Tuesday, December 1, 2009

"We are unable to share documents relating to problematic EHR's as our contract with Cerner includes a confidentiality clause ..."

In my post "Academic Freedom and ED EHR's Down Under: Another Update and a Welcome Development" I reported on the Univ. of Sydney's somewhat belated support for academic freedom, and the reappearance of an essay on ED electronic health records problems in NSW by one of its informatics faculty, Prof. Jon Patrick, after an apparently government-initiated attempt at censorship.

A new update of the paper "A Critical Essay on the Deployment of an ED Clinical Information System - Systemic Failure or Bad Luck" version 6, has now been posted by Dr. Patrick at this link on his department's web pages (a direct link at this time to the PDF is here).

The press has started to take notice. A piece in the Sydney Morning Herald entitled "Health department accused of censorship" appeared on Nov. 28 here.

That piece was noted by Computer Weekly in the U.K. in a piece entitled "Claim of censorship over Cerner system" here. The U.K. suffers a severe EHR epidemic (the UK Public Accounts Committee report on disastrous problems in their £12.7 billion national EMR program is here.)

[12/3/09 update: the piece has disappeared, then reappeared, at Computer Weekly. In case it disappears again, a copy of the article from Google's cache is here.]

From the U.K. Computer Weekly article:

The Sydney Morning Herald and ZDNet in Australia report that the University of Sydney removed from its website - temporarily - a negative essay about a Cerner system which had been installed at hospitals in New South Wales.

The author of the essay is a medical IT professor, Jon Patrick, who is reported to have claimed that NSW Health, which is part of the government of New South Wales, put pressure on the university to take down the paper.

If true, it would tie in with what's been happening in England where mentions of Cerner in a negative context are being officially discouraged.

Cerner is due to be installed at hospitals across London as part of the National Programme for IT [NPfIT] but several trusts that have already gone live - including the Royal Free and Hampstead, Barnet and Chase Farm, and Barts and The London - have run into serious problems, including the losing of patient appointments and patients not being treated.

A showcase Cerner site at Homerton ceased mentioning Cerner in its public board papers after doing a deal with NHS Connecting for Health and the Department of Health. Homerton also rejects FOI requests related to its discussions on Cerner.

Homerton told me: "We are unable to share documents relating to these meetings as our contract with Cerner includes a confidentiality clause and as such disclosure of the information could give rise to an actionable breach of confidence."

I am repeating that last sentence for effect:

We are unable to share documents relating to these meetings as our contract with Cerner includes a confidentiality clause and as such disclosure of the information could give rise to an actionable breach of confidence.


This is solid evidence of such confidentiality clauses in HIT contracts and the chilling effect they have, along with dangers of "hold harmless" clauses. This style of EHR contracting is a practice now under investigation by the U.S. Senate Committee on Finance, as in their Oct. 16, 2009 letter to major healthcare IT vendors and management consultants from Senator Charles E. Grassley (ranking member). A copy of that letter is here (PDF).

I have written on the dangers of such clauses before as in my July 22, 2009 letter in the Journal of the American Medical Association "Health Care Information Technology, Hospital Responsibilities, and Joint Commission Standards" (http://jama.ama-assn.org/cgi/content/extract/302/4/382), as well as my much more thorough posting on these issues in the essay at my Drexel University website here.

In that essay I observed:

Regarding healthcare IT "Hold Harmless" and Defects Gag Clauses, I also question whether hospital executives violated their fiduciary responsibilities by signing such contracts, and violated Joint Commission standards of hospital leadership conduct as well ...


Let's look at the Joint Commission Hospital Accreditation Program Leadership Chapter, and its standards for hospital leadership (link, PDF):


Leadership
LD.01.03.01

Standard LD.01.03.01
The governing body is ultimately accountable for the safety and quality of care, treatment, and services.

Rationale for LD.01.03.01
The governing body’s ultimate responsibility for safety and quality derives from their legal responsibility and operational authority for [organization] performance. In this context, the governing body provides for internal structures and resources, including staff, that support safety and quality.


The governing body has a legal responsibility for safety and quality, not just a moral obligation. One of the "internal structures" is healthcare IT that is safe and effective and that does not expose patients or staff to undue risks.

How does signing "hold harmless" and "defects gag order" clauses with an HIT vendor serve such a purpose, exactly?

Hospital executives know, should know, or should have known that such provisions would remove incentives for health IT vendors to produce the best products and to correct deficiencies rapidly, thus increasing risk to patients and clinicians.

