Yet pooling data from the digital records systems in thousands of hospitals has proved a technical nightmare thus far. That’s largely because software built by rival technology firms often cannot retrieve and share information to help doctors judge which coronavirus treatments are helping patients recover.

“I’m stunned at EHR vendors’ inability to consistently pull data from their systems,” said Dale Sanders, chief technology officer of , a medical data analytics company. “It’s absolutely hampering our ability to understand and react to COVID.”

Over the past decade, federal officials have spent some $36 billion switching from paper to electronic health records, or EHRs, expecting, among other things, to harness volumes of medical data to reveal which treatments work best.

EHRs document every step doctors or other health care workers take in treating a COVID patient, from medicines prescribed to signs of progress or setbacks. Data collected from large numbers of patients could quickly yield answers about which treatments are succeeding.

But the pandemic is bringing into stark relief just how far the nation is from achieving the promised benefits, critics say.

Dr. Richard Cook, a research scientist and health care safety specialist, traces the data problems to missteps dating to the rollout of EHR, which began in earnest in 2009 and has been controversial ever since because commercial players produced ― and hospitals bought — systems that have proved more suited to billing than public health. “This was a boondoggle from the get-go, and the promoters knew it at the time,” Cook said.

Although some health systems are beginning to draw on EHR data to spot coronavirus trends and beneficial treatments, most health organizations around the country cannot readily do so.

“If we had a national database, we’d get a readout quickly about responses to [COVID-19] treatments,” said Dr. Eric Topol, director of the Scripps Research Translational Institute.

Medical researchers favor studies that test the efficacy of a drug in a formal clinical trial, and trials are underway for a variety of possible COVID-fighting medicines, including hydroxychloroquine. The results could take months or more, however, and doctors treating critically ill patients have few options in the meantime.

Topol said “real-world” evidence drawn from computerized records of COVID patients, while not as reliable as a clinical trial, is “still very useful” to help guide medical decisions.

Medical data has been hard to tease out because much of it resides in electronic “silos,” which government officials have not required technology companies to open up and eliminate.

“We’ll see piecemeal readouts of small numbers from individual health systems,” Topol said, but “don’t have the important data that we need.”

Sanders, whose firm is a member of the , a business-sponsored group promoting coronavirus data-sharing and analysis, said federal health officials lost precious time by failing to address this need as early as mid-January.

He said the federal Centers for Disease Control and Prevention, or CDC, should have devised a COVID data-collection plan using standardized terminology so hospitals with incompatible EHRs could compare notes on the fast-paced pandemic.

The CDC did not respond to written requests seeking comment. A spokesman for the Health and Human Services office that coordinates health information technology policy said: “This is a novel disease so the health care system did not know what data we needed to collect ― we are learning that the system needs to build out reporting information on multiple clinical features.”

Still, several of the top EHR manufacturers have joined the data-sharing coalition, which is pledging to at least partially fill the information void. The group has access to COVID data from about two dozen health systems and is expecting to add more.

“This is the first attempt at this that I’m aware of where inherently competitive EHR vendors have come together to work together with clinical researchers,” said Dr. Brian Anderson, chief digital health physician with the MITRE Corp., a nonprofit technology group that formed the coalition in late March.

Anderson said the coalition is “getting close” to being able to share some results from reports of treating people with convalescent plasma recovered from patients who have survived COVID-19. The group is also examining treatment data on the drug as it irons out some of the technical difficulties that complicated its analysis of hydroxychloroquine. Last week, the Food and Drug Administration that hydroxychloroquine could cause heart problems and should be used only in a hospital or clinical trial.

There are other signs the EHR industry is relaxing its grip on medical data in response to the emergency. Major EHR vendor Cerner Corp. has researchers access to some types of COVID-19 data, including “clinical complications and outcomes that could help drive important medical decisions.”

And some health systems have begun publishing data drawn from EHRs. One released this month, for instance, tracked the outcome of 5,700 coronavirus patients treated at 12 hospitals in a New York City health system and found that 88% of patients placed on ventilators had died. All the hospitals shared the same records vendor.

“In crisis, people seek data and authorities demand it,” said Cook, the health care safety specialist. But, he said, “it is not possible to build such a system on demand.”

Ross Koppel, a professor at the University of Pennsylvania and longtime EHR safety expert, said that the COVID-19 pandemic illustrates both “strengths and disappointments” of the digital systems.

While health systems using a single vendor have been able to pool data, Koppel said, the industry has battled regulators seeking to adopt common standards, a practice known as interoperability.

“That failure to mine these oceans of invaluable data reflects the power of the vendors to prevent government requirements for data standards and interoperability,” he said.

Limits in electronic data collection systems also are hindering COVID-19 public health and surveillance efforts.

Officials said they are sometimes required to manually fill out and fax some forms, wasting valuable time. Some information must be printed out from EHRs and reentered by public health authorities because it cannot be sent electronically.

Certain CDC , such as Person Under Investigation COVID case reports, can take up to 30 minutes to complete. Other forms exchanged between hospitals and laboratories often are missing critical information, leading to delays in contacting patients and identifying people they had close contact with. In some states, demographic information on race and ethnicity is missing 85% of the time, and patients’ addresses, half the time, according to Janet Hamilton, executive director of the Council of State and Territorial Epidemiologists.

“We’re using yesterday’s technology for the biggest public health emergency in our lifetimes,” Hamilton said. “COVID has demonstrated for people what we’ve known all along. You can’t leave public health at the end of the line.”

The government’s health IT chief says a new administrative to promote interoperability and bar EHR manufacturers from impeding the flow of information will take time to change behavior.

“If this were to have happened three or four years in the future when we have interoperability … we would be in a much better spot here. But unfortunately, that’s not quite the case, but we’re still keeping our work going,” Donald Rucker, national coordinator for health information technology, said during an April 15 virtual .

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

“Patients should have control of their records, period. Now that’s becoming a reality,” said Health and Human Services Secretary Alex Azar. “These rules are the start of a new chapter in how patients experience American health care.”

