“Patients should have control of their records, period. Now that’s becoming a reality,” said Health and Human Services Secretary Alex Azar. “These rules are the start of a new chapter in how patients experience American health care.”

Officials said the rules likely will give patients a greater say in health care decisions and put an end to a long-standing practice in which some doctors and hospitals resist handing complete medical files over to patients upon demand. Many of the provisions are set to take effect in 2022.

“The days of patients being kept in the dark are over,” said Centers for Medicare & Medicaid Services Administrator Seema Verma. “In today’s digital age, our health system’s data-sharing capacity shouldn’t be mired in the Stone Age.”

Yet the new rules also have raised concerns about privacy as technology companies, such as Google, Microsoft, Apple and Amazon, open up new markets for providing medical records through mobile apps. Major EHR vendor Epic, for instance, has warned that freer flow of medical records could spur the unwanted sale of data or other unauthorized uses.

“Family members may be shocked to find that their most personal health data has been mined and sold by data brokers and is now known by others, Epic CEO Judy Faulkner wrote last June in opposing the rules.

Administration officials said they have taken privacy considerations into account and would require developers to attest to plans to protect the security and use of medical data.

Verma took a swipe at Epic in an interview with KHN and Fortune.

“We’re not afraid to take on special interests to do what’s right for patients. Some people disagree because they want to keep the data,” she said. “The reality is that patient data belongs to patients. It doesn’t belong to EHR companies.”

Verma said the nation’s health care system remains “hugely expensive and inefficient as repeat tests drive up costs and, perhaps most importantly, doctors are forced to provide care with an incomplete clinical picture, especially at a time when the health care systems could be under stress.”

“With the handling of the COVID virus, the urgent need for coordinated integrated care could not be clearer,” she said.

The Department of Health and Human Services on Monday issued two rules to give patients greater access to their electronic health records.

Among the key provisions:

• Patients must be able to access their medical records on a smartphone at no cost and can share those records as they choose.
• Health systems must be able to exchange information about patients’ past medical treatments or conditions.
• “Information blocking” practices (that is, anti-competitive behaviors) by health care providers, developers of electronic medical records and others are prohibited.
•  Electronic medical record certification requirements are updated so that health professionals can discuss safety and usability concerns without being bound by gag clauses in software sales contracts.
• Insurers are required to share health claim data with patients on Medicare and Medicaid through a mobile app.
• Insurers must advise patients of their network of health providers through an app.

Donald Rucker, who coordinates health information technology policy for HHS, said the new rule “will allow patients the ability to manage their health care the same way they manage their finances or the travel or other parts of their life on their smartphone.”

While Epic, the maker of the most-used electronic health records software, led a campaign to derail the rules, its chief competitor, Cerner Corp., argued the rules were long overdue.

“Consumers should have the right to access the health care information their providers have about them and dictate where they want it to go. Although existing laws allow patients to access their data, it doesn’t work,” Cerner CEO Brent Shafer said in a statement.

The rules also attempt to prevent EHR vendors from silencing critics of their software products. The government wants to encourage doctors and other users of EHR technology to share their experiences about software problems by prohibiting so-called gag clauses in sales contracts. That could free users to criticize EHR systems, including more open discussion of flaws, software glitches and other breakdowns.

“Botched Operation,” an investigation published by Kaiser Health News and last year, found that the federal government has spent more than $36 billion on the EHR initiative. Thousands of reports of deaths, injuries and near misses linked to digital systems have piled up in databases over the past decade — while many patients have reported difficulties getting copies of their complete electronic files, the investigation found.

Consumers have long sought to be more in the loop on health care decisions in a user-friendly form. Many specifics about how that will happen, including how patients would make sense of complex pricing policies for purchasing health care and insurance and assessing quality, remain unclear, however.

To cut down on exorbitant “surprise” medical bills, Verma said, the CMS’ new rule would require insurers to let patients know which medical providers are in their networks. One study found that such bills — often not covered by insurance — have struck more than half of American adults.

For well over a decade, federal officials have struggled to set up a digital records network capable of sharing medical data and patient records. In 2004, President George W. Bush said he hoped to have a digital record for most Americans within five years. In early 2009, the Obama administration funneled some $36 billion in economic stimulus money to help doctors and hospitals buy the software needed to replace paper medical files.

Despite the slow progress, federal officials remain optimistic that digital records will save the nation billions of dollars while reducing medical errors, unnecessary medical testing and other waste — and encouraging more Americans to take a bigger role in managing their health care by comparing prices.

Trump administration officials on Monday sought to blame the Obama administration for creating what they called a “tower of Babylon,” in which doctors and health systems couldn’t seamlessly share patient information or “talk to one another.”

“It’s led to a tremendous amount of frustration on the part of medical professionals and patients as physicians, interacting with patients, oftentimes spend more time looking at computer screens than they do into the eyes of the people they’re trying to heal,” said White House official Joe Grogan.

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The doctors at Midwest (City) Regional Medical Center in Oklahoma worried that the software failed to track some drug prescriptions or dosages properly, posing a “huge safety concern,” Lewis said. Lewis cited the alleged safety hazards in a whistleblower lawsuit that he and another former employee of Community Health Systems (CHS) filed against the Tennessee-based hospital chain in 2018.

The suit alleges that the company, which had $14 billion in annual in 2018, obtained millions of dollars in federal subsidies fraudulently by covering up dangerous flaws in these systems at the Oklahoma hospital and more than 120 others it owned or operated at the time.

The whistleblowers also allege that Medhost, the Tennessee firm that developed the software, concealed defects during government-mandated reviews that were supposed to ensure safety.

Both CHS and Medhost have the allegations and moved to dismiss the suit. The motions are pending. Last month, Department of Justice lawyers wrote in court filings that they were still investigating the matter and had not yet decided whether to take over the case.

The lawsuit is one of dozens filed by whistleblowers, doctors and hospitals alleging that some electronic health records (EHR) software used in hospitals and medical offices has hidden flaws that may pose a danger to patients — and that a substantial chunk of the $38 billion in federal subsidies went to companies that deceived the government about the quality of their products, an ongoing Fortune-KHN investigation shows. The subsidies were designed to persuade hospitals and doctors’ offices to install software that would track the medical history of every patient and share the information seamlessly with other health care providers.

But the software makers allegedly gamed the system, repeatedly. Three major EHR vendors have made multimillion-dollar settlement deals — totaling $357 million — over Justice Department investigations which include allegations that they rigged or otherwise gamed the government’s certification test. At least two other companies are under investigation.

Beyond those cases, federal officials have paid hundreds of millions of dollars in subsidies to doctors and hospitals that could not show they were even qualified to receive them, according to federal officials. Nearly 28% of doctors and 5% of hospitals who attested to meeting government standards later failed audits. Federal officials told Fortune and KHN that they have clawed back $941 million in improper subsidies.

“We’re entering an entirely new area of health care fraud,” John O’Brien, senior counsel with the Department of Health and Human Services Office of Inspector General, said in a July 2017 announcing a with eClinicalWorks, one of the nation’s leading sellers of EHRs for physicians.

The concern is not just over wasteful spending of tax dollars. EHRs monitor the medicines people take and their vital signs, so software glitches that prevent doctors from accessing files quickly, that mix up patients or send vital test results to the wrong file can contribute to serious injuries, or even deaths.

In March, Fortune and KHN revealed that thousands of injuries, deaths or near misses tied to software defects, user errors and other problems have piled up in various government-sponsored and private repositories.

“Ultimately, it’s about patients getting the right care,” Andrew Vanlandingham, the HHS inspector general’s senior counselor for health information technology, said in an interview. He said that investigators are “gearing up” for more scrutiny of the important industry, including closer monitoring to make sure that records software is safe.

Leaping Into The Digital Era

In 2009, Congress committed billions of dollars in economic stimulus funds to bring the era of paper medical records to a close. Officials hoped to cut down on medical errors caused by illegible paper records and draw on the power of massive troves of medical data to drive down the cost of health care and help develop improved treatments for disease.

The hastily devised plan offered Medicare doctors and other medical professionals up to $44,000 and $64,000 in subsidies if they bought the software and accepted patients on Medicaid, the federal health care program for low-income people.

The money was intended to help them pay vendors to install EHRs in their offices. Hospitals, which required more sophisticated and costlier software, could receive millions in subsidies, based on the number of inpatients treated. To give them a nudge, officials warned doctors and hospitals that failure to wire up would trigger gradual cuts in their Medicare payments. EHR vendors had to meet certification standards set by the HHS Office of the National Coordinator for Health Information Technology, or ONC.

Providers had to attest that their EHR software could perform a variety of functions, which the government described as making “meaningful use” of the technology.

Certification was essentially an open-book test in which the government gave vendors the questions in advance — for instance, the names of 16 or so drugs the system would have to prescribe electronically to pass. The Justice Department has alleged that some vendors simply doctored their software to pass the test — for example, programming the required codes for just the specified 16 drugs they would be tested on, rather than all medicines — as officials had expected.

Frank Poggio who recently retired from a 45-year career in health technology, saw the cases of fraud coming, he said, because the tests “were superficial, and if you wanted to game it, you could game it.”

Poggio said there were many weaknesses in the system that allowed a vendor to show a “prototype” as opposed to live software.

Dr. Scott Monteith, a Michigan psychiatrist who served as an early certification juror, said he saw some limitations firsthand. He said one vendor took 30 minutes to produce a list of patients who had diabetes and also smoked, data he figured any computer program should be able to spit out in seconds. The vendor passed.

“That’s an example of how poorly thought-out the whole thing was,” said Monteith, who noted he was then, and still is, a big booster of EHRs.

Jeffery Daigrepont, a senior vice president at Coker Group, a firm that advises health providers on business decisions, said the government erred by handing out too much money in the early stages of the program, when many doctors and hospitals had not yet done much more than agree to participate.

“It was an upside-down pyramid,” he said. “You got the bulk of the money for doing the least amount of effort.”

Dr. John Halamka, a physician and Harvard Medical School professor who chaired the ONC standards committee, which wrote the certification rules, defended the process.

“The only problem [with certification] is that it presupposed that the product the vendor certified would be the same product they sold,” Halamka said. “It presupposes that people will go into the certification process and participate in good faith.”

