Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Lessons Learned from Practice Fusion’s FTC Charges and Settlement

Posted on July 21, 2016 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Almost 3 years ago I wrote an article about Practice Fusion violating some physicians’ trust in sending millions of emails to their patients. It’s still shocking to me to read through the physicians’ reaction to having emails unknowingly sent out in their name to their patients. I spent about a month researching that story. That’s longer than I’ve done for any other article by a significant margin. What I discovered was just that compelling.

When I first was told about the story, it seemed possible that each of those emails (we estimated 9 million) was a HIPAA violation. However, as we researched the story more and talked with multiple experts, it seemed like only a small subset could have possibly been considered a HIPAA violation. Practice Fusion had done a pretty reasonable job on the HIPAA front in our opinion. We all learned a lot about HIPAA and patient emails from the experience. Not to mention the importance of physician trust in your EHR product.

With that said, Forbes read my articles and decided to write an article that extended on the research that I’d done for the story along with a follow up article that looked at some of the things patients were posting publicly in these physician reviews. Forbes didn’t link to my article since I was pretty cautious with the whole thing after Practice Fusion had threatened sending their lawyers my way. I didn’t have a bevy of lawyers behind me like Forbes. Plus, some other crazy things happened like people trying to discredit me in the comments from the same IP address in San Francisco and a fabricated blog post to try and discredit what I’d written. Needless to say, it was quite the experience.

There were some people encouraging me to take it much further and to expose some of the crazy things that went down. That wasn’t my interest. I’d told an important story that needed to be told in what I believed was a fair an accurate way. I didn’t have any other goals despite some people insinuating that I might have other intentions.

Three years after I wrote that story it’s interesting to see that the FTC finally published the complaint against Practice Fusion (they also shared an analysis) and the Settlement agreement. I guess our government does work as slow as we all imagine.

I’m not going to dive into the details of the settlement here, but I did discuss the lessons we can learn from Practice Fusion’s FTC complaint and settlement with Shahid Shah and from our discussion I came up with these important lessons that apply to any company working in healthcare IT.

Healthcare Needs to Worry About More Than HIPAA and OCR
I think that many healthcare IT organizations only worried about HIPAA and OCR (which enforces HIPAA) when developing their products and implementing them in healthcare. This example clearly illustrates that the FTC is interested in what you do in healthcare and they’re not just going to defer to OCR to ensure that things are going right. This is particularly true as healthcare becomes more and more consumer oriented. This advice is also timely given ONC’s report to congress about health data oversight beyond HIPAA.

Healthcare Interoperability and Public Disclosure Might Be Worse
One challenge with the FTC settlement is that it could cause many other healthcare IT vendors to use it as an excuse not to take the next step in engaging patients, sharing health information where it’s needed, and other things that will help to improve healthcare. The fear of government condemnation could cause many to balk at progressive initiatives that would benefit patients.

While I do think healthcare IT companies should be cautious, fear of the FTC shouldn’t be used as an excuse to do nothing. The reality of the Practice Fusion case wasn’t that they shouldn’t have built the product they did, it was just that they needed to better communicate what they were doing to both doctors and patients. If they had done so I wouldn’t have had an article to write and the FTC wouldn’t have had any issue with what they were doing.

Communicate Properly to Patients
Reading the FTC claim was interesting to me. In the month I spent researching the story, I felt that Practice Fusion had done a great job in their privacy notice saying that the patient’s review would be posted publicly. It stated as much in their policy and I found no fault in their posting the patient reviews in public. That’s why I didn’t write about them in my articles. Certainly they could have made it more clear to patients, but I put the responsibility on the patient to read the privacy policy. If the patient chooses not to read the privacy policy when sharing really intimate personal details in an online form, then I don’t have much sympathy for them.

Of course, I’m not a lawyer and the FTC found very different. The FTC thought that the disclosure to the patient should have reached out and grabbed consumers and that the key facts shouldn’t be buried in a hard-to-understand privacy policy. A good lawyer can help an organization find the balance of effectively meeting the FTC requirements, but also not scaring patients away from participating. Although, it can certainly be a challenge.

If You Can Identify Private Information You Should
There are some obvious things that we all know shouldn’t be posted publicly. These days with technologies like NLP (natural language processing), you can identify many of these obvious pieces of private data and ensure they’re hidden and never go public. These technologies aren’t perfect, but having them in place will show that you’ve made a best effort to ensure that consumers health data is kept as private as possible.

Communicate Better with Doctors
This might be the biggest thing I learned from the experience. I find it interesting that the FTC complaint barely even talks about it (maybe it’s not under the FTC’s purview?). However, what came through loud and clear from this experience is that you need to effectively communicate what you’re doing to the doctor. This is particularly true if you’re doing something in the doctors name. If not, you’re going to lose the trust of doctors.

The FTC has a blog post up which has more lessons for those of us in the healthcare industry. They’re worthy of consideration if you’re a health IT company that’s working with patients (yes, that’s pretty much all of you).

P.S. I find it interesting that the Patient Fusion website still lists 30,061 doctors on patient fusion, 181,818 appointments today, 1,844718 reviews, and 98% doctors recommended. The same numbers that were listed back in 2013:

I guess that page isn’t a real time feed. I also looked at the Patient Fusion website today to see how they showed reviews now. I didn’t scour the whole website, but it appears that they now only show the quantitative review score and not the qualitative review.

A Practice Fusion IPO?