Officials said the rules likely will give patients a greater say in health care decisions and put an end to a long-standing practice in which some doctors and hospitals resist handing complete medical files over to patients upon demand. Many of the provisions are set to take effect in 2022.

“The days of patients being kept in the dark are over,” said Centers for Medicare & Medicaid Services Administrator Seema Verma. “In today’s digital age, our health system’s data-sharing capacity shouldn’t be mired in the Stone Age.”

Yet the new rules also have raised concerns about privacy as technology companies, such as Google, Microsoft, Apple and Amazon, open up new markets for providing medical records through mobile apps. Major EHR vendor Epic, for instance, has warned that freer flow of medical records could spur the unwanted sale of data or other unauthorized uses.

“Family members may be shocked to find that their most personal health data has been mined and sold by data brokers and is now known by others, Epic CEO Judy Faulkner wrote last June in opposing the rules.

Administration officials said they have taken privacy considerations into account and would require developers to attest to plans to protect the security and use of medical data.

Verma took a swipe at Epic in an interview with KHN and Fortune.

“We’re not afraid to take on special interests to do what’s right for patients. Some people disagree because they want to keep the data,” she said. “The reality is that patient data belongs to patients. It doesn’t belong to EHR companies.”

Verma said the nation’s health care system remains “hugely expensive and inefficient as repeat tests drive up costs and, perhaps most importantly, doctors are forced to provide care with an incomplete clinical picture, especially at a time when the health care systems could be under stress.”

“With the handling of the COVID virus, the urgent need for coordinated integrated care could not be clearer,” she said.

The Department of Health and Human Services on Monday issued two rules to give patients greater access to their electronic health records.

Among the key provisions:

• Patients must be able to access their medical records on a smartphone at no cost and can share those records as they choose.
• Health systems must be able to exchange information about patients’ past medical treatments or conditions.
• “Information blocking” practices (that is, anti-competitive behaviors) by health care providers, developers of electronic medical records and others are prohibited.
•  Electronic medical record certification requirements are updated so that health professionals can discuss safety and usability concerns without being bound by gag clauses in software sales contracts.
• Insurers are required to share health claim data with patients on Medicare and Medicaid through a mobile app.
• Insurers must advise patients of their network of health providers through an app.

Donald Rucker, who coordinates health information technology policy for HHS, said the new rule “will allow patients the ability to manage their health care the same way they manage their finances or the travel or other parts of their life on their smartphone.”

While Epic, the maker of the most-used electronic health records software, led a campaign to derail the rules, its chief competitor, Cerner Corp., argued the rules were long overdue.

“Consumers should have the right to access the health care information their providers have about them and dictate where they want it to go. Although existing laws allow patients to access their data, it doesn’t work,” Cerner CEO Brent Shafer said in a statement.

The rules also attempt to prevent EHR vendors from silencing critics of their software products. The government wants to encourage doctors and other users of EHR technology to share their experiences about software problems by prohibiting so-called gag clauses in sales contracts. That could free users to criticize EHR systems, including more open discussion of flaws, software glitches and other breakdowns.

“Botched Operation,” an investigation published by Kaiser Health News and last year, found that the federal government has spent more than $36 billion on the EHR initiative. Thousands of reports of deaths, injuries and near misses linked to digital systems have piled up in databases over the past decade — while many patients have reported difficulties getting copies of their complete electronic files, the investigation found.

Consumers have long sought to be more in the loop on health care decisions in a user-friendly form. Many specifics about how that will happen, including how patients would make sense of complex pricing policies for purchasing health care and insurance and assessing quality, remain unclear, however.

To cut down on exorbitant “surprise” medical bills, Verma said, the CMS’ new rule would require insurers to let patients know which medical providers are in their networks. One study found that such bills — often not covered by insurance — have struck more than half of American adults.

For well over a decade, federal officials have struggled to set up a digital records network capable of sharing medical data and patient records. In 2004, President George W. Bush said he hoped to have a digital record for most Americans within five years. In early 2009, the Obama administration funneled some $36 billion in economic stimulus money to help doctors and hospitals buy the software needed to replace paper medical files.

Despite the slow progress, federal officials remain optimistic that digital records will save the nation billions of dollars while reducing medical errors, unnecessary medical testing and other waste — and encouraging more Americans to take a bigger role in managing their health care by comparing prices.

Trump administration officials on Monday sought to blame the Obama administration for creating what they called a “tower of Babylon,” in which doctors and health systems couldn’t seamlessly share patient information or “talk to one another.”

“It’s led to a tremendous amount of frustration on the part of medical professionals and patients as physicians, interacting with patients, oftentimes spend more time looking at computer screens than they do into the eyes of the people they’re trying to heal,” said White House official Joe Grogan.

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The doctors at Midwest (City) Regional Medical Center in Oklahoma worried that the software failed to track some drug prescriptions or dosages properly, posing a “huge safety concern,” Lewis said. Lewis cited the alleged safety hazards in a whistleblower lawsuit that he and another former employee of Community Health Systems (CHS) filed against the Tennessee-based hospital chain in 2018.

The suit alleges that the company, which had $14 billion in annual in 2018, obtained millions of dollars in federal subsidies fraudulently by covering up dangerous flaws in these systems at the Oklahoma hospital and more than 120 others it owned or operated at the time.

The whistleblowers also allege that Medhost, the Tennessee firm that developed the software, concealed defects during government-mandated reviews that were supposed to ensure safety.

Both CHS and Medhost have the allegations and moved to dismiss the suit. The motions are pending. Last month, Department of Justice lawyers wrote in court filings that they were still investigating the matter and had not yet decided whether to take over the case.

The lawsuit is one of dozens filed by whistleblowers, doctors and hospitals alleging that some electronic health records (EHR) software used in hospitals and medical offices has hidden flaws that may pose a danger to patients — and that a substantial chunk of the $38 billion in federal subsidies went to companies that deceived the government about the quality of their products, an ongoing Fortune-KHN investigation shows. The subsidies were designed to persuade hospitals and doctors’ offices to install software that would track the medical history of every patient and share the information seamlessly with other health care providers.