That did not always happen in the rush to snatch up subsidy dollars, according to the whistleblowers’ suits. The Justice Department case against eClinicalWorks, which has 130,000 providers, accused the company of rigging tests to win certification, claims the company has denied. The company did not respond to numerous requests for comment.

The government accused Greenway Health, a Florida-based EHR developer with 75,000 providers, of doing the same thing. The DOJ’s complaint included a number of instant-message exchanges between Greenway employees in which they allegedly discuss their plan for gaming the certification process by “shortcutting some functionality” of the software. In February, Greenway Health for just over $57 million without admitting wrongdoing.

The whistleblower case filed by Lewis and former co-worker Joey Neiman accuses the CHS hospital chain of submitting more than $385 million in false claims for EHR stimulus payments between 2012 and 2014.

Visiting the Oklahoma hospital as part of a troubleshooting team in June 2015, Lewis heard that physicians worried flaws in the system could result in patients being sent home “with the wrong drugs, doses or instructions,” according to the suit.

Things got so bad that local doctors were threatening to admit patients elsewhere unless the hospital fixed the software problems, according to the suit.

In a statement, CHS said it had “complete confidence” in its records systems. “The allegations made in the lawsuit against our hospitals are completely without merit,” the company said. Medhost denied its software has flaws, noting in its : “Hundreds of facilities have successfully used our software over the years and continue to do so today.”

Few in the industry seemed surprised by such allegations. When news of the eClinicalWorks case broke, Farzad Mostashari, who led the ONC from 2011 to 2013, : “Let me be plain-spoken. eClinicalWorks is not the only EHR vendor who ‘flouted certification/misled’ customers. Other vendors better clean up.”

The Electronic Health Record Association, a trade group that represents more than 30 vendors, did not respond to a request for comment. However, vendors have argued that they faced a tangle of regulations that required them to meet constantly shifting standards that government officials often could not explain.

ONC officials declined to answer written questions. But in a statement, ONC said it takes steps to ensure that products “are safe for patients and usable by providers.”

System Glitches And Accusations Of ‘Gaming’ The System

While the ONC sets the standards, the federal Centers for Medicare & Medicaid Services (CMS) had the job of paying doctors and hospitals that attested to meeting the “meaningful use” criteria. As of September 2018, CMS had paid out $38.4 billion in these funds.

In 2012, CMS hired accounting firm Figliozzi and Co. of Garden City, N.Y., which audited almost 50,000 medical professionals. Nearly 28% failed, despite the fact that they had previously attested to meeting the standards. Hospitals did better, posting a 5% failure rate. CMS officials said they have recovered some $941 million in these improper payments. The losses to the Treasury are likely far higher because only 14% of the medical professionals and 40% of the hospitals receiving payments were audited.

Michael Arrigo, who has served as an expert witness in health IT-related fraud and medical malpractice cases, said that in some cases EHR vendors misled hospitals about the challenges of replacing paper records with computers.

Others rolled the dice, apparently hoping the program was so large and complicated that they were unlikely to be targeted for audit. “Sometimes [providers] got away with it until a whistleblower found out,” Arrigo said.

Reviewing state and federal court filings, Fortune and KHN found more than two dozen cases, many filed by hospitals against vendors, which depict chaotic EHR installations and safety concerns as they pursued meaningful-use dollars.

Parrish Medical Center, a 210-bed public hospital on Florida’s Space Coast, is one. In December 2010, the Titusville hospital contracted with McKesson’s Enterprise Information Solutions. One of America’s largest companies, McKesson said its product would be easy for doctors and nurses to learn and help them “deliver high-quality, safe patient care.”

But the deal collapsed, prompting a bitter court battle in which the hospital repeatedly assailed McKesson’s competence. For instance, the hospital alleged that bugs in the software caused it to create more than one record for the same patient, a flaw dubbed a “major safety issue.”

An expert hired by Parrish said he contacted eight other hospitals, including three in Florida, which had dumped McKesson due to what he called “poor or unsatisfactory customer service.”

The medical staff at one of those hospitals was “up in arms” because it took 63 mouse clicks to look up a patient’s lab results, according to the expert’s report.

Parrish later signed on with another EHR vendor and the suit has since been settled. Both Parrish and McKesson declined to comment for this story. McKesson sold its health IT business to Allscripts in October 2017. Earlier this year, Allscripts reported to the Securities and Exchange Commission that government attorneys have requested documents from the company as part of an investigation into McKesson’s certification.

In another lawsuit, Weirton Medical Center, a hospital in West Virginia, stated in a court filing that it submitted “inaccurate” meaningful-use data to the government ― though it blamed the vendor. The hospital alleged the system failed to identify a patient who was critically ill and in the hospital. The hospital declined to comment to KHN and Fortune about the case, which has been settled.

Hamstrung By Technology?

ONC officials said they keep no log of complaints they receive.

A published in JAMA this month found that 40% of the software that ONC singled out for post-marketing review had flaws that could lead to patient harm, including inaccurate drug codes, information displaying incorrectly and decimal points gone missing.

That’s “a concerning number, and we have to do something to address that,” said researcher Raj Ratwani, the director of the MedStar Health National Center for Human Factors in Healthcare and a co-author of the study. These systems were used in 786 hospitals and by 37,365 provider organizations, according to Ratwani, who said there’s no way to know how many defects have been fixed.

ONC has about 100 pieces of once-approved software products. But most were tiny market players that had few or no users and went out of business. PlatinumMD, which had just 48 “meaningful” users, is an example. In a 2014 whistleblower lawsuit, San Diego urologist Dr. Scott Brown alleged that PlatinumMD filed for $18,000 in subsidies on his behalf even though it had not yet fully installed his EHR. In February 2016, the defunct company’s owners settled the case without admitting liability by paying the government $180,000.

Another 132 government-certified products have been flagged for corrective action due to “non-conformities.” As for the technology that the government alleges was fraudulently certified, it’s still used in health care settings across the country.

While those vendors faced multimillion-dollar settlements and now must operate under the oversight of a government monitor, their technology was not taken off the market. Nor were they dumped by many customers who, for the most part, however dissatisfied, were stuck with it.

ONC seemed to acknowledge that decertifying a large vendor would cause a major disruption, noting in an October 2016 regulation: “Our first and foremost desire would be to work with developers to address any problems.”

In the regulations, ONC cited the costs medical providers would face should their EHR vendor shut down as ranging from $33,000 to as much as $650 million.

“It is very difficult to switch product,” said Steve Waldren, chief medical informatics officer for the American Academy of Family Physicians. “You couldn’t just go down the street and pick up another EHR, put it in and move your data over.”

He noted that beyond the considerable cost of the technology, providers would have to take time to learn a new system.

“ONC does seem to have a stance that removing some of these players from the market would be very disruptive,” said Brad Ulrich, a Tennessee health IT expert. “They are almost too big to fail.”

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The health data geeks trusted that transitioning from paper to electronic records would cut down on medical errors, help identify new cures for disease and give patients an easy way to track their health care histories.

But after two days of discussions, the group warned that few safeguards existed to protect the public from possible consequences of rolling out the new technology so quickly. Because this software tracks the medicines people take and their vital signs, even a tiny error or omission, or a doctor’s inability to access the file quickly, can be a matter of life or death.

The experts at that September 2009 meeting, mainly members of the American Medical Informatics Association, or AMIA, agreed that safety should be a top priority as federal officials poured more than $30 billion into subsidies to wire up medical offices and hospitals nationwide.

The group envisioned creating a national databank to track reports of deaths, injuries and near misses linked to issues with the new technology.

It never happened.

Instead, plans for putting patient safety first — and for building a comprehensive injury reporting and reviewing system — have stalled for nearly a decade, because manufacturers of electronic health records (EHRs), health care providers, federal health care policy wonks, academics and Congress have either blocked the effort or fought over how to do it properly, an ongoing investigation by Fortune and Kaiser Health News shows.

Over the past 10 years, the parties have squabbled over how best to collect injury data, over who has the power to require it, over who should pay for it, and over whether to make public damning findings and the names of those responsible for safety problems.

In 2015, members of Congress derailed a long-planned EHR safety center, first by challenging the government’s authority to create it and later by declining to fund it. A year later, Congress stripped the Food and Drug Administration of its power to regulate the industry or even to track malfunctions and injuries.

“A lot of people involved with patient safety and medical informatics were horrified,” said Ross Koppel, a University of Pennsylvania sociologist and prominent EHR safety expert. Koppel said the industry won legal status as a “regulatory free zone” when it came to safety, an outcome he called a “scandal beyond belief.”

The Electronic Health Record Association, a trade group that represents more than 30 vendors, declined to comment on the safety issue.

Meanwhile, patients remain at risk of harm. In March, Fortune and KHN revealed that thousands of injuries, deaths or near misses tied to software glitches, user errors, interoperability problems and other flaws have piled up in various government-sponsored and private repositories. One uncovered more than 9,000 patient safety reports tied to EHR problems at three pediatric hospitals over a five-year period.

Allegations of EHR-related injuries or other flaws have surfaced in the courts. KHN/Fortune examined more than two dozen such cases, such as a California woman who mistakenly had most of her left leg amputated because the EHR sent another patient’s pathology report indicating cancer to her medical file. A Vermont patient died after a doctor’s order to scan her brain for an aneurysm never made it from the computer to the lab.

Despite such incidents, experts believe EHRs have made medicine safer by eliminating errors due to illegible handwriting and in some cases speeding up access to vital patient files. But they also acknowledge they have no idea how much safer, or how much the systems could still be improved because no one — a decade after the federal government all but mandated their adoption — is assessing the technology’s overall safety record.

KHN and Fortune found that at least a dozen expert commissions, federal health IT panels and medical associations have echoed AMIA’s early call to track EHR safety risks only to be thwarted by objections from the industry or its allies, or by simple bureaucratic inertia. Some critics see the situation as a dispiriting Washington tale of corporate “capture” of government, while others wonder why a warning system to alert health officials to dangers with certain software is even controversial.

“How is it in the public interest for medical records software to have flaws that lead to deaths?” said Joshua Sharfstein, who served as FDA deputy commissioner when the safety issue flared up during President Barack Obama’s first term. These incidents “should be fully understood and investigated” and “not be able to be buried.”