Posted on August 20, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I just did a search on this blog and I found that I’ve mentioned the name Practice Fusion in 88 different posts over the years. Needless to say, Practice Fusion has been one of the most interesting EHR vendor stories out there. I’ve seen it first hand since they started advertising on EMR and HIPAA very early on in their life. I was even on stage talking about meaningful use at the first Practice Fusion user conference. We didn’t know very much about meaningful use at the time, but we put on a good show and shared what we knew at the time.

In the early days, many EHR vendors were really scared by Practice Fusion. Offering a Free EHR is a drastic thing to do and absolutely shook up the EHR industry. Much like Dell did in the PC market (and probably some others), Practice Fusion’s low price forced most other EHR vendors to lower their prices in order to compete. I saw the drop in price first hand as EHR after EHR dropped their price. At the same time as these price drops, EHR vendors were shifting from these massive front loaded EHR purchases to monthly price models that could compete with SaaS EHR pricing. The mix of pricing model changes and competition with a Free EHR was great for the industry.

With this as background, I definitely am intrigued by the news that Ryan Howard has been replaced as CEO of Practice Fusion. Tom Langan, Practice Fusion’s Chief Commercial Officer has taken the helm as interim CEO. The article I linked to above suggested that this and other personnel changes point to Practice Fusion possibly preparing for an IPO. In fact, they’ve had so many personnel changes over the years, most of the people I’ve gotten to know have left.

I’m not sure if Practice Fusion is preparing for an IPO or not, but I wouldn’t be surprised if they’re running out of money. Yes, it’s crazy to think that they could be running out of money after raising $70 million about 2 years ago along with $15 million more a few months later. CrunchBase has their funding to date at $157.5 million. However, I’m sure they have a high burn rate. Their leadership and investors have set ambitious goals for Practice Fusion to own the healthcare market (A goal which I’ve said is impossible. The EHR market will be heterogeneous!). I’m sure their spending habits match those ambitious goals. An IPO would be one way to fund that continued ambition. If they did do an IPO, we’d get some really interesting insights into their business model.

There’s some mystery surrounding how Practice Fusion makes money. I think you can summarize their income streams into three categories: advertising, data, and third party apps. Most people glob onto the first piece, but from what I understand it’s far from being their largest source of revenue. In fact, I wouldn’t be surprised if it was their smallest. The second piece is quite interesting. I once heard someone say that Practice Fusion made their money from selling health data, but then they were corrected by someone saying that Practice Fusion doesn’t sell data. Instead, Practice Fusion sells the insights from that data. A subtle difference, but an important one. The question remains, how valuable are insights from EHR data? Many other EHR vendors sell their EHR data. Is it just a matter of time until Practice Fusion does too? Will they be forced to in order to meet revenue goals?

The last piece of revenue is the one that most people ignore. However, it probably is the largest piece of the revenue pie. My guess is that their practice management system vendor partners are one of the most significant portions of their third party revenue. Practice Fusion doesn’t have their own PM and so they refer their users to an outside PM vendor. When they do so, Practice Fusion gets a cut. I’m sure this is not an insignificant number. It’s not hard to imagine Practice Fusion doing something similar with a whole marketplace of third party offerings that tie into their Free EHR.

Over the years, I’ve talked to a lot of investors and potential investors about Practice Fusion. I’ve always told them that Practice Fusion has definitely created value. They’ve done a good job leveraging the Free EHR to bring doctors in. What’s not as clear to me is whether they’ve created enough value to justify the $157.5 million they’ve raised. If they really are preparing for an IPO, then I guess we’ll find out soon. The revenue numbers that come out during the IPO process and how the street reacts to those numbers would be fun to watch. Yes, I know. I am an #HITNerd.

Value of Data, EMR Jobs, and EMR vs EHR

Posted on July 27, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I agree with Wen that the EMR and claims data needs to be cleaned up. I think it gives the wrong message to say it’s not meaningful though. Once it’s cleaned up, it has a lot of value.

How many of you have applied for a job because you saw it posted on Twitter? I’m really interested in this since I do a lot of health IT job posts on Twitter. We see quite a bit of traffic from Twitter to our healthcare IT job board, but I haven’t added a good way to track who signs up and applies for jobs. That’s next.

I love how academic Practice Fusion tries to make the discussion. I thought I made the discussion of EMR vs EHR much simpler.

A Look at Email and HIPAA

Posted on August 28, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Disclaimer: I am not a lawyer and do not offer legal advice. The others quoted in this post are offering general information or interpretation and not specific legal advice or any statement of fact.

For more background on this topic, check out my previous post “Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

When I first started looking into the millions of emails that Practice Fusion was sending to patients, doctors were suggesting that these emails constituted a HIPAA violation. Practice Fusion has responded in my previous post that “The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.” I wanted to explore the HIPAA concerns regarding emails like these, so I talked to a number of HIPAA lawyers and experts. I believe the following look at HIPAA and emails will be informative for everyone in healthcare that’s considering sending emails.

Before I go into a detailed look at sending emails to patients, it is worth noting that under HIPAA emails can be sent to patients by doctors if the doctor has used “reasonable safeguards” and patients have agreed to email communication with their doctor. The following is a great HHS FAQ on use of email and HIPAA where this is outlined.

This leaves three HIPAA related questions:
1. Is Practice Fusion legally allowed to use the information in their EHR to send these emails?
2. Does the email contain Protected Health Information (PHI) that is being sent in an unsecured and not encrypted email?
3. Can Practice Fusion publish the provider reviews on their website?

