Home » Readers Write » Currently Reading:

Readers Write: The Big Fib

May 9, 2019 Readers Write 15 Comments

The Big Fib
By Weary Healthcare Traveler

On Tuesday, May 7, Don Rucker appeared before the Senate to garner support for ONC’s new rule relating to 21st Century Cures. Although he used complex language and invoked incantations of magic like JASON, Restful Services, APIs, AI, ML, and OAuth2 to US Senators who all just nodded and went back to their scripted questions, this is my summary of what he was really championing in that hearing.

The Baseless Promise that Apps and APIs will revolutionize health and healthcare records. There is no evidence to suggest this at all after almost a decade of patients having the ability to download their own medical records, billions of dollars of venture capital spent on startups, and a wide range of APIs available across all the major healthcare vendors. This includes both standard FHIR and proprietary APIs available through agreements with third parties.

The Big Stick of severe penalties for the new vague crime of data blocking of patients and venture capitalists seeking data perpetrated by doctors, health systems, or technology developers who submit to ONC in support of their ever more ridiculous programs which continue to torture doctors in the name of CMS quality management and payment programs.

Of course, given the lack of any traditional enforcement for such a nebulous crime, ONC’s plan is to invoke False Claims Act laws to create a Sword of Damocles over any vendor or steward of patient data who does not submit fully to the Baseless Promise and the new rule.

The False Flag of claiming patient data rights as the primary rationale for their new rules, as ONC has fully submitted to the venture capitalists of Silicon Valley and other special interests who wish to exploit patient data on a massive scale. The Big Stick is big, but of course specifically designed by ONC to not be big enough to reach the new bread of app developers mentioned in The Baseless Promise who would abuse patient data through complex and intentionally deceitful terms and conditions (they are not covered by HIPAA or ONC Certification.

Rucker misleads the Senate by claiming that OAuth 2, a beautiful standard that works in other industries, will provide protections for patients when in fact he simply means that the patient would retype their passwords and afterwards the same rules that apply to Facebook, Google, Cambridge Analytica and the like would magically protect our most sensitive and personal data. It won’t.

The Big Hero as ONC tries to claim the high ground defending all that is right and just. And,but for the evil forces of vendors, health systems, and wicked data blockers would be able to fix up healthcare in a matter of months if everyone just got behind their new rule. Per Rucker previously, to wait even a month for additional input would have dire consequences to patients.

The Big Villains are said to be EHR vendors, who through their mandated support of ONC, CMS, and other payer requirements, try to help doctors and health systems cope with a fundamentally polluted reimbursement and regulatory system and are cited as the cause of burnout as thanks for their efforts. These vendors will inevitably stand accused under these new regulations for not fully supporting the data broker industry and be subjected to The Big Stick.

And, oh, gag me – this notion that EHR vendors have gag clauses is ridiculous. Asking customers not to publish trade secret intellectual property is not a gag clause. Health systems and provider contracts almost always tip the other way, restricting vendors from sharing any confidential information they may have. That would include basics like fee schedules, business expansion, and acquisition plans, but also observable medical errors that providers and pharmacists make on a routine basis even after overriding a warning to stop and reconsider. That’s where the real gag clauses exist.

If EHR vendors actually had gag clauses, I doubt you’d have the level of ONC- and AMA-sponsored EHR bashing you have today. Let EHR vendors protect their intellectual property and use well-established methods through Patient Safety Organizations for any real EHR safety problems.

The Evil Empire is healthcare providers and systems who themselves hoard data with a fearful eye toward outsiders who seek to exploit it. Fearful because HIPAA will crush them if they make even an innocent mistake in their stewardship of patient data. And now fearful that patients won’t understand how their data, their family history, and their genetic information was permanently released to the Internet and sold many times over when the terms and conditions of an app seemed to assure patients it wouldn’t do so when the patient connected the app to their doctor’s EHR.

All this in spite of health systems now offering online portals and apps that rival any travel, banking, or self-serve app found in any other industry. Going back to the Baseless Promise, only about 35% of patients even sign up to use their apps and portals at the urging of their doctors and health systems which, like airlines, also benefit from patient self service.