Support for computerizing medical records has spanned the political spectrum. The health IT industry’s aversion to FDA oversight has won support at critical times both with liberals who embraced EHRs as a high-tech magic bullet for reforming the nation’s costly health care system and with free-market conservatives skeptical of red tape and government interventions.

The vendors protested they were overburdened with technical requirements that their software had to meet to qualify for the government subsidy program. Those specifications included many relatively small-bore features, like including a check box indicating the doctor had asked about the patient’s smoking status — and other tasks likely to have little impact on safety.

Complicating things further, many safety advocates themselves have worried that heavy-handed oversight — such as requiring approval of every software update — could actually make the technology less safe, stalling urgent software updates (not to mention stifling innovation and slowing the marketing of vital new technology).

After a contentious process in which consumer advocacy group Public Citizen FDA officials of collaborating with the devices industry to weaken oversight, Congress passed the 21st Century Cures Act. A few sentences buried in the law, signed by Obama in late 2016, all but shut the door on FDA regulation of EHRs.

The bipartisan law, which speeds up approvals for some medical therapies, states flatly that electronic health records are not medical devices subject to FDA scrutiny. Some longtime EHR safety advocates say they have all but given up hope for consensus on any system that would investigate and share findings from adverse events, as happens in other industries, like transportation and aviation.

“We have nothing like that,” said Justin Starren, director of the Center for Data Science and Informatics at Northwestern University. “We have the opposite … with vendors saying that customers are explicitly forbidden from publicizing problems they encounter.”

Starren noted that health care providers don’t like to share safety failures either: “It’s the liability fear. If an institution holds up its hand and says, ‘Our EHR might be killing people,’ the lawyers will be lining up outside the courthouse door.”

Less Red Tape Unleashes Red Flags?

In the months before the 2009 AMIA meeting, concern was mounting at the FDA over the rapidly advancing EHR rollout.

Since the mid-1980s, however, the FDA had considered health IT to present a low risk of harm because a “learned intermediary,” such as a doctor, was in charge. Most manufacturers agreed and insisted their products were not medical devices, but vehicles for processing and storing medical information.

The legal distinction is critical. While the FDA requires device makers to report adverse events, the policy in place gave EHR manufacturers a pass. At least one major vendor, Cerner Corp., has concluded that EHRs are, in fact, medical devices and has submitted some error reports to FDA’s public database. But most manufacturers disagree and have not reported data, leaving a sizable gap in the agency’s grasp of possible hazards.

Within the FDA, some staffers urged the agency to rethink the hands-off stance given the rush by hundreds of health IT companies — many of them new entrants — to sell medical records software that tens of thousands of doctors, hospitals and patients would rely on.

On Sept. 22, 2009, FDA staff shared their views with deputy commissioner Sharfstein and his boss, commissioner Margaret Hamburg, at a “regulatory strategy” meeting. After hearing the pitch, Hamburg agreed the FDA “needs to be involved in the White House [EHR] initiative,” according to an agency memo. Hamburg had no comment for this article.

One former FDA official recalls tension mounting as the agency became more assertive, saying: “It was a big train going down the tracks at 80 miles per hour, and there were concerns that FDA would slow it down.”

The FDA sounded a public warning at a February 2010 hearing. The agency’s chief devices regulator, Jeffrey Shuren, testified that even with limited surveillance, the FDA had tied six deaths and 44 reported injuries to health information technology failures.

In all, Shuren said, the FDA had logged 260 reports of “malfunctions with the potential for patient harm” over the previous two years. In one case, the software filed results from emergency lab tests to the wrong patient’s electronic record.

Shuren described the reports as likely the “tip of the iceberg” and said they suggested “significant clinical implications and public safety issues.” He laid out three options for FDA involvement, the least burdensome being registration of EHR software and mandatory reporting of dangerous incidents. Through an agency spokesperson, Shuren declined to be interviewed for this article.

Shuren’s 2010 testimony did not appear to carry much weight with David Blumenthal, a Harvard physician chosen as the Obama administration’s point man for the digital medical record rollout. Blumenthal declined to comment.

Many in Blumenthal’s division, known as the Office of the National Coordinator for Health Information Technology, or ONC, sympathized with the industry’s assertion that FDA regulation would discourage innovation, which, in turn, could cripple the president’s plans to revolutionize health care and save money. Blumenthal, who was convinced EHRs would make medicine much safer, described the FDA injury reports as “anecdotal.”

An obscure outpost of the Department of Health and Human Services in the second Bush administration, ONC under Blumenthal revved up as federal officials laid plans for distributing billions of stimulus dollars.

The stimulus law directed ONC to set up two diverse advisory panels so that no single faction of the health care sector could unduly influence policy. Yet it seemed clear, at least to skeptics, that ONC depended heavily on the goodwill, expertise and guidance of the technology community.

Steven Findlay, who served on one of the panels as a representative of Consumers Union, said industry witnesses often “commandeered” the discussions because they “had the technical knowledge to steer things in a direction that they wanted.”

Safety “was not necessarily their first priority. They were building products to serve an industry and designing them to make money,” Findlay said in a recent interview.

Dean Sittig, a medical informaticist at UTHealth in Houston and early researcher on EHR safety, said ONC was “trying to promote” digital records “and there wasn’t a lot of interest in talking about things that could go wrong.” That conflict persists, he said. “They gave out $36 billion. It’s hard for them to say EHRs aren’t safe.”

The ONC did form a safety “working group.” The panel suggested that doctors and hospitals be required to report “potential hazards” and “incidents” to a national database or risk forfeiting government subsidies for purchasing records software, according to minutes from its March 12, 2010, meeting.

That idea never got past the drafting stage, however.

Glitches In The Matrix

In a nod to safety, ONC asked the National Academy of Sciences’ Institute of Medicine to weigh in, a move some at the FDA hoped would at the least lend support for nationwide collection of injury data.

When the 18-member expert panel held a public hearing in mid-December 2010, Shuren reappeared with updated FDA figures — about 370 reports of “adverse events or near misses” involving health IT since January 2008. Once again, he called FDA’s count a “small percentage of the actual [adverse] events that do occur.”

Among the causes he cited: failure of the software to interface properly with other technologies, user errors, design flaws and inadequate pre-market testing.

Shuren suggested EHRs were medical devices over which the FDA “has exercised enforcement discretion; meaning it has not enforced existing requirements,” an apparent reference to the hands-off policy. He called for “real-time collection, aggregation and analysis” of reports on the functioning of EHRs.

The Institute of Medicine panel in November 2011 called on HHS to make adverse incident reporting mandatory for vendors and voluntary for users. It also said HHS should ask Congress to approve a government-run injury monitoring system as rigorous as that used to promote airline safety that would both investigate and make its findings public. The FDA might not be the best-equipped agency to take on the task, the group noted.

The panel asserted that EHR vendors face “competing priorities, including maximizing profits and maintaining a competitive edge, which can limit shared learning and have adverse consequences for patient safety.”

One member called for even stricter oversight. In an impassioned dissent, Richard Cook, a Chicago radiologist and safety expert, argued EHRs were medical devices that necessitated the scrutiny of the FDA.

“At least a few U.S. citizens — perhaps more than a few — have died or have been maimed because of health IT. The extent of the injuries generated by health IT is unknown because no one has bothered to look for them in a systematic fashion,” Cook wrote in his dissent.

(Credit: Fortune)

Backtracking On Oversight

In 2012, Congress required FDA, ONC and the Federal Communications Commission to propose “risk-based” oversight for health IT that “promotes innovation, protects patient safety, and avoids regulatory duplication.”

Two years went by before the agencies did so. In April 2014, they promoted a “limited, narrowly tailored approach” to oversight led by the ONC as well as a “surveillance mechanism” to track adverse events and near misses.

ONC’s budget for the 2015 and 2016 fiscal years proposed spending $5 million for such a center, which ONC said would begin “a robust collection and analysis of health IT-related adverse events.”

But four House Republicans in June 2014 questioned whether ONC had the legal authority to set up the center.

Energy and Commerce Committee Chairman Fred Upton of Michigan, Vice Chairman Marsha Blackburn of Tennessee, health subcommittee Chairman Joseph Pitts of Pennsylvania and communications and technology subcommittee Chairman Greg Walden of Oregon argued that ONC had failed to satisfy their concerns over what Blackburn termed regulatory “mission creep.” At a House hearing in July 2014, Blackburn repeated her worry about “a misguided system of regulation.”

Former ONC director Karen DeSalvo said she was five months on the job and felt completely blindsided by the line of questioning — despite the National Academy of Sciences report years earlier that had advised HHS to seek approval from Congress to expand ONC’s oversight role. The center’s prospects dimmed further when the Congressional Research Service issued a report on the matter in early 2015 that seemed to side with the Republicans.

DeSalvo’s team later requested legislative authority to create the center, but the effort was not successful. ONC was granted legislative authority for other requests, however, empowering it to define interoperability and to crack down on vendors who improperly restrict access to medical records.

These days, many of the key players have conflicting opinions and recollections about what went wrong and why.

DeSalvo, now a professor of medicine and population health at Dell Medical School, said she really doesn’t know if something sinister torpedoed the safety center or it was just a matter of not enough people caring. “It was really just kind of start and stop,” she said. That’s perhaps not surprising, considering ONC has had seven directors in its 15 years of existence — and six since 2009, when the government made EHRs a national priority. (And that’s not counting four interim directors who collectively helmed the outfit for 16 months.)

Doug Fridsma, who left his role as ONC’s chief scientist in 2014, cited other factors that slowed the center’s momentum. He said uncertainty over its mission didn’t help gain the trust of the industry, while citing other thorny issues, such as who would foot the bill and whether its data might be used to discipline or otherwise harm vendors. Fridsma, now AMIA’s chief executive, said that government-sponsored regional patient safety organizations aren’t well equipped to conduct national oversight of EHR functions.

“It has resulted in a vacuum around health IT safety,” said Fridsma. “Congress has failed to make it a priority.”

Shifting Public Attention

Revisiting plans for a full-fledged EHR safety center holds little appeal to Don Rucker, the Trump administration’s ONC chief.

Rucker said he sees little value in collecting data on incidents often “years and years” after they occurred. Rapidly evolving technologies are making computer errors easier to recognize and remedy. “We can catch these things a lot earlier,” he said.

