Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

Update: At the bottom of this post, I’ve included Patient Fusion’s response to this article.

When Practice Fusion asked their users to prepare for some new “patient communication tools”, the outcry from many doctors was for Practice Fusion to stop focusing new features on patients and instead focus on unsolved physician requests that were made years previous. What I found when I started digging into Practice Fusion’s focus on patients through its launch of Patient Fusion was a much more important story where Practice Fusion’s actions were violating some physicians’ trust and might have issues with HIPAA.

The story starts in early April 2012. With little fanfare (only a generic blog post about Measuring the Patient Experience Using Surveys and two mentions in the Practice Fusion “Progress Note newsletter”) (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.), Practice Fusion turned on a feature that would email every single patient whenever a progress note was created in the Practice Fusion EHR. The email came addressed as being sent from the doctor and asked the patient to rate and review their provider.

In the 17 months since they started sending these emails, 1,844,718 reviews have been submitted across 29,630 providers according to the Patient Fusion website. If we’re really generous and assume a 20% response rate from the emails, then over the last year Practice Fusion has sent out over 9 million emails to patients. It’s truly an impressive feat to have been able to gather that many physician reviews in such a short period. What an amazing asset for any company to have accomplished.

Regular readers will likely remember my previous post titled Physician Ranking Websites – The Bad, The Worse and the Ugly where I discuss in detail the challenges for any physician rating website, so I won’t go into that here. The value of physician ratings aside, I don’t have any problem with Practice Fusion collecting physician ratings and reviews. What I am concerned with is how they did it.

In my research, I couldn’t find a single Practice Fusion doctor who knew from Practice Fusion’s “standard channels” (blog post and email newsletter) that every patient they charted would receive these rating and review emails. What I did find was a doctor who only discovered these emails were being sent to his patients when his brother visited his office and later asked him why the information in the email was incorrect. The doctor no doubt asked his brother “What email?” Other doctors only knew about the emails after hearing about the emails from their patients. One doctor confused a few of his patients’ comments about the ratings emails thinking that they were talking about some other rating service like Yelp, Health Grades or ZocDoc. He was later surprised to learn that Practice Fusion had been sending these ratings emails for months to all his patients and he knew nothing about them.

Imagine being a doctor who discovered your EHR vendor was sending emails to your patients IN YOUR NAME and you knew nothing about it. Shame on those doctors for not reading the Practice Fusion newsletter in more detail.

The physician response once they found out these emails were being sent isn’t surprising. Here are a few of their responses:

“We find this a MAJOR violation of our trust with Practice Fusion.”

“It demonstrates to me that PF has LOST TOUCH with how difficult it is to run a doctor’s office.”

“I just think of all the times I assured people that we would never email them with solicitations or spam, but only would use their private email addresses for emergency purposes or if they emailed us first.”

“Why were we not told? Why can’t we use the emails we enter [into] the system but you can?”

“You should NOT have to opt out of spam! This is an outrage.”

“It’s deception! Unsolicited emails to our patients from PF should never be signed off as the doctor. Where is the trust?”

“PF obviously thought of doctor’s offices more like a restaurant or retail store than the rather unique provider of personal health care and protector of personal data.”

“We were outraged!”

“No physician signed up onto PF thinking they can would treated like HealthGrades or Vitals.”

“The main point of contention has been the fact that we were not aware of the surveys being sent out IN OUR NAMES!”

“Hard to believe that the largest social site for information about my practice was created without my knowledge and I am guessing was directly solicited from my patients in the form of emails.”

“What I hope PF takes from this is that doctors, for the most part, do not like being used to advocate for a product without expressly being told in a bolded out and starred statement “hey, we’re going to use your office to send out email asking for feedback. Is this okay?”

You can read more reactions from Practice Fusion users on this forum post (Note: This post has had many of the comments removed since I posted this article.) including this comment from a patient who received the email:

I’m a patient. I received one of these emails from PF and then a follow up email from my doctor who was simply irate that PF was spoofing his email address. This just defies every email rule there is and PF owes an apology to every provider and every patient who received one.