But the software makers allegedly gamed the system, repeatedly. Three major EHR vendors have made multimillion-dollar settlement deals — totaling $357 million — over Justice Department investigations which include allegations that they rigged or otherwise gamed the government’s certification test. At least two other companies are under investigation.

Beyond those cases, federal officials have paid hundreds of millions of dollars in subsidies to doctors and hospitals that could not show they were even qualified to receive them, according to federal officials. Nearly 28% of doctors and 5% of hospitals who attested to meeting government standards later failed audits. Federal officials told Fortune and KHN that they have clawed back $941 million in improper subsidies.

“We’re entering an entirely new area of health care fraud,” John O’Brien, senior counsel with the Department of Health and Human Services Office of Inspector General, said in a July 2017 announcing a with eClinicalWorks, one of the nation’s leading sellers of EHRs for physicians.

The concern is not just over wasteful spending of tax dollars. EHRs monitor the medicines people take and their vital signs, so software glitches that prevent doctors from accessing files quickly, that mix up patients or send vital test results to the wrong file can contribute to serious injuries, or even deaths.

In March, Fortune and KHN revealed that thousands of injuries, deaths or near misses tied to software defects, user errors and other problems have piled up in various government-sponsored and private repositories.

“Ultimately, it’s about patients getting the right care,” Andrew Vanlandingham, the HHS inspector general’s senior counselor for health information technology, said in an interview. He said that investigators are “gearing up” for more scrutiny of the important industry, including closer monitoring to make sure that records software is safe.

Leaping Into The Digital Era

In 2009, Congress committed billions of dollars in economic stimulus funds to bring the era of paper medical records to a close. Officials hoped to cut down on medical errors caused by illegible paper records and draw on the power of massive troves of medical data to drive down the cost of health care and help develop improved treatments for disease.

The hastily devised plan offered Medicare doctors and other medical professionals up to $44,000 and $64,000 in subsidies if they bought the software and accepted patients on Medicaid, the federal health care program for low-income people.

The money was intended to help them pay vendors to install EHRs in their offices. Hospitals, which required more sophisticated and costlier software, could receive millions in subsidies, based on the number of inpatients treated. To give them a nudge, officials warned doctors and hospitals that failure to wire up would trigger gradual cuts in their Medicare payments. EHR vendors had to meet certification standards set by the HHS Office of the National Coordinator for Health Information Technology, or ONC.

Providers had to attest that their EHR software could perform a variety of functions, which the government described as making “meaningful use” of the technology.

Certification was essentially an open-book test in which the government gave vendors the questions in advance — for instance, the names of 16 or so drugs the system would have to prescribe electronically to pass. The Justice Department has alleged that some vendors simply doctored their software to pass the test — for example, programming the required codes for just the specified 16 drugs they would be tested on, rather than all medicines — as officials had expected.

Frank Poggio who recently retired from a 45-year career in health technology, saw the cases of fraud coming, he said, because the tests “were superficial, and if you wanted to game it, you could game it.”

Poggio said there were many weaknesses in the system that allowed a vendor to show a “prototype” as opposed to live software.

Dr. Scott Monteith, a Michigan psychiatrist who served as an early certification juror, said he saw some limitations firsthand. He said one vendor took 30 minutes to produce a list of patients who had diabetes and also smoked, data he figured any computer program should be able to spit out in seconds. The vendor passed.

“That’s an example of how poorly thought-out the whole thing was,” said Monteith, who noted he was then, and still is, a big booster of EHRs.

Jeffery Daigrepont, a senior vice president at Coker Group, a firm that advises health providers on business decisions, said the government erred by handing out too much money in the early stages of the program, when many doctors and hospitals had not yet done much more than agree to participate.

“It was an upside-down pyramid,” he said. “You got the bulk of the money for doing the least amount of effort.”

Dr. John Halamka, a physician and Harvard Medical School professor who chaired the ONC standards committee, which wrote the certification rules, defended the process.

“The only problem [with certification] is that it presupposed that the product the vendor certified would be the same product they sold,” Halamka said. “It presupposes that people will go into the certification process and participate in good faith.”

That did not always happen in the rush to snatch up subsidy dollars, according to the whistleblowers’ suits. The Justice Department case against eClinicalWorks, which has 130,000 providers, accused the company of rigging tests to win certification, claims the company has denied. The company did not respond to numerous requests for comment.

The government accused Greenway Health, a Florida-based EHR developer with 75,000 providers, of doing the same thing. The DOJ’s complaint included a number of instant-message exchanges between Greenway employees in which they allegedly discuss their plan for gaming the certification process by “shortcutting some functionality” of the software. In February, Greenway Health for just over $57 million without admitting wrongdoing.

The whistleblower case filed by Lewis and former co-worker Joey Neiman accuses the CHS hospital chain of submitting more than $385 million in false claims for EHR stimulus payments between 2012 and 2014.

Visiting the Oklahoma hospital as part of a troubleshooting team in June 2015, Lewis heard that physicians worried flaws in the system could result in patients being sent home “with the wrong drugs, doses or instructions,” according to the suit.

Things got so bad that local doctors were threatening to admit patients elsewhere unless the hospital fixed the software problems, according to the suit.

In a statement, CHS said it had “complete confidence” in its records systems. “The allegations made in the lawsuit against our hospitals are completely without merit,” the company said. Medhost denied its software has flaws, noting in its : “Hundreds of facilities have successfully used our software over the years and continue to do so today.”

Few in the industry seemed surprised by such allegations. When news of the eClinicalWorks case broke, Farzad Mostashari, who led the ONC from 2011 to 2013, : “Let me be plain-spoken. eClinicalWorks is not the only EHR vendor who ‘flouted certification/misled’ customers. Other vendors better clean up.”