Elements of Performance for LD.01.03.01
5. The governing body provides for the resources needed to maintain safe, quality care, treatment, and services.


One of those resources is health IT.

Standard LD.02.01.01
The mission, vision, and goals of the [organization] support the safety and quality of care, treatment, and services.

Rationale for LD.02.01.01
The primary responsibility of leaders is to provide for the safety and quality of care, treatment, and services. The purpose of the [organization]’s mission, vision, and goals, is to define how the [organization] will achieve safety and quality. The leaders are more likely to be aligned with the mission, vision, and goals when they create them together. The common purpose of the [organization] is most likely achieved when it is understood by all who work in or are served by the [organization].


How is a contract with an HIT vendor that calls for hiding defects in health IT and exposing staff to liability for defects in same serving the above purposes?


Standard LD.02.03.01
The governing body, senior managers and leaders of the organized medical staff regularly communicate with each other on issues of safety and quality.


Does that include communication on health IT defects? Can a medical staff member ask to see a database of such defects when the hospital has signed a nondisclosure of defects agreement with an HIT vendor?

Rationale for LD.02.03.01
Leaders, who provide for safety and quality, must communicate with each other on matters affecting the [organization] and those it serves.


I ask the same question as above.


Standard LD.03.01.01
Leaders create and maintain a culture of safety and quality throughout the [organization].


Safety for whom, exactly? Patients, or patients and staff?

How is exposing professional staff to undeserved liability from defective health IT serving the creation of a culture of safety and quality for them? How is suppressing information on health IT defects and problems helping patient safety and care quality?

How is lack of seeking informed consent on health IT use from patients whose care is mediated by health IT devices with known but undisclosable defects creating a culture of quality?

How is hiding such defects creating a culture of quality in the community's other hospitals, that may be considering purchase of the very same health IT?

Standard LD.03.04.01
The [organization] communicates information related to safety and quality to those who need it, including staff, licensed independent practitioners, [patient]s, families, and external interested parties.

Rationale for LD.03.04.01
Effective communication is essential among individuals and groups within the [organization], and between the [organization] and external parties. Poor communication often contributes to adverse events and can compromise safety and quality of care, treatment, and services. Effective communication is timely, accurate, and usable by the audience.


Are physicians and nurses explicitly informed by administration that clinicians are liable for bad outcomes due to software problems? Are they informed of the gag clause? Are patients informed of unremediated health IT defects existing at time of service?

This standard seems a veritable smoking gun regarding breach of fiduciary responsibility and Joint Commission obligations when hospital leadership signs agreements specifically excluding the sharing information about health IT defects and complaints. It is already known that hospitals maintain lists of health IT defects, some in the thousands of items. A number of the defects rise to the level of creating considerable risk to patients, and nobody is in a hurry to remediate them. (See my proposed although somewhat tongue in cheek "HIT Informed Consent" that describes some of these known defect categories here).

Standard LD.04.04.03
New or modified services or processes are well-designed.

... 3. The hospital's design of new or modified services or processes incorporates: Information about potential risks to patients.

4. The hospital's design of new or modified services or processes incorporates: Evidence-based information in the decision-making process. Note: For example, evidence-based information could include practice guidelines, successful practices, information from current literature, and clinical standards.


How does the contractual inability to communicate about health IT defects, which its executives willingly sign, serve this purpose?

Standard LD.04.04.05
The [organization] has an organization-wide, integrated [patient] safety program.

... 12. The hospital disseminates lessons learned from root cause analyses, system or process failures, and the results of proactive risk assessments to all staff who provide services for the specific situation.


Disseminates lessons learned, except when the HIT contract they've signed with a vendor forbids it, that is.

The practices of the health IT industry, and the dealings of the hospital leadership with that industry, may in fact be a scandal of national (or international) proportions.


International scandal, indeed.

I predict these EHR confidentiality clauses will end up causing great loss of money in failed systems, and/or harming patients, due to the chilling effect they have on revelation of defects and problems by clinicians and executives alike.

Those who signed them will very likely be held liable, at least in the U.S., as the clauses breach the safety standards of the accrediting agency for hospitals here, the Joint Commission. I wish the signers of such contracts good luck in the courtroom.

In Australia and the U.K., I cannot comment, but also wish good luck to those who signed these clauses when lawyers go full court press on EHR-mediated debacles.


-- SS