Is Practice Fusion legally allowed to use the information in their EHR to send these emails?
The core of this question is whether the Practice Fusion user agreement (the version publicly available on the Practice Fusion website) allows the use of patient data contained in the Practice Fusion EHR for sending out these emails. Following are comments from William O’Toole, founder of the O’Toole Law Group regarding the user agreement:

I am not providing specific legal advice or opinion here, and I have no strong feelings about Practice Fusion one way or the other. That said, I find this issue extremely interesting and hope I can provide some direction and some interpretation of the law. Capitalized terms are defined under HIPAA and by now are familiar to all, so I will not define or elaborate.

The Practice Fusion Healthcare Provider User Agreement includes a section that, as between Practice Fusion and its customers, grants Practice Fusion the right to use a provider’s PHI (though I argue it is not the provider’s, it is the provider’s patients’ PHI, but I digress) to contact patients on the provider’s behalf, for various purposes, including “case management and care coordination” which is legally permitted. The conclusion can be easily drawn that Practice Fusion (or any other vendor doing the same) relies on this connection in claiming that its patient email is permitted under this section of the law, even if it contains PHI. Note – the topic of secure email is left out of this discussion.

Based on the user agreement, it seems like Practice Fusion is allowed to send out these rating and review emails to patients. William O’Toole does offer a reminder for providers:

For those of you that are familiar with my writings, you know what comes next. The Practice Fusion agreement clearly puts provider customers on notice that Practice Fusion has the right and option to contact patients directly on the provider’s behalf. The providers agreed when they accepted the terms of use. The most important piece of advice that I can offer to all providers is to read and understand the agreements to which you will be bound, or more appropriately, give the agreements to a healthcare technology attorney for review and opinion.

This is an important message for all providers to read and understand the user agreements they sign.

Does the email contain PHI that is being sent in an unsecured and not encrypted email?
You can see the contents of the ratings emails here (Note: The masked area is the name of the physician). Here’s Mac McMillan’s, CEO of CynergisTek and Chair of the HIMSS Privacy and Security Task Force, analysis of the emails:

The issue here is whether or not by the information included you can discern any protected information about the individual(s) involved. On the surface the email appears benign and does not include any specific Protected Health Information (PHI) and if coming from a general practitioner it would be near impossible to guess let alone determine for sure the purpose of my visit or my medical condition. Meaning I could have gone there for something as simple as a checkup, to refill a prescription, or I could have gone there for treatment of some ailment, but you don’t know and can’t tell by this simple email. Some would argue that this is no different than when Physicians communicate with their patients now via regular mail or email. The problem though is that not everyone may agree with this, and the consumer who may not be thinking rationally may take issue under certain circumstances. For instance, what if the email came from Planned Parenthood to a seventeen year old, or an AIDS clinic, or a specialty center handling a certain form of cancer, or a psychiatrists office? In these cases just the name and the identity of the covered entity potentially provides insight into the individual’s medical condition and therefore their personal health information. A patient might, whether legitimate or not, attempt to make the case that their privacy has been violated if others were to see this email who were not intended to like other family members, neighbors, employers, etc. I think this is really stretching it, but who knows how a Privacy attorney might see it?

Can Practice Fusion publish the provider reviews on the Patient Fusion website?
Assuming that Practice Fusion is authorized to contact its users’ patients, the next question is whether it is authorized to publish their responses online. When patients are posting a review, they have to agree to the terms of the “Patient Authorization.” Within that authorization it seems that Practice Fusion has done a good job making sure that they are getting authorization from the patient to publish the reviews they’ve submitted. David Harlow, a health care attorney and consultant at The Harlow Group LLC who blogs at HealthBlawg. notes that in addition to the Patient Authorization, “The Terms of Use on the review website make clear that posts on the site may be made public, and should not contain information that a patient would not want to be made public, or that a patient does not have the right to post.”

Hopefully this discussion around emails in healthcare will help more companies understand the intricate HIPAA requirements for email communication with patients. I see email communication increasing over the next couple years as more doctors realize the benefit of it. Plus, a whole new generation of patients wants that type of communication with their provider. We just have to make sure that we continue to respect patient’s privacy in the process. Making sure your emails are HIPAA compliant is not a simple task.

Practice Fusion sent me the following comment:

Practice Fusion’s goal is to create transparency in healthcare without compromise. It is critical that patients seeing any doctor on our platform understand the quality of their doctor. And, therefore, doctors using our free online scheduling application are required to make their reviews available to the public. Practice Fusion offers the only service on the market that validates a patient review was based on an actual visit. No PHI is ever shared in these communications.

Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients

Posted on August 21, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Update: At the bottom of this post, I’ve included Patient Fusion’s response to this article.

When Practice Fusion asked their users to prepare for some new “patient communication tools”, the outcry from many doctors was for Practice Fusion to stop focusing new features on patients and instead focus on unsolved physician requests that were made years previous. What I found when I started digging into Practice Fusion’s focus on patients through its launch of Patient Fusion was a much more important story where Practice Fusion’s actions were violating some physicians’ trust and might have issues with HIPAA.

The story starts in early April 2012. With little fanfare (only a generic blog post about Measuring the Patient Experience Using Surveys and two mentions in the Practice Fusion “Progress Note newsletter”) (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.), Practice Fusion turned on a feature that would email every single patient whenever a progress note was created in the Practice Fusion EHR. The email came addressed as being sent from the doctor and asked the patient to rate and review their provider.