The Electronic Health Record Association, a trade group that represents more than 30 vendors, did not respond to a request for comment. However, vendors have argued that they faced a tangle of regulations that required them to meet constantly shifting standards that government officials often could not explain.

ONC officials declined to answer written questions. But in a statement, ONC said it takes steps to ensure that products “are safe for patients and usable by providers.”

System Glitches And Accusations Of ‘Gaming’ The System

While the ONC sets the standards, the federal Centers for Medicare & Medicaid Services (CMS) had the job of paying doctors and hospitals that attested to meeting the “meaningful use” criteria. As of September 2018, CMS had paid out $38.4 billion in these funds.

In 2012, CMS hired accounting firm Figliozzi and Co. of Garden City, N.Y., which audited almost 50,000 medical professionals. Nearly 28% failed, despite the fact that they had previously attested to meeting the standards. Hospitals did better, posting a 5% failure rate. CMS officials said they have recovered some $941 million in these improper payments. The losses to the Treasury are likely far higher because only 14% of the medical professionals and 40% of the hospitals receiving payments were audited.

Michael Arrigo, who has served as an expert witness in health IT-related fraud and medical malpractice cases, said that in some cases EHR vendors misled hospitals about the challenges of replacing paper records with computers.

Others rolled the dice, apparently hoping the program was so large and complicated that they were unlikely to be targeted for audit. “Sometimes [providers] got away with it until a whistleblower found out,” Arrigo said.

Reviewing state and federal court filings, Fortune and KHN found more than two dozen cases, many filed by hospitals against vendors, which depict chaotic EHR installations and safety concerns as they pursued meaningful-use dollars.

Parrish Medical Center, a 210-bed public hospital on Florida’s Space Coast, is one. In December 2010, the Titusville hospital contracted with McKesson’s Enterprise Information Solutions. One of America’s largest companies, McKesson said its product would be easy for doctors and nurses to learn and help them “deliver high-quality, safe patient care.”

But the deal collapsed, prompting a bitter court battle in which the hospital repeatedly assailed McKesson’s competence. For instance, the hospital alleged that bugs in the software caused it to create more than one record for the same patient, a flaw dubbed a “major safety issue.”

An expert hired by Parrish said he contacted eight other hospitals, including three in Florida, which had dumped McKesson due to what he called “poor or unsatisfactory customer service.”

The medical staff at one of those hospitals was “up in arms” because it took 63 mouse clicks to look up a patient’s lab results, according to the expert’s report.

Parrish later signed on with another EHR vendor and the suit has since been settled. Both Parrish and McKesson declined to comment for this story. McKesson sold its health IT business to Allscripts in October 2017. Earlier this year, Allscripts reported to the Securities and Exchange Commission that government attorneys have requested documents from the company as part of an investigation into McKesson’s certification.

In another lawsuit, Weirton Medical Center, a hospital in West Virginia, stated in a court filing that it submitted “inaccurate” meaningful-use data to the government ― though it blamed the vendor. The hospital alleged the system failed to identify a patient who was critically ill and in the hospital. The hospital declined to comment to KHN and Fortune about the case, which has been settled.

Hamstrung By Technology?

ONC officials said they keep no log of complaints they receive.

A published in JAMA this month found that 40% of the software that ONC singled out for post-marketing review had flaws that could lead to patient harm, including inaccurate drug codes, information displaying incorrectly and decimal points gone missing.

That’s “a concerning number, and we have to do something to address that,” said researcher Raj Ratwani, the director of the MedStar Health National Center for Human Factors in Healthcare and a co-author of the study. These systems were used in 786 hospitals and by 37,365 provider organizations, according to Ratwani, who said there’s no way to know how many defects have been fixed.

ONC has about 100 pieces of once-approved software products. But most were tiny market players that had few or no users and went out of business. PlatinumMD, which had just 48 “meaningful” users, is an example. In a 2014 whistleblower lawsuit, San Diego urologist Dr. Scott Brown alleged that PlatinumMD filed for $18,000 in subsidies on his behalf even though it had not yet fully installed his EHR. In February 2016, the defunct company’s owners settled the case without admitting liability by paying the government $180,000.

Another 132 government-certified products have been flagged for corrective action due to “non-conformities.” As for the technology that the government alleges was fraudulently certified, it’s still used in health care settings across the country.

While those vendors faced multimillion-dollar settlements and now must operate under the oversight of a government monitor, their technology was not taken off the market. Nor were they dumped by many customers who, for the most part, however dissatisfied, were stuck with it.

ONC seemed to acknowledge that decertifying a large vendor would cause a major disruption, noting in an October 2016 regulation: “Our first and foremost desire would be to work with developers to address any problems.”

In the regulations, ONC cited the costs medical providers would face should their EHR vendor shut down as ranging from $33,000 to as much as $650 million.

“It is very difficult to switch product,” said Steve Waldren, chief medical informatics officer for the American Academy of Family Physicians. “You couldn’t just go down the street and pick up another EHR, put it in and move your data over.”

He noted that beyond the considerable cost of the technology, providers would have to take time to learn a new system.

“ONC does seem to have a stance that removing some of these players from the market would be very disruptive,” said Brad Ulrich, a Tennessee health IT expert. “They are almost too big to fail.”

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

(Credit: Fortune)

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The health data geeks trusted that transitioning from paper to electronic records would cut down on medical errors, help identify new cures for disease and give patients an easy way to track their health care histories.

But after two days of discussions, the group warned that few safeguards existed to protect the public from possible consequences of rolling out the new technology so quickly. Because this software tracks the medicines people take and their vital signs, even a tiny error or omission, or a doctor’s inability to access the file quickly, can be a matter of life or death.

The experts at that September 2009 meeting, mainly members of the American Medical Informatics Association, or AMIA, agreed that safety should be a top priority as federal officials poured more than $30 billion into subsidies to wire up medical offices and hospitals nationwide.

The group envisioned creating a national databank to track reports of deaths, injuries and near misses linked to issues with the new technology.