One doctor I talked to didn’t find out about the emails being sent in his name until almost a year later. PF Staff Kristen offered the following comment in the above forum post, “The goal of patient surveys is to provide both insight and marketing materials for your practice. We will not publish, sell, or otherwise market your practice without your permission.” I think Kristen really believes this. In fact, I talked to Practice Fusion directly and they told me the goal of these ratings and reviews was to provide more transparency between physicians and patients. While I appreciate the noble goal of transparency between physician and patients, I am concerned that Practice Fusion thinks that doctors gave them permission to send these millions of emails. Practice Fusion may legally have permission to send these emails based on the fine print of their user agreement, but permission to me means that the doctor knows what you’re doing in their name.

As one doctor asked, “Why were we not told?” No where in Practice Fusion can a provider see their ratings and reviews and they weren’t published to the Patient Fusion portal until the portal went live a year after they started sending these emails. There’s no notification sent to a provider when a rating is completed. All of the emails and ratings are patient facing, so how would a provider know that reviews were happening? Oh, that’s right, they were suppose to read the email newsletter.

I wonder how many more of the almost 30,000 Practice Fusion providers still don’t know this is happening. I imagine they’ll have similar reactions when they find out.

Maybe I am wrong in my assumption that many doctors still don’t know about these emails being sent in their name. It is possible that most of them saw the newsletter and were happy with the new feature. My problem with this is that I receive the Practice Fusion email newsletters and did not recognize that this is what they were doing. It is hard for me to believe that the majority of busy doctors caught the message.

Turns out that when Practice Fusion first implemented the email ratings feature, the only way to turn it off was by contacting support. There wasn’t even an option inside the EHR to turn off the emails, but that has been added since. It seems to me that they weren’t thinking about their users’ needs when implementing this feature, but likely wanted to get as many reviews as possible in order to compete with the highly funded physician review sites: ZocDoc ($95 million), Health Grades (Acquired for $294 million) and Vitals ($26 million).

Fifteen months and approximately nine million emails later, Practice Fusion finally posted what the emails look like and what emails are sent from Practice Fusion on their new and relatively inactive forum. However, this entire time Practice Fusion could have communicated this new feature to their users directly. In one sense they are an ad platform that communicates to doctors and yet they chose not to use that platform to let their users know what they were doing. I understand there is a balance with how many alerts Practice Fusion sends doctors within Practice Fusion, but sending out thousands of emails in each doctor’s name seems like one worthy of clear notification. (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.)

Practice Fusion could have easily avoided all the confusion and loss of physician trust if they had just implemented this as an opt in feature as opposed to an opt out feature. Just like the pop up surveys and other notifications they display during login, they could have popped up a request for providers to opt in to this new ratings service. When I asked Practice Fusion about this, they told me that they didn’t do it as an opt out feature because it was a passion project for them and they wanted every Practice Fusion doctor to participate in more physician-patient transparency.

Maybe that was one of the goals of the project, but I think there is more to the story. Think of the value that 1.84 million reviews has created for Practice Fusion. If Practice Fusion had done these ratings emails as an opt in feature, I am sure that very few doctors would have knowingly opted into the service. With very few doctors opting into the ratings emails, Practice Fusion would have missed out on all the value that a large database of physician reviews would create.

Beyond just the forum post linked above, I know that Practice Fusion has heard from doctors who are upset with these ratings emails being sent. From my research, it seems like most doctors’ initial reaction to the emails revolves around fear of being rated by their patients. In fact, I expect this is why on the Patient Fusion website (where all the ratings and reviews are immediately published) it says “98% doctors recommended.” I have little doubt that this statement was added in response to physicians’ fear over being rated. Many doctors likely switched from anger and fear to acceptance when they saw that their patients had rated them well.

Side Note: If almost all of the provider ratings are positive, then do the ratings have any real value?

Maybe this is why Practice Fusion hasn’t had a different response to this issue. They feel that those doctors who were upset at the emails have been pacified with good reviews or the ability to disable the service. I think Practice Fusion considers those complaining in this forum post (Note: This post has had many of the comments removed since I posted this article.) the standard “complain over anything” response from users. The problem is that we don’t know how many more doctors haven’t complained because they still don’t know what is going on. Hopefully by covering it in this blog post we will see how many doctors care about this issue.

If ratings emails sent from medical doctors wasn’t bad enough, it turns out Practice Fusion has been sending ratings emails to psychiatric patients as well. Here’s what one psychiatry NP had to say about the emails:

“As a psychiatry NP I really do not think patients should be asked to rate their therapist. This is actually a conflict with the relationship with the patient. Holding the boundaries with most of my patients is VERY important. They all want to please me. So it really is inappropriate to ask a patient to rate a therapist they have.”

On July 10th this psychiatric NP asked for the emails to be turned off. On August 1st she posted that the emails were still not turned off. Why Practice Fusion’s immediate response wasn’t to reach out to this psychiatrist to turn it off and then to turn off this feature for all psychiatrists is beyond me. Sending out rating emails to mental health patients is a whole new level of trouble and legal entanglement.

Needless to say, there are dozens of other examples of bad situations that could be caused by these emails. Here’s one doctors’ comment about his patient population and these emails:

“One of the things we do is addiction. So I have people where nobody knows they are coming to see a doctor to treat their opiate problem and they are incredibly anxious about anyone finding out. We are the type of practice where people often come to keep their indiscretions hidden. Their affair, their vice, their compulsion. I realize that most just got a dumb email.”

Another doctor offers this insight into his patient population and why this could be a big issue:

“As a doctor, I don’t like this one bit. I’m in pilot country and the FAA takes medication use VERY seriously. what if a doctor mistakenly prescribed a medicine that was on the FAA “not allowed” list (http://www.leftseat.com/medcat1.htm) or sees a psychiatrist and then PF sends an email that the patient was seen at a psychiatrists office to their work email. Their work could be scanning their email for violations like this and BAM! someone loses their job b/c of a PF hipaa violation that reveals the private information that this person had just been to a psychiatrists office and is possibly on psychiatric medications.”

The scenarios are endless. What if the email is coming from an AIDS clinic or a Cancer clinic and no one knows you have AIDS or Cancer? What if the email was from an OB and a boyfriend stumbles upon it?

Some might suggest that this is just a bunch of FUD (Fear, Uncertainty, and Doubt). Maybe it is, but this should be the choice of the patient and the doctor and not the choice of the EHR vendor. If Practice Fusion had done this as an opt in feature, none of this would be an issue. Some doctors are now choosing to not enter emails into Practice Fusion because they are afraid of how those emails will be used. The irony is that Practice Fusion recently made a patient’s email address and phone number required fields. If a clinic doesn’t want to enter that information, they have to check the patient doesn’t have an email or phone check boxes. You just have to wonder why email and phone fields were changed to required fields.

Doctors have always had a general fear of any Free EHR. I have heard many doctors state that they would never use a Free EHR, because they didn’t know what the company would do with their data. I’m certain that actions like the ones described above will do a lot to confirm some doctors distrust of Practice Fusion’s Free EHR. Plus, you can be certain that Practice Fusion’s competitors will be sharing this information with doctors as well.

There will be some that read these physician comments and say, “Stop complaining, it’s a Free EHR. Switch EHR software if you don’t like what they’re doing.” The problem with this rationale is that it’s not “Free” to use Practice Fusion. A doctor “pays” Practice Fusion by allowing them to use their data to make money (See also my post titled “When EMR Software Became Free…Or Does It Cost?“). Turning over the right to use a clinic’s data is why it is SO important for doctors to trust the actions of their Free EHR vendor. Without that trust, many doctors will eventually leave Practice Fusion and doctors will stop signing up.

In response to this situation, one doctor commented on Practice Fusion’s need to work with MDs to avoid situations like this. Practice Fusion’s first Chief Medical Officer (CMO) parted ways with the company back in 2012. A look at their executive team shows no new CMO and no doctors in any executive position at the company. I wonder if a doctor on the executive team would have helped them understand how spoofing the doctor’s name in these emails without their knowledge would be an issue.

While I believe sending these emails in the physician’s name without their knowledge is a big issue for Practice Fusion, the bigger question is whether these actions are indicative of how Practice Fusion will treat doctors in the future. Is this the start of Practice Fusion putting company value over physician trust? Practice Fusion told me that they knew that it would upset some doctors when they rolled out these emails, but they did it anyway. Even if only 5% of doctors are upset over this, what’s to say that the next time you won’t be part of that 5%? I know there are a lot of good people at Practice Fusion, but the company also has to answer to their investors.

On a broader scale, the core question is: Do doctors trust their EHR vendor to communicate any actions they take with your data?

All EHR vendors could have similar physician trust issues to the ones described above if they’re not careful when rolling out new features. This could include vendors who may be tempted to implement a similar email rating and review feature as Practice Fusion. The problem is not with this specific feature, but with how EHR vendors choose to implement and communicate new features to their users. You can be sure we will hear more stories about the relationship of trust between EHR vendors and physicians in the future.

Approximately 9 million emails later, we’ll see the depth of impact these actions have on Physicians’ trust in Practice Fusion.

In the future, we’ll be covering the HIPAA regulations surrounding these emails.

UPDATE: Practice Fusion sent me the following response to this article:

– Practice Fusion updated our community over the course of months about the patient feedback program through numerous blog posts, forum posts, emails and messaging inside the EHR, starting in April 2012. You can read the original message from our CEO about the program online here. Despite our efforts, not every customer was aware of the program immediately. We apologize that this was not more clear and are working to improve our feature update messaging.

– The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.

– We are passionate about making healthcare better and proud of our work to bring almost 2 million patient voices into the conversation. Patient transparency is a key part of the national move from quantity to quality in healthcare. The patient feedback program is designed to provide your practice with a controlled, quality channel for accurate patient reviews.

– It is easy to opt-out of the patient feedback program anytime. We are happy to help you update these settings inside your EHR account.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

68 Comments

  • I think they removed the time stamp on all the forum because it would have been even more obvious that they removed all the negative doctor posts from their entire forum. The forum page reads like no thread I have ever seen. It makes no sense at all. Clearly they took down most of the comments by doctors. Why would they be so foolish to remove negative posts? Where are their corporate offices? I thought they were in Silicon Valley. Amateurs!

  • “We are fortunate to read raw articles such as John’s posting that points out the obvious side effects with free stuff. The first thing you learn in Market class is “FREE” is a dangerous word. There is always a price tag to pay for free stuff. You may not directly pay for it but some how you are paying for it.”

    declan is the moderator 🙂

    Is the fremium theme still part of this thread?

  • “I believe that there are a few things here that should be addressed, particularly since I am one of the physicians quoted in the forums post. PF’s emails were COMPLETELY compliant with HIPAA law.”

    There are a few issues here.

    Did PF essentially “spoof” the sender’s address, making it appear the communication came from the practice and therefore was at least tacitly approved by the practice in the eyes of the patient?

    Are patients of practices using cloud-based and/or fremium EHR’s aware of the potential privacy issues and related cross-currents?

    What is/was PF’s motivation? Do they really want anymore users?
    Even if they were to monopolize 100% of the US provider base, does the fremium/advertiser model work with a few 100,000 customers as the universe?

    The grocery store has reminded me for many years now that they make more money selling info and demographics about me than they make selling groceries.

  • The HIPAA issue is related to the recent change that Covered Entities and BAs are not to market to patients without their consent. If PF made it appear like these emails were coming from the doctor and they really weren’t, then that could be an even larger legal issue. PF is free and they can do anything they want with the data as long as it does not violate the law. Why would any patient want their private medical data saved on a free system?

  • Girlfriend, You mentioned you are a PF physician and you thought that, “PF had great intentions in gathering this data, but it was just poorly implemented.”

    Likely more complicated. What did you think about them removing all the negative posts from the user forums yesterday? What was that intention? Were you one of the doctors who posted?

    If you want to get a better sense of the reasoning for why this was all done I would check out some recent press like I did. Here is a link to VentureBeat last month.
    http://venturebeat.com/2013/07/11/practice-fusion-raising-60m-sources-say/
    Value of the company up about 200M in just the past 12 mths due to the highly successful launch of the patient fusion site and the very large number of active users generating content. I can see why that would seem impressive to investors on first glance. Surprised John didn’t cover this. It makes more sense why they would take it so close to the edge and risk backlash. Burn rate. They needed the cash. I bet this is in part #2.

  • @Steve – What’s wrong with free? Just because you paid for something does not intrinsically give it value.

    I work with a practice that’s been using it for almost 2 years, and we’ve never really had any significant issues or problems with it.

    There was plenty of advance notice to PF users, I received several emails and there were blog posts about the launch of the Patient Portal and reviews – how else did users expect them to get data for the portal?

    Didn’t anyone read the user agreement when they signed up?

  • Jeramy,

    Have you asked your patients if they mind having their medical records saved in a free system? I don’t think the response would be very positive. When you pay for a system your agreement has certain terms and conditions. With a Free software, they can change the terms and conditions any time they want to. For example, they can terminate the agreement at any time for any reason with 30 days notice.

  • You’re missing the point – what does it matter if the system is free or not? Just because I paid doesn’t mean it’s anymore secure or valuable than a free system.

    There can be changes to the terms of the user agreements just as freely and quickly with for-cost systems as they can with free systems – unless you’ve actually purchased the full rights to the software, but with most EHRs you’re paying for a license that will be renewed and subject to an updated user agreement, not for full licensing and development control over the program.

    It’s like saying you shouldn’t use Linux or Open Office because they’re free vs. shelling out hundreds or thousands for MS Windows or Office that offer no real significant and/or meaningful advantages over the free solutions (other than you got suckered into buying the first, so the second is almost a lock in – because they’ve developed them to only play nice in the sandbox with their own products).
    While PF isn’t open-source – they’ve been more than willing to develop public APIs so they can inter-operate with any program or needed solution.

    $$$ ≠ Better

    Free ≠ Better

    It’s important to consider all factors into what makes something successful for you or for me – just because you paid and I didn’t, doesn’t make yours better than mine.

  • I agree with you that all agreements terms and conditions should be read in detail. With software you pay to license, you can negotiate the terms and conditions. With free software, you cannot. PF can cancel with 30 days notice and sells de-identified patient data. If our patients would agree to PF terms and conditions,then use PF if it meets your needs. Keep in mind, patients may not want their data sold in any form. The only person liable is the provider as a covered entity. I recommend getting your patients to sign an agreement that their data maybe sold.

  • […] Indeed, the HITECH Act and Meaningful Use are about the Triple Aim of producing safer care, improving population health and lowering overall healthcare costs. The incentive money isn’t supposed to make physicians rich or even cover the cost of the typical EHR. (Yes, “free” EHRs have costs in terms of changing physician workflows and interfacing with practice management systems, and the advertising may cause patients to lose trust in their doctors, as John Lynn seems to have found with Practice Fusion.) […]

  • I consider Patient Fusion to be spammers. I live in Australia, have had nothing to do with PF and nothing to do with the doctor they request feedback on. At no stage have I requested emails from PF or related companies. I believe that constitutes spam.

    If I request to be unsubscribed using the link on their spam will they really unsubscribe me or use it as confirmation that the email address is genuine and increase the amount of spam?

    OB

  • Interesting question; when did you get the email from them? And have there been more?

    They have my email info (because of my interest in their product) but I have never been spammed by them. Of course, I’m not a patient of one of the doctors using their system. But as I understand it, they have reached out to patients of some of their doctors to get ‘ratings’, and not everyone has taken kindly to that. And while I don’t like the way they went about it, I don’t see them as spammers.

  • Thanks for the marvelous posting! I really enjoyed reading it, you happen to be
    a great author.I will remember to bookmark your blog and may come back someday.
    I want to encourage you to definitely continue your great posts, have a nice morning!

Click here to post a comment
   

Categories