So, finally, The Big Fib. Through this new rule and under the flags of innovation and healthcare reform, our government (this administration as well as the previous) is on a path to sell out American patients to a data broker industry that has spent over a decade and countless millions of dollars lobbying for unwitting and uninformed patients to allow their data to be used in ways they can’t even imagine. This False Flag above is in large part sponsored by the a data broker industry worth hundreds of billions of dollars seeking hundreds of more billions.

What should we be focused on instead of ONC’s “Game of Thrones” heroes and villains narrative?

The healthcare industry is largely built on a model of cost shifting from patients without coverage or covered by government-subsidized programs to patients with employer-sponsored commercially insurance. That worked out in a world with more commercial than government subsidized patients. With the Medicaid expansion, there are now more people on subsidized plans and fewer on commercial plans, and thus we have run out of the ability to shift costs. Prices and deductibles are rising fast because neither insurance companies nor healthcare providers want to take a hit to revenue or their bottom lines.

There is not a quick solution here because it is more beneficial for politicians to campaign on the issue of healthcare coverage than to come together to create a bipartisan solution. We need more than a Baseless Promise to fix healthcare. We need to press Washington to unwind this hairball of a reimbursement system.

Healthcare providers seek to enhance and protect their relationships with patients and often do so by using data and services in beneficial ways, leveraging their unique relationship with the patient and their stewardship for the patient data under HIPAA. This can be used for good and as well for evil. Rethinking regulations to protect patients by enforcing rational HIPAA-protected interoperability including both doctor to doctor exchange, but also patient to their chosen apps with full awareness, audit abilities, and responsibilities similar or under HIPAA for those app providers. Force apps to protect patient data in a reasonable and accountable manner similar to health providers.

Get over the fixation on EHR vendors as villains. They have done more to dramatically enhance patient outcomes, reduce medical mistakes, and improve convenience, consistency, and compliance in healthcare over the last decade than any other technical innovation. Spend a moment contemplating this array of regulatory and payer requirements and the explosion of medical knowledge unaided by automation. If enough providers hate their EHR when EHRs are being built to deal with the rules providers choose to submit to, then maybe they’ll stop buying certified EHRs and take the penalties as CMS dictates.

If ONC and DOJ continue to abuse vendors who work in good faith to support these complex and ambiguous programs on ridiculous timeframes, maybe those vendors should simply decide to no longer offer certified EHRs. What would happen in this industry if ECW, Greenway, Allscripts, Epic, and Cerner walked away from the ONC certification program?

Maybe most important of all, stop using exaggerated anecdotes and innuendo to “make your case.” As leaders of ONC, CMS, Congress, and industry, it’s time to put some science and integrity to work in crafting a better-functioning health system for Americans. Many billions of API transactions and hundreds of millions of patient records are being transported across health systems and with apps, also made available directly to patients every year. To hear senators read from their scripts that “we still don’t have interoperability” is embarrassing.

Will it be better 10 years from today than it was 10 years ago? Of course it will, but not if we continue to exaggerate and fool ourselves to the benefit of those who continue to seek to exploit patients and their data. This willful campaign of misinformation will likely lead to a backlash by patients when they realize their government has sold them out to data brokers.

HIStalk Featured Sponsors


Currently there are "15 comments" on this Article:

  1. I happen to be sitting in the waiting room to see my doc. The other people in the waiting room are looking at me funny because I just stood up and started applauding after reading this. Now if only someone would listen.

  2. Absolutely great article. I wish I were smart enough to have witten it. I wish, however, that it had also addressed the fact that evidence is scant as to all the innovation and data sharing actually reducing the cost of helathcare. CMS and ONC need to face this fact and stop hyping every supposed innovation that come sdown the street.

  3. This is an amazing summary of the core issues under the politicized aspects of health IT.

    I’ve seen so many amazing benefits of Health IT preventing obvious errors, improving outcomes by creating accountability and standardization, and new techniques using real time surveillance with machine learning and AI techniques to reduce Sepsis deaths across this nation.

    The data broker and selling out patients just like Facebook, Google and Amazon do is a HUGE issue. Our government is supporting these corporations because of their donations (way more money than Judy, Neal, Girish, Jonathan, Paul or Howard could ever do).

    These issues are complex and confusing because of the massive and well funded campaigns focused on safety (who pays Medstar bills), data blocking (John Doerr pays his own bills, thank you very much), patient rights (painted jackets and ePatient Dave doing cool songs with Ross).

    Hippies worried about the Military Industrial Complex in the 60s and 70s.