It never happened.

Instead, plans for putting patient safety first — and for building a comprehensive injury reporting and reviewing system — have stalled for nearly a decade, because manufacturers of electronic health records (EHRs), health care providers, federal health care policy wonks, academics and Congress have either blocked the effort or fought over how to do it properly, an ongoing investigation by Fortune and Kaiser Health News shows.

Over the past 10 years, the parties have squabbled over how best to collect injury data, over who has the power to require it, over who should pay for it, and over whether to make public damning findings and the names of those responsible for safety problems.

In 2015, members of Congress derailed a long-planned EHR safety center, first by challenging the government’s authority to create it and later by declining to fund it. A year later, Congress stripped the Food and Drug Administration of its power to regulate the industry or even to track malfunctions and injuries.

“A lot of people involved with patient safety and medical informatics were horrified,” said Ross Koppel, a University of Pennsylvania sociologist and prominent EHR safety expert. Koppel said the industry won legal status as a “regulatory free zone” when it came to safety, an outcome he called a “scandal beyond belief.”

The Electronic Health Record Association, a trade group that represents more than 30 vendors, declined to comment on the safety issue.

Meanwhile, patients remain at risk of harm. In March, Fortune and KHN revealed that thousands of injuries, deaths or near misses tied to software glitches, user errors, interoperability problems and other flaws have piled up in various government-sponsored and private repositories. One uncovered more than 9,000 patient safety reports tied to EHR problems at three pediatric hospitals over a five-year period.

Allegations of EHR-related injuries or other flaws have surfaced in the courts. KHN/Fortune examined more than two dozen such cases, such as a California woman who mistakenly had most of her left leg amputated because the EHR sent another patient’s pathology report indicating cancer to her medical file. A Vermont patient died after a doctor’s order to scan her brain for an aneurysm never made it from the computer to the lab.

Despite such incidents, experts believe EHRs have made medicine safer by eliminating errors due to illegible handwriting and in some cases speeding up access to vital patient files. But they also acknowledge they have no idea how much safer, or how much the systems could still be improved because no one — a decade after the federal government all but mandated their adoption — is assessing the technology’s overall safety record.

KHN and Fortune found that at least a dozen expert commissions, federal health IT panels and medical associations have echoed AMIA’s early call to track EHR safety risks only to be thwarted by objections from the industry or its allies, or by simple bureaucratic inertia. Some critics see the situation as a dispiriting Washington tale of corporate “capture” of government, while others wonder why a warning system to alert health officials to dangers with certain software is even controversial.

“How is it in the public interest for medical records software to have flaws that lead to deaths?” said Joshua Sharfstein, who served as FDA deputy commissioner when the safety issue flared up during President Barack Obama’s first term. These incidents “should be fully understood and investigated” and “not be able to be buried.”

Support for computerizing medical records has spanned the political spectrum. The health IT industry’s aversion to FDA oversight has won support at critical times both with liberals who embraced EHRs as a high-tech magic bullet for reforming the nation’s costly health care system and with free-market conservatives skeptical of red tape and government interventions.

The vendors protested they were overburdened with technical requirements that their software had to meet to qualify for the government subsidy program. Those specifications included many relatively small-bore features, like including a check box indicating the doctor had asked about the patient’s smoking status — and other tasks likely to have little impact on safety.

Complicating things further, many safety advocates themselves have worried that heavy-handed oversight — such as requiring approval of every software update — could actually make the technology less safe, stalling urgent software updates (not to mention stifling innovation and slowing the marketing of vital new technology).

After a contentious process in which consumer advocacy group Public Citizen FDA officials of collaborating with the devices industry to weaken oversight, Congress passed the 21st Century Cures Act. A few sentences buried in the law, signed by Obama in late 2016, all but shut the door on FDA regulation of EHRs.

The bipartisan law, which speeds up approvals for some medical therapies, states flatly that electronic health records are not medical devices subject to FDA scrutiny. Some longtime EHR safety advocates say they have all but given up hope for consensus on any system that would investigate and share findings from adverse events, as happens in other industries, like transportation and aviation.

“We have nothing like that,” said Justin Starren, director of the Center for Data Science and Informatics at Northwestern University. “We have the opposite … with vendors saying that customers are explicitly forbidden from publicizing problems they encounter.”

Starren noted that health care providers don’t like to share safety failures either: “It’s the liability fear. If an institution holds up its hand and says, ‘Our EHR might be killing people,’ the lawyers will be lining up outside the courthouse door.”

Less Red Tape Unleashes Red Flags?

In the months before the 2009 AMIA meeting, concern was mounting at the FDA over the rapidly advancing EHR rollout.

Since the mid-1980s, however, the FDA had considered health IT to present a low risk of harm because a “learned intermediary,” such as a doctor, was in charge. Most manufacturers agreed and insisted their products were not medical devices, but vehicles for processing and storing medical information.

The legal distinction is critical. While the FDA requires device makers to report adverse events, the policy in place gave EHR manufacturers a pass. At least one major vendor, Cerner Corp., has concluded that EHRs are, in fact, medical devices and has submitted some error reports to FDA’s public database. But most manufacturers disagree and have not reported data, leaving a sizable gap in the agency’s grasp of possible hazards.

Within the FDA, some staffers urged the agency to rethink the hands-off stance given the rush by hundreds of health IT companies — many of them new entrants — to sell medical records software that tens of thousands of doctors, hospitals and patients would rely on.

On Sept. 22, 2009, FDA staff shared their views with deputy commissioner Sharfstein and his boss, commissioner Margaret Hamburg, at a “regulatory strategy” meeting. After hearing the pitch, Hamburg agreed the FDA “needs to be involved in the White House [EHR] initiative,” according to an agency memo. Hamburg had no comment for this article.

One former FDA official recalls tension mounting as the agency became more assertive, saying: “It was a big train going down the tracks at 80 miles per hour, and there were concerns that FDA would slow it down.”

