Getty Doctors barred from discussing safety glitches in U.S.-funded software

President Barack Obama’s stimulus put taxpayers on the hook for $30 billion in electronic medical records, many of which have turned out to be technological disasters.

But don’t expect to hear about the problems from doctors or hospitals. Most of them are under gag orders not to discuss the specific failings of their systems — even though poor technology in hospitals can have lethal consequences.


A POLITICO investigation found that some of the biggest firms marketing electronic record systems inserted “gag clauses” in their taxpayer-subsidized contracts, effectively forbidding health care providers from talking about glitches that slow their work and potentially jeopardize patients.

POLITICO obtained 11 contracts through public record requests from hospitals and health systems in New York City, California, and Florida that use six of the biggest vendors of digital record systems. With one exception, each of the contracts contains a clause protecting potentially large swaths of information from public exposure. This is the first time the existence of the gag clauses has been conclusively documented.

Vendors say such restrictions target only breaches of intellectual property and are invoked rarely. But doctors, researchers and members of Congress contend they stifle important discussions, including disclosures that problems exist. In some cases, they say, the software’s faults can have lethal results, misleading doctors and nurses who rely upon it for critical information in life-or-death situations.

“The insiders tell me it’s the confidentiality and intellectual property clauses [that] are the biggest barriers to reporting adverse events,” said David Classen, chief medical information officer of Pascal Metrics. Classen co-authored a landmark 2011 Institute of Medicine report warning that such contracts were a key reason for the lack of knowledge about health IT-related patient safety risks.

Critics say the clauses – which POLITICO documented in contracts with Epic Systems, Cerner, Siemens (now part of Cerner), Allscripts, eClinicalWorks and Meditech – have kept researchers from understanding the scope of the failures.

Several senators expressed consternation at providers’ allegations of such restrictions during a HELP committee hearing earlier this summer.

“If you’re under a gag order, you can’t say, ‘oh my gosh, I’m paying $10,000 a year for something I should be getting for free,’ ” said Sen. Bill Cassidy (R-La.). “Should we have legislation that says, ‘My god, if you have a dog, you can say, ‘I heard it bark?’’’

Sheldon Whitehouse (D-RI) asked a panel of witnesses, including Allscripts CEO Paul Black: “Can anyone on this panel see a single reason why these contracts should have gag clauses in them?”

No one ventured a reason.

After POLITICO disclosed its findings, an aide to HELP Chairman Lamar Alexander (R-Tenn.) said the committee would look at the issue, “exploring potentially harmful effects of these clauses – including how they could inhibit interoperability.”

Many providers believe the contract language blocks public disclosures about the capabilities of the software.

Take Cerner’s agreement with LA County’s Department of Health Services, signed in November 2012 and worth up to $370 million. It defines the vendor’s confidential information as “source code, prices, trade secrets, mask works, databases, designs and techniques, models, displays and manuals.” Such information can only be revealed with “prior written consent.” The protections cover the provider company, and its employees.

Such agreements, which are typical of the contracts examined by POLITICO, “contain broad protections for intellectual property and related confidentiality and non-disclosure language which can inhibit or discourage reporting of EHR adverse events,” said Elisabeth Belmont, corporate counsel at MaineHealth.

Belmont said she had also seen non-disparagement wordings that prohibit providers from disseminating negative information about the vendor or its software. POLITICO found no direct evidence of such clauses.

“One reason EHR software vendors include such provisions in their license agreements,” said Belmont, “is because no EHR software vendor wishes to be ranked by researchers or other third parties as having poor usability or other problematic software issues.”

Feeble government response

The executive branch—the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services are responsible for the subsidy program— has done little about the clauses, though providers and researchers have been grumbling about them since the 2011 Institute of Medicine report warning that “[t]hese types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks.”

“ONC hasn’t done anything,” said co-author Classen. He had hoped the agency would build protections into the certification process – which gives the agency imprimatur to the record systems and makes them eligible to participate in the stimulus program.

Agency officials say they deplore the clauses but lack the capacity to directly address the problem.

“We strongly oppose ‘gag clauses’ and other practices that prevent providers and other health IT customers and users from freely discussing problems and other aspects of their health IT,” an ONC spokesman said.

But, he continued, ONC cannot police them. The clauses take a variety of forms, and the extent to which vendors invoke them varies, making enforcement difficult – particularly for a small agency that doesn’t have investigative or police powers.

Instead, the agency seeks to address the problem indirectly, said an ONC staffer. It hopes to go around the clauses by requiring additional transparency about the costs and performance of the software.

One particularly sensitive issue has been sharing screenshots. Vendors can forbid their publication, arguing that would give away advantages in design or technology. But without them, it’s impossible to see the confusion that badly constructed software poses to a physician.

“I have … personally asked Judy [Faulkner, Epic’s CEO] for permission to publish screenshots in a student’s master’s thesis and have been told no,” said Dean Sittig, a health IT researcher at University of Texas Health Science Center at Houston.