In the 17 months since they started sending these emails, 1,844,718 reviews have been submitted across 29,630 providers according to the Patient Fusion website. If we’re really generous and assume a 20% response rate from the emails, then over the last year Practice Fusion has sent out over 9 million emails to patients. It’s truly an impressive feat to have been able to gather that many physician reviews in such a short period. What an amazing asset for any company to have accomplished.

Regular readers will likely remember my previous post titled Physician Ranking Websites – The Bad, The Worse and the Ugly where I discuss in detail the challenges for any physician rating website, so I won’t go into that here. The value of physician ratings aside, I don’t have any problem with Practice Fusion collecting physician ratings and reviews. What I am concerned with is how they did it.

In my research, I couldn’t find a single Practice Fusion doctor who knew from Practice Fusion’s “standard channels” (blog post and email newsletter) that every patient they charted would receive these rating and review emails. What I did find was a doctor who only discovered these emails were being sent to his patients when his brother visited his office and later asked him why the information in the email was incorrect. The doctor no doubt asked his brother “What email?” Other doctors only knew about the emails after hearing about the emails from their patients. One doctor confused a few of his patients’ comments about the ratings emails thinking that they were talking about some other rating service like Yelp, Health Grades or ZocDoc. He was later surprised to learn that Practice Fusion had been sending these ratings emails for months to all his patients and he knew nothing about them.

Imagine being a doctor who discovered your EHR vendor was sending emails to your patients IN YOUR NAME and you knew nothing about it. Shame on those doctors for not reading the Practice Fusion newsletter in more detail.

The physician response once they found out these emails were being sent isn’t surprising. Here are a few of their responses:

“We find this a MAJOR violation of our trust with Practice Fusion.”

“It demonstrates to me that PF has LOST TOUCH with how difficult it is to run a doctor’s office.”

“I just think of all the times I assured people that we would never email them with solicitations or spam, but only would use their private email addresses for emergency purposes or if they emailed us first.”

“Why were we not told? Why can’t we use the emails we enter [into] the system but you can?”

“You should NOT have to opt out of spam! This is an outrage.”

“It’s deception! Unsolicited emails to our patients from PF should never be signed off as the doctor. Where is the trust?”

“PF obviously thought of doctor’s offices more like a restaurant or retail store than the rather unique provider of personal health care and protector of personal data.”

“We were outraged!”

“No physician signed up onto PF thinking they can would treated like HealthGrades or Vitals.”

“The main point of contention has been the fact that we were not aware of the surveys being sent out IN OUR NAMES!”

“Hard to believe that the largest social site for information about my practice was created without my knowledge and I am guessing was directly solicited from my patients in the form of emails.”

“What I hope PF takes from this is that doctors, for the most part, do not like being used to advocate for a product without expressly being told in a bolded out and starred statement “hey, we’re going to use your office to send out email asking for feedback. Is this okay?”

You can read more reactions from Practice Fusion users on this forum post (Note: This post has had many of the comments removed since I posted this article.) including this comment from a patient who received the email:

I’m a patient. I received one of these emails from PF and then a follow up email from my doctor who was simply irate that PF was spoofing his email address. This just defies every email rule there is and PF owes an apology to every provider and every patient who received one.

One doctor I talked to didn’t find out about the emails being sent in his name until almost a year later. PF Staff Kristen offered the following comment in the above forum post, “The goal of patient surveys is to provide both insight and marketing materials for your practice. We will not publish, sell, or otherwise market your practice without your permission.” I think Kristen really believes this. In fact, I talked to Practice Fusion directly and they told me the goal of these ratings and reviews was to provide more transparency between physicians and patients. While I appreciate the noble goal of transparency between physician and patients, I am concerned that Practice Fusion thinks that doctors gave them permission to send these millions of emails. Practice Fusion may legally have permission to send these emails based on the fine print of their user agreement, but permission to me means that the doctor knows what you’re doing in their name.

As one doctor asked, “Why were we not told?” No where in Practice Fusion can a provider see their ratings and reviews and they weren’t published to the Patient Fusion portal until the portal went live a year after they started sending these emails. There’s no notification sent to a provider when a rating is completed. All of the emails and ratings are patient facing, so how would a provider know that reviews were happening? Oh, that’s right, they were suppose to read the email newsletter.

I wonder how many more of the almost 30,000 Practice Fusion providers still don’t know this is happening. I imagine they’ll have similar reactions when they find out.

Maybe I am wrong in my assumption that many doctors still don’t know about these emails being sent in their name. It is possible that most of them saw the newsletter and were happy with the new feature. My problem with this is that I receive the Practice Fusion email newsletters and did not recognize that this is what they were doing. It is hard for me to believe that the majority of busy doctors caught the message.

Turns out that when Practice Fusion first implemented the email ratings feature, the only way to turn it off was by contacting support. There wasn’t even an option inside the EHR to turn off the emails, but that has been added since. It seems to me that they weren’t thinking about their users’ needs when implementing this feature, but likely wanted to get as many reviews as possible in order to compete with the highly funded physician review sites: ZocDoc ($95 million), Health Grades (Acquired for $294 million) and Vitals ($26 million).

Fifteen months and approximately nine million emails later, Practice Fusion finally posted what the emails look like and what emails are sent from Practice Fusion on their new and relatively inactive forum. However, this entire time Practice Fusion could have communicated this new feature to their users directly. In one sense they are an ad platform that communicates to doctors and yet they chose not to use that platform to let their users know what they were doing. I understand there is a balance with how many alerts Practice Fusion sends doctors within Practice Fusion, but sending out thousands of emails in each doctor’s name seems like one worthy of clear notification. (UPDATE: Practice Fusion’s response at the bottom of this post says they did communicate more than is described here.)

