technology (HIT) as if they are the same. I believe that ignoring their differences has likely created an epidemic of violations of hospital governing body responsibilities and Joint Commission standards for health care organization leadership.

Health IT companies are simply not team players in medicine.  Their heavy-handedness and narrow thinking has harmed and killed patients.   How many in total? 

Last year I spoke to a half dozen US House members and a dozen or so aides of House members who could not attend.   I was accompanied by two Plaintiff's lawyers (yes, Plaintiff's lawyers) who told their own tales of EHR-mediated catastrophes whose survivors they had represented.  They were there for that purpose, to inform the US Reps that health IT was killing people.

Extrapolating the ECRI Deep Dive study figures and adding in other known cases, the true level of harms is anything but pretty.

It would be a very useful exercise to measure it explicitly rather than using the Ostrich approach (see for instance my post "FDA on health IT risk:  "We don't know the magnitude of the risk, and what we do know is the tip of the iceberg, but health IT is of 'sufficiently low risk' that we don't need to regulate it" ( 

However, obtaining the data in a robust matter could result in those reporting the data violating EHR gag and non-disparagement clauses.

We must respect the rights of the computers...

-- SS

Addendum:  the Politico article, unfortunately, while a major piece, did not cite Koppel/Kreda or their pioneering 2009 JAMA article.  I surmise this was an oversight.


Anonymous said...

Missed your posts. Thanks for keeping this train going.

Afraid said...

This is only part of a wider problem. See where they describe how financial incentives to improve care are poorly constructed to the point of disincenting good behavior by not incenting it.

Policy makers are not succeeding at this micromanagement effort through macromanagement policy. Why, is it just too hard for them? Are the deciding it done when they make a powerpoint presentation?

Do the policy makers have any downside when their policies don't achieve the benefits? Is their any adherence to the mantra of evidence based activity within policy making?

While I am not a fan of nationalizing things, I think the only way to cure medicine in the US is to give control back to the doctors.

Anonymous said...

As the say, this HIT programme is as pathetic as having a screen door in a submarine.

Cynthia said...

Most of us are aware that shortly after the financial meltdown of 2008, schools and law enforcement received a great deal of stimulus money from the federal government, most of which has now dried up. However, very few of us are aware that large hospital systems, public and private alike, were also getting an enormous amount of fiscal stimulus money as well.

Then with the passage of ObamaCare, the spending has intensified, by leaps and bounds. One example among many, which is specifically mentioned here, is that hospitals were given roughly $30 billions in federal grant money to purchase new medical software. Stuff like this explains why the healthcare sector has out performed all other sectors trading on Wall Street by a long shot. ObamaCare hasn't made the healthcare industry fabulously wealthy because it has introduced more market-based medicine into the system. No, the healthcare industry has become fabulously wealthy because ObamCare has introduced more corporate socialism into the system.

Neal Patterson, the guy who started Cerner, the company which my hospital purchased its medical software from, came from being less than a millionaire to an outright billionaire faster than Mark Zuckerberg did with his launching of Facebook! Besides the huge age difference, the only other difference between Patterson and Zuckerberg is that unlike Zuckerberg, Patterson got his billions by profiting off the government. Don't get me wrong, my hospital needed new software. But that's nothing new. Every business needs to buy new software from time to time, in order to stay competitive and up to date. But no business should be given billions in government handouts to pay for IT software, or any other capital expenditures for that matter.

And how much good has Cerner software done to improve patient care or improve hospital efficiency? I would say very, very little. Oh sure, it has created more good paying jobs in the hospital's IT department. But because hospital budgets are finite, the more hospitals spend on IT, the less money they have to spend on direct patient care. I work in direct patient care and my patient load is at an all-time high and the amount of time I spend plugging in data behind a computer is also at an all-time high. In other words, the ObamaCare stimulus has enriched healthcare IT, but has done so at the expense to patient care, as well as to hospital efficiency.

Unfortunately, hospitals aren't taking this stimulus money to build the "New Deal" equivalent of roads, bridges and dams. They instead are taking this money to do the "New Deal" equivalent of digging ditches and refilling them. I could provide many other examples of bastardized neo-Keynesian projects taking place throughout hospitals, but I don't have the time or space to do so right now.

Roy M. Poses MD said...

Scot, the Politico story raises lots of questions about how this is happening:

Do the EHR vendors insert such provisions in their contracts because they are routine in other kinds of business contracts, without realizing their effects on patient safety, or are these contracts deliberate attempts to make more money by putting safety at risk?

Why do the "provider" organizations, presumably including hospitals that should put patients' care foremost, sign these contracts?

Would these contract provisions actually bind physicians and other health care professionals who are employed by the "provider" organization, especially if they did not individually sign them?

Would they bind physicians who admit patients to these hospitals, but are not employees?

Has anyone ever tried to negotiate about these positions, or ever been willing to challenge these contracts in court?

Any ideas?