The FDA sounded a public warning at a February 2010 hearing. The agency’s chief devices regulator, Jeffrey Shuren, testified that even with limited surveillance, the FDA had tied six deaths and 44 reported injuries to health information technology failures.

In all, Shuren said, the FDA had logged 260 reports of “malfunctions with the potential for patient harm” over the previous two years. In one case, the software filed results from emergency lab tests to the wrong patient’s electronic record.

Shuren described the reports as likely the “tip of the iceberg” and said they suggested “significant clinical implications and public safety issues.” He laid out three options for FDA involvement, the least burdensome being registration of EHR software and mandatory reporting of dangerous incidents. Through an agency spokesperson, Shuren declined to be interviewed for this article.

Shuren’s 2010 testimony did not appear to carry much weight with David Blumenthal, a Harvard physician chosen as the Obama administration’s point man for the digital medical record rollout. Blumenthal declined to comment.

Many in Blumenthal’s division, known as the Office of the National Coordinator for Health Information Technology, or ONC, sympathized with the industry’s assertion that FDA regulation would discourage innovation, which, in turn, could cripple the president’s plans to revolutionize health care and save money. Blumenthal, who was convinced EHRs would make medicine much safer, described the FDA injury reports as “anecdotal.”

An obscure outpost of the Department of Health and Human Services in the second Bush administration, ONC under Blumenthal revved up as federal officials laid plans for distributing billions of stimulus dollars.

The stimulus law directed ONC to set up two diverse advisory panels so that no single faction of the health care sector could unduly influence policy. Yet it seemed clear, at least to skeptics, that ONC depended heavily on the goodwill, expertise and guidance of the technology community.

Steven Findlay, who served on one of the panels as a representative of Consumers Union, said industry witnesses often “commandeered” the discussions because they “had the technical knowledge to steer things in a direction that they wanted.”

Safety “was not necessarily their first priority. They were building products to serve an industry and designing them to make money,” Findlay said in a recent interview.

Dean Sittig, a medical informaticist at UTHealth in Houston and early researcher on EHR safety, said ONC was “trying to promote” digital records “and there wasn’t a lot of interest in talking about things that could go wrong.” That conflict persists, he said. “They gave out $36 billion. It’s hard for them to say EHRs aren’t safe.”

The ONC did form a safety “working group.” The panel suggested that doctors and hospitals be required to report “potential hazards” and “incidents” to a national database or risk forfeiting government subsidies for purchasing records software, according to minutes from its March 12, 2010, meeting.

That idea never got past the drafting stage, however.

Glitches In The Matrix

In a nod to safety, ONC asked the National Academy of Sciences’ Institute of Medicine to weigh in, a move some at the FDA hoped would at the least lend support for nationwide collection of injury data.

When the 18-member expert panel held a public hearing in mid-December 2010, Shuren reappeared with updated FDA figures — about 370 reports of “adverse events or near misses” involving health IT since January 2008. Once again, he called FDA’s count a “small percentage of the actual [adverse] events that do occur.”

Among the causes he cited: failure of the software to interface properly with other technologies, user errors, design flaws and inadequate pre-market testing.

Shuren suggested EHRs were medical devices over which the FDA “has exercised enforcement discretion; meaning it has not enforced existing requirements,” an apparent reference to the hands-off policy. He called for “real-time collection, aggregation and analysis” of reports on the functioning of EHRs.

The Institute of Medicine panel in November 2011 called on HHS to make adverse incident reporting mandatory for vendors and voluntary for users. It also said HHS should ask Congress to approve a government-run injury monitoring system as rigorous as that used to promote airline safety that would both investigate and make its findings public. The FDA might not be the best-equipped agency to take on the task, the group noted.

The panel asserted that EHR vendors face “competing priorities, including maximizing profits and maintaining a competitive edge, which can limit shared learning and have adverse consequences for patient safety.”

One member called for even stricter oversight. In an impassioned dissent, Richard Cook, a Chicago radiologist and safety expert, argued EHRs were medical devices that necessitated the scrutiny of the FDA.

“At least a few U.S. citizens — perhaps more than a few — have died or have been maimed because of health IT. The extent of the injuries generated by health IT is unknown because no one has bothered to look for them in a systematic fashion,” Cook wrote in his dissent.

(Credit: Fortune)

Backtracking On Oversight

In 2012, Congress required FDA, ONC and the Federal Communications Commission to propose “risk-based” oversight for health IT that “promotes innovation, protects patient safety, and avoids regulatory duplication.”

Two years went by before the agencies did so. In April 2014, they promoted a “limited, narrowly tailored approach” to oversight led by the ONC as well as a “surveillance mechanism” to track adverse events and near misses.

ONC’s budget for the 2015 and 2016 fiscal years proposed spending $5 million for such a center, which ONC said would begin “a robust collection and analysis of health IT-related adverse events.”

But four House Republicans in June 2014 questioned whether ONC had the legal authority to set up the center.

Energy and Commerce Committee Chairman Fred Upton of Michigan, Vice Chairman Marsha Blackburn of Tennessee, health subcommittee Chairman Joseph Pitts of Pennsylvania and communications and technology subcommittee Chairman Greg Walden of Oregon argued that ONC had failed to satisfy their concerns over what Blackburn termed regulatory “mission creep.” At a House hearing in July 2014, Blackburn repeated her worry about “a misguided system of regulation.”

Former ONC director Karen DeSalvo said she was five months on the job and felt completely blindsided by the line of questioning — despite the National Academy of Sciences report years earlier that had advised HHS to seek approval from Congress to expand ONC’s oversight role. The center’s prospects dimmed further when the Congressional Research Service issued a report on the matter in early 2015 that seemed to side with the Republicans.

DeSalvo’s team later requested legislative authority to create the center, but the effort was not successful. ONC was granted legislative authority for other requests, however, empowering it to define interoperability and to crack down on vendors who improperly restrict access to medical records.

These days, many of the key players have conflicting opinions and recollections about what went wrong and why.