    We now need to also worry about the Medical Industrial Complex (brought to us by Aneesh Chopra, Farzad Mostashari, and now Don Rucker).

    Doctors are rebelling against the restraints of EHRs which simply reflect the restraints of Regulations. Will doctors wise up and rebel against the root cause or will they be sheep to the slaughter joining the voices of data brokers, CMS weasels for sale and politicians who want to misdirect evil thoughts to EHR Vendors instead data brokers and CMS?

  4. I want to puke.

    Come on, HISTalk- you’re better than this. An anonymous slash job from someone who almost certainly has a stake in preventing change? Probably a physician of unknown quality rating who doesn’t want their patients to be able to easily take their business elsewhere?

    Let me guess whether this person has also railed against HIPAA requiring him or her to dispense the data on request.

    If the author will self identify, including personal stake in these issues, we can discuss. Until then I’ll cry “conflict of interest!”

    Great strategy used by many obstructionists through the years: dig in heels, then screech loudly about the lack of progress.

    • Dave, you can already download your records and you probably know it. Curious who sponsors your attendance at events to champion something you already can do.

      If you can’t down load your record it isn’t due to a lack of regulation. You need to change doctors if they don’t offer it.

    • Unfortunately -Readers Write- tells only part of the story. EHR vendors don’t just protect intellectual property with their gag clauses. They restrict any communication about anything related to the products. Don’t believe me? Try an search Google for anything on Cerner or EPIC. Try to find one training video on Youtube, try to find a blog where somebody comments on the design of the product. Try to find a screenshot anywhere of the EPIC system. I can save you the time.. you will not find anything. All communication that references those vendors are part of the gag clause, and the lawyers from those EHR vendors are quick to send take down letters to any violators.

      In almost every other setting this type of communication typically falls under fair use. As long as the provider isn’t revealing anything about unreleased software, or the inner workings of an algorithm then they would not be violating a copyright or putting any IP at risk by sharing this type of information. Yet, many EHR vendors enforce these types of restrictions on their users via contracts. Even basic information that is used by any third party to connect to the system like the underlying data model, or API documentation is treated like top-secret material, limited to named & authorized users (under NDA’s and contracts). I hate to break it to you but if you think that your data model and IP documentation is your IP, then your company is not long for this world.

      Additionally, many EHR vendors have gag orders on contractors that don’t allow them to take code created for one provider and reuse it with another. In fact many contracts make it so that the EHR vendor owns the rights to any “custom” software created on their platform by contractors. This means that Provider B cannot benefit from the work of a contractor who implemented something for Provider A unless the EHR vendor decides (eventually) to implement that feature as part of the core product (or provider B is willing to pay the contractor to re-create the work from memory). There is a whole lot wrong with this model and approach that makes me wonder why Hospital CIO’s were ever willing to engage in such a contract.

      One person comments on how there is no indication that sharing of data has decreased the cost of care, or increased the quality. I encourage you to please visit ARHQ.gov or HBR.org and review the numerous articles showing positive outcomes. I also dare you to find a single study not published by an EHR vendor that demonstrates that the EHR has done anything to improve the quality or cost of care.

      You are hand waving over the true problem when you create fear about big IT companies and their handling of data (Google, Facebook, Amazon, etc). You claim that there isn’t a problem to solve because your products already provide data sharing and the risk of misuse by these untrustworthy tech giants are just too high. Nice hasty generalization and seeding of fear, I guess you did not have time to actually think about the problem.

      Have any of you actually watched how data is shared between providers and payers and patients in the real world? Sure some of your EHR systems allow for data export, or minimal record sharing between providers that is cumbersome at best, but once you actually try and share data in a meaningful way across organizations and across systems more than 90% of it occurs using the trusted 1945 technology known as the fax machine, or even worse the technology that was popular starting in 1775, the postal service. That’s right it is 2019, and most medical data sharing is paper printouts of medical charts sent via fax or mail.

      C’mon people, this is beyond ridiculous. How can you call this state of affairs a big fib? The first step of solving your problem is accepting that you have one, not hand waving, fear mongering, and pretending that it is all somebody else’s fault, or worse that there just isn’t a problem to begin with.denial.

      • You’re not being truthful. You can find tons of Epic screens on the internet. Same for Cerner.

        Check out EpicParadyEHR twitter feed as well.

