Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

Update: At the bottom of this post, I’ve included Patient Fusion’s response to this article.

When Practice Fusion asked their users to prepare for some new “patient communication tools”, the outcry from many doctors was for Practice Fusion to stop focusing new features on patients and instead focus on unsolved physician requests that were made years previous. What I found when I started digging into Practice Fusion’s focus on patients through its launch of Patient Fusion was a much more important story where Practice Fusion’s actions were violating some physicians’ trust and might have issues with HIPAA.

The story starts in early April 2012. With little fanfare (only a generic blog post about Measuring the Patient Experience Using Surveys and two mentions in the Practice Fusion “Progress Note newsletter”) (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.), Practice Fusion turned on a feature that would email every single patient whenever a progress note was created in the Practice Fusion EHR. The email came addressed as being sent from the doctor and asked the patient to rate and review their provider.

In the 17 months since they started sending these emails, 1,844,718 reviews have been submitted across 29,630 providers according to the Patient Fusion website. If we’re really generous and assume a 20% response rate from the emails, then over the last year Practice Fusion has sent out over 9 million emails to patients. It’s truly an impressive feat to have been able to gather that many physician reviews in such a short period. What an amazing asset for any company to have accomplished.

Regular readers will likely remember my previous post titled Physician Ranking Websites – The Bad, The Worse and the Ugly where I discuss in detail the challenges for any physician rating website, so I won’t go into that here. The value of physician ratings aside, I don’t have any problem with Practice Fusion collecting physician ratings and reviews. What I am concerned with is how they did it.

In my research, I couldn’t find a single Practice Fusion doctor who knew from Practice Fusion’s “standard channels” (blog post and email newsletter) that every patient they charted would receive these rating and review emails. What I did find was a doctor who only discovered these emails were being sent to his patients when his brother visited his office and later asked him why the information in the email was incorrect. The doctor no doubt asked his brother “What email?” Other doctors only knew about the emails after hearing about the emails from their patients. One doctor confused a few of his patients’ comments about the ratings emails thinking that they were talking about some other rating service like Yelp, Health Grades or ZocDoc. He was later surprised to learn that Practice Fusion had been sending these ratings emails for months to all his patients and he knew nothing about them.

Imagine being a doctor who discovered your EHR vendor was sending emails to your patients IN YOUR NAME and you knew nothing about it. Shame on those doctors for not reading the Practice Fusion newsletter in more detail.

The physician response once they found out these emails were being sent isn’t surprising. Here are a few of their responses:

“We find this a MAJOR violation of our trust with Practice Fusion.”

“It demonstrates to me that PF has LOST TOUCH with how difficult it is to run a doctor’s office.”

“I just think of all the times I assured people that we would never email them with solicitations or spam, but only would use their private email addresses for emergency purposes or if they emailed us first.”

“Why were we not told? Why can’t we use the emails we enter [into] the system but you can?”

“You should NOT have to opt out of spam! This is an outrage.”

“It’s deception! Unsolicited emails to our patients from PF should never be signed off as the doctor. Where is the trust?”

“PF obviously thought of doctor’s offices more like a restaurant or retail store than the rather unique provider of personal health care and protector of personal data.”

“We were outraged!”

“No physician signed up onto PF thinking they can would treated like HealthGrades or Vitals.”

“The main point of contention has been the fact that we were not aware of the surveys being sent out IN OUR NAMES!”

“Hard to believe that the largest social site for information about my practice was created without my knowledge and I am guessing was directly solicited from my patients in the form of emails.”

“What I hope PF takes from this is that doctors, for the most part, do not like being used to advocate for a product without expressly being told in a bolded out and starred statement “hey, we’re going to use your office to send out email asking for feedback. Is this okay?”

You can read more reactions from Practice Fusion users on this forum post (Note: This post has had many of the comments removed since I posted this article.) including this comment from a patient who received the email:

I’m a patient. I received one of these emails from PF and then a follow up email from my doctor who was simply irate that PF was spoofing his email address. This just defies every email rule there is and PF owes an apology to every provider and every patient who received one.

One doctor I talked to didn’t find out about the emails being sent in his name until almost a year later. PF Staff Kristen offered the following comment in the above forum post, “The goal of patient surveys is to provide both insight and marketing materials for your practice. We will not publish, sell, or otherwise market your practice without your permission.” I think Kristen really believes this. In fact, I talked to Practice Fusion directly and they told me the goal of these ratings and reviews was to provide more transparency between physicians and patients. While I appreciate the noble goal of transparency between physician and patients, I am concerned that Practice Fusion thinks that doctors gave them permission to send these millions of emails. Practice Fusion may legally have permission to send these emails based on the fine print of their user agreement, but permission to me means that the doctor knows what you’re doing in their name.