Rucker argues that the 21st Century Cures Act prohibits the industry from enforcing “gag” clauses that in the past have handcuffed hospitals and doctors from criticizing their EHRs. The Cures law includes fines of up to $1 million for “information blocking,” including taking steps to discourage EHR users from reporting adverse events and other problems for review.

New freedom to sound off assures that doctors and hospitals will begin sharing EHR problems, mitigating any need for mandatory reporting, in Rucker’s view. Rucker said he hopes to have the regulations in place by the end of the year.

The proposed ONC regulations cite a “strong public interest” in “open communication of information regarding health hazards, adverse events and unsafe conditions.” But that information won’t be shared with the public. ONC says all reports of problems are exempt from public release under the Freedom of Information Act. Congress gave these records the same legal status as income tax returns as part of the Cures law.

Jacob Reider, a former ONC interim director, said the government’s failure to do more to promote public awareness of safety concerns is disappointing — and even irresponsible — given its zeal in bringing EHRs into the mainstream of medicine.

“I remember internal conversations where we talked about ‘What is the equivalent of a plane crash that is going to get the attention of people?’” said Reider, who now practices family medicine in upstate New York. “‘Is it going to be a congressperson’s relative is harmed by health IT that causes the attention to shift?’ I would offer that still hasn’t happened yet, but someday it will. And gosh, wouldn’t it be a horrible thing that we have to wait for that to happen?”

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

The chairman of the Senate health committee on Tuesday backed new federal regulations to remove roadblocks patients can face in obtaining copies of their electronic medical records.

“These proposed rules remove barriers and should make it easier for patients to more quickly access, use and understand their personal medical information,” Lamar Alexander (R-Tenn.), chairman of the Health, Education, Labor & Pensions Committee, said in a statement prepared for a hearing on the rules that kicked off Tuesday at 10 a.m.

The rules, proposed last month by the Department of Health and Human Services, take aim at so-called information blocking, in which tech companies or health systems limit the sharing or transfer of information from medical files.

Alexander said HHS believes the new rules should give more than 125 million patients easier access to their own records in an electronic format.

“This will be a huge relief to any of us who have spent hours tracking down paper copies of our records and carting them back and forth to different doctors’ offices. The rules will reduce the administrative burden on doctors so they can spend more time with patients,” Alexander said.

The proposal requires manufacturers to fashion software that can readily export a patient’s entire medical record — and mandates that health care systems provide these records electronically at no cost to the patient.

Congress jump-started the nation’s switch from paper to electronic health records in 2009 using billions of dollars in financial stimulus funding to help doctors and hospital purchase the equipment. Officials expected the shift to cut down on medical errors, reduce unnecessary medical testing and other waste and give Americans a bigger role in managing their health care.

Yet in the decade since the rollout, critics have argued that the government spent billions financing software that can cause some new types of errors and typically cannot share information across health networks as intended.

“,” a recent investigation published by KHN and Fortune, found that the federal government has spent more than $36 billion on the initiative. During that time, thousands of reports of deaths, injuries and near misses linked to digital systems have piled up in databases — while many patients have reported difficulties getting copies of their complete electronic files.

Sen. Patty Murray (D-Wash.), ranking member on the committee, cited two patients profiled in the article to illustrate the potential dangers from EHRs that can’t exchange information.

“It’s patients who get hurt. Like the man in California, who suffered brain damage after his diagnosis was delayed because a hospital’s software couldn’t properly interface with a lab’s software,” she said at the hearing. “Or the woman in Vermont, who died of a brain aneurysm that might have been caught if a software problem hadn’t stopped the order for a test she needed.”

Jonathan Lomurro, a medical malpractice attorney in New Jersey, said his clients usually have to go to court to get their complete medical record. The information that health care providers fight most bitterly to keep from them, he said, are the audit logs — or the data that show every time a record has been accessed or edited, and by whom and when.

That “metadata,” he and other plaintiff attorneys argue, is critical for patients to understand the history of their care, particularly in cases where something has gone wrong.

In an interview prior to Tuesday’s hearing, Lomurro criticized the HHS proposal, saying it limits a patient’s ability to obtain these logs. While the proposed rule requires the systems to share most data from a medical record with a patient, it excludes audit trails from that classification.

“While the proposal talks about the need of patient access … they then strip the greatest protections from the patient,” said Lomurro. “I am at a loss on how this could ever be a beneficial change to the rules and help patients.”

Seema Verma, who heads the Centers for Medicare & Medicaid Services, agreed that patients should be entitled to audit log information. “At the end of the day, it’s all of the patient’s data. If it affects and touches their medical record, then that belongs to them,” Verma said in an interview last month.

The HHS proposal also encourages doctors and other users of EHR technology to share information about software problems they encounter by prohibiting “gag clauses” in sales contracts. Critics have long argued that the clauses have prevented users from freely discussing flaws, including software glitches and other breakdowns that could result in medical errors and patient injuries. In 2012, an Institute of Medicine report blamed the confidentiality clauses for impeding efforts to improve the safety of health information technology.

But a major remaining problem in wiring up medicine is the lack of interoperability across rival data systems, said Christopher Rehm, chief medical informatics officer of LifePoint Health, a hospital system in Brentwood, Tenn. In testimony prepared for the Tuesday hearing, Rehm called it “the equivalent of telling people they must buy cars and move those cars from place to place, but there are no roads and no agreed-upon design for the roads, let alone the funding to actually pay for the construction.”

According to Rehm, the average-sized community hospital (161 beds) spends nearly $760,000 a year on information technology investments needed to meet federal regulations. He said the costs “are crushing our industry where margins are already thin.”

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

“What we really need is a much more tailored approach, so that we have appropriate oversight of EHRs when they’re doing things that could create risk for patients,” Gottlieb said in an interview with Kaiser Health News.

Gottlieb was responding to “Botched Operation,” a report published this week by KHN and Fortune magazine. The investigation found that the federal government has spent more than $36 billion over the past 10 years to switch doctors and hospitals from paper to digital records systems. In that time, thousands of reports of deaths, injuries and near misses linked to EHRs have piled up in databases — including at least one run by the FDA.

Gottlieb said Congress would need to enact legislation to define when an electronic health record would require government oversight. He said that the digital records systems, which store a patient’s medical history, don’t fit neatly under the agency’s existing mandate to regulate items such as drugs and medical devices.

Gottlieb said the best approach might be to say that an EHR that has a certain capability becomes a medical device. He called EHRs a “unique tool,” noting that the risks posed by their use aren’t the same as for a traditional medical device implanted in a patient. “You need a much different regulatory scheme,” he said.

The 21st Century Cures Act of 2016 excludes the FDA from having oversight over electronic health records as a medical device.

Gottlieb said that health IT companies could add new functions that would improve EHRs, but they have been reluctant to do so because they didn’t want their products to fall under FDA jurisdiction. He added that he was “not calling” for FDA to take over such a duty, however, and suggested that any new approach could be years away. Proponents have long argued that widespread use of EHRs can make medicine safer by alerting doctors to potential medical errors, though critics counter that software glitches and user errors may cause new varieties of medical mistakes.

How closely the FDA should watch over the digital medical record revolution has been controversial for years. The agency’s interest in the issue perked up after Congress decided in February 2009 to spend billions of dollars on digital medical records as part of an economic stimulus program.

At the time, many industry groups argued that FDA regulation would “stifle innovation” and stall the national drive to bring medicine into the modern era. Federal officials responsible for doling out billions in subsidies to doctors and hospitals generally sympathized with that view and were skeptical of allowing the FDA to play a role.

The debate became public in February 2010, when Jeffrey Shuren, an FDA official, testified at a public hearing that the agency had tied six deaths and more than 200 injuries to health information technology. In all, the FDA said, it had logged 260 reports in the previous two years of “malfunctions with the potential for patient harm.”

The agency said the findings were based largely on reports voluntarily submitted to the FDA and suggested “significant clinical implications and public safety issues.” In one case cited, lab tests done in a hospital emergency room were sent to the wrong patient’s file. Since then, several government and private repositories have associated thousands of injuries, near misses and deaths to EHR technology.

Shuren said in 2010 that the agency recognized that health information technology had great potential to improve patient care, but also needed oversight to “assure patient safety.”

While some safety proponents agree that EHRs offer tremendous benefits, they also see a greater opportunities to improve their safety.

Dean Sittig, a professor of bioinformatics and bioengineering at the University of Texas Health Science Center, said EHRs have improved safety within the health care system, but they have not eliminated errors to the extent that he would have expected. Federal officials were initially pushing for rapid adoption and “there wasn’t a lot of interest in talking about things that could go wrong,” Sittig told KHN and Fortune.

Earlier this month, Gottlieb announced his from the FDA. His last day is scheduled to be April 5.

KHN correspondents Sarah Jane Tribble, Sydney Lupkin and Julie Rovner contributed to this report.

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).

Two months later, Monachelli was dead of a brain aneurysm, a condition that, despite the symptoms and the appointments, had never been tested for or diagnosed until she turned up in the emergency room days before her death.

Monachelli’s husband sued Stowe, the federally qualified health center the physician worked for. Owen Foster, a newly hired assistant U.S. attorney with the District of Vermont, was assigned to defend the government. Though it looked to be a standard medical malpractice case, Foster was on the cusp of discovering something much bigger — what his boss, U.S. Attorney Christina Nolan, calls the “frontier of health care fraud” — and prosecuting a first-of-its-kind case that landed the largest-ever financial recovery in Vermont’s history.

Foster began with Monachelli’s medical records, which offered a puzzle. Her doctor had considered the possibility of an aneurysm and, to rule it out, had ordered a head scan through the clinic’s software system, the government alleged in court filings. The test, in theory, would have caught the bleeding in Monachelli’s brain. But the order never made it to the lab; it had never been transmitted.

The software in question was an electronic health records system, or EHR, made by eClinicalWorks (eCW), one of the leading sellers of record-keeping software for physicians in America, currently used by 850,000 health professionals in the U.S. It didn’t take long for Foster to assemble — Better Business Bureau complaints, issues flagged on an eCW user board, and legal cases filed around the country — suggesting the company’s technology didn’t work quite the way it said it did.

