Tuesday, March 24, 2009

Health Care Information Technology Vendors' "Hold Harmless" Clause - The Largest IT Industry Abuse Ever?

Dear fellow physicians, nurses and other clinicians:

You thought frivolous medical malpractice suits were a problem?

Guess what:

It's worse. Along with your patients you are nonconsented beta testers and experimental subjects of the health IT industry, and potential victims of the computer industry's arrogance and dysfunction.

In the remarkable article Health Care Information Technology Vendors' "Hold Harmless" Clause - Implications for Patients and Clinicians, Ross Koppel and David Kreda, Journal of the American Medical Association, 2009;301(12):1276-1278, we learn that:

Healthcare information technology (HIT) vendors enjoy a contractual and legal structure that renders them virtually liability-free—“held harmless” is the term-of-art—even when their proprietary products may be implicated in adverse events involving patients. This contractual and legal device shifts liability and remedial burdens to physicians, nurses, hospitals, and clinics, even when these HIT users are strictly following vendor instructions...HIT vendors are not responsible for errors their systems introduce in patient treatment because physicians, nurses, pharmacists, and healthcare technicians should be able to identify—and correct—any errors generated by software faults. [Yes - we're all knowing magicians with the power to read minds, infer incorrect lab values via therapeutic touch, and possess encyclopedic knowledge in our heads at all times. This raises the question: if we are that omniscient to be able to identify and correct software faults with 100 percent accuracy to avoid patient harm, then why do we need electronic medical records at all? - ed.]

Also see the Univ. of Pennsylvania press release "Why Are Healthcare Information Manufacturers Free of All Liability When Their Products Can Result in Medical Errors?" here.

In the new Koppel and Kreda JAMA article we also learn that:

HIT implementations are massively complex, and are fraught with delays, errors, resistance, work process redesign, frustration, and outright failure. Healthcare facilities cannot predict the myriad scenarios in which software failures could result in patient harm and liability, and they are not likely to be knowledgeable a priori about frequent vendor updates.

We additionally learn that:

The significant disparity between buyers and sellers in knowledge and resources [about healthcare IT problems] is profound and consequential. Vendors retain company confidential knowledge about designs, faults, software-operations, and glitches. Their counsel have crafted contractual terms that absolve them of liability and other punitive strictures while compelling users’ non-disclosure of their systems’ problematic, or even disastrous, software faults.

[This is simply astonishing. In other words, health IT customers and users have a gag order imposed on them regarding software faults and defects, while clinicians -- through their ingenuity, their labor in finding defect workarounds, and their liability -- serve (as I've written) as captive beta testers and an insurance company for HIT vendors - ed.]

These observations are nothing short of astonishing. They do help explain, however, the near silence of hospitals and their executives regarding healthcare IT faults, an observation I made in this 2006 AMIA presentation about the scarcity of such information:

Access Patterns to a Website on Healthcare IT Failure (Abstract [pdf], Poster [ppt].)

The Joint Commission also made this observation in their Dec. 2008 Sentinel Events Alert on Health IT:

There is a dearth of data on the incidence of adverse events directly caused by HIT overall.

The new JAMA article may also explain why HIT is so often done so poorly as to present a mission hostile user experience, as I started to write about a decade ago at my healthcare IT difficulties website here, as I outlined in an eight part series starting here, as the American College of Physician Executives noted here, as the National Research Council noted here ("Current Approaches to US Healthcare IT are Insufficient"), and as many others noted as well:

Healthcare IT News (3/10, Merrill) reported, a survey conducted by the American College of Physician Executives found "that although more physician leaders are using healthcare information technology, they still find it clunky and unresponsive to their needs." The survey of 1,000 ACPE members "revealed that the biggest source of frustration is a lack of input from physicians when designing and implementing healthcare information technology systems. Many said involving clinicians at the planning stages would pre-empt many of the problems that crop up later." One respondent noted that "systems are chosen according to administrative criteria rather than what physicians need."

Without accountability, a manufacturer is unmotivated to produce quality products at the expense of profits. They become complacent and lazy. This is an excellent reason why major HIT applications are as abhorrent as they are and violate so many fundamental principles of human computer interaction and resilience engineering.

It can also explain why talent management within the vendors is biased against hiring medical informatics experts, who would resist intellectual laziness of their non-informatics profit oriented (and unaccountable) counterparts.

Koppel and Kreda note that such stipulations defeat patient safety efforts and are contrary to the principles of evidence based medicine. I can add that such stipulations are contrary to the principles of good engineering.

These stipulations further instantiate my observation that health IT lacks the rigor of medical science itself, its major Achilles heel. This is one reason why I believe a national HIT initiative at this point in time is going to be, as in the UK, nothing short of an expensive debacle.