Practice Fusion could have easily avoided all the confusion and loss of physician trust if they had just implemented this as an opt in feature as opposed to an opt out feature. Just like the pop up surveys and other notifications they display during login, they could have popped up a request for providers to opt in to this new ratings service. When I asked Practice Fusion about this, they told me that they didn’t do it as an opt out feature because it was a passion project for them and they wanted every Practice Fusion doctor to participate in more physician-patient transparency.

Maybe that was one of the goals of the project, but I think there is more to the story. Think of the value that 1.84 million reviews has created for Practice Fusion. If Practice Fusion had done these ratings emails as an opt in feature, I am sure that very few doctors would have knowingly opted into the service. With very few doctors opting into the ratings emails, Practice Fusion would have missed out on all the value that a large database of physician reviews would create.

Beyond just the forum post linked above, I know that Practice Fusion has heard from doctors who are upset with these ratings emails being sent. From my research, it seems like most doctors’ initial reaction to the emails revolves around fear of being rated by their patients. In fact, I expect this is why on the Patient Fusion website (where all the ratings and reviews are immediately published) it says “98% doctors recommended.” I have little doubt that this statement was added in response to physicians’ fear over being rated. Many doctors likely switched from anger and fear to acceptance when they saw that their patients had rated them well.

Side Note: If almost all of the provider ratings are positive, then do the ratings have any real value?

Maybe this is why Practice Fusion hasn’t had a different response to this issue. They feel that those doctors who were upset at the emails have been pacified with good reviews or the ability to disable the service. I think Practice Fusion considers those complaining in this forum post (Note: This post has had many of the comments removed since I posted this article.) the standard “complain over anything” response from users. The problem is that we don’t know how many more doctors haven’t complained because they still don’t know what is going on. Hopefully by covering it in this blog post we will see how many doctors care about this issue.

If ratings emails sent from medical doctors wasn’t bad enough, it turns out Practice Fusion has been sending ratings emails to psychiatric patients as well. Here’s what one psychiatry NP had to say about the emails:

“As a psychiatry NP I really do not think patients should be asked to rate their therapist. This is actually a conflict with the relationship with the patient. Holding the boundaries with most of my patients is VERY important. They all want to please me. So it really is inappropriate to ask a patient to rate a therapist they have.”

On July 10th this psychiatric NP asked for the emails to be turned off. On August 1st she posted that the emails were still not turned off. Why Practice Fusion’s immediate response wasn’t to reach out to this psychiatrist to turn it off and then to turn off this feature for all psychiatrists is beyond me. Sending out rating emails to mental health patients is a whole new level of trouble and legal entanglement.

Needless to say, there are dozens of other examples of bad situations that could be caused by these emails. Here’s one doctors’ comment about his patient population and these emails:

“One of the things we do is addiction. So I have people where nobody knows they are coming to see a doctor to treat their opiate problem and they are incredibly anxious about anyone finding out. We are the type of practice where people often come to keep their indiscretions hidden. Their affair, their vice, their compulsion. I realize that most just got a dumb email.”

Another doctor offers this insight into his patient population and why this could be a big issue:

“As a doctor, I don’t like this one bit. I’m in pilot country and the FAA takes medication use VERY seriously. what if a doctor mistakenly prescribed a medicine that was on the FAA “not allowed” list ( or sees a psychiatrist and then PF sends an email that the patient was seen at a psychiatrists office to their work email. Their work could be scanning their email for violations like this and BAM! someone loses their job b/c of a PF hipaa violation that reveals the private information that this person had just been to a psychiatrists office and is possibly on psychiatric medications.”

The scenarios are endless. What if the email is coming from an AIDS clinic or a Cancer clinic and no one knows you have AIDS or Cancer? What if the email was from an OB and a boyfriend stumbles upon it?

Some might suggest that this is just a bunch of FUD (Fear, Uncertainty, and Doubt). Maybe it is, but this should be the choice of the patient and the doctor and not the choice of the EHR vendor. If Practice Fusion had done this as an opt in feature, none of this would be an issue. Some doctors are now choosing to not enter emails into Practice Fusion because they are afraid of how those emails will be used. The irony is that Practice Fusion recently made a patient’s email address and phone number required fields. If a clinic doesn’t want to enter that information, they have to check the patient doesn’t have an email or phone check boxes. You just have to wonder why email and phone fields were changed to required fields.

Doctors have always had a general fear of any Free EHR. I have heard many doctors state that they would never use a Free EHR, because they didn’t know what the company would do with their data. I’m certain that actions like the ones described above will do a lot to confirm some doctors distrust of Practice Fusion’s Free EHR. Plus, you can be certain that Practice Fusion’s competitors will be sharing this information with doctors as well.

There will be some that read these physician comments and say, “Stop complaining, it’s a Free EHR. Switch EHR software if you don’t like what they’re doing.” The problem with this rationale is that it’s not “Free” to use Practice Fusion. A doctor “pays” Practice Fusion by allowing them to use their data to make money (See also my post titled “When EMR Software Became Free…Or Does It Cost?“). Turning over the right to use a clinic’s data is why it is SO important for doctors to trust the actions of their Free EHR vendor. Without that trust, many doctors will eventually leave Practice Fusion and doctors will stop signing up.