Until this point, Foster, like most Americans, knew next to nothing about electronic medical records, but he was quickly amassing clues that eCW’s software had major problems — some of which put patients, like Annette Monachelli, at risk.

Damning evidence came from a whistleblower claim filed in 2011 against the company. Brendan Delaney, a British cop turned EHR expert, was hired in 2010 by New York City to work on the eCW implementation at Rikers Island, a jail complex that then had more than 100,000 inmates. But soon after he was hired, Delaney noticed scores of troubling problems with the system, which became the basis for his lawsuit. The patient medication lists weren’t reliable; prescribed drugs would not show up, while discontinued drugs would appear as current, according to the complaint. The EHR would sometimes display one patient’s medication profile accompanied by the physician’s note for a different patient, making it easy to misdiagnose or prescribe a drug to the wrong individual. Prescriptions, some 30,000 of them in 2010, lacked proper start and stop dates, introducing the opportunity for under- or overmedication. The eCW system did not reliably track lab results, concluded Delaney, who tallied 1,884 tests for which they had never gotten outcomes.

The District of Vermont launched an official federal investigation in 2015.

The eCW spaghetti code was so buggy that when one glitch got fixed, another would develop, the government found. The user interface offered a few ways to order a lab test or diagnostic image, for example, but not all of them seemed to function. The software would detect and warn users of dangerous drug interactions, but unbeknownst to physicians, the alerts stopped if the drug order was customized. “It would be like if I was driving with the radio on and the windshield wipers going and when I hit the turn signal, the brakes suddenly didn’t work,” said Foster.

The eCW system also failed to use the standard drug codes and, in some instances, lab and diagnosis codes as well, the government alleged.

The case never got to a jury. In May 2017, eCW paid a $155 million settlement to the government over alleged “false claims” and kickbacks — one physician made tens of thousands of dollars — to clients who promoted its product. Despite the record settlement, the company denied wrongdoing; eCW did not respond to numerous requests for comment.

If there is a kicker to this tale, it is this: The U.S. government bankrolled the adoption of this software — and continues to pay for it. Or we should say: You do.

Which brings us to the strange, sad, and aggravating story that unfolds below. It is not about one lawsuit or a piece of sloppy technology. Rather, it’s about a trouble-prone industry that intersects, in the most personal way, with every one of our lives. It’s about a $3.7 trillion health care system idling at the crossroads of progress. And it’s about a slew of unintended consequences — the surprising casualties of a big idea whose time had seemingly come.

The Virtual Magic Bullet

Electronic health records were supposed to do a lot: make medicine safer, bring higher-quality care, empower patients, and yes, even save money. Boosters heralded an age when researchers could harness the big data within to reveal the most effective treatments for disease and sharply reduce medical errors. Patients, in turn, would have truly portable health records, being able to share their medical histories in a flash with doctors and hospitals anywhere in the country — essential when life-and-death decisions are being made in the ER.

But 10 years after President Barack Obama signed a law to accelerate the digitization of medical records — with the federal government, so far, sinking $36 billion into the effort — America has little to show for its investment. KHN and Fortune spoke with more than 100 physicians, patients, IT experts and administrators, health policy leaders, attorneys, top government officials and representatives at more than a half-dozen EHR vendors, including the CEOs of two of the companies. The interviews reveal a tragic missed opportunity: Rather than an electronic ecosystem of information, the nation’s thousands of EHRs largely remain a sprawling, disconnected patchwork. Moreover, the effort has handcuffed health providers to technology they mostly can’t stand and has enriched and empowered the $13-billion-a-year industry that sells it.

By one measure, certainly, the effort has achieved what it set out to do: Today, 96 percent of hospitals have adopted EHRs, up from just 9 percent in 2008. But on most other counts, the newly installed technology has fallen well short. Physicians complain about clumsy, unintuitive systems and the number of hours spent clicking, typing and trying to navigate them — which is more than the hours they spend with patients. Unlike, say, with the global network of ATMs, the proprietary EHR systems made by more than 700 vendors routinely don’t talk to one another, meaning that doctors still resort to transferring medical data via fax and CD-ROM. ­Patients, meanwhile, still struggle to access their own records — and, sometimes, just plain can’t.

Instead of reducing costs, many say, EHRs, which were originally optimized for billing rather than for patient care, have instead made it easier to engage in “upcoding” or bill inflation (though some say the systems also make such fraud easier to catch).

More gravely still, a months-long joint investigation by KHN and Fortune has found that instead of streamlining medicine, the government’s EHR initiative has created a host of largely unacknowledged patient safety risks. Our investigation found that alarming reports of patient deaths, serious injuries and near misses — thousands of them — tied to software glitches, user errors or other flaws have piled up, largely unseen, in various government-funded and private repositories.

Compounding the problem are entrenched secrecy policies that continue to keep software failures out of public view. EHR vendors often impose contractual “gag clauses” that discourage buyers from speaking out about safety issues and disastrous software installations — though some customers have taken to the courts to air their grievances. Plaintiffs, moreover, say hospitals often fight to withhold records from injured patients or their families. Indeed, two doctors who spoke candidly about the problems they faced with EHRs later asked that their names not be used, adding that they were forbidden by their health care organizations to talk. Says Assistant U.S. Attorney Foster, the EHR vendors “are protected by a shield of silence.”

Though the software has reduced some types of clinical mistakes common in the era of handwritten notes, Raj Ratwani, a researcher at MedStar Health in Washington, D.C., has documented new patterns of medical errors tied to EHRs that he believes are both perilous and preventable. “The fact that we’re not able to broadcast that nationally and solve these issues immediately, and that another patient somewhere else may be harmed by the very same issue — that just can’t happen,” he said.

David Blumenthal, who, as Obama’s national coordinator for health information technology, was one of the architects of the EHR initiative, acknowledged to KHN and Fortune that electronic health records “have not fulfilled their potential. I think few would argue they have.”

The former president has likewise singled out the effort as one of his most disappointing, bemoaning in a January 2017 interview with Vox “the fact that there are still just mountains of paperwork … and the doctors still have to input stuff, and the nurses are spending all their time on all this administrative work. We put a big slug of money into trying to encourage everyone to digitalize, to catch up with the rest of the world … that’s been harder than we expected.”

Seema Verma, the current chief of the Centers for Medicare & Medicaid Services (CMS), which oversees the EHR effort today, shudders at the billions of dollars spent building software that doesn’t share data — an electronic bridge to nowhere. “Providers developed their own systems that may or may not even have worked well for them,” she told KHN and Fortune in an interview last month, “but we didn’t think about how all these systems connect with one another. That was the real missing piece.”

Perhaps none of the initiative’s former boosters is quite as frustrated as former Vice President Joe Biden. At a 2017 meeting with health care leaders in Washington, he railed against the infuriating challenge of getting his son Beau’s medical records from one hospital to another. “I was stunned when my son for a year was battling stage 4 glioblastoma,” said Biden. “I couldn’t get his records. I’m the vice president of the United States of America.  … It was an absolute nightmare. It was ridiculous, absolutely ridiculous, that we’re in that circumstance.”

A Bridge To Nowhere

As Biden would tell you, the original concept was a smart one. The wave of digitization had swept up virtually every industry, bringing both disruption and, in most cases, greater efficiency. And perhaps none of these industries was more deserving of digital liberation than medicine, where life-measuring and potentially lifesaving data was locked away in paper crypts — stack upon stack of file folders at doctors’ offices across the country.

Stowed in steel cabinets, the records were next to useless. Nobody — particularly at the dawn of the age of the iPhone — thought it was a good idea to leave them that way. The problem, say critics, was in the way that policy­makers set about to transform them.

“Every single idea was well-meaning and potentially of societal benefit, but the combined burden of all of them hitting clinicians simultaneously made office practice basically impossible,” said John Halamka, chief information officer at Beth Israel Deaconess Medical Center, who served on the EHR standards committees under both George W. Bush and Barack Obama. “In America, we have 11 minutes to see a patient, and, you know, you’re going to be empathetic, make eye contact, enter about 100 pieces of data, and never commit malpractice. It’s not possible!”

KHN and Fortune examined more than two dozen medical negligence cases that have alleged that EHRs either contributed to injuries, had been improperly altered, or were withheld from patients to conceal substandard care. In such cases, the suits typically settle prior to trial with strict confidentiality pledges, so it’s often not possible to determine the merits of the allegations. EHR vendors also frequently have contract stipulations, known as “hold harmless clauses,” that protect them from liability if hospitals are later sued for medical errors — even if they relate to an issue with the technology.

But lawsuits, like that filed by Fabian ­Ronisky, which do emerge from this veil, are quite telling.

Ronisky, according to his complaint, arrived by ambulance at Providence Saint John’s Health Center in Santa Monica on the afternoon of March 2, 2015. For two days, the young lawyer had been suffering from severe headaches while a disorienting fever left him struggling to tell the 911 operator his address.

Suspecting meningitis, a doctor at the hospital performed a spinal tap, and the next day an infectious disease specialist typed in an order for a critical lab test — a check of the spinal fluid for viruses, including herpes simplex — into the hospital’s EHR.

The multimillion-dollar system, manufactured by Epic Systems Corp. and considered by some to be the Cadillac of medical software, had been installed at the hospital about four months earlier. Although the order appeared on Epic’s screen, it was not sent to the lab. It turned out, Epic’s software didn’t fully “interface” with the lab’s software, according to a lawsuit Ronisky filed in February 2017 in Los Angeles County Superior Court. His results and diagnosis were delayed — by days, he claimed — during which time he suffered irreversible brain damage from herpes encephalitis. The suit alleged the mishap delayed doctors from giving Ronisky a drug called acyclovir that might have minimized damage to his brain.

Epic denied any liability or defects in its software; the company said the doctor failed to push the right button to send the order and that the hospital, not Epic, had configured the interface with the lab. Epic, among the nation’s largest manufacturers of computerized health records and the leading provider to most of America’s most elite medical centers, quietly paid in July 2018, according to court records. The hospital and two doctors paid a total of $7.5 million, and a case against a third doctor is pending trial. Ronisky, 34, who is fighting to rebuild his life, declined to comment.