The existence of "hold harmless" clauses and gag orders raises many questions:

  • Clinical supervisors of other physicians are indeed practicing medicine. Are Health IT vendors in fact practicing medicine by cybernetic proxy via these IT systems?
  • Aren't the vendors' own claims of revolutionary healthcare quality improvements mediated via EMR's, alerts and reminders, clinical decision support, etc., malfunctions of which physicians may be held liable, prima facie evidence that the vendors are in fact practicing medicine by proxy?
  • Should not these purveyors of cybernetic (i.e., virtual) medical devices be held accountable for their products, as in the pharmaceutical and the non-cybernetic (i.e., physical) medical device industries?
  • How did such a situation regarding critical healthcare devices arise?
  • In what other healthcare or other technology intensive industries, if any, do similar conditions exist, and what are the repercussions?
  • How long has this situation existed?
  • Why is it tolerated by clinicians?
  • Why is it tolerated by clinical leaders?
  • Why is it tolerated by medical professional societies, such as the AMA, the ACPE, etc., supposedly representing their members' interests?
  • Why is it tolerated by hospitals and their executive leadership and boards of directors?
  • Why is it tolerated by IS departments in hospitals?
  • Why is it tolerated by hospital general counsel?
  • Are there possible civil tort/RICO (racketeering)/criminal implications regarding patients injured by defective health IT where defects were known but not disclosed?
  • Is not such a protective arrangement prima facie evidence that this technology is indeed experimental, with patients and clinicians as unconsented experimental subjects?
  • Why is it tolerated by our government?

Regarding the last point, the Obama administration has promised an atmosphere of national accountability and responsibility. Why, then, has it simultaneously employed the coercive force of government (payment penalties for HIT non adopters after the absurdly short period of five years from now, 2014) to push an exploratory medical device from an unaccountable industry of unproven ROI at a cost of tens of billions of dollars on to the medical profession? This reality raises another question as I suggested in my WSJ Letter to the Editor of February 18, 2009. I wrote:

Dear Wall Street Journal:

You observe that the true political goal is socialized medicine facilitated by health care information technology. You note that the public is being deceived, as the rules behind this takeover were stealthily inserted in the stimulus bill.

I have a different view on who is deceiving whom. In fact, it is the government that has been deceived by the HIT industry and its pundits. Stated directly, the administration is deluded about the true difficulty of making large-scale health IT work. The beneficiaries will largely be the IT industry and IT management consultants.

In other words, was the administration misled by the health IT industry? I believe it might have been.

As an example, Mr. Obama's healthcare IT policy campaign adviser per the WSJ Glen Tullman, CEO of HIT vendor AllScripts and Board member of the industry-created government contractor CCHIT ("Certification Commission for Healthcare IT"), probably didn't tell Mr. Obama his company was selling goods that did not function properly. (Here is a link to my organization's Civil Complaint against AllScripts, PDF). We apparently cannot know how many other organizations had their own complaints that might not have made it into litigation, due to the aforementioned gag orders. (Ironically, I found out about the lawsuit at my own organization only through an anonymous comment at the HIT gossip site HISTalk.)

Incidentally, by matter of pure speculation, I was not permitted involvement in that implementation despite having been a pioneering CMIO at a larger healthcare system years prior and the only formally educated medical informaticist at my organization. My writings on health IT dysfunction were well known to the IT staff and likely the vendor after a short web search; it would have been in the vendors' interests to keep me away from sales and implementation of known deficient health IT. Again, this is simply speculation.

On the other hand, I am aware of major healthcare organizations with "portfolios" of hundreds or thousands of issues and defects awaiting remediation, and CMIO's struggling against cavalier bureaucracies who want the doctors even in critical care areas to live with the problems, and vendors who are not in a hurry to fix their products.

Some of the problems rise to the level of critical with regard to patient safety. Under contract, the problems cannot be disclosed to the public, to patients whose care might fall under the aegis of these systems, or to other healthcare organizations seeking the same systems. I hope to be a plaintiff's witness when the inevitable lawsuits for patient injury place such capricious vendor, hospital and IT leadership on the witness stand.

Finally, in fairness the JAMA article discusses issues beyond the vendors' control such as misuse or poor training done by the host organization using the IT.

Possible remedies to the situation of unaccountability for the outcomes of HIT misdesign, malfunction and other defects are outlined in the article. See it or the press release at the above links if you lack JAMA access.

As I've written numerous times on this site, due to the implications and especially now due to the revelation that the scarcity of adverse events information related to HIT is probably by design, I favor stringent health IT regulation as in pharmaceutical IT.

Whatever happens, however, I know this. For the sake of patient safety:

This sorry, abusive and inexcusable travesty must end ... now.

Finally, to health IT vendors, as my early medical mentor, pioneering cardiovascular surgeon and educator Victor P. Satinsky, MD might have said:

If you can't take the heat of the responsibilities of clinical medicine, then get out of our kitchen.

-- SS


Anonymous said...

HI i like that. so can u post that on


Anonymous said...

You may find of interest the March 24, WSJ article Small health Firms May See Windfall From Stimulus Billions for E-Records. The article points out the work of one small vendor and the hopes to increase dramatically in size using stimulus money and the government mandate as business drivers.

At no time is a medical background listed for the senior management and the whole concept of a massive increases in companies size, and competency issues of personnel, is swept aside in the rush for money.