In response to this situation, one doctor commented on Practice Fusion’s need to work with MDs to avoid situations like this. Practice Fusion’s first Chief Medical Officer (CMO) parted ways with the company back in 2012. A look at their executive team shows no new CMO and no doctors in any executive position at the company. I wonder if a doctor on the executive team would have helped them understand how spoofing the doctor’s name in these emails without their knowledge would be an issue.

While I believe sending these emails in the physician’s name without their knowledge is a big issue for Practice Fusion, the bigger question is whether these actions are indicative of how Practice Fusion will treat doctors in the future. Is this the start of Practice Fusion putting company value over physician trust? Practice Fusion told me that they knew that it would upset some doctors when they rolled out these emails, but they did it anyway. Even if only 5% of doctors are upset over this, what’s to say that the next time you won’t be part of that 5%? I know there are a lot of good people at Practice Fusion, but the company also has to answer to their investors.

On a broader scale, the core question is: Do doctors trust their EHR vendor to communicate any actions they take with your data?

All EHR vendors could have similar physician trust issues to the ones described above if they’re not careful when rolling out new features. This could include vendors who may be tempted to implement a similar email rating and review feature as Practice Fusion. The problem is not with this specific feature, but with how EHR vendors choose to implement and communicate new features to their users. You can be sure we will hear more stories about the relationship of trust between EHR vendors and physicians in the future.

Approximately 9 million emails later, we’ll see the depth of impact these actions have on Physicians’ trust in Practice Fusion.

In the future, we’ll be covering the HIPAA regulations surrounding these emails.

UPDATE: Practice Fusion sent me the following response to this article:

– Practice Fusion updated our community over the course of months about the patient feedback program through numerous blog posts, forum posts, emails and messaging inside the EHR, starting in April 2012. You can read the original message from our CEO about the program online here. Despite our efforts, not every customer was aware of the program immediately. We apologize that this was not more clear and are working to improve our feature update messaging.

– The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.

– We are passionate about making healthcare better and proud of our work to bring almost 2 million patient voices into the conversation. Patient transparency is a key part of the national move from quantity to quality in healthcare. The patient feedback program is designed to provide your practice with a controlled, quality channel for accurate patient reviews.

– It is easy to opt-out of the patient feedback program anytime. We are happy to help you update these settings inside your EHR account.

EMR Market Share

Posted on July 18, 2013 I Written By

James Ritchie is a freelance writer with a focus on health care. His experience includes eight years as a staff writer with the Cincinnati Business Courier, part of the American City Business Journals network. Twitter @HCwriterJames.

Editor’s Note: This is the first post on EMR and HIPAA by James Ritchie. James is a longtime journalist including the past eight years as a staff writer with the Cincinnati Business Courier.

Practice Fusion announced in June that it led the EMR industry in market-share gains.

Citing SK&A reports, the San Francisco-based firm boasted that it controlled 5.8 percent of the market as of May, up from 3.8 percent in July 2012. Beyond Practice Fusion, only Epic, AthenaHealth and Cerner showed gains.

In this data, which represents physician offices only, Allscripts was the market leader, with a 10.6 percent share. Not far behind were eClinicalWorks, with a 10.5 percent share, and Epic, with 10.3 percent. (The report that Practice Fusion links to is actually dated January 2013.)

But there’s more than one way to look at the EMR share picture.

Epic was the clear winner in a report by the Austin, Texas-based consultancy Software Advice on meaningful use attestations. Epic, based in Verona, Wis., accounted for 20.3 percent of attestations for a complete EHR in an ambulatory setting.

The firm’s competitors were nowhere close as of the March 2013 report. Allscripts was the system of choice for 11.6 percent of attestations by eligible professionals, and eClinicalWorks accounted for 8 percent. Next on the list were NextGen Healthcare, GE Healthcare and, with 2.7 percent share, Practice Fusion.

Software Advice claimed that the figures, based on Centers for Medicare and Medicaid Services data, might be the best around. They at least provide a standard in a market where vendors “use varied criteria to calculate their customer base,” according to the company.

Companies “might count number of users (which could include everyone from physicians to administrative staff), number of medical providers (which could include everyone from physicians to midwives) or number of practices,” Software Advice noted on its website.

Practice Fusion, founded in 2005, claimed in its press release to have doubled both its monthly active user base of medical professionals and its patient population between 2012 and 2013. The company claims to reach “a community of 150,000 medical professionals serving 65 million patients.”

The prospects for the free model that Practice Fusion uses are still up in the air. Doctors might question whether they want ads, unobtrusive as they are at the bottom of the screen, to compete for their attention when they’re entering patient data. Data, by the way, might prove to be the real revenue generator for Practice Fusion. In June the firm launched Insight, an analytics product offering a population-level view of diagnoses, prescribing patterns and other information. It’s a model worth watching. If Facebook and google can build businesses on data, maybe Practice Fusion can, too.

The SK&A figures show just how fragmented the outpatient EMR/EHR market is. The top 10 vendors accounted for only 64.8 percent of attestations, leaving about 35 percent of the market to the “other” category. By Software Advice’s count, 560 firms logged at least one meaningful use attestation.

Eager to steal share are firms like Irvine, Calif.-based Kareo Inc. It launched its own free, cloud-based EHR in February based on technology acquired from San Mateo, Calif.-based Epocrates Inc. The firm reported in June that 4,000 providers had signed on, with a third of them moving from another EHR.

Of course, ambulatory adoption is only part of the EMR story.