Others say vendors are arbitrary in their approval process for sharing screenshots.

Bob Wachter, interim chair of the department of medicine at the University of California, San Francisco, cites an example from his recent book, The Digital Doctor.

The book hinges on a case study of a pediatric patient who received a 39-fold overdose of an antibiotic. Epic’s software, Wachter argued, played a contributing role in the overdose, and he wanted to buttress his argument with screenshots from the software.

The approval process was a chore, Wachter said in an interview, and Epic was “quite prescriptive about what I could and couldn’t show.” Nevertheless he eventually received approval.

But when Wachter posted a book excerpt on social media website Medium, he received a “fairly angry email” from Epic executive Carl Dvorak, who demanded he remove the post. Epic had granted permission to publish the screenshots in the book – not in any other form, Dvorak said.

Wachter ignored the letter, but researchers or doctors in a less secure position might not, he believes. “I’m guessing that’s what happens in 99% of cases.”

Intimidated Researchers

Anxiety about crossing a vendor’s line afflicts many doctors and researchers. In March, Sittig published an article in the Journal of the American Medical Informatics Association comparing eight digital systems’ graphing functions – how they plot clinical lab information.

The study was harsh, concluding that some deficiencies “could have a significant, negative impact on patient safety” by confusing clinicians about the timing of some lab results.

But readers would have a hard time attributing faults to specific commercial systems. While the study disclosed which were studied – Allscripts, Cerner, eClinicalWorks, Epic, Glassomics, Meditech, Partners HealthCare and Veterans Affairs – it didn’t say which graph belonged to which system. (It did identify the graphs from Partners and the VA—which used homegrown software.)

Sittig’s team obtained the screenshots from clinicians—who asked them not to publish the graphs with specific identifying information. “[T]he hospital employees fear for their jobs if they violate the policy of not sharing screens of the EHR,” he said.

Vendor executives insist that the confidentiality clauses aren’t meant to shut down debate; and some even say they allow use of screenshots.

eClinicalWorks’ customers can put screenshots up on YouTube, and often do, said Jinesh Gandhi, VP of business development. His company’s customer forum – which isn’t controlled by the company – features in-depth discussions of the software. So in-depth, Gandhi claimed, that competitors trawl the forum to gain an edge.

Gandhi was asked why his company’s contract with San Joaquin County in California defines confidential information to be, without limitation, “any technical or non-technical data, designs, methods, techniques, drawings, processes, products, inventions, improvements, methods or plans of operation, research and development.”

Like other vendors, Gandhi said the purpose was to defend the company’s proprietary information: “Any inventions, or improvements, or R&D, which may be confidential in nature before we release to the world. That’s my understanding,” he said.

Epic executives said they encourage open discussion. “With permission, we very frequently allow folks to share information around the software,” said Epic’s vice president for client success, Eric Helsher. Epic only rarely denies information sharing requests, another company executive claimed. One example of a refusal was one to a researcher seeking to publish every screen of a new release.

Allscripts’ vice president of government affairs, Leigh Burchell, offered a similar rationale. The company is usually comfortable with academic research evaluating the impact of her company’s software. “We’d have concern,” however, on the publication of “design information or proprietary information where competitors would be able to exploit,” she said.

If researchers are interested in sensitive areas, Allscripts “would consent to academic research but not broader use … academic researchers would do analysis in [a] contained environment, not in such a way that it would become more broadly available,” she said.

Researchers are not satisfied by these assurances. “It’s like follow-the-leader,” said David Hanauer, a doctor and researcher at the University of Michigan. “Who wants to be the first one and put their neck out there?”

“Legalese can be interpreted,” Helsher acknowledged. Epic’s contract with Contra Costa County in California defines confidential information as “the functionality, operation, use, source code, data structures, implementation, or maintenance of the [the software.]”

“I’d just ask [providers] to reach out, have a conversation,” he concluded.

MaineHealth’s Belmont, who has negotiated contracts with electronic record vendors, says providers can protect themselves by negotiating “carve outs” that explicitly protect certain types of sharing – for example, to patient safety organizations or internally. (If a given hospital system uses multiple vendors for its electronic record system, it can be verboten for a clinician on one platform to share a screenshot with a colleague tethered to another).

“I tend to be aggressive in negotiating any health IT agreements,” Belmont said.

The New York City Department of Health’s agreement with eClinicalWorks gives the department the explicit right to disseminate information and does not appear to bar employees from publicizing confidential information. The Department “had a very strong negotiating position,” said former ONC head Farzad Mostashari, who was working for them at the time.

But a lot of problems may go under-reported. That offends Wachter, who says the patient safety world “takes it as religion” that information be shared as widely as possible.

“These are worlds colliding. You can understand why a technology business would put restrictions on screenshots. But we’re not making widgets here, we’re taking care of sick people,” he said.

“At some level, I’d say, ‘How dare they?’”