Incidents like that which happened to Ronisky — or to Annette Monachelli, for that matter — are surprisingly common, data show. And the back-and-forth about where the fault lies in such cases is actually part of the problem: The systems are often so confusing (and training on them seldom sufficient) that errors frequently fall into a nether zone of responsibility. It can be hard to tell where human error begins and the technological short­comings end.

EHRs promised to put all of a patient’s records in one place, but often that’s the problem. Critical or time-sensitive information routinely gets buried in an endless scroll of data, where in the rush of medical decision-making — and amid the maze of pulldown menus — it can be missed.

Thirteen-year-old Brooke Dilliplaine, who was severely allergic to dairy, was given a probiotic containing milk. The two doses sent her into “complete respiratory distress” and resulted in a collapsed lung, according to a lawsuit filed by her mother. Rory Staunton, 12, scraped his arm in gym class and then died of sepsis after ER doctors discharged the boy on the basis of lab results in the EHR that weren’t complete. And then there’s the case of Thomas Eric Duncan. The 42-year-old man was sent home in 2014 from a Dallas hospital infected with Ebola virus. Though a nurse had entered in the EHR his recent travel to Liberia, where an Ebola epidemic was then in full swing, the doctor never saw it. Duncan died a week later.

Many such cases end up in court. Typically, doctors and nurses blame faulty technology in the medical-records systems. The EHR vendors blame human error. And meanwhile, the cases mount.

Quantros, a private health care analytics firm, said it has logged 18,000 EHR-related safety events from 2007 through 2018, 3 percent of which resulted in patient harm, including seven deaths — a figure that a Quantros director said is “drastically underreported.”

A 2016 study by The Leapfrog Group, a patient-safety watchdog based in Washington, D.C., found that the medication-ordering function of hospital EHRs — a feature required by the government for certification but often configured differently in each system — failed to flag potentially harmful drug orders in 39 percent of cases in a test simulation. In 13 percent of those cases, the mistake could have been fatal.

The Pew Charitable Trusts has, for the past few years, run an EHR safety project, taking aim at issues like usability and patient matching — the process of linking the correct medical record to the correct patient — a seemingly basic task at which the systems, even when made by the same EHR vendor, often fail. At some institutions, according to Pew, such matching was accurate only 50 percent of the time. Patients have discovered mistakes as well: A January by the Kaiser Family Foundation found that 1 in 5 patients spotted an error in their electronic medical records. (Kaiser Health News is an editorially independent program of the foundation.)

The Joint Commission, which certifies hospitals, has sounded alarms about a number of issues, including false alarms — which account for between 85 and 99 percent of EHR and medical device alerts. (One study by researchers at Oregon Health & Science University estimated that the average clinician working in the intensive care unit may be exposed to up to 7,000 passive alerts per day.) Such over-warning can be dangerous. From 2014 to 2018, the commission tallied 170 mostly voluntary reports of patient harm related to alarm management and alert fatigue — the phenomenon in which health workers, so overloaded with unnecessary warnings, ignore the occasional meaningful one. Of those 170 incidents, 101 resulted in patient deaths.

The Pennsylvania Patient Safety Authority, an independent state agency that collects information about adverse events and incidents, counted 775 “laboratory-test problems” related to health IT from January 2016 to December 2017.

To be sure, medical errors happened en masse in the age of paper medicine, when hospital staffers misinterpreted a physician’s scrawl or read the wrong chart to deadly consequence, for instance. But what is perhaps telling is how many doctors today opt for manual workarounds to their EHRs. Aaron Zachary Hettinger, an emergency medicine physician with MedStar Health in Washington, D.C., said that when he and fellow clinicians need to share critical patient information, they write it on a whiteboard or on a paper towel and leave it on their colleagues’ computer keyboards.

While the Food and Drug Administration doesn’t mandate reporting of EHR safety events — as it does for regulated medical devices — concerned posts have nonetheless proliferated in the database of adverse events, which now serves as an ad hoc bulletin board of warnings about the various systems.

Further complicating the picture is that health providers nearly always tailor their one-size-fits-all EHR systems to their own specifications. Such customization makes every one unique and often hard to compare with others — which, in turn, makes the source of mistakes difficult to determine.

Dr. Martin Makary, a surgical oncologist at Johns Hopkins and the co-author of a much-cited 2016 study that identified medical errors as the third-leading cause of death in America, credits EHRs for some safety improvements — including recent changes that have helped put electronic brakes on the opioid epidemic. But, he said, “we’ve swapped one set of problems for another. We used to struggle with handwriting and missing information. We now struggle with a lack of visual cues to know we’re writing and ordering on the correct patient.”

Dr. Joseph Schneider, a pediatrician at UT Southwestern Medical Center, compares the transition we’ve made, from paper records to electronic ones, to moving from horses to automobiles. But in this analogy, he added, “our cars have advanced to about the 1960s. They still don’t have seat belts or air bags.”

Schneider recalled one episode when his colleagues couldn’t understand why chunks of their notes would inexplicably disappear. They figured out the problem weeks later after intense study: Physicians had been inputting squiggly brackets — {} — the use of which, unbeknownst to even vendor representatives, deleted the text between them. (The EHR maker initially blamed the doctors, said Schneider.)

A broad coalition of actors, from National Nurses United to the Texas Medical Association to leaders within the FDA, has long called for oversight on electronic-record safety issues. Among the most outspoken is Ratwani, who directs MedStar Health’s National Center on Human Factors in Healthcare, a 30-­person institute focused on optimizing the safety and usability of medical technology. Ratwani spent his early career in the defense industry, studying things like the intuitiveness of information displays. When he got to MedStar in 2012, he was stunned by “the types of [digital] interfaces being used” in health care, he said.

In a study published last year in the journal Health Affairs, Ratwani and colleagues studied medication errors at three pediatric hospitals from 2012 to 2017. They discovered that 3,243 of them were owing in part to EHR “usability issues.” Roughly 1 in 5 of these could have resulted in patient harm, the researchers found. “Poor interface design and poor implementations can lead to errors and sometimes death, and that is just unbelievably bad as well as completely fixable,” he said. “We should not have patients harmed this way.”

Using eye-tracking technology, Ratwani has demonstrated on video just how easy it is to make mistakes when performing basic tasks on the nation’s two leading EHR systems. When emergency room doctors went to order Tylenol, for example, they saw a drop-down menu listing 86 options, many of which were irrelevant for the specified patient. They had to read the list carefully, so as not to click the wrong dosage or form — though many do that too: In roughly 1 out of 1,000 orders, physicians accidentally select the suppository (designated “PR”) rather than the tablet dose (“OR”), according to one estimate. That’s not an error that will harm a patient — though other medication mix-ups can and do.

Earlier this year, MedStar’s human-factors center and public awareness campaign with the American Medical Association to draw attention to such rampant mistakes — they use the letters “EHR” as an initialism for “Errors Happen Regularly” — and to petition Congress for action. Ratwani is pushing for a central database to track such errors and adverse events.

Others have turned to social media to vent. Dr. Mark Friedberg, a health-policy researcher with the Rand Corp. who is also a practicing primary care physician, champions the Twitter hashtag ­#EHRbuglist to encourage fellow health care workers to air their pain points. And last month, a scathing Epic parody account cropped up on Twitter, earning more than 8,000 followers in its first five days. Its maiden tweet, written in the mock voice of an Epic overlord, read: “I once saw a doctor make eye contact with a patient. This horror must stop.”

As much as EHR systems are blamed for sins of commission, it is often the sins of omission that trip up users even more.

Consider the case of Lynne Chauvin, who worked as a medical assistant at Ochsner Health System, in Louisiana. In a still-pending 2015 lawsuit, Chauvin alleges that Epic’s software failed to fire a critical medication warning; Chauvin suffered from conditions that heightened her risk for blood clots, and though that history was documented in her records, she was treated with drugs that restricted blood flow after a heart procedure at the hospital. She developed gangrene, which led to the amputation of her lower legs and forearm. (Ochsner Health System said that while it cannot comment on ongoing litigation, it “remains committed to patient safety which we strongly believe is optimized through the use of electronic health record technology.” Epic declined to comment.)

Echoing the complaints of many doctors, the suit argues that Epic software “is extremely complicated to view and understand,” owing to “significant repetition of data.” Chauvin said that her medical bills have topped $1 million and that she is permanently disabled. Her husband, Richard, has become her primary caregiver and had to retire early from his job with the city of Kenner to care for his wife, according to the suit. Each party declined to comment.

An Epidemic Of Burnout

The numbing repetition, the box-ticking and the endless searching on pulldown menus are all part of what Ratwani called the “cognitive burden” that’s wearing out today’s physicians and driving increasing numbers into early retirement.

In recent years, “physician burnout” has skyrocketed to the top of the agenda in medicine. A 2018 Merritt Hawkins survey found a staggering 78 percent of doctors suffered symptoms of burnout, and in January the Harvard School of Public Health and other institutions deemed it a “public health crisis.”

One of the co-authors of the Harvard study, Ashish Jha, pinned much of the blame on “the growth in poorly designed digital health records … that [have] required that physicians spend more and more time on tasks that don’t directly benefit patients.”

Few would deny that the swift digitization of America’s medical system has been transformative. With EHRs now nearly universal, the face and feel of medicine has changed. The doctor is now typing away, making more eye contact with the computer screen, perhaps, than with the patient. Patients don’t like that dynamic; for doctors, whose days increasingly begin and end with such fleeting encounters, the effect can be downright deadening.

“You’re sitting in front of a patient, and there are so many things you have to do, and you only have so much time to do it in — seven to 11 minutes, probably — so when do you really listen?” asked John-Henry Pfifferling, a medical anthropologist who counsels physicians suffering from burnout. “If you go into medicine because you care about interacting, and then you’re just a tool, it’s dehumanizing,” said Pfifferling, who has seen many physicians leave medicine over the shift to electronic records. “It’s a disaster,” he said.

Beyond complicating the physician-patient relationship, EHRs have in some ways made practicing medicine harder, said Dr. Hal Baker, a physician and the chief information officer at WellSpan, a Pennsylvania hospital system. “Physicians have to cognitively switch between focusing on the record and focusing on the patient,” he said. He points out how unusual — and potentially dangerous — this is: “Texting while you’re driving is not a good idea. And I have yet to see the CEO who, while running a board meeting, takes minutes, and certainly I’ve never heard of a judge who, during the trial, would also be the court stenographer. But in medicine … we’ve asked the physician to move from writing in pen to [entering a computer] record, and it’s a pretty complicated interface.”