As one doctor asked, “Why were we not told?” No where in Practice Fusion can a provider see their ratings and reviews and they weren’t published to the Patient Fusion portal until the portal went live a year after they started sending these emails. There’s no notification sent to a provider when a rating is completed. All of the emails and ratings are patient facing, so how would a provider know that reviews were happening? Oh, that’s right, they were suppose to read the email newsletter.

I wonder how many more of the almost 30,000 Practice Fusion providers still don’t know this is happening. I imagine they’ll have similar reactions when they find out.

Maybe I am wrong in my assumption that many doctors still don’t know about these emails being sent in their name. It is possible that most of them saw the newsletter and were happy with the new feature. My problem with this is that I receive the Practice Fusion email newsletters and did not recognize that this is what they were doing. It is hard for me to believe that the majority of busy doctors caught the message.

Turns out that when Practice Fusion first implemented the email ratings feature, the only way to turn it off was by contacting support. There wasn’t even an option inside the EHR to turn off the emails, but that has been added since. It seems to me that they weren’t thinking about their users’ needs when implementing this feature, but likely wanted to get as many reviews as possible in order to compete with the highly funded physician review sites: ZocDoc ($95 million), Health Grades (Acquired for $294 million) and Vitals ($26 million).

Fifteen months and approximately nine million emails later, Practice Fusion finally posted what the emails look like and what emails are sent from Practice Fusion on their new and relatively inactive forum. However, this entire time Practice Fusion could have communicated this new feature to their users directly. In one sense they are an ad platform that communicates to doctors and yet they chose not to use that platform to let their users know what they were doing. I understand there is a balance with how many alerts Practice Fusion sends doctors within Practice Fusion, but sending out thousands of emails in each doctor’s name seems like one worthy of clear notification. (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.)

Practice Fusion could have easily avoided all the confusion and loss of physician trust if they had just implemented this as an opt in feature as opposed to an opt out feature. Just like the pop up surveys and other notifications they display during login, they could have popped up a request for providers to opt in to this new ratings service. When I asked Practice Fusion about this, they told me that they didn’t do it as an opt out feature because it was a passion project for them and they wanted every Practice Fusion doctor to participate in more physician-patient transparency.

Maybe that was one of the goals of the project, but I think there is more to the story. Think of the value that 1.84 million reviews has created for Practice Fusion. If Practice Fusion had done these ratings emails as an opt in feature, I am sure that very few doctors would have knowingly opted into the service. With very few doctors opting into the ratings emails, Practice Fusion would have missed out on all the value that a large database of physician reviews would create.

Beyond just the forum post linked above, I know that Practice Fusion has heard from doctors who are upset with these ratings emails being sent. From my research, it seems like most doctors’ initial reaction to the emails revolves around fear of being rated by their patients. In fact, I expect this is why on the Patient Fusion website (where all the ratings and reviews are immediately published) it says “98% doctors recommended.” I have little doubt that this statement was added in response to physicians’ fear over being rated. Many doctors likely switched from anger and fear to acceptance when they saw that their patients had rated them well.

Side Note: If almost all of the provider ratings are positive, then do the ratings have any real value?

Maybe this is why Practice Fusion hasn’t had a different response to this issue. They feel that those doctors who were upset at the emails have been pacified with good reviews or the ability to disable the service. I think Practice Fusion considers those complaining in this forum post (Note: This post has had many of the comments removed since I posted this article.) the standard “complain over anything” response from users. The problem is that we don’t know how many more doctors haven’t complained because they still don’t know what is going on. Hopefully by covering it in this blog post we will see how many doctors care about this issue.

If ratings emails sent from medical doctors wasn’t bad enough, it turns out Practice Fusion has been sending ratings emails to psychiatric patients as well. Here’s what one psychiatry NP had to say about the emails:

“As a psychiatry NP I really do not think patients should be asked to rate their therapist. This is actually a conflict with the relationship with the patient. Holding the boundaries with most of my patients is VERY important. They all want to please me. So it really is inappropriate to ask a patient to rate a therapist they have.”

On July 10th this psychiatric NP asked for the emails to be turned off. On August 1st she posted that the emails were still not turned off. Why Practice Fusion’s immediate response wasn’t to reach out to this psychiatrist to turn it off and then to turn off this feature for all psychiatrists is beyond me. Sending out rating emails to mental health patients is a whole new level of trouble and legal entanglement.

Needless to say, there are dozens of other examples of bad situations that could be caused by these emails. Here’s one doctors’ comment about his patient population and these emails:

“One of the things we do is addiction. So I have people where nobody knows they are coming to see a doctor to treat their opiate problem and they are incredibly anxious about anyone finding out. We are the type of practice where people often come to keep their indiscretions hidden. Their affair, their vice, their compulsion. I realize that most just got a dumb email.”