Epic is No. 1 among the nearly 3,000 hospitals that have received federal incentives for using complete electronic records systems, according to Modern Healthcare. The company holds a 19.6 percent share, followed by Computer Programs and Systems Inc. with 15.5 percent, Meditech with 14.1 percent and Cerner with 11 percent. The late-May report was based on numbers from CMS and the Office of the National Coordinator for Health Information Technology.

The inpatient market is far less fragmented than the outpatient space. The top 10 companies control 92 percent of share, according to the report.

No matter how you count share, the EMR space will continue to be hypercompetitive because of the dollars at stake. The market amounted to $20.7 billion in 2012, up 15 percent from 2011, according to the research firm Kalorama Information.

Practice Fusion EMR Brings Patients Into The Picture

Posted on April 22, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Practice Fusion was one of the first free, advertising supported, cloud-based EMR to enter the market and has likely been the loudest proponent of free EMR software. Although, they have some interesting Free EMR competitors like Mitochon and Kareo. Since 2007, Practice Fusion has focused on offering unfettered access to its product in exchange for physicians being willing to accept advertisements relevant to the health records they’re using and the aggregate use of the EHR data.

The company, which has raked in venture capital in buckets since its founding, now says it has 150,000 healthcare providers using its EMR and records on 60 million patients, according to a piece in The New York Times.

Now, the company has taken another step in its free-for-all model with a new service it calls Patient Fusion. Patient Fusion is a new service which allows patients using the system to schedule appointments with any participating doctor who uses the EMR. It also allows patients to rate the doctors in question and to access their records with permission. So far, 27,000 of Practice Fusion’s EMR users have signed up for the service, the Times reports.

The Times columnist covering this announcement speculates that Practice Fusion has launched its new product as a means of building up patient traffic, but I don’t see how that would work. Patients may see more of their records, but this won’t necessarily do anything to increase the number of doctor-based views the network can sell to lab companies and pharmas.

On the other hand, Patient Fusion could prove to be a powerful way of attracting and keeping doctors who want to offer easy-to-administer appointment scheduling to patients. Also, getting patients engaged with their medical records is very much in the spirit of Meaningful Use and the ONC’s priorities generally, so this new patient feature could be a beacon for doctors going through MU-motivated EMR switching this year.

Bottom line, this seems like a nifty idea. I predict that most of Practice Fusion’s EMR customers will sign up over the next year or so.

Some Inside Baseball for the EHR World

Posted on February 22, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought I’d take this moment to take a quick look at what many might consider inside baseball when it comes to the EHR world. Although, I’ve been intrigued by a couple announcements that were made recently.

The first announcement is Kareo buying the Epocrates EHR which came just in time for HIMSS. You might remember that I covered the Epocrates EHR on a number of occasions. I first saw the Epocrates EHR at HIMSS in 2010, and subsequently wrote about Epocrates “killing” their EHR immediately after launch. When that happened, I think we all wondered what would happen with the Epocrates EHR code base. You don’t just throw a meaningful use certified EHR to the curb do you?

We now know the answer to that question is no. Kareo saw fit to acquire the Epocrates EHR software and Dr. Tom Giannulli, formerly of Epocrates, is now the Kareo CMIO. I can imagine that Dr. Giannulli wanted to stay with his baby (the Epocrates EHR). I’m also quite intrigued that Kareo is offering the EHR for free (at least for now?). The funny thing is that I had written that the Epocrates EHR should be free. I guess I was sort of right, but I definitely didn’t think that the Epocrates EHR would become free since Kareo makes their money from the Practice Management and billing side of the house. We’ll see how that strategy works for Kareo. In some ways it’s taking a page out of the AthenaHealth playbook.

What might be simply an odd coincidence of timing (or not), Practice Fusion just sent out a letter (shown below) to its users from Practice Fusion Founder and CEO, Ryan Howard. In it he acknowledges Practice Fusion’s past challenges with billing, and he outlines their strategy on making the Practice Fusion billing situation better.

Does this relate to Kareo? Maybe, maybe not. What I do know is that many Practice Fusion users are on Kareo as well since it was Practice Fusion’s only major Practice Management software partner when Practice Fusion started. It seemed like a great match since Practice Fusion only had EHR, and Kareo only had Practice Management. Kareo now has an EHR, and Practice Fusion is working on billing and practice management. I guess we should have seen this coming.

Here’s the full email I got from Practice Fusion (Full Disclosure: They said Dr. Lynn, but I’m not a doctor.):

Hi Dr. Lynn,

The Practice Fusion team takes pride and appreciates your role in making us the fastest growing EHR community in the US.

We also recognize that billing has not been our strongest suit. Improved superbills and an updated payer list have been highly requested by our user community.

That’s why, by the end of March, we’re going to deliver you major new enhancements to your billing experience:

• A comprehensive, streamlined superbill, directly integrated with your workflow
• Flexible reports for billing users
• The ability to export billing data to most major billing systems
• New billing software and service partners with more economical pricing

This means you can stick with the exact billing workflow and system you use today in your practice. We’re building the ability to integrate directly by allowing you to export data to your billing system via HL7. If you prefer superbills, you’ll soon have a drastically improved superbill to work with. And if you’re looking for a new billing system altogether, we’ll also have new, low-cost partners coming soon.

We’re excited to be making your EHR faster, more flexible and easier-to-use. Lastly, our commitment to you has not changed since the day you signed on—Practice Fusion will deliver all this for free. Stay tuned for our billing revamp at the end of March!

