Today, The Department of Justice issued an announcement that was “the first ever criminal action against an EHR vendor.”

Criminal action

The core of the criminal action was something inevitable: the tension between better health and better profit. Here’s what I saw … all of which caused me to be not-so-surprised today when the news broke.

In 2008 I was the CMIO at Allscripts. Much of my work was focused on how our customers could use our products to improve the health of our patients. We implemented clinical practice guidelines in the software as a way to help clinical teams and patients make well-informed decisions that would improve their health. The company was doing well, but there was always pressure to find more revenue.

We had a small team that worked closely with pharmaceutical companies and generated revenue from these relationships. I wasn’t very involved with this team, but due to my ownership of many of the clinical decision support initiatives, I started getting invited to meetings we had with pharmaceutical companies. The first was an initiative that involved a company selling a statin drug. They wanted to sponsor a program in which we would use a clinical decision support notification to alert clinicians to patients who might be candidates for statin therapy but had not yet been offered a statin drug. On its face, this seemed appropriate: it invoked evidence based clinical guidance, the decision support didn’t recommend a particular medication, and the clinician could easily ignore the notification.

But something didn’t feel right about this. How would the clinician know that this CDS was sponsored by a pharmaceutical company and some other CDS was not? Should we allow the sponsorship to be secret?

And then there was the company that wanted to sponsor an alert to remind the clinician that a given patient might have untreated hypertension (this company sold several antihypertensive medications) …

And then there were more. I found myself in heated arguments about the evidence basis for many of these opportunities with some of my non-clinical colleagues. In the end, we created an objective committee to review such requests. I don’t recall that any of these things got implemented in our systems at the end of it all – but I do clearly remember that there was pressure to do so, and the dollars that pharmaceutical companies were very tempting to the company.

I talked on occasion with my counterparts at other health IT companies and they told the same stories: tempting dollars, questionable ethics. Mature companies with strong clinical leadership didn’t succumb to these temptations. Epic was even public about their refusal to even entertain the conversations. Good for them! But I wondered about smaller, hungrier companies. Could they resist?

Fast forward a few years and I was at ONC, writing the text of what would become the 2014 Edition of the Certification Criteria for health Information Technology. I wondered how we could prevent pharmaceutical companies from tempting EHR companies to do such things. There were certification requirements for clinical decision support. I knew we couldn’t prevent the business relationships (our authority was to certify the software, not regulate the business operations) but we could make sure that the systems had a capability of informing the clinician (and by extension the patient) of why the clinical decision support guidance was in the system, and what the evidence basis was for the decision support. Here’s how we explained this in the 2014 Final Rule (highlights added):

Consistent with the HITSC’s stated intent, for EHR technology to be certified to this criterion we proposed that it must be capable of providing interventions and the reference resources in paragraph (a)(8)(ii)(A) of § 170.314 by leveraging each one or any combination of the patient-specific data elements listed in paragraphs (a)(8)(i) and (ii) of § 170.314 as well as one or any combination of the user context data points listed in paragraph (a)(8)(iii)(A) of § 170.314. We asserted that EHR technology must also be capable of generating interventions automatically and electronically when a user is interacting with the EHR technology.

Last, expanding on the HITSC’s recommendation that the source attributes of suggested interventions be displayed or available for users, we proposed that, at a minimum, a user should be able to review the: bibliographic citation (i.e., the clinical research/guideline) including publication; developer of the intervention (i.e., the person or entity who translated the intervention from a clinical guideline into electronic form, for example, Company XYZ or University ABC); funding source of the intervention development; and release and, if applicable, revision date of the intervention. We asserted that the availability of this information would enable the user to fully evaluate the intervention and enhance the transparency of all CDS interventions, and thus improve their utility to healthcare professionals and patients.

We got some questions about this – but (I hope) you can see that the goal here was to make sure that any user of an EHR could easily learn the evidence basis for CDS and who paid for it. We hoped that such transparency would diminish the likelihood that sponsored CDS would inappropriately influence clinical decision-making.

Such is the ambition (and true challenge) of the government regulator. The goal is to create a framework wherein innovation is anticipated and even encouraged, while safety is enhanced and fraud prevented.

Practice Fusion was a young aggressive company – funded by venture capital and run by Ryan Howard. Ryan is a dynamic, charismatic guy who sold a vision of an EHR that could be given away and would generate revenue from advertising (like TV or gmail) and the sale of insights to life sciences companies. I first met Ryan on a trip to San Francisco in ~ 2012, when he invited me to come to Practice Fusion to speak with the team about Health IT certification and the meaningful use incentive programs. Such conversations were not uncommon – it is valuable for ONC leaders to meet with the companies we regulated. They would occasionally come visit us in DC, but meeting them on their home turf, we can meet with the folks really doing the work, and they can hear from government leaders first-hand – perhaps enhancing their understanding of some of the “why” of federal regulations rather than just the “what” that they are otherwise exposed to.

My guess is that this was when the sponsored CDS started happening. A small team inside of Practice Fusion was created in ~ 2015 and they were led by a sales executive who worked with pharmaceutical companies to develop CDS programs.

You can see a list of all of the CDS that Practice Fusion (it seems) here. When I click on “learn more” – I get a 404 error. But there are examples like this (and screenshot below) that demonstrate both sponsorship and compliance with ONC’s transparency regulation. Note how the Gaucher Disease recognition CDS bibliographic citation is listed, the developer is Practice Fusion, and the funding source is Genzyme. Connect the dots. Did they have the funding sources listed for all of these CDS interventions? We don’t know.

Interesting:

*On April 8, 2019 the following Pain Management CDS advisories were removed from the EHR:

• Patient should be assessed for pain. Document pain scale in the flowsheets section of the encounter.

• Patient has chronic pain and should be assessed. Follow the link to complete the Brief Pain Inventory (BPI) short form assessment.

• Patient has pain documented and should have a pain care plan.

I do remember that I was aware of the sponsored CDS in ~ 2014, as I recall speaking with the PF Chief Medical Officer about a program that was sponsored to remind providers to immunize patients. I think it may have been influenza and/or HPV. The program was evidence-based, and it was successful: more patients got the immunizations they needed. I remember asking about compliance with the ONC certification requirements (yes), if they had an objective “approval board” like the one we had created at Allscripts (no).

The company’s drive for revenue overshadowed their legal and ethical commitments. I know that there are many people at the company who were not involved in this activity. Good people who work hard and are proud of the product they have build over > 10 years. The company is now a subsidiary of Allscripts (a fact that was oddly missing from the DOJ announcement) and I know that the Allscripts team is providing the maturity and oversight that Practice Fusion simply never had. Full disclosure: my son worked as an engineer at Practice Fusion from August 2014 until April 2018.

Lesson Learned?

Is this happening elsewhere? Has it happened to other companies? I don’t know. But if it is – I suspect they’re on notice now and I sure hope they’ll stop. I applaud the ONC and DOJ team that worked on this (and other) efforts to protect us from companies who have lost their way. Thank you!