Another doctor offers this insight into his patient population and why this could be a big issue:

“As a doctor, I don’t like this one bit. I’m in pilot country and the FAA takes medication use VERY seriously. what if a doctor mistakenly prescribed a medicine that was on the FAA “not allowed” list (http://www.leftseat.com/medcat1.htm) or sees a psychiatrist and then PF sends an email that the patient was seen at a psychiatrists office to their work email. Their work could be scanning their email for violations like this and BAM! someone loses their job b/c of a PF hipaa violation that reveals the private information that this person had just been to a psychiatrists office and is possibly on psychiatric medications.”

The scenarios are endless. What if the email is coming from an AIDS clinic or a Cancer clinic and no one knows you have AIDS or Cancer? What if the email was from an OB and a boyfriend stumbles upon it?

Some might suggest that this is just a bunch of FUD (Fear, Uncertainty, and Doubt). Maybe it is, but this should be the choice of the patient and the doctor and not the choice of the EHR vendor. If Practice Fusion had done this as an opt in feature, none of this would be an issue. Some doctors are now choosing to not enter emails into Practice Fusion because they are afraid of how those emails will be used. The irony is that Practice Fusion recently made a patient’s email address and phone number required fields. If a clinic doesn’t want to enter that information, they have to check the patient doesn’t have an email or phone check boxes. You just have to wonder why email and phone fields were changed to required fields.

Doctors have always had a general fear of any Free EHR. I have heard many doctors state that they would never use a Free EHR, because they didn’t know what the company would do with their data. I’m certain that actions like the ones described above will do a lot to confirm some doctors distrust of Practice Fusion’s Free EHR. Plus, you can be certain that Practice Fusion’s competitors will be sharing this information with doctors as well.

There will be some that read these physician comments and say, “Stop complaining, it’s a Free EHR. Switch EHR software if you don’t like what they’re doing.” The problem with this rationale is that it’s not “Free” to use Practice Fusion. A doctor “pays” Practice Fusion by allowing them to use their data to make money (See also my post titled “When EMR Software Became Free…Or Does It Cost?“). Turning over the right to use a clinic’s data is why it is SO important for doctors to trust the actions of their Free EHR vendor. Without that trust, many doctors will eventually leave Practice Fusion and doctors will stop signing up.

In response to this situation, one doctor commented on Practice Fusion’s need to work with MDs to avoid situations like this. Practice Fusion’s first Chief Medical Officer (CMO) parted ways with the company back in 2012. A look at their executive team shows no new CMO and no doctors in any executive position at the company. I wonder if a doctor on the executive team would have helped them understand how spoofing the doctor’s name in these emails without their knowledge would be an issue.

While I believe sending these emails in the physician’s name without their knowledge is a big issue for Practice Fusion, the bigger question is whether these actions are indicative of how Practice Fusion will treat doctors in the future. Is this the start of Practice Fusion putting company value over physician trust? Practice Fusion told me that they knew that it would upset some doctors when they rolled out these emails, but they did it anyway. Even if only 5% of doctors are upset over this, what’s to say that the next time you won’t be part of that 5%? I know there are a lot of good people at Practice Fusion, but the company also has to answer to their investors.

On a broader scale, the core question is: Do doctors trust their EHR vendor to communicate any actions they take with your data?

All EHR vendors could have similar physician trust issues to the ones described above if they’re not careful when rolling out new features. This could include vendors who may be tempted to implement a similar email rating and review feature as Practice Fusion. The problem is not with this specific feature, but with how EHR vendors choose to implement and communicate new features to their users. You can be sure we will hear more stories about the relationship of trust between EHR vendors and physicians in the future.

Approximately 9 million emails later, we’ll see the depth of impact these actions have on Physicians’ trust in Practice Fusion.

In the future, we’ll be covering the HIPAA regulations surrounding these emails.

UPDATE: Practice Fusion sent me the following response to this article:

- Practice Fusion updated our community over the course of months about the patient feedback program through numerous blog posts, forum posts, emails and messaging inside the EHR, starting in April 2012. You can read the original message from our CEO about the program online here. Despite our efforts, not every customer was aware of the program immediately. We apologize that this was not more clear and are working to improve our feature update messaging.

- The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.

- We are passionate about making healthcare better and proud of our work to bring almost 2 million patient voices into the conversation. Patient transparency is a key part of the national move from quantity to quality in healthcare. The patient feedback program is designed to provide your practice with a controlled, quality channel for accurate patient reviews.

- It is easy to opt-out of the patient feedback program anytime. We are happy to help you update these settings inside your EHR account.