Even if docs may be at the keyboard during visits, they report having to spend hours more outside that time — at lunch, late at night — in order to finish notes and keep up with electronic paperwork (sending referrals, corresponding with patients, resolving coding issues). That’s right. EHRs didn’t take away paperwork; the systems just moved it online. And there’s a lot of it: 44 percent of the roughly six hours a physician spends on the EHR each day is focused on clerical and administrative tasks, like billing and coding, according to a 2017 Annals of Family Medicine study.

For all that so-called pajama time — the average physician logs 1.4 hours per day on the EHR after work — they don’t get a cent.

Many doctors do recognize the value in the technology: 60 percent of participants in Stanford Medicine’s 2018 National Physician Poll said EHRs had led to improved patient care. At the same time, about as many (59 percent) said EHRs needed a “complete overhaul” and that the systems had detracted from their professional satisfaction (54 percent) as well as from their clinical effectiveness (49 percent).

In preliminary studies, Ratwani has found that doctors have a typical physiological reaction to using an EHR: stress. When he and his team shadow clinicians on the job, they use a range of sensors to monitor the doctors’ heart rate and other vital signs over the course of their shift. The physicians’ heart rates will spike — as high as 160 beats per minute — on two sorts of occasions: when they are interacting with patients and when they’re using the EHR.

“Everything is so cumbersome,” said Dr. Karla Dick, a family medicine physician in Arlington, Texas. “It’s slow compared to a paper chart. You’re having to click and zoom in and zoom out to look for stuff.” With all the zooming in and out, she explained, it’s easy to end up in the wrong record. “I can’t tell you how many times I’ve had to cancel an order because I was in the wrong chart.”

Among the daily frustrations for one emergency room physician in Rhode Island is ordering ibuprofen, a seemingly simple task that now requires many rounds of mouse clicking. Every time she prescribes the basic painkiller for a female patient, whether that patient is 9 or 68 years old, the prescription is blocked by a pop-up alert warning her that it may be dangerous to give the drug to a pregnant woman. The physician, whose institution does not allow her to comment on the systems, must then override the warning with yet more clicks. “That’s just the tiniest tip of the iceberg,” she said.

What worries the doctor most is the ease with which diligent, well-meaning physicians can make serious medical errors. She noted that the average ER doc will make 4,000 mouse clicks over the course of a shift, and that the odds of doing anything 4,000 times without an error is small. “The interfaces are just so confusing and clunky,” she added. “They invite error … it’s not a negligence issue. This is a poor tool issue.”

Many of the EHR makers acknowledge physician burnout is real and say they’re doing what they can to lessen the burden and enhance user experience. Dr. Sam Butler, a pulmonary critical care specialist who started working at Epic in 2001, leads those efforts at the Wisconsin-based company. When doctors get more than 100 messages per week in their in-basket (akin to an email inbox), there’s a higher likelihood of burnout. Butler’s team has also analyzed doctors’ electronic notes — they’re twice as long as they were nine years ago, and three to four times as long as notes in the rest of the world. He said Epic uses such insights to improve the client experience. But coming up with fixes is difficult because doctors “have different viewpoints on everything,” he said. (KHN and Fortune made multiple requests to interview Epic CEO Judy Faulkner, but the company declined to make her available. In a trade interview in February, however, Faulkner said that EHRs were unfairly blamed for physician burnout and cited a study suggesting that there’s little correlation between burnout and EHR satisfaction. Executives at other vendors noted that they’re aware of usability issues and that they’re working on addressing them.)

“It’s not that we’re a bunch of Luddites who don’t know how to use technology,” said the Rhode Island ER doctor. “I have an iPhone and a computer and they work the way they’re supposed to work, and then we’re given these incredibly cumbersome and error-prone tools. This is something the government mandated. There really wasn’t the time to let the cream rise to the top; everyone had to jump in and pick something that worked and spend tens of millions of dollars on a system that is slowly killing us.”

$36 Billion And Change

The effort to digitize America’s health records got its biggest push in a very low moment: the financial crisis of 2008. In early December of that year, Obama, barely four weeks after his election, . “We will make sure that every doctor’s office and hospital in this country is using cutting-edge technology and electronic medical records so that we can cut red tape, prevent medical mistakes and help save billions of dollars each year,” he said in a radio address.

The idea had already been a fashionable one in Washington. Former House Speaker Newt Gingrich was fond of saying it was easier to track a FedEx package than one’s medical records. Obama’s predecessor, President George W. Bush, had also pursued the idea of wiring up the country’s health system. He didn’t commit much money, but Bush did create an agency to do the job: the Office of the National Coordinator (ONC).

In the depths of recession, the EHR conceit looked like a shovel-ready project that only the paper lobby could hate. In February 2009, legislators passed the HITECH Act, which carved out a hefty chunk of the massive stimulus package for health information technology. The goal was not just to get hospitals and doctors to buy EHRs, but rather to get them using them in a way that would drive better care. So lawmakers devised a carrot-and-stick approach: Physicians would qualify for federal subsidies (a sum of up to nearly $64,000 over a period of years) only if they were “meaningful users” of a government-certified system. Vendors, for their part, had to develop systems that met the government’s requirements.

They didn’t have much time, though. The need to stimulate the economy, which meant getting providers to adopt EHRs quickly, “presented a tremendous conundrum,” said Farzad Mostashari, who joined the ONC as deputy director in 2009 and became its leader in 2011: The ideal — creating a useful, interoperable, nationwide records system — was “utterly infeasible to get to in a short time frame.”

That didn’t stop the federal planners from pursuing their grand ambitions. Everyone had big ideas for the EHRs. The FDA wanted the systems to track unique device identifiers for medical implants, the Centers for Disease Control and Prevention wanted them to support disease surveillance, CMS wanted them to include quality metrics and so on. “We had all the right ideas that were discussed and hashed out by the committee,” said Mostashari, “but they were all of the right ideas.”

Not everyone agreed, though, that they were the right ideas. Before long, “meaningful use” became pejorative shorthand to many for a burdensome government program — making doctors do things like check a box indicating a patient’s smoking status each and every visit.

The EHR vendor community, then a scrappy $2 billion industry, griped at the litany of requirements but stood to gain so much from the government’s $36 billion injection that it jumped in line. As Rusty Frantz, CEO of EHR vendor NextGen Healthcare, put it: “The industry was like, ‘I’ve got this check dangling in front of me, and I have to check these boxes to get there, and so I’m going to do that.’”

Halamka, who was an enthusiastic backer of the initiative in both the Bush and Obama administrations, blames the pressure for a speedy launch as much as the excessive wish list. “To go from a regulation to a highly usable product that is in the hands of doctors in 18 months, that’s too fast,” he said. “It’s like asking nine women to have a baby in a month.”

Several of those who worked on the project admit the rollout was not as easy or seamless as they’d anticipated, but they contend that was never the point. Aneesh Chopra, appointed by Obama in 2009 as the nation’s first chief technology officer, called the spending a “down payment” on a vision to fundamentally change American medicine — creating a digital infrastructure to support new ways to pay for health services based on their quality and outcomes.

Dr. Bob Kocher, a physician and star investor with venture capital firm Venrock, who served in the Obama administration from 2009 to 2011 as a health and economic policy adviser, not only defends the rollout then but also disputes the notion that the government initiative has been a failure at all. “EHRs have totally lived up to the hype and expectations,” he said, emphasizing that they also serve as a technology foundation to support innovation on everything from patients accessing their medical records on a smartphone to AI-driven medical sleuthing. Others note the systems’ value in aggregating medical data in ways that were never possible with paper — helping, for example, to figure out that contaminated water was poisoning children in Flint, Mich.

But Rusty Frantz heard a far different message about EHRs — and, more important, it was coming from his own customers.

The Stanford-trained engineer, who in 2015 became CEO of NextGen, a $500-million-a-year EHR heavyweight in the physician-office market, learned the hard way about how his product was being viewed. As he stood at the podium at his first meeting with thousands of NextGen customers at Las Vegas’ Mandalay Bay Resort, just four months after getting the job, he told KHN and Fortune, “People were lining up at the microphones to yell at us: ‘We weren’t delivering stable software! The executive team was inaccessible! The service experience was terrible!’ ” (He now refers to the event as “Festivus: the airing of the grievances.”)

Frantz had bounced around the health care industry for much of his career, and from the nearby perch of a medical device company, he watched the EHR incentive bonanza with a mix of envy and slack-jawed awe. “The industry was moving along in a natural Darwinist way, and then along came the stimulus,” said Frantz, who blames the government’s ham-handed approach to regulation. “The software got slammed in, and the software wasn’t implemented in a way that supported care,” he said. “It was installed in a way that supported stimulus. This company, we were complicit in it, too.”

Even that may be a generous description. KHN and Fortune found a trail of lawsuits against the company, stretching from White Sulphur Springs, Mont., to Neillsville, Wis. Mary Rutan Hospital in Bellefontaine, Ohio, sued NextGen (formerly called Quality Systems) in federal court in 2013, arguing that it experienced hundreds of problems with the “materially defective” software the company had installed in 2011.

A consultant hired by the hospital to evaluate the NextGen system, whose was submitted to the court, identified “many functional defects” that he said rendered the software “unfit for its intended purpose.” Some patient information was not accurately recorded, which had the potential, the consultant wrote, “to create major patient care risk which could lead to, at a minimum, inconvenience, and at worst, malpractice or even death.” Glitches at Mary Rutan included incidents in which the software would apparently change a patient’s gender at random or lose a doctor’s observations after an exam, the consultant reported. The company, he found, sometimes took months to address issues: One IT ticket, which related to a physician’s notes inexplicably deleting themselves, reportedly took 10 months to resolve. (The consultant also noted that similar problems appeared to be occurring at as many as a dozen other hospitals that had installed NextGen software.)

The Ohio hospital, which paid more than $1.5 million for its EHR system, claimed breach of contract. NextGen responded that it disputed the claims made in the lawsuit and that the matter was resolved in 2015 “with no findings of fact by a court related to the allegations.” The hospital declined to comment.