Ryan Howard
Founder and CEO
Practice Fusion

EMR and EHR Ads

Posted on January 31, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It seems fitting on Super Bowl week to take a second and look at the advertisers that make what we do here at EMR and HIPAA possible. None of their ads cost $1-2 million like the Super Bowl ads, but if you’re looking for some great Healthcare IT and EHR products then you’ve come to the right place. If you like what we do here at EMR and HIPAA, then take a minute and see the advertisers who like what we do as well.

Also, I have a special ad promotion for new advertisers from now through the middle of February. If you’re interested in knowing the details, drop me a note on our Contact Us page.

New EMR and HIPAA Advertisers
Canon – I can’t imagine anyone reading this needs an introduction to Canon. In the Healthcare IT space they offer a suite of scanners, printers and copiers that are found in healthcare organizations across the country. I even have the Canon imageFORMULA DR-C125 in my house and use it regularly. The need for heavy duty scanners in healthcare isn’t going to go away for a long time. I’m glad to have Canon on board as an advertiser.

iPatientCare – EHR vendors always do well as advertisers on EMR and HIPAA and so it’s great to have iPatientCare as a new advertiser. They provide the full suite of EHR, PMS, PHR, HIE, and Mobile that you could need along with all the important EHR and meaningful use certifications. I see that they’re going to be exhibiting at HIMSS at Booth #5519 if you want to check them out at HIMSS. Plus, I love that their website has an image that says they won 9 TEPR Awards. Many of you probably won’t even know what TEPR is since it’s no longer around. However, TEPR was a conference focused exclusively on EHR (although it was probably called EMR back then since it was before EHR became in Vogue). The fact that they won awards at TEPR shows how long iPatientCare’s been doing EHR.

simplifyMD – I first started working with simplifyMD when they graciously sponsored the New Media Meetup at HIMSS 2012 (The 2013 event will be announced shortly, but save Tuesday, March 5th from 6-8 on your calendar). It was a great event and they were a great sponsor. simplifyMD is a certifed EHR vendor that strives to tailor their EHR workflow to the doctor’s current workflow. Something that dotors love to hear and experience from their EHR. They’re a web based EHR. Plus, they recently came out with these great simplifyMD and EHR cartoons. I’m sure I’ll be featuring more of their cartoons in the future.

Returning EMR and HIPAA Advertisers
Sfax – I call Sfax a returning advertiser because they first started advertising on EMR and HIPAA back in December of 2009. So, they supported EMR and HIPAA back when we were just starting to get some traction. After a short hiatus, they’re back as an advertiser. What many don’t realize is that Sfax handles the faxing for a large number of the EHR vendors out there. While I generally avoid faxing as much as possible, sometimes it can’t be avoided and so I’m always grateful I can just send a fax similar to how I send an email using Sfax. Word on the street is that they have the next version of their software coming out soon. I’m excited to check it out.

Mitochon – Similar to Sfax, Mitochon first started advertising on EMR and HIPAA back in Decmber of 2010. After a short break they’re back again as advertisers. I’ve really enjoyed watching Mitochon mature as a Free EHR vendor (They do offer the full suite of free services: PM, EMR, HIE, etc). When Mitochon first started advertising with me, they were a brand new company with a big vision and lots of ideas, but still a lot of work to do. They’ve come a long way since then with their product and their company. One example of that was in their mobile EHR solution that I wrote about previously.

Renewing EMR and HIPAA Advertisers
A big thanks to all these renewing advertisers. It’s beautiful seeing so many of them supporting us for so long.
Practice Fusion – Advertising since April 2010
EMR Consultant – Advertising since July 2009
Amazing Charts – Advertising since May 2010
Cerner – Advertising since September 2011

I’m very appreciative of those advertisers who support the work we do. As I look at the stats for the advertisers, I’m really happy that we’re providing real value to their companies.

Health IT & EMR Advertising

Posted on September 5, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I want to take a minute to say a big Thank You to all the advertisers that support EMR and HIPAA. If you enjoy the content on EMR and HIPAA, then take a minute to look through this list and get an idea of the companies that support what we do.

The following are the new advertisers since I last posted about EMR and HIPAA advertisers, and then the list of renewing advertisers.

New Advertisers
Digital Health Conference – I wrote previously about how much I like the Digital Health Conference in New York City. So, you can imagine I’m happy to have their event advertised on EMR and HIPAA. I hope that I see many of you at the event. It’s a great one and seems to have even gotten better this year.

GE Healthcare – If any of you watched the Olympics, you have certainly seen that GE is doing a lot of work in healthcare. It is kind of cool to think that GE healthcare is advertising in the Olympics and on EMR and HIPAA. Obviously, quite a bit different goals and EMR & HIPAA might be a little more targeted to healthcare IT professionals than the Olympics.

Physia – For those of you who haven’t yet seen me talk about Physia on Twitter, this is a new venture I’m doing with Shahid Shah. Physia does really low cost physician websites. However, that’s just the beginning of what we have in mind. We plan to layer a whole set of services on top of those websites that turn your website from a glorified yellow page ad into an integral part of your office. It’s an exciting project that is going to bring physician websites into the next century.

Renewing Advertisers
Practice Fusion – Advertising since April 2010
SOAPware – Advertising since July 2010
EMR Consultant – Advertising since July 2009
Ambir – Advertising since January 2010
Amazing Charts – Advertising since May 2010
DrFirst – Advertising since January 2012
GE Centricity Business – Advertising since May 2011

I’m very appreciative of those advertisers who support the work we do. As I look at the stats for the advertisers, I’m really happy that we’re providing real value to their company.