HIStalk Interviews Hank Jones, III, Technology Lawyer
Henry W. “Hank” Jones, III is an attorney in private practice and owner of Intersect Tech. Consulting of Houston, TX.
Tell me about yourself and your firm.
I’m a 36-year lawyer in information technology who works as a midwife, birthing transactions and products, usually software or e-commerce. I’ve been in six companies, full-time on the exec team of three in blended roles doing firefighting, utility infielder multi-department tasks, sales, and product design. Coming from an intellectual property background, then doing more and more in healthcare over the 36 years.
We first connected from your comments about market research firms. What do you think about their methodologies and potential conflicts of interest?
Too many customers of IT in every domain, medical or otherwise, are unfortunately naïve that market research is both necessary and insufficient, at least for significant transactions, for multiple reasons. Number one, their methodologies and, therefore and their goals and missions are limited. Number two, there are necessary data, if you’re trying to be safe and excellent and surviving on transactions for a long time, they’re really beyond the market research companies’ skills or traditional efforts. In particular, failure analysis, customer disputes, litigation, and government regulatory filings.
The occasional project leader, IT manager, sourcing "professional," or even worse, healthcare professionals venturing into an IT transaction for the first time, don’t know what they don’t know. Unknown unknowns can be mission critical in choosing what the scope of the transaction should be, how you do the selection exercise, and what negotiating plan or terms and conditions you need. The market research firms vary among themselves significantly on their skill, their processes, and how they get paid. Even then, to do any kind of medium- or large-sized transaction, it’s not enough.
How common is it that companies have legal skeletons in their closets that prospects should know about?
Actual lawsuits are intermittent, but necessary market knowledge. The real question is, what’s the risk profile for the individual transaction and proposed solution? Which involves, number one, looking at other competing vendors’ track records. Number two, disputes that never got to litigation, which always outweigh the quantity that actually get to litigation. Number three, arbitration and mediation. Most stuff never goes to court. Number four, the latest move to automation with the stimulus money, etc.
Many IT customers don’t understand that there’ve been massive sea changes in how the technologies get built upstream and under the hood. They don’t know that every deliverable is a hybrid with many components from many owners. Many don’t know that a lot of what gets delivered was designed using tools and languages that come from third-, fourth-, fifth-tier removed vendor who built good stuff, but it may or may not be available long term. It may or may not have been customized to a significant degree. Further, there’s open source in everything now. Not only in testing activity, but actually in the deliverable.
Too many customers are using 1980s and 1990s assumptions that were then valid regarding software development and content that are archaic and therefore somewhat dangerous now. You wouldn’t use old virus scanning software on your PC for your house to know what’s on the inside. Similarly, the procurement processes and the project plans, negotiation skills, the contract provisions and exhibits that healthcare providers want now should reflect modern, appropriate technology norms, which have changed in the last five or 10 years.
How often do company executives or founders get into legal disputes with their boards or investors?
It depends on the size and age of the company. It’s very common to have a founder displaced after taking an additional round of investment. It’s common to have management teams nudged out, and often financially rewarded for it, after a merger as opposed to an initial venture cap round. It’s even more common in software now.
A third factor that’s newer is the large software-only private equity firms, which have a ton of gunpowder. There’s three or four or five of them that only do software company acquisitions and radical overhauling. They take best practices with an elite specialist consultant team and then do mash-ups. We’re seeing that with the McKesson and e-MDs products getting smooshed together on an ambulatory level, for example.
In Austin, where I just moved from, there’s a PE company with $16 billion who are doing 20 or 30 transactions a year. Many of them are mid-sized companies, but including some whales like Misys out of London, the deal they did a while ago. Greenway got taken private, so we don’t know their financial disclosures any more.
Everyone should assume that the vendor isn’t who it will be at the end of the expected useful duration of a product. My metaphor is that you and your significant other go out for dinner and a movie and the babysitter has outsourced and subcontracted by the time you come back. Somebody else is watching over your kids.
Is it fair for publications to sensationalize the details about a lawsuit that’s just been filed even though they have only one side of the story at that point?
There’s a problem of inadequate business journalism. There are tons of interesting action items for HIT managers in those 960 Epic-Tata pleadings, but it takes a lot of effort, and frankly, domain expertise, to sift and parse and differentiate what’s normal or not in the legal environment. The splash — yellow journalism would be the technical term — is a problem, but I would say the larger problem is inadequate follow-up and inadequate domain translation. There’s another problem too, which is that things get sealed, although I’ve had some success over the last couple of negotiations with judges later having them unseal some things, one of which was a medical software OEM deal.
What are your thoughts about Epic, Cerner, and other companies that make their employees agree to arbitration rather than labor lawsuits as a condition of ongoing employment?
I’m not a labor lawyer, so I don’t think my comments are that useful. It’s clear that in all parts of US industry, arbitration has been a mega-trend. There’s been push-back in every industry of it being, in some contexts, suppressive and unrealistic.
Real business people and lawyers, however — back on health transactions and other IT transactions in every industry — know that a careful scalpel in contracting, meaning a sharp pen, is a useful tool because what you want is to see prevention processes, governance clarifications, and then dispute-handling processes. The IT outsourcing, multi-year contracts have for years contained customized processes to deal with disputes. Over a period of time, priorities, technology, and the leadership economics are going to shift somewhat.