At the time, as it has been since then, NextGen’s software was certified by the government as meeting the requirements of the stimulus program. By 2016, NextGen had more than 19,000 customers who had received federal subsidies.

NextGen was subpoenaed by the Department of Justice in December 2017, months after becoming the subject of a federal investigation led by the District of Vermont. Frantz tells KHN and Fortune that NextGen is cooperating with the investigation. “This company was not dishonest, but it was not effective four years ago,” he said. Frantz also emphasized that NextGen has “rapidly evolved” during his tenure, earning five industry awards since 2017, and that customers have “responded very positively.”

Glen Tullman, who until 2012 led Allscripts, another leading EHR vendor that benefited royally from the stimulus and that has been sued by numerous unhappy customers, admitted that the industry’s race to market took priority over all else.

“It was a big distraction. That was an unintended consequence of that,” Tullman said. “All the companies were saying, This is a one-time opportunity to expand our share, focus everything there, and then we’ll go back and fix it.” The Justice Department has opened a civil investigation into the company, Securities and Exchange Commission filings show. Allscripts said in an email that it cannot comment on an ongoing investigation, but that the civil investigations by the Department of Justice relate to businesses it acquired after the investigations were opened.

Much of the marketing mayhem occurred because federal officials imposed few controls over firms scrambling to cash in on the stimulus. It was a gold rush — and any system, it seemed, could be marketed as “federally approved.” Doctors could shop for bargain-price software packages at Costco and Walmart’s Sam’s Club — where eClinicalWorks sold a “turnkey” system for $11,925 — and cash in on the government’s adoption incentives.

The top-shelf vendors in 2009 crisscrossed the country like rock groups, gigging at some 30 cities, where they offered doctors who showed up to hear the pitch “a customized analysis” of how much money they could earn off the government incentives. Following the same playbook used by pharmaceutical companies, EHR sellers courted doctors at fancy dinners in ritzy hotels. One enterprising software firm advertised a “cash for clunkers” deal that paid $3,000 to doctors willing to trade in their current records system for a new one. Athenahealth held “invitation only” dinners at luxury hotels to advise doctors, among other things, how to use the stimulus to get paid more and capture available incentives. Allscripts offered a no-money-down purchase plan to help doctors “maximize the return on your EHR investment.” (An Athena­health spokesperson said the company’s “dinners were educational in nature and aimed at helping physicians navigate the government program.” Allscripts did not respond directly to questions about its marketing practices, but said it “is proud of the software and services [it provides] to hundreds of thousands of caregivers across the globe.”)

EHRs were supposed to reduce health care costs, at least in part by preventing duplicative tests. But as the federal government opened the stimulus tap, many raised doubts about the promised savings. Advocates bandied about a figure of $80 billion in cost savings even as congressional auditors were debunking it. While the jury’s still out, there’s growing suspicion the digital revolution may potentially raise health care costs by encouraging overbilling and new strains of fraud and abuse.

In September 2012, following press reports suggesting that some doctors and hospitals were using the new technology to improperly boost their fees, a practice known as “upcoding,” then-Health and Human Services chief Kathleen Sebelius and Attorney General Eric Holder not to try to “game the system.”

There’s also growing evidence that some doctors and health systems may have overstated their use of the new technology to secure stimulus funds, a potentially enormous fraud against Medicare and Medicaid that likely will take many years to unravel. In June 2017, the HHS inspector general estimated that Medicare officials made more than $729 million in subsidy payments to hospitals and doctors that didn’t deserve them.

Individual states, which administer the Medicaid portion of the program, haven’t fared much better. Audits have uncovered overpayments in 14 of 17 state programs reviewed, totaling more than $66 million, according to inspector general reports.

Last month, Sen. Chuck Grassley, an Iowa Republican who chairs the Senate Finance Committee, sharply criticized CMS for recovering only a tiny fraction of these bogus payments, or what he termed a “spit in the ocean.”

EHR vendors have also been accused of egregious and patient-endangering acts of fraud as they raced to cash in on the stimulus money grab. In addition to the U.S. government’s with eClinicalWorks noted above, the federal government has reached a second settlement over similar charges against another large vendor, Tampa-based Greenway Health. In February, that company for just over $57 million without denying or admitting wrongdoing. “These are cases of corporate greed, companies that prioritized profits over everything else,” said Christina Nolan, the U.S. attorney for the District of Vermont, whose office led the cases. (In a response, Greenway Health did not address the charges or the settlement but said it was “committing itself to being the standard-bearer for quality, compliance, and transparency.”)

Tower Of Babel

In early 2017, Seema Verma, then the country’s newly appointed CMS administrator, went on a listening tour. She visited doctors around the country, at big urban practices and tiny rural clinics, and from those front-line physicians she consistently heard one thing: They hated their electronic health records. “Physician burnout is real,” she told KHN and Fortune. The doctors spoke of the difficulty in getting information from other systems and providers, and they complained about the government’s reporting requirements, which they perceived as burdensome and not meaningful.

What she heard then became suddenly personal one summer day in 2017, when her husband, himself a physician, collapsed in the airport on his way home to Indianapolis after a family vacation. For a frantic few hours, the CMS administrator fielded phone calls from first responders and physicians — Did she know his medical history? Did she have information that could save his life? — and made calls to his doctors in Indiana, scrambling to piece together his record, which should have been there in one piece. Her husband survived the episode, but it laid bare the dysfunction and danger inherent in the existing health information ecosystem.

The notion that one EHR should talk to another was a key part of the original vision for the HITECH Act, with the government calling for systems to be eventually interoperable.

What the framers of that vision didn’t count on were the business incentives working against it. A free exchange of information means that patients can be treated anywhere. And though they may not admit it, many health providers are loath to lose their patients to a competing doctor’s office or hospital. There’s a term for that lost revenue: “leakage.” And keeping a tight hold on patients’ medical records is one way to prevent it.

There’s a ton of proprietary value in that data, said Blumenthal, who now heads the Commonwealth Fund, a philanthropy that does health research. Asking hospitals to give it up is “like asking Amazon to share their data with Walmart,” he said.

Blumenthal acknowledged that he failed to grasp these perverse business dynamics and foresee what a challenge getting the systems to talk to one another would be. He added that forcing interoperability goals early on, when 90 percent of the nation’s providers still didn’t have systems or data to exchange, seemed unrealistic. “We had an expression: They had to operate before they could interoperate,” he said.

In the absence of true incentives for systems to communicate, the industry limped along; some providers wired up directly to other select providers or through regional exchanges, but the efforts were spotty. A Cerner-backed interoperability network called CommonWell formed in 2013, but some companies, including dominant Epic, didn’t join. (“Initially, Epic was neither invited nor allowed to join,” said Sumit Rana, senior vice president of R&D at Epic. Jitin Asnaani, executive director of CommonWell countered, “We made repeated invitations to every major EHR … and numerous public and private invitations to Epic.”)

Epic then supported a separate effort to do much the same.

Last spring, Verma attempted to kick-start the sharing effort and later pledged a war on “information blocking,” threatening penalties for bad actors. She has promised to reduce the documentation burden on physicians and end the gag clauses that protect the EHR industry. Regarding the first effort at least, “there was consensus that this needed to happen and that it would take the government to push this forward,” she said. In one sign of progress last summer, the dueling sharing initiatives of Epic and Cerner, the two largest players in the industry, began to share with each other — though the effort is fledgling.

When it comes to patients, though, the real sharing too often stops. Despite federal requirements that providers give patients their medical records in a timely fashion, in their chosen format and at low cost (the government recommends a flat fee of $6.50 or less), patients struggle mightily to get them. A 2017 study by researchers at Yale found that of America’s 83 top-rated hospitals, only 53 percent offer forms that provide patients with the option to receive their entire medical record. Fewer than half would share records via email. One hospital charged more than $500 to release them.

Sometimes the mere effort to access records leads to court. Jennifer De Angelis, a Tulsa attorney, has frequently sparred with hospitals over releasing her clients’ records. She said they either attempt to charge huge sums for them or force her to obtain a court order before releasing them. De Angelis added that she sometimes suspects the records have been overwritten to cover up medical mistakes.

Consider the case of 5-year-old Uriah R. Roach, who fractured and cut his finger on Oct. 2, 2014, when it was accidentally slammed in a door at school. Five days later, an operation to repair the damage went awry, and he suffered permanent brain damage, apparently owing to an anesthesia problem. The Epic electronic medical file had been accessed more than 76,000 times during the 22 days the boy was in the hospital, and a lawsuit brought by his parents contended that numerous entries had been “corrected, altered, modified and possibly deleted after an unexpected outcome during the induction of anesthesia.” The hospital denied wrongdoing. The case settled in November 2016, and the terms are confidential.

More than a dozen other attorneys interviewed cited similar problems, especially with gaining access to computerized “audit trails.” In several cases, court records show, government lawyers resisted turning over electronic files from federally run hospitals. That happened to Russell Uselton, an Oklahoma lawyer who represented a pregnant teen admitted to the Choctaw Nation Health Care Center in Talihina, Okla. Shelby Carshall, 18, was more than 40 weeks pregnant at the time. Doctors failed to perform a cesarean section, and her baby was born brain-damaged as a result, she alleged in a lawsuit filed in 2017 against the U.S. government. The baby began having seizures at 10 hours old and will “likely never walk, talk, eat, or otherwise live normally,” according to pleadings in the suit. Though the federal government requires hospitals to produce electronic health records to patients and their families, Uselton had to obtain a court order to get the baby’s complete medical files. Government lawyers denied any negligence in the case, which is pending.

“They try to hide anything from you that they can hide from you,” said Uselton. “They make it extremely difficult to get records, so expensive and hard that most lawyers can’t take it on,” he said.

Nor, it seems, can high-ranking federal officials. When Seema Verma’s husband was discharged from the hospital after his summer health scare, he was handed a few papers and a CD-ROM containing some medical images — but missing key tests and monitoring data. Said Verma, “We left that hospital and we still don’t have his information today.” That was nearly two years ago.

Ñî¹óåú´«Ã½Ò•îl Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF—an independent source of health policy research, polling, and journalism. Learn more about .

USE OUR CONTENT

This story can be republished for free (details).