I really do not know why we are repeating the same failures seen a number of years ago with the SETS project. This project was intended to create a national computerized child support data base. Realizing a national registry would never politically work the federal government financed state by state implementation.

My attorney wife, with decades of program experience, was pushed aside in favor of a 20 something computer geek. When asked why they did not use a GUI or menu driven system, common at the time, the geek said he intended to retire doing upgrades.

This is the mother load for the next 10 years in the computer industry. We, the tax payers and consumers, will pay billions, doctors will be saddled with a mandated system that does not work, all while a few computer companies make record profits.

Steve Lucas

cdlopez said...

If everyone had health insurance the system would cheaper.
Anyone that thinks our system is better than other places in the world they should read the stats.
We are better than 3rd world, when you compare us with Canada and Europe we are 36 or 37 on the list.
People in Europe and Canada live longer and their birth rate survival is better.
This proves socialized meds is a better deal.

John said...

I enjoyed reading this, and I hope that more of these companies do care about the patient more than the almighty dollar. Ultimately, every employee of this industry will be treated by a physician using software of some kind.

My comment is in regards to this: [Yes - we're all knowing magicians with the power to read minds, infer incorrect lab values via therapeutic touch, and possess encyclopedic knowledge in our heads at all times. This raises the question: if we are that omniscient to be able to identify and correct software faults with 100 percent accuracy to avoid patient harm, then why do we need electronic medical records at all? - ed.]

If I turned this around, I could say if the EMR delivered 100% accuracy, what then would a physician be needed for? Just a thought.

InformaticsMD said...

If I turned this around, I could say if the EMR delivered 100% accuracy, what then would a physician be needed for? Just a thought.

Not a very realistic thought. There is no symmetry here. I won't spoon feed, however -- other than to say such statements exhibit a whopping overconfidence in machines and a TV-drama perspective on the actual practice of medicine.

Suggest you read the first few chapters of a medical text, such as the Merck Manual, the home version, to answer your own question, then report back here.

-- SS

Donald C. Calarco said...

A lot of ground here. Far too much for a general comment. I do, however, wish to comment on one small portion of your tirade.

You wrote: "Are Health IT vendors in fact practicing medicine by cybernetic proxy via these IT systems? Aren't the vendors' own claims of revolutionary health care quality improvements mediated via EMR's, alerts and reminders, clinical decision support, etc., malfunctions of which physicians may be held liable, prima facie evidence that the vendors are in fact practicing medicine by proxy?"

I am a health IT vendor. I provide tools to improve the management, collection, storage and retrieval of critical diagnoses, assessment and historic treatment data, as well as coding, billing and claims processing information, entered into my system by professionals and their staff.

I do not practice medicine; not directly nor by proxy. I also take offense to your generalization that all IT vendors are making this mistake.

I deliver my applications vacant of any patient data. At no time does my system or anyone in my organization enter, suggest or advise on clinical decisions. We would truly be fools to do so.

Instead, we provide the tools to allow the entry and retrieval of these reminders, alerts and critical data by trained professionals.

A physician who invests in a tool expected to make his clinical decisions for him is equally as foolish.

I do agree that some on my side of the equation have swelled so in their arrogance to believe that they are capable of duplicating the decision making thought process of a physician. Then, packaging that process and expecting professionals to allow the tool to do their job for them. This is absurd.

Consider the most diligent research in algorithmic, evidence based medicine done by the likes of John Fox, PhD, Professor and Director of The Advanced Computation Laboratory at McCullough-Hyde Memorial Hospital London, UK; Mark Musen, MD, PhD, Professor and Head of Stanford Medical Informatics; Jack W Smith Jr, MD, PhD, Dean of the School of Health Information Sciences,
University of Texas; Drs Puhlmann and Johannes Harl of Germany.

In a period of over 20 years, they have offered evidence, research and a collection of hundreds of thousands of medical theory, assessments, treatment plans and case results to physicians who are expected to make their own professional decision in the care and treatment of their patients.

These are learned men and women who wouldn't dream of deploying a robotic system that replaces the physicians own decision making prowess. They do, however provide "tools" to assist the true professional, as I do.

Yet, vendors of such products exist in our midst and they are quite capable of attracting the most gullible of your constituents. Oh Constantine, caveat emptor!

Would the manufacturer of a hammer, intended for use as a construction tool, be held accountable for the idiot who decides to use it as a weapon? And if so, why? Perhaps because the instructions for use didn't accompany the tool at the point of sale? Of course not. It can only be assumed that anyone who purchases a hammer would know how to use it.

In my opinion, for which I acknowledge no one has asked, any physician who expects a software program to replace his own thought process is buying a hammer without instructions and may, if he depends on it enough, cause more harm than good in the long run.

EMR! Electronic Medical Record! A tool to replace paper record keeping and electronically recording, reporting, retrieving, storage and sharing of historic patient data. It's really not rocket science. We all want to get to the future eventually! And the day may arrive when a software program will replace a physicians decision making ability. But for now, I will stand with you, reject the thought and continue to provide cost effective and efficient tools that do the important job they are designed to do.