DeSalvo, now a professor of medicine and population health at Dell Medical School, said she really doesn’t know if something sinister torpedoed the safety center or it was just a matter of not enough people caring. “It was really just kind of start and stop,” she said. That’s perhaps not surprising, considering ONC has had seven directors in its 15 years of existence — and six since 2009, when the government made EHRs a national priority. (And that’s not counting four interim directors who collectively helmed the outfit for 16 months.)

Doug Fridsma, who left his role as ONC’s chief scientist in 2014, cited other factors that slowed the center’s momentum. He said uncertainty over its mission didn’t help gain the trust of the industry, while citing other thorny issues, such as who would foot the bill and whether its data might be used to discipline or otherwise harm vendors. Fridsma, now AMIA’s chief executive, said that government-sponsored regional patient safety organizations aren’t well equipped to conduct national oversight of EHR functions.

“It has resulted in a vacuum around health IT safety,” said Fridsma. “Congress has failed to make it a priority.”

Shifting Public Attention

Revisiting plans for a full-fledged EHR safety center holds little appeal to Don Rucker, the Trump administration’s ONC chief.

Rucker said he sees little value in collecting data on incidents often “years and years” after they occurred. Rapidly evolving technologies are making computer errors easier to recognize and remedy. “We can catch these things a lot earlier,” he said.

Rucker argues that the 21st Century Cures Act prohibits the industry from enforcing “gag” clauses that in the past have handcuffed hospitals and doctors from criticizing their EHRs. The Cures law includes fines of up to $1 million for “information blocking,” including taking steps to discourage EHR users from reporting adverse events and other problems for review.

New freedom to sound off assures that doctors and hospitals will begin sharing EHR problems, mitigating any need for mandatory reporting, in Rucker’s view. Rucker said he hopes to have the regulations in place by the end of the year.

The proposed ONC regulations cite a “strong public interest” in “open communication of information regarding health hazards, adverse events and unsafe conditions.” But that information won’t be shared with the public. ONC says all reports of problems are exempt from public release under the Freedom of Information Act. Congress gave these records the same legal status as income tax returns as part of the Cures law.

Jacob Reider, a former ONC interim director, said the government’s failure to do more to promote public awareness of safety concerns is disappointing — and even irresponsible — given its zeal in bringing EHRs into the mainstream of medicine.

“I remember internal conversations where we talked about ‘What is the equivalent of a plane crash that is going to get the attention of people?’” said Reider, who now practices family medicine in upstate New York. “‘Is it going to be a congressperson’s relative is harmed by health IT that causes the attention to shift?’ I would offer that still hasn’t happened yet, but someday it will. And gosh, wouldn’t it be a horrible thing that we have to wait for that to happen?”

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

You can read KHN’s story about electronic medical records here.

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The chairman of the Senate health committee on Tuesday backed new federal regulations to remove roadblocks patients can face in obtaining copies of their electronic medical records.

“These proposed rules remove barriers and should make it easier for patients to more quickly access, use and understand their personal medical information,” Lamar Alexander (R-Tenn.), chairman of the Health, Education, Labor & Pensions Committee, said in a statement prepared for a hearing on the rules that kicked off Tuesday at 10 a.m.

The rules, proposed last month by the Department of Health and Human Services, take aim at so-called information blocking, in which tech companies or health systems limit the sharing or transfer of information from medical files.

Alexander said HHS believes the new rules should give more than 125 million patients easier access to their own records in an electronic format.

“This will be a huge relief to any of us who have spent hours tracking down paper copies of our records and carting them back and forth to different doctors’ offices. The rules will reduce the administrative burden on doctors so they can spend more time with patients,” Alexander said.

The proposal requires manufacturers to fashion software that can readily export a patient’s entire medical record — and mandates that health care systems provide these records electronically at no cost to the patient.

Congress jump-started the nation’s switch from paper to electronic health records in 2009 using billions of dollars in financial stimulus funding to help doctors and hospital purchase the equipment. Officials expected the shift to cut down on medical errors, reduce unnecessary medical testing and other waste and give Americans a bigger role in managing their health care.

Yet in the decade since the rollout, critics have argued that the government spent billions financing software that can cause some new types of errors and typically cannot share information across health networks as intended.

“,” a recent investigation published by KHN and Fortune, found that the federal government has spent more than $36 billion on the initiative. During that time, thousands of reports of deaths, injuries and near misses linked to digital systems have piled up in databases — while many patients have reported difficulties getting copies of their complete electronic files.

Sen. Patty Murray (D-Wash.), ranking member on the committee, cited two patients profiled in the article to illustrate the potential dangers from EHRs that can’t exchange information.

“It’s patients who get hurt. Like the man in California, who suffered brain damage after his diagnosis was delayed because a hospital’s software couldn’t properly interface with a lab’s software,” she said at the hearing. “Or the woman in Vermont, who died of a brain aneurysm that might have been caught if a software problem hadn’t stopped the order for a test she needed.”

Jonathan Lomurro, a medical malpractice attorney in New Jersey, said his clients usually have to go to court to get their complete medical record. The information that health care providers fight most bitterly to keep from them, he said, are the audit logs — or the data that show every time a record has been accessed or edited, and by whom and when.

That “metadata,” he and other plaintiff attorneys argue, is critical for patients to understand the history of their care, particularly in cases where something has gone wrong.

In an interview prior to Tuesday’s hearing, Lomurro criticized the HHS proposal, saying it limits a patient’s ability to obtain these logs. While the proposed rule requires the systems to share most data from a medical record with a patient, it excludes audit trails from that classification.

“While the proposal talks about the need of patient access … they then strip the greatest protections from the patient,” said Lomurro. “I am at a loss on how this could ever be a beneficial change to the rules and help patients.”

Seema Verma, who heads the Centers for Medicare & Medicaid Services, agreed that patients should be entitled to audit log information. “At the end of the day, it’s all of the patient’s data. If it affects and touches their medical record, then that belongs to them,” Verma said in an interview last month.

