Curbside Consult with Dr. Jayne 8/25/25

Like many  practicing physicians, I use a variety of tools to research clinical questions. This might be for patients I’m seeing or for board certification questions (which thankfully allow the use of references now).

I received an email from OpenEvidence the other day that announced “a new feature purpose-built for the patient visit” to deliver real-time evidence, help draft your clinical notes, and connect with patient context. It went on to say that the tool can act like a digital assistant and add medical intelligence into notes and other documentation by “automatically surfacing the latest clinical evidence and guidelines directly within your documentation workflow.”

As one would predict, my clinical informaticist sense was tingling. I had to go check it out.

What I found was a potential compliance nightmare. I hope practice leaders are aware of the potential risks and are educating their physicians accordingly.  I’ve spent enough time as a physician executive to know that many frontline physicians aren’t aware of compliance issues beyond what they see in annual HIPAA and Fraud, Waste, and Abuse training. Those only touch the surface of all things compliance.

Upon clicking the new visit button in OpenEvidence, I got a pop-p that said that the visits feature “can record patient encounters” and that it requires a “free BAA between your practice and OpenEvidence.” It asked me to input the name of my practice and then told me to “Contact your CMIO” to have my organization establish a BAA, even going as far as providing me a draft message to cut and paste to my CMIO.

If I sent that email to my CMIO, or anyone empowered to manage Business Associate Agreements on behalf of my clinical employer, I’d be laughed right out the door, especially since the preformed letter had the name of the practice wrong.

It also provided the option to say that I am in solo practice rather than with a corporate entity, which is also true for me, since I’ve maintained a legal entity over the years that would enable that should I want to use it. It gave me a one-click option to sign a five-page BAA, but you can bet that I’m not going to be doing that anytime soon.

I’m always skeptical when a service is free because I know money is being made one way or another behind the scenes. Unfortunately, that doesn’t keep people from just clicking and thinking that they’re good to go without fully understanding what is happening with their data.

Once I left that pop-up, I was greeted by a stealthy little pop-up below the search bar that again gave me a one-click option to accept the BAA. Based on how it looked, I can imagine that physicians might just accept it without fully understanding what they’re agreeing to in that innocuous little pop-up.

The experience made me think of other free services that may run the risk of needing a Business Associate Agreement, including Doximity. Plenty of physicians have signed up to use its free services, which include Fax and Dialer. The latter lets physicians call patients without revealing the physician’s contact information. It also allows physicians to send secure texts. 

Video testimonials on its website talk about physicians using it to share lab results or other important communications. I hadn’t thought about using that service, but it made me wonder how much physicians are really thinking about it and how they’re documenting these communications in the medical record without there being integration. It made me wonder about the potential liability risks of these services and if physicians are sacrificing accurate documentation for convenience.

Doximity also offers a GPT feature. I tried it a couple of months ago and didn’t think it was that great, so I decided to give it another go.

I asked it one of my favorite dermatology-themed board questions and found it to be utterly unhelpful, giving an answer that essentially said, “it depends.” That certainly wouldn’t be good enough to get me credit for my board certification question block, which had a very specific answer in mind. Fortunately, I had previously used a stronger reference to help manage that question, and I’m grateful that I went with that strategy rather than relying on this one.

I asked a question about electrolytes in a specific medical condition and got a much more satisfying answer, with the response nicely calling out some important details specific to the clinical scenario. Other AI tools I’ve used haven’t done that well with that particular scenario. I still wonder what the company might be doing with my data and my search history.

I don’t remember what was in the Doximity terms and conditions when I signed up. I did it many years ago for a free fax number so I could submit expense reports during a particularly annoying consulting engagement where they wouldn’t accept them in PDF format.

They were easy to find via a link located at the bottom of the screen. They were 23 pages long, so I just skimmed through them looking for interesting tidbits. One was a clause that the user agrees not to use the tools “in any way that violates or conflicts with any agreement to which you are a party, including any agreement with your employer.”

I’ve been involved in enough physician online forums to know that a good number of physicians have no idea of some of the key details in their employment agreements, such as the number of days of notice they have to provide if they’re quitting, or how their bonuses are calculated. I would be surprised if the majority of physicians know the details of clauses that might be lurking in those agreements with respect to tools such as these.

One of my favorite sentences in the agreement: “We do not guarantee the accuracy or reliability of this content and information.” That’s certainly something right there.

The agreement also clearly says that the AI tools are “for informational purposes only” and shouldn’t be “used as clinical decision support tools or for diagnosing, preventing, or treating any medical condition.”

The agreement also linked out to the company’s privacy policy, which clearly states that the company may use de-identified data and share it with third parties for purposes that include to “support commercial opportunities, generate insights and identify trends, and promote our business.” I’m no lawyer, but I’m guessing the part about commercial opportunities allows them to sell that de-identified data for whatever purpose they see fit.

Additionally, they’re clear about how they work with “commercial clients” to target physicians. Although I’m not crazy that the platform enables marketing, it’s not like they’re hiding what they do.

I got tired of reading about two-thirds of the way through, especially since I have a pile of better things to read sitting on my nightstand and at least one novel was actively calling my name.

I’m sure that various company terms and conditions contain other interesting examples. I would be interested to hear from users on some of their favorite or least-favorite clauses.

What do you think about free services that are monetizing your information? Is everyone so used to it by now that no one cares anymore? Leave a comment or email me.

Email Dr. Jayne.