What people should be doing — and a few smart, creative ones do, but most don’t — is port the transactional tools, the terms, the rules of a contractual relationship, from outsourcing into pure software licensing, on the argument that the software’s going to change, ownership may change, the features are going to change, the security specs are going to change. Why not treat software not as a physical product, but as an evolving thing that it realistically is? Particularly in healthcare where you’ve got changing regulations, security specs, and patches that are more important from the privacy stuff. ADR should be for us in HIT a detailed, customized, thoughtful exhibit in every contract, rather than a two-sentence paragraph that nobody looks at. That’s like ignoring anesthesia in a prep for surgery.
Are patent trolls a big problem in health IT?
Yes. There’s lots of economics, there’s studies on that. The America Invents Act did not solve it. The Eastern District of Texas is still a whorehouse. Not La Grange, where the film with Burt Reynolds and Dolly Parton came from. The judges went to the Dallas bar and recruited the work. There’s not yet a legislative fix. It’s a problem that’s broader, although most visible in technology. A lot of people have worked on that.
I used to be vice-president of intellectual property development for a $3.5 billion revenue per year company. I’m not really a patent specialist, but I know and work intermittently with people who really are deep in this. It’s still a problem that in healthcare is inadequately understood by customers who don’t know that a shotgun, financially speaking, could be placed to the head of their supplier. In particular, do the hospitals require due diligence by their people and then contractual warranties and insurance purchasing by providers, because patent expenses and threats to their vendors upstream from these third parties are a realistic business concern. It’s not even on the checklist.
A big HIT transaction is like a major surgery. A pacemaker installation, if you want to be metaphorical about it. Have they worked up the patent risk and risk mitigation scenario of each prospective vendor and worked that into their spreadsheet or their evaluation? Some vendors are, and some vendors aren’t, holding their own tools, munitions, and ammo in terms of patents and patent licenses or membership in patent-sharing defense arrangements. There’s a publicly traded company that all it does is provide a shared defense. That tells you that the need is that large, that people could commercialize this reactive requirement.
Do you have any final thoughts?
My hunch — and my possible book, as I look at expanding that 3,000-word article about avoiding health software heart attacks — is whether the industry has a problem with assigning, in effect, pre-med students to do neurosurgery. The observation by many HIT specialists is that a lot of providers only plan and then procure their solutions intermittently. Therefore, they attempt to negotiate against vendors who are professional and have a different set of objectives.
I had a software manager at a very large academic institution come to me and say, "Please help us. My sourcing people know sutures and Band-Aids, but not medium- or large-scale software transactions." It’s a minority of transactions that get done well, resulting in HIT organizations having operational health risks that don’t happen in other industries.
There’s a majority view that’s whispered or shared over drinks that because so many healthcare organizations are relatively new at automating, they have the naiveté of thinking that it’s like any other skill. CIOs who are fine human beings, very smart, or physicians who aren’t careerists in IT might not have the transactional, life cycle, and vendor management experience that CIOs do in other industries. This is hard. You could argue that health software and health IT is harder because it’s in an environment different than other industries, with more regulation, more change, more third-party roles, government paying for some, and health privacy.
You need more skills and ruggedness in your contracts, supply planning, and IT strategy than in finance, manufacturing, or consumer goods. Maybe I can find some non-profit funding and lure some graduate students to work on their practicum or internships to do records requests. Some of the contracts that I’ve pulled from government hospitals under sunshine laws show work and current supply chains that extend maybe to the dangerous degree that would be unacceptable to the boards of companies in other organizations.
You don’t want to buy the first car off the manufacturing line of a new model. You don’t want to be a first patient of a newly-minted surgeon. Do you want to be a manager of a healthcare provider where the EHR was the first and only IT transaction by somebody? It’s hard.
I know one systems integration vendor who says CIO secretly stands for Career Is Over, because the demands are greater than the time, the funding, and the commercial support in a lot of cases. Unlike some other industries, people haven’t gone and done the epidemiology, the autopsies. In other industries, the selection exercises are way more diligent. They are larger than the selection process. The planning on the front end. Exhibits are process specific, twice as long than in other types of transactions.
What happens is that in a lot of these EHR deals, the customer becomes a captive. That’s evidenced, literally, by the documents that have surfaced in some of the materials that I’ve hunted up and would be the anchor or the database of my possible book. All that’s before the regulatory changes, the more open source software in there. Doctor Gawande’s great book “Better” is the watchword for all of us. A lot of organizations, at least in HIT, are not even at “good” yet. They’re trying to be competent and they’re striving, but whether they’ve gotten to good, much less any best practices, is a real question. Particularly when you drill down and do the lab tests on the actual documents that people are actually operating under.
I’ve pulled out some half a billion dollar, 10-year EHR deals to smaller ambulatory ones and specialty groups. It’s scary how weak the supply chain is in healthcare software as opposed to some other industries. You wouldn’t rely, you wouldn’t invest in it if you knew the standards of others knowing the delta of the difference.
Is this not just "HIStalk giving their own money, but with extra steps"? I imagine that many sponsors, such as…