Health Care Information Technology Vendors' "Hold Harmless" Clause - The Largest IT Industry Abuse Ever?

Dear fellow physicians, nurses and other clinicians:

You thought frivolous medical malpractice suits were a problem?

Guess what:

It's worse. Along with your patients you are nonconsented beta testers and experimental subjects of the health IT industry, and potential victims of the computer industry's arrogance and dysfunction.

In the remarkable article Health Care Information Technology Vendors' "Hold Harmless" Clause - Implications for Patients and Clinicians, Ross Koppel and David Kreda, Journal of the American Medical Association, 2009;301(12):1276-1278, we learn that:

Healthcare information technology (HIT) vendors enjoy a contractual and legal structure that renders them virtually liability-free—“held harmless” is the term-of-art—even when their proprietary products may be implicated in adverse events involving patients. This contractual and legal device shifts liability and remedial burdens to physicians, nurses, hospitals, and clinics, even when these HIT users are strictly following vendor instructions...HIT vendors are not responsible for errors their systems introduce in patient treatment because physicians, nurses, pharmacists, and healthcare technicians should be able to identify—and correct—any errors generated by software faults. [Yes - we're all knowing magicians with the power to read minds, infer incorrect lab values via therapeutic touch, and possess encyclopedic knowledge in our heads at all times. This raises the question: if we are that omniscient to be able to identify and correct software faults with 100 percent accuracy to avoid patient harm, then why do we need electronic medical records at all? - ed.]

Also see the Univ. of Pennsylvania press release "Why Are Healthcare Information Manufacturers Free of All Liability When Their Products Can Result in Medical Errors?" here.

In the new Koppel and Kreda JAMA article we also learn that:

HIT implementations are massively complex, and are fraught with delays, errors, resistance, work process redesign, frustration, and outright failure. Healthcare facilities cannot predict the myriad scenarios in which software failures could result in patient harm and liability, and they are not likely to be knowledgeable a priori about frequent vendor updates.

We additionally learn that:

The significant disparity between buyers and sellers in knowledge and resources [about healthcare IT problems] is profound and consequential. Vendors retain company confidential knowledge about designs, faults, software-operations, and glitches. Their counsel have crafted contractual terms that absolve them of liability and other punitive strictures while compelling users’ non-disclosure of their systems’ problematic, or even disastrous, software faults.

[This is simply astonishing. In other words, health IT customers and users have a gag order imposed on them regarding software faults and defects, while clinicians -- through their ingenuity, their labor in finding defect workarounds, and their liability -- serve (as I've written) as captive beta testers and an insurance company for HIT vendors - ed.]


These observations are nothing short of astonishing. They do help explain, however, the near silence of hospitals and their executives regarding healthcare IT faults, an observation I made in this 2006 AMIA presentation about the scarcity of such information:

Access Patterns to a Website on Healthcare IT Failure (Abstract [pdf], Poster [ppt].)

The Joint Commission also made this observation in their Dec. 2008 Sentinel Events Alert on Health IT:

There is a dearth of data on the incidence of adverse events directly caused by HIT overall.

The new JAMA article may also explain why HIT is so often done so poorly as to present a mission hostile user experience, as I started to write about a decade ago at my healthcare IT difficulties website here, as I outlined in an eight part series starting here, as the American College of Physician Executives noted here, as the National Research Council noted here ("Current Approaches to US Healthