Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Adding Insult To Injury, Sutter’s Epic EMR Crashes For A Day

Posted on August 30, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The Epic EMR at Northern California’s Sutter Health crashed earlier this week, leaving the system inaccessible for an entire day, reports Healthcare IT News. The system, which cost Sutter nearly $1 billion, went offline at approximately 8AM, locking out doctors, nurses and staff from accessing vital information such as medical lists and patient histories.

The crash followed a few days after planned downtime of eight hours which was scheduled to take place due to implement an upgrade.  During that period nurses could still read med orders and patient histories but had to record new data on paper and re-enter it later into the system, Healthcare IT News notes.

During the unplanned outage this week, the Epic system was offline at several Sutter locations, including Alta Bates Summit Medical Center, Eden Medical Center, Mills-Peninsula Hospital, Sutter Delta, Sutter Tracy, Sutter Modesto along with several affiliated clinics, the magazine said.

The outage drew the ire of the California Nurses Association, which called this incident “especially worrisome.” But the CNA notes that the crash is hardly the first time there’s been a concern over the Epic rollout. Nurses at Sutter have been complaining for months about alleged safety problems with the Epic system, notes the Sacramento Business Journal.

According to the CNA, more than 100 nurses had previously filed complaints at Alta Bates Summit, arguing that the Epic system was hard to use, and that computer-related delays had adversely affected the ability of nurses to monitor patients properly.

Sutter nurses’ complaints included the following:

• A patient who had to be transferred to the intensive care unit due to delays in care caused by the computer.
• A nurse who was not able to obtain needed blood for an emergent medical emergency.
• Insulin orders set erroneously by the software.
• Missed orders for lab tests for newborn babies and an inability for RNs to spend time teaching new mothers how to properly breast feed babies before patient discharge.
• Lab tests not done in a timely manner.
• Frequent short staffing caused by time RNs have to spend with the computers.
• Orders incorrectly entered by physicians requiring the RNs to track down the physician before tests can be done or medication ordered.
• Discrepancies between the Epic computers and the computers that dispense medications causing errors with medication labels and delays in administering medications.
• Patient information, including vital signs, missing in the computer software.
• An inability to accurately chart specific patient needs or conditions because of pre-determined responses by the computer software.
• Multiple problems with RN fatigue because of time required by the computers and an inability to take rest breaks as a result.
• Inadequate RN training and orientation.

Sutter officials, for their part, are not having any of it. Hospital spokeswomen Carolyn Kemp called the allegations that Epic was causing problems “shameful,” and argued that the accusations are arising because the hospital system is involved in a labor dispute with the CNA.

Meanwhile, Sutter execs are turning up the heat on nurses whom they feel aren’t using the EMR properly. According to Healthcare IT News, leaders have been scolding nurses whom they believe have not been entering all billable services into the EMR, which resulted in a loss of $6,000 in a single week, according to a July memo obtained by HIN.

Sutter’s spokesperson, Bill Gleeson, offered this official response:

Sutter Health undertook a long-planned, routine upgrade of its electronic health record over the weekend. There’s a certain amount of scheduled downtime associated with these upgrades, and the process was successfully completed. On Monday morning, we experienced an issue with the software that manages user access to the EHR. This caused intermittent access challenges in some locations. Our team applied a software patch Monday night to resolve the issue and restore access. Our caregivers and office staff have established and comprehensive processes that they follow when the EHR is offline. They followed these procedures. Patient records were always secure and intact. Prior to Monday’s temporary access issue, our uptime percentage was an impressive 99.4 percent with these systems that operate 24/7. We appreciate the hard work of our caregivers and support staff to follow our routine back-up processes, and we regret any inconvenience this may have caused patients. California Nurse Union continues to oppose the use of information technology in health care but we and other health care provider organizations demonstrate daily that it can be used to improve patient care, convenience and access. While it’s unfortunate the union exploited and misrepresented this situation, it comes as no surprise given the fact that we are in a protracted labor dispute with CNA.

Without This EMR Step, You Might Never Get It Right

Posted on August 29, 2013 I Written By

James Ritchie is a freelance writer with a focus on health care. His experience includes eight years as a staff writer with the Cincinnati Business Courier, part of the American City Business Journals network. Twitter @HCwriterJames.

It’s not hard to find physicians and nurses who say that far from improving health care, the EMRs they use are something to work around.

Billing problems, lost productivity and even diminished quality of care are common complaints, sometimes long after the implementation kinks should have been worked out. In some cases, doctors who bought into EMRs as a way to operate more effectively and efficiently have found themselves disappointed enough to look for hospital employment, try new practice models or even close their doors, as HealthcareScene.com founder John Lynn has written.

Often the problem lies deeper than the technology, according to a recent white paper from TechSolve, a Cincinnati-based consulting group. After all, an electronic overlay does little good when it serves only to automate bad processes.

TechSolve is promoting a process-mapping approach to EMR for hospitals through its Lean Healthcare Solutions unit. It’s part of a trend toward applying the efficiency techniques of Japanese manufacturers to EMRs and other aspects of health care.

Like Toyota and other pioneers of lean, health care providers should rely on line workers to help root out waste, according to TechSolve.

“While you may be inclined to dismiss negative comments as resistance to change, staff may be aware of design issues that the design team, PI facilitator, and vendor were not,” TechSolve consultants Sue Kozlowski and Alex Jones wrote.

They offered seven steps to ensure maximum benefit from an EMR, a few of which I’ll share. I suggest downloading the full paper for a complete view.

TechSolve recommends thinking about process improvement before getting started with an EMR. Of course, if it’s too late for that, the firm and others in the space are happy to step in later, as well.

Here’s what TechSolve advises:

  • Map your current processes. This can be done with help from your process improvement team or an outside group. In some cases, it’s best to assign a team to each service line.
  • Compare current and future states. Color-coding is one way to do this, highlighting visually for staff members how their work will change.
  • Prioritize issues that affect patient care and payment timing. An “issues list” can be created and then reviewed after “go live” to make sure problems have been corrected. Also, examine how well staff members are adhering to the new processes, asking questions such as, “Where are they using work-arounds, and where have they found new capabilities in the system?”
  • Process map again. This new snapshot is the baseline going forward. It can serve as a reference for staff members when they’re in doubt and as a training tool for new hires.

We’re all looking for technology that makes our lives easier right away. But when it comes to EMRs, there’s no true turnkey solution. Making a system pay off requires investments, particularly of time, well beyond the sticker price.

Under traditional reimbursement models, though, planning is not what brings in the revenue. It’s easy enough to see why hospital employment, with guarantees of a salary and IT assistance, is becoming a more and more attractive option for physicians who want to limit expenses and risk.

Hospitals, though, have no plan B. They’ll have to marry their IT to efficient processes or else.

A Look at Email and HIPAA

Posted on August 28, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Disclaimer: I am not a lawyer and do not offer legal advice. The others quoted in this post are offering general information or interpretation and not specific legal advice or any statement of fact.

For more background on this topic, check out my previous post “Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

When I first started looking into the millions of emails that Practice Fusion was sending to patients, doctors were suggesting that these emails constituted a HIPAA violation. Practice Fusion has responded in my previous post that “The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.” I wanted to explore the HIPAA concerns regarding emails like these, so I talked to a number of HIPAA lawyers and experts. I believe the following look at HIPAA and emails will be informative for everyone in healthcare that’s considering sending emails.

Before I go into a detailed look at sending emails to patients, it is worth noting that under HIPAA emails can be sent to patients by doctors if the doctor has used “reasonable safeguards” and patients have agreed to email communication with their doctor. The following is a great HHS FAQ on use of email and HIPAA where this is outlined.

This leaves three HIPAA related questions:
1. Is Practice Fusion legally allowed to use the information in their EHR to send these emails?
2. Does the email contain Protected Health Information (PHI) that is being sent in an unsecured and not encrypted email?
3. Can Practice Fusion publish the provider reviews on their website?

Is Practice Fusion legally allowed to use the information in their EHR to send these emails?
The core of this question is whether the Practice Fusion user agreement (the version publicly available on the Practice Fusion website) allows the use of patient data contained in the Practice Fusion EHR for sending out these emails. Following are comments from William O’Toole, founder of the O’Toole Law Group regarding the user agreement:

I am not providing specific legal advice or opinion here, and I have no strong feelings about Practice Fusion one way or the other. That said, I find this issue extremely interesting and hope I can provide some direction and some interpretation of the law. Capitalized terms are defined under HIPAA and by now are familiar to all, so I will not define or elaborate.

The Practice Fusion Healthcare Provider User Agreement includes a section that, as between Practice Fusion and its customers, grants Practice Fusion the right to use a provider’s PHI (though I argue it is not the provider’s, it is the provider’s patients’ PHI, but I digress) to contact patients on the provider’s behalf, for various purposes, including “case management and care coordination” which is legally permitted. The conclusion can be easily drawn that Practice Fusion (or any other vendor doing the same) relies on this connection in claiming that its patient email is permitted under this section of the law, even if it contains PHI. Note – the topic of secure email is left out of this discussion.

Based on the user agreement, it seems like Practice Fusion is allowed to send out these rating and review emails to patients. William O’Toole does offer a reminder for providers:

For those of you that are familiar with my writings, you know what comes next. The Practice Fusion agreement clearly puts provider customers on notice that Practice Fusion has the right and option to contact patients directly on the provider’s behalf. The providers agreed when they accepted the terms of use. The most important piece of advice that I can offer to all providers is to read and understand the agreements to which you will be bound, or more appropriately, give the agreements to a healthcare technology attorney for review and opinion.

This is an important message for all providers to read and understand the user agreements they sign.

Does the email contain PHI that is being sent in an unsecured and not encrypted email?
You can see the contents of the ratings emails here (Note: The masked area is the name of the physician). Here’s Mac McMillan’s, CEO of CynergisTek and Chair of the HIMSS Privacy and Security Task Force, analysis of the emails:

The issue here is whether or not by the information included you can discern any protected information about the individual(s) involved. On the surface the email appears benign and does not include any specific Protected Health Information (PHI) and if coming from a general practitioner it would be near impossible to guess let alone determine for sure the purpose of my visit or my medical condition. Meaning I could have gone there for something as simple as a checkup, to refill a prescription, or I could have gone there for treatment of some ailment, but you don’t know and can’t tell by this simple email. Some would argue that this is no different than when Physicians communicate with their patients now via regular mail or email. The problem though is that not everyone may agree with this, and the consumer who may not be thinking rationally may take issue under certain circumstances. For instance, what if the email came from Planned Parenthood to a seventeen year old, or an AIDS clinic, or a specialty center handling a certain form of cancer, or a psychiatrists office? In these cases just the name and the identity of the covered entity potentially provides insight into the individual’s medical condition and therefore their personal health information. A patient might, whether legitimate or not, attempt to make the case that their privacy has been violated if others were to see this email who were not intended to like other family members, neighbors, employers, etc. I think this is really stretching it, but who knows how a Privacy attorney might see it?

Can Practice Fusion publish the provider reviews on the Patient Fusion website?
Assuming that Practice Fusion is authorized to contact its users’ patients, the next question is whether it is authorized to publish their responses online. When patients are posting a review, they have to agree to the terms of the “Patient Authorization.” Within that authorization it seems that Practice Fusion has done a good job making sure that they are getting authorization from the patient to publish the reviews they’ve submitted. David Harlow, a health care attorney and consultant at The Harlow Group LLC who blogs at HealthBlawg. notes that in addition to the Patient Authorization, “The Terms of Use on the PatientFusion.com review website make clear that posts on the site may be made public, and should not contain information that a patient would not want to be made public, or that a patient does not have the right to post.”

Summary
Hopefully this discussion around emails in healthcare will help more companies understand the intricate HIPAA requirements for email communication with patients. I see email communication increasing over the next couple years as more doctors realize the benefit of it. Plus, a whole new generation of patients wants that type of communication with their provider. We just have to make sure that we continue to respect patient’s privacy in the process. Making sure your emails are HIPAA compliant is not a simple task.

Practice Fusion sent me the following comment:

Practice Fusion’s goal is to create transparency in healthcare without compromise. It is critical that patients seeing any doctor on our platform understand the quality of their doctor. And, therefore, doctors using our free online scheduling application are required to make their reviews available to the public. Practice Fusion offers the only service on the market that validates a patient review was based on an actual visit. No PHI is ever shared in these communications.

Interesting EMR Interface Prototype

Posted on August 27, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I love when doctors and medical students talk about their first encounter with EHR software. In this case, I came across a medical student who ran into Epic in the hospital and writes about it in this post. Here’s his initial response to it:

I took the training module for it and the moment it loaded, I was bewildered. My monitor had turned into a wormhole and was suddenly displaying software built in the 1990s. I stared for 30 minutes at what was basically a wall of text, trying to find my way around small buttons and clogged sub-screens. I hadn’t even learned how to use Epic yet and I was already frustrated. Perhaps it’s because Epic was a platform built upon billing practices that made it so confusing. Either way, I was done before I had even begun.

The great part is that he wasn’t just complaining about the experience. He decided to create a prototype of what he thought an EMR interface could look like. Here’s his video prototype:

Obviously, it’s lacking a lot of detail, but I love his fresh take on how you could navigate the information in the EHR. We need more people who aren’t clouded with current EHR design to offer design suggestions like this.

One Government EHR for All of Healthcare

Posted on August 26, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Over and over I hear some doctor or EHR industry person say, “Why doesn’t the government just provide one EHR for all of healthcare?” Usually this is followed by some suggestion that the government has invested millions (or is it billions?) of dollars in the Vista EHR software and they should just make that the required national EHR.

You can see where this thinking comes from. The government has invested millions of dollars in the Vista EHR software. It’s widely used across the country. It’s used by most (and possibly all) of the various medical specialties. Lots of VA users love the benefit of having one EHR system where their records are always available no matter where in the VA system you go for health care. I’m sure there are many more reasons as well.

While the idea of a single EHR for all of healthcare is beautiful in theory, the reality of our healthcare system is that it’s impossible.

I’ve always known that the idea of a single government EHR was impossible, but I didn’t have a good explanation for why I thought it was impossible. Today, I saw a blog post called “Health IT Down the Drain” on Bobby Gladd’s blog. The blog post refers to the $1.3 billion over the last 4 years (their number) that has been spent trying to develop a single EHR system between the Department of Defence (DoD) and Veterans Affairs (VA). Congress and the President have demanded an “integrated” and “interoperable” solution between the two departments and we yet to see results. From Bobby’s post comes this sad quote:

“The only thing interoperable we get are the litany of excuses flying across both departments every year as to why it has taken so long to get this done,” said Miller, the chairman of the Veterans Affairs Committee…

The government can’t even bring together two of its very own departments around a single EHR solution. Imagine how it would be if the government tried to roll out one EHR system across the entire US healthcare system.

I hope those people who suggest one government EHR can put that to bed. This might work in a much smaller country with a simpler healthcare system. It’s just never going to happen in the US.

Is Your EMR Charting Accurately?

Posted on August 23, 2013 I Written By

James Ritchie is a freelance writer with a focus on health care. His experience includes eight years as a staff writer with the Cincinnati Business Courier, part of the American City Business Journals network. Twitter @HCwriterJames.

For all the hope — not to mention time and money — being invested in EMRs as a way to improve health care, they’re still exquisitely prone to the age-old problem in IT: garbage in, garbage out.

Several writers have commented recently on whether you can believe what you read in an EMR. They raise serious questions as meaningful use Stage 2 draws near and providers’ care patterns become further enmeshed with their record systems.

One problem, wrote Dr. Rebecca Bechhold, a medical oncologist, is the information overload that an EMR can generate: “page after page of predetermined queries and stock answers that are repetitive and irrelevant after the first visit.” The truth, as in what’s really going on with the patient, might be in there somewhere, but she finds it hard to dig out.

Worse still, doctors sometimes just check “normal” for everything under the physical exam section because they’re in a hurry and entering the information is tedious, Bechhold wrote. Some pretty important history, such as an enlarged liver or an amputation, can be left out.

It might sound bad, but it’s human nature whenever there are too many boxes to check. However, for Bechhold, the key disadvantage isn’t a lack of facts, but of feelings.

“You cannot express the emotion and anxiety that is part of oncology care in a prepackaged document,” she wrote.

Software selection consultant Sheldon Needle, meanwhile, wrote about the pitfalls of taking an EMR prescription list at face value.

Take the patient who comes to the emergency room because of a car accident. If the patient’s regular doctor is linked with the hospital’s e-prescription system, a medication list might soon be forthcoming. But who’s to say there aren’t other medications in the picture, prescriptions written by a doctor who’s not tied in?

Needle’s advice: Ask a human, such as the patient or a relative.

“If something looks off on the electronic medical record,” he wrote, “question it.”

HealthcareScene.com’s own John Lynn, too, addressed the issue of trusting health care data, noting that doctors are receiving information from more sources than ever, including health information exchanges, patients and patient devices. It’s hard for physicians to know what’s reliable.

The obvious solution to trust issues seems to lie in user interface design. If the EMR is a good fit for the doctor’s workflow, the right data should end up in there.

Unfortunately, it’s not quite that simple. Bechhold noted that charts she receives from other doctors are sometimes configured to include every piece of data available for the patient, including all medications and test results.

The physicians, she wrote, want to be able to show that they reviewed all information if they’re ever sued.

Doctors and health IT companies have a way to go in understanding each other. Only then can there be full trust in EMRs.

When The EMR Goes Down, Doctors Freak Out

Posted on August 22, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Earlier this month, health IT superstar John Halamka, MD, MS posted a story talking about how network downtime within a hospital has changed over the past 10 years or so. I thought I’d share some of it with you, because he makes some interesting points about end user perceptions and sensitivities.

First, he tells the tale of a 2002 network core failure of Beth Israel Deaconess Medical Center, where he serves chief information officer. For two days, he reports, the hospital’s users lost access to all applications, including e-mail, lab results, PACS images and order entry, along with all storage. Or as he puts it, “For two days, the hospital of 2002 became the hospital of 1972.”

He then contrasts that failure with a recent one  (July 25 of this year) in which a storage virtualization appliance at BIDMC failed.  Because the hospital was loathe to risk losing data, he and his team chose a slower path to uptime — reindexing the data — which allowed them to avoid data loss. The bottom line was an outage of a few hours.

This outage was a different ballgame entirely, Halamka says. For example:

* In 2002, staff and doctors weren’t incredibly upset, but this time physicians were angry and frantic, with some noting that they couldn’t take care of patients without EMR access.  Here in 2013, end users expect network access to be like electricity, always there short of an act of God. Worse, though downtime simply isn’t acceptable, but procedures for dealing with it aren’t up to that standard yet, he says.

* Doctors are under an incredible set of regulatory burdens, including but not limited to Meaningful U se, health reform, ICD-10 and the Physician Quality Reporting System. They fear they can’t keep up unless IT functions work perfectly, he observes.

* Technology failures of 2013 are tricky and harder to anticipate. As he notes, back in 2002 servers were physical and storage was physical, but today networks are multi-layered and virtualized. While these things may add capability, they also crank up the complexity of diagnosing system failures, Halamka notes.

Halamka says he learned a lesson from the recent failure:

Expectations are higher, tolerance is lower, and clinician stress is overwhelming. No data was lost, no patient harm occurred, and the entire event lasted a few hours, not a few days. However, it will take months of perfection to regain the trust of my stakeholders.

This story does have one ray of sunshine in it — it demonstrates that increasing numbers of doctors depend completely on their EMR, a state devoutly to be wished for by many health IT leaders. But the price of having doctors throw themselves into EMR use is having them riot when they can’t get to the system. Clearly, hospitals are going to have to find some new way of coping with downtime.

Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

Posted on August 21, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Update: At the bottom of this post, I’ve included Patient Fusion’s response to this article.

When Practice Fusion asked their users to prepare for some new “patient communication tools”, the outcry from many doctors was for Practice Fusion to stop focusing new features on patients and instead focus on unsolved physician requests that were made years previous. What I found when I started digging into Practice Fusion’s focus on patients through its launch of Patient Fusion was a much more important story where Practice Fusion’s actions were violating some physicians’ trust and might have issues with HIPAA.

The story starts in early April 2012. With little fanfare (only a generic blog post about Measuring the Patient Experience Using Surveys and two mentions in the Practice Fusion “Progress Note newsletter”) (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.), Practice Fusion turned on a feature that would email every single patient whenever a progress note was created in the Practice Fusion EHR. The email came addressed as being sent from the doctor and asked the patient to rate and review their provider.

In the 17 months since they started sending these emails, 1,844,718 reviews have been submitted across 29,630 providers according to the Patient Fusion website. If we’re really generous and assume a 20% response rate from the emails, then over the last year Practice Fusion has sent out over 9 million emails to patients. It’s truly an impressive feat to have been able to gather that many physician reviews in such a short period. What an amazing asset for any company to have accomplished.

Regular readers will likely remember my previous post titled Physician Ranking Websites – The Bad, The Worse and the Ugly where I discuss in detail the challenges for any physician rating website, so I won’t go into that here. The value of physician ratings aside, I don’t have any problem with Practice Fusion collecting physician ratings and reviews. What I am concerned with is how they did it.

In my research, I couldn’t find a single Practice Fusion doctor who knew from Practice Fusion’s “standard channels” (blog post and email newsletter) that every patient they charted would receive these rating and review emails. What I did find was a doctor who only discovered these emails were being sent to his patients when his brother visited his office and later asked him why the information in the email was incorrect. The doctor no doubt asked his brother “What email?” Other doctors only knew about the emails after hearing about the emails from their patients. One doctor confused a few of his patients’ comments about the ratings emails thinking that they were talking about some other rating service like Yelp, Health Grades or ZocDoc. He was later surprised to learn that Practice Fusion had been sending these ratings emails for months to all his patients and he knew nothing about them.

Imagine being a doctor who discovered your EHR vendor was sending emails to your patients IN YOUR NAME and you knew nothing about it. Shame on those doctors for not reading the Practice Fusion newsletter in more detail.

The physician response once they found out these emails were being sent isn’t surprising. Here are a few of their responses:

“We find this a MAJOR violation of our trust with Practice Fusion.”

“It demonstrates to me that PF has LOST TOUCH with how difficult it is to run a doctor’s office.”

“I just think of all the times I assured people that we would never email them with solicitations or spam, but only would use their private email addresses for emergency purposes or if they emailed us first.”

“Why were we not told? Why can’t we use the emails we enter [into] the system but you can?”

“You should NOT have to opt out of spam! This is an outrage.”

“It’s deception! Unsolicited emails to our patients from PF should never be signed off as the doctor. Where is the trust?”

“PF obviously thought of doctor’s offices more like a restaurant or retail store than the rather unique provider of personal health care and protector of personal data.”

“We were outraged!”

“No physician signed up onto PF thinking they can would treated like HealthGrades or Vitals.”

“The main point of contention has been the fact that we were not aware of the surveys being sent out IN OUR NAMES!”

“Hard to believe that the largest social site for information about my practice was created without my knowledge and I am guessing was directly solicited from my patients in the form of emails.”

“What I hope PF takes from this is that doctors, for the most part, do not like being used to advocate for a product without expressly being told in a bolded out and starred statement “hey, we’re going to use your office to send out email asking for feedback. Is this okay?”

You can read more reactions from Practice Fusion users on this forum post (Note: This post has had many of the comments removed since I posted this article.) including this comment from a patient who received the email:

I’m a patient. I received one of these emails from PF and then a follow up email from my doctor who was simply irate that PF was spoofing his email address. This just defies every email rule there is and PF owes an apology to every provider and every patient who received one.

One doctor I talked to didn’t find out about the emails being sent in his name until almost a year later. PF Staff Kristen offered the following comment in the above forum post, “The goal of patient surveys is to provide both insight and marketing materials for your practice. We will not publish, sell, or otherwise market your practice without your permission.” I think Kristen really believes this. In fact, I talked to Practice Fusion directly and they told me the goal of these ratings and reviews was to provide more transparency between physicians and patients. While I appreciate the noble goal of transparency between physician and patients, I am concerned that Practice Fusion thinks that doctors gave them permission to send these millions of emails. Practice Fusion may legally have permission to send these emails based on the fine print of their user agreement, but permission to me means that the doctor knows what you’re doing in their name.

As one doctor asked, “Why were we not told?” No where in Practice Fusion can a provider see their ratings and reviews and they weren’t published to the Patient Fusion portal until the portal went live a year after they started sending these emails. There’s no notification sent to a provider when a rating is completed. All of the emails and ratings are patient facing, so how would a provider know that reviews were happening? Oh, that’s right, they were suppose to read the email newsletter.

I wonder how many more of the almost 30,000 Practice Fusion providers still don’t know this is happening. I imagine they’ll have similar reactions when they find out.

Maybe I am wrong in my assumption that many doctors still don’t know about these emails being sent in their name. It is possible that most of them saw the newsletter and were happy with the new feature. My problem with this is that I receive the Practice Fusion email newsletters and did not recognize that this is what they were doing. It is hard for me to believe that the majority of busy doctors caught the message.

Turns out that when Practice Fusion first implemented the email ratings feature, the only way to turn it off was by contacting support. There wasn’t even an option inside the EHR to turn off the emails, but that has been added since. It seems to me that they weren’t thinking about their users’ needs when implementing this feature, but likely wanted to get as many reviews as possible in order to compete with the highly funded physician review sites: ZocDoc ($95 million), Health Grades (Acquired for $294 million) and Vitals ($26 million).

Fifteen months and approximately nine million emails later, Practice Fusion finally posted what the emails look like and what emails are sent from Practice Fusion on their new and relatively inactive forum. However, this entire time Practice Fusion could have communicated this new feature to their users directly. In one sense they are an ad platform that communicates to doctors and yet they chose not to use that platform to let their users know what they were doing. I understand there is a balance with how many alerts Practice Fusion sends doctors within Practice Fusion, but sending out thousands of emails in each doctor’s name seems like one worthy of clear notification. (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.)

Practice Fusion could have easily avoided all the confusion and loss of physician trust if they had just implemented this as an opt in feature as opposed to an opt out feature. Just like the pop up surveys and other notifications they display during login, they could have popped up a request for providers to opt in to this new ratings service. When I asked Practice Fusion about this, they told me that they didn’t do it as an opt out feature because it was a passion project for them and they wanted every Practice Fusion doctor to participate in more physician-patient transparency.

Maybe that was one of the goals of the project, but I think there is more to the story. Think of the value that 1.84 million reviews has created for Practice Fusion. If Practice Fusion had done these ratings emails as an opt in feature, I am sure that very few doctors would have knowingly opted into the service. With very few doctors opting into the ratings emails, Practice Fusion would have missed out on all the value that a large database of physician reviews would create.

Beyond just the forum post linked above, I know that Practice Fusion has heard from doctors who are upset with these ratings emails being sent. From my research, it seems like most doctors’ initial reaction to the emails revolves around fear of being rated by their patients. In fact, I expect this is why on the Patient Fusion website (where all the ratings and reviews are immediately published) it says “98% doctors recommended.” I have little doubt that this statement was added in response to physicians’ fear over being rated. Many doctors likely switched from anger and fear to acceptance when they saw that their patients had rated them well.

Side Note: If almost all of the provider ratings are positive, then do the ratings have any real value?

Maybe this is why Practice Fusion hasn’t had a different response to this issue. They feel that those doctors who were upset at the emails have been pacified with good reviews or the ability to disable the service. I think Practice Fusion considers those complaining in this forum post (Note: This post has had many of the comments removed since I posted this article.) the standard “complain over anything” response from users. The problem is that we don’t know how many more doctors haven’t complained because they still don’t know what is going on. Hopefully by covering it in this blog post we will see how many doctors care about this issue.

If ratings emails sent from medical doctors wasn’t bad enough, it turns out Practice Fusion has been sending ratings emails to psychiatric patients as well. Here’s what one psychiatry NP had to say about the emails:

“As a psychiatry NP I really do not think patients should be asked to rate their therapist. This is actually a conflict with the relationship with the patient. Holding the boundaries with most of my patients is VERY important. They all want to please me. So it really is inappropriate to ask a patient to rate a therapist they have.”

On July 10th this psychiatric NP asked for the emails to be turned off. On August 1st she posted that the emails were still not turned off. Why Practice Fusion’s immediate response wasn’t to reach out to this psychiatrist to turn it off and then to turn off this feature for all psychiatrists is beyond me. Sending out rating emails to mental health patients is a whole new level of trouble and legal entanglement.

Needless to say, there are dozens of other examples of bad situations that could be caused by these emails. Here’s one doctors’ comment about his patient population and these emails:

“One of the things we do is addiction. So I have people where nobody knows they are coming to see a doctor to treat their opiate problem and they are incredibly anxious about anyone finding out. We are the type of practice where people often come to keep their indiscretions hidden. Their affair, their vice, their compulsion. I realize that most just got a dumb email.”

Another doctor offers this insight into his patient population and why this could be a big issue:

“As a doctor, I don’t like this one bit. I’m in pilot country and the FAA takes medication use VERY seriously. what if a doctor mistakenly prescribed a medicine that was on the FAA “not allowed” list (http://www.leftseat.com/medcat1.htm) or sees a psychiatrist and then PF sends an email that the patient was seen at a psychiatrists office to their work email. Their work could be scanning their email for violations like this and BAM! someone loses their job b/c of a PF hipaa violation that reveals the private information that this person had just been to a psychiatrists office and is possibly on psychiatric medications.”

The scenarios are endless. What if the email is coming from an AIDS clinic or a Cancer clinic and no one knows you have AIDS or Cancer? What if the email was from an OB and a boyfriend stumbles upon it?

Some might suggest that this is just a bunch of FUD (Fear, Uncertainty, and Doubt). Maybe it is, but this should be the choice of the patient and the doctor and not the choice of the EHR vendor. If Practice Fusion had done this as an opt in feature, none of this would be an issue. Some doctors are now choosing to not enter emails into Practice Fusion because they are afraid of how those emails will be used. The irony is that Practice Fusion recently made a patient’s email address and phone number required fields. If a clinic doesn’t want to enter that information, they have to check the patient doesn’t have an email or phone check boxes. You just have to wonder why email and phone fields were changed to required fields.

Doctors have always had a general fear of any Free EHR. I have heard many doctors state that they would never use a Free EHR, because they didn’t know what the company would do with their data. I’m certain that actions like the ones described above will do a lot to confirm some doctors distrust of Practice Fusion’s Free EHR. Plus, you can be certain that Practice Fusion’s competitors will be sharing this information with doctors as well.

There will be some that read these physician comments and say, “Stop complaining, it’s a Free EHR. Switch EHR software if you don’t like what they’re doing.” The problem with this rationale is that it’s not “Free” to use Practice Fusion. A doctor “pays” Practice Fusion by allowing them to use their data to make money (See also my post titled “When EMR Software Became Free…Or Does It Cost?“). Turning over the right to use a clinic’s data is why it is SO important for doctors to trust the actions of their Free EHR vendor. Without that trust, many doctors will eventually leave Practice Fusion and doctors will stop signing up.

In response to this situation, one doctor commented on Practice Fusion’s need to work with MDs to avoid situations like this. Practice Fusion’s first Chief Medical Officer (CMO) parted ways with the company back in 2012. A look at their executive team shows no new CMO and no doctors in any executive position at the company. I wonder if a doctor on the executive team would have helped them understand how spoofing the doctor’s name in these emails without their knowledge would be an issue.

While I believe sending these emails in the physician’s name without their knowledge is a big issue for Practice Fusion, the bigger question is whether these actions are indicative of how Practice Fusion will treat doctors in the future. Is this the start of Practice Fusion putting company value over physician trust? Practice Fusion told me that they knew that it would upset some doctors when they rolled out these emails, but they did it anyway. Even if only 5% of doctors are upset over this, what’s to say that the next time you won’t be part of that 5%? I know there are a lot of good people at Practice Fusion, but the company also has to answer to their investors.

On a broader scale, the core question is: Do doctors trust their EHR vendor to communicate any actions they take with your data?

All EHR vendors could have similar physician trust issues to the ones described above if they’re not careful when rolling out new features. This could include vendors who may be tempted to implement a similar email rating and review feature as Practice Fusion. The problem is not with this specific feature, but with how EHR vendors choose to implement and communicate new features to their users. You can be sure we will hear more stories about the relationship of trust between EHR vendors and physicians in the future.

Approximately 9 million emails later, we’ll see the depth of impact these actions have on Physicians’ trust in Practice Fusion.

In the future, we’ll be covering the HIPAA regulations surrounding these emails.

UPDATE: Practice Fusion sent me the following response to this article:

– Practice Fusion updated our community over the course of months about the patient feedback program through numerous blog posts, forum posts, emails and messaging inside the EHR, starting in April 2012. You can read the original message from our CEO about the program online here. Despite our efforts, not every customer was aware of the program immediately. We apologize that this was not more clear and are working to improve our feature update messaging.

– The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.

– We are passionate about making healthcare better and proud of our work to bring almost 2 million patient voices into the conversation. Patient transparency is a key part of the national move from quantity to quality in healthcare. The patient feedback program is designed to provide your practice with a controlled, quality channel for accurate patient reviews.

– It is easy to opt-out of the patient feedback program anytime. We are happy to help you update these settings inside your EHR account.

Managing EHR Change

Posted on August 20, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the things that EHR salespeople and EHR vendor websites like to proclaim is that their EHR can be implemented with no change. They use adjectives like “easy” and “simple” to describe their EHR implementations. Certainly EHR salespeople are trained to say things like “will adapt to any workflow” and “our system is so configurable you can change it however you like.”

Certainly this type of message rings well with doctors who are afraid of the changes that EHR will bring. Let me assure everyone who’s reading this that EHR requires change. This is true of every EHR vendor, for every specialty, and every size organization. Change and EHR go hand in hand. What we have to get over is thinking that change is bad. Change can often be good, if it’s done right.

HP recently put out a detailed whitepaper discussing “Four EHR Change-Management Mistakes (And How To Avoid Them)“. It’s one of the deepest looks at managing the change that comes with EHR that I’ve seen.

For those who don’t want to read the whole whitepaper, here are the four EHR change management mistakes:
1. Mismatched IT
2. Misplaced Resources
3. Missed Accountability
4. Mismanaged Logistics

The whitepaper also talks about the evolutionary role of IT in today’s medical practice. First, IT provides basic functionality. Next, IT adds some value. Finally, IT delivers significant benefit. I’ve seen this evolution first hand in many organizations. Each step of the process requires managing changes that lead to the eventual benefits. However, far too many people get stuck in the basic functionality and never make it to the significant benefits.

If I were to take one of the mistakes above to highlight why many miss out on significant benefits it would be Missed Accountability. At the core of this idea is having effective leadership. I’ve never seen an organization go through the EHR change effectively without strong leadership.

What do you or your organization do to manage the change required by EHR?

Opting Out of Meaningful Use Stage 2

Posted on August 19, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

An old post about meaningful use stage 1 called Hardest Meaningful Use Measure recently was tweeted on @ehrandhit as a way to share from our vault of blog posts. Swithin Chandler saw the tweet and left a really interesting comment when it comes to how challenge meaningful use stage 2 is compared with meaningful use stage 1. Here’s part of his comment (emphasis added):

We’ve had relative success, and I stress relative, in making it as easy as possible in our EHR for our doctors to attest for Meaningful Use Stage 1 as one independent poll showed.

But with MU2 it is getting much harder. There are requirements that demand additional data entry, whether typing, clicking, or dictating that no EHR vendor can help doctors avoid.

My greatest concern is that doctors look at the changes needed to their workflow and decide the incentive is not worth it. I think there are some MU2 requirements that are very cool from a healthcare technology perspective (and as a patient), but one could certainly argue that giving doctors the features they’re asking for that are not in MU2 may be more valuable to them adopting EHR technology than some features they don’t want that are in MU2.

I think there’s a really good chance that huge numbers of doctors will opt out of meaningful use stage 2. As I recently discussed with our local congressman, the inverted incentives of meaningful use don’t make much sense. Usually when you require someone to do more, you compensate them more. In meaningful use as you are required to do more, they pay you less.

I do think the meaningful use penalties will encourage many doctors to press on through the various stages of meaningful use. However, there will also be a large group of doctors who decide that the cost of meaningful use stage 2 is more than the penalties for not being a meaningful user.

If you still don’t believe this is the case, last I checked only only a small handful of EHR vendors have become MU stage 2 certified. As Swithin says above, it’s not easy (and I suggest might be impossible) for an EHR vendor to make MU stage 2 easy for providers. No doubt this is a huge reason why many EHR vendors are still not MU stage 2 certified (or I think it’s officially called 2014 Edition EHR Products). Certainly all of them could have rushed the requirements for EHR certification, but implementing the EHR certification requirements without making life miserable for the end user is a challenging and possibly impossible task.