The HHS proposal also encourages doctors and other users of EHR technology to share information about software problems they encounter by prohibiting “gag clauses” in sales contracts. Critics have long argued that the clauses have prevented users from freely discussing flaws, including software glitches and other breakdowns that could result in medical errors and patient injuries. In 2012, an Institute of Medicine report blamed the confidentiality clauses for impeding efforts to improve the safety of health information technology.

But a major remaining problem in wiring up medicine is the lack of interoperability across rival data systems, said Christopher Rehm, chief medical informatics officer of LifePoint Health, a hospital system in Brentwood, Tenn. In testimony prepared for the Tuesday hearing, Rehm called it “the equivalent of telling people they must buy cars and move those cars from place to place, but there are no roads and no agreed-upon design for the roads, let alone the funding to actually pay for the construction.”

According to Rehm, the average-sized community hospital (161 beds) spends nearly $760,000 a year on information technology investments needed to meet federal regulations. He said the costs “are crushing our industry where margins are already thin.”

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

“What we really need is a much more tailored approach, so that we have appropriate oversight of EHRs when they’re doing things that could create risk for patients,” Gottlieb said in an interview with Kaiser Health News.

Gottlieb was responding to “Botched Operation,” a report published this week by KHN and Fortune magazine. The investigation found that the federal government has spent more than $36 billion over the past 10 years to switch doctors and hospitals from paper to digital records systems. In that time, thousands of reports of deaths, injuries and near misses linked to EHRs have piled up in databases — including at least one run by the FDA.

Gottlieb said Congress would need to enact legislation to define when an electronic health record would require government oversight. He said that the digital records systems, which store a patient’s medical history, don’t fit neatly under the agency’s existing mandate to regulate items such as drugs and medical devices.

Gottlieb said the best approach might be to say that an EHR that has a certain capability becomes a medical device. He called EHRs a “unique tool,” noting that the risks posed by their use aren’t the same as for a traditional medical device implanted in a patient. “You need a much different regulatory scheme,” he said.

The 21st Century Cures Act of 2016 excludes the FDA from having oversight over electronic health records as a medical device.

Gottlieb said that health IT companies could add new functions that would improve EHRs, but they have been reluctant to do so because they didn’t want their products to fall under FDA jurisdiction. He added that he was “not calling” for FDA to take over such a duty, however, and suggested that any new approach could be years away. Proponents have long argued that widespread use of EHRs can make medicine safer by alerting doctors to potential medical errors, though critics counter that software glitches and user errors may cause new varieties of medical mistakes.

How closely the FDA should watch over the digital medical record revolution has been controversial for years. The agency’s interest in the issue perked up after Congress decided in February 2009 to spend billions of dollars on digital medical records as part of an economic stimulus program.

At the time, many industry groups argued that FDA regulation would “stifle innovation” and stall the national drive to bring medicine into the modern era. Federal officials responsible for doling out billions in subsidies to doctors and hospitals generally sympathized with that view and were skeptical of allowing the FDA to play a role.

The debate became public in February 2010, when Jeffrey Shuren, an FDA official, testified at a public hearing that the agency had tied six deaths and more than 200 injuries to health information technology. In all, the FDA said, it had logged 260 reports in the previous two years of “malfunctions with the potential for patient harm.”

The agency said the findings were based largely on reports voluntarily submitted to the FDA and suggested “significant clinical implications and public safety issues.” In one case cited, lab tests done in a hospital emergency room were sent to the wrong patient’s file. Since then, several government and private repositories have associated thousands of injuries, near misses and deaths to EHR technology.

Shuren said in 2010 that the agency recognized that health information technology had great potential to improve patient care, but also needed oversight to “assure patient safety.”

While some safety proponents agree that EHRs offer tremendous benefits, they also see a greater opportunities to improve their safety.

Dean Sittig, a professor of bioinformatics and bioengineering at the University of Texas Health Science Center, said EHRs have improved safety within the health care system, but they have not eliminated errors to the extent that he would have expected. Federal officials were initially pushing for rapid adoption and “there wasn’t a lot of interest in talking about things that could go wrong,” Sittig told KHN and Fortune.

Earlier this month, Gottlieb announced his from the FDA. His last day is scheduled to be April 5.

KHN correspondents Sarah Jane Tribble, Sydney Lupkin and Julie Rovner contributed to this report.

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

A KHN and Fortune investigation found:

Patient harm: Electronic health records have created a host of risks to patient safety. Alarming reports of deaths, serious injuries and near misses — thousands of them — tied to software glitches, user errors or other system flaws have piled up for years in government and private repositories. Yet no central database exists to compile and study these incidents to improve safety.

Signs of fraud: Federal officials say the software can be misused to overcharge, a practice known as “upcoding.” Some doctors and health systems are alleged to have overstated their use of the new technology, a potentially enormous fraud against Medicare and Medicaid likely to take years to unravel. Two software makers have paid a total of more than $200 million to settle fraud allegations.

Gaps in interoperability: Proponents of electronic health records expected a seamless system so patients could share computerized medical histories in a flash with doctors and hospitals anywhere in the country. That has yet to materialize, largely because officials allowed hundreds of competing firms to sell medical records software unable to exchange information.

Doctor burnout: Many doctors say they spend half their day or more clicking pulldown menus and typing rather than interacting with patients. An emergency room doctor can be saddled with making up to 4,000 mouse clicks per shift. This has fueled concerns about doctor burnout, which in January the Harvard T.H. Chan School of Public Health and Massachusetts Medical Society called a “public health crisis.”

Web of secrets: Entrenched policies continue to keep software failures out of public view. Vendors of electronic health records have imposed contractual “gag clauses” that discourage buyers from speaking out about safety issues and disastrous software installations — and some hospitals fight to withhold records from injured patients or their families.

For an in-depth examination of electronic health records, read “Death By 1,000 Clicks: Where Electronic Health Records Went Wrong.”

ºÚÁϳԹÏÍø News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).