        Common, you’re just blinded by the hype or don’t know how to do a google image search.


      • Also, what the heck are you talking about here: Additionally, many EHR vendors have gag orders on contractors that don’t allow them to take code created for one provider and reuse it with another. In fact many contracts make it so that the EHR vendor owns the rights to any “custom” software created on their platform by contractors.

        If you create code on your own that DOES NOT INCORPORATE another developers code, you can do whatever you want with it. If however, you copy a vendors code and call it your own, that’s a HUGE problem. It’s called STEALING!

        Jeepers, Vanilla Ice learned the hard way, maybe you need to as well.

        Stealing is stealing. Invent your own stuff and you won’t have to worry about a vendor coming after you for putting a few sprinkles on the cupcake and calling the entire cupcake your innovation!

  5. This a good summary of the core issue. I remain optimistic that if mission oriented people in healthcare work to reach out to their representatives and local politicians we can help focus government on the real issues facing us and to be cautious to not use government force against the very people we seek to care for and protect, I’ve never had a patient ask me for a better app, they usually live in fear of how much their surprise bill might be. Let’s stop looking for the next miracle cure or trinket and refocus our efforts on the fundamentals of healthcare.

  6. I enjoyed the rant and can go along with its major tenets. What was left unsaid was that providers and vendors both have interest in keeping things private. Facilitated exchange and transition make it easier for providers to change EHR platforms and easier for patients to change healthcare providers. Like it or not, ONC pressure, and more specifically reimbursement practices, drive industry direction. As a consumer I can tell you that I’ve encountered plenty of places that did a great job of providing me with my own data. I’ve found none that share it well.

    • The author seemed to support your concept (although it was getting to be a longer read)…

      This can be used for good and as well for evil. Rethinking regulations to protect patients by enforcing rational HIPAA-protected interoperability including both doctor to doctor exchange, but also patient to their chosen apps with full awareness, audit abilities, and responsibilities similar or under HIPAA for those app providers. Force apps to protect patient data in a reasonable and accountable manner similar to health providers.

  7. Maybe it is time for more practicing nurses, physicians, and health IT leaders to climb out of the daily trenches of direct patient care to form our own PAC, run for office, and help congress, CMS, and the ONC with better guidance toward a single simple and distinct goal to accomplish that we can all identify with and rally around. Our industry is complex. It is time to take a step back and simplify.

  8. If ever there was an industry worthy of disruption it is the U.S. Healthcare, and specifically Healthcare IT, industry. If you look at almost any measure we aren’t keeping up with other advanced (and also not so advanced) nations, and in some key areas (cost, standardization, access) things have gotten worse, not better, and have been doing so for a great many years. In a world where people are freely giving up their most private details for free it’s laughable that anyone would blame ONC or CMS for being too open.

    Here are some hard truths: clinical data isn’t shared because it doesn’t profit your doctor and the health system to do so. EHR vendors built their systems to suit their health system masters and use their size anti-competitively, just like health systems do. Existing patient portals are a joke.

    This rant is indicative of those in this industry that proudly proclaim “I’ve been in Healthcare for 30 years” but don’t understand that they are clearly part of the problem and won’t take responsibility for the state it’s in.

  9. Looks like someone made their career working with an EHR vendor. Can only guess at which one. Healthcare data is complex and while advancing FHIR will help the fact is healthcare organizations need to invest in an enterprise healthcare data strategy and platform to really leverage the power of data. The EHR is just not that platform. The challenges of healthcare data are too complex for EHR vendors and they do no one a service when then try to position themselves as having more capabilities than they do. They should stick to their lane.

Founding Sponsors


Platinum Sponsors




















































Gold Sponsors













Reader Comments

  • AnInteropGuy: I would hope that we have better medicine and science than we did 67 years ago. Our understanding of virus mechanisms ar...
  • Angela C. Witt: Most of the suggestions you have to improve order management in the EHR are features available in current vendor product...
  • masterblaster: I was intrigued by your statement of "Because they so tightly control access to the vendor’s documentation, I have no ...
  • IANAL: In spite of AMA lobbying, regulatory changes in the early 2000s allowed pharmacists to give flu shots. Costs fell, acces...
  • Brian Too: My theory is that telehealth is a bigger benefit for the patient than it is for the clinician (though there are clinical...

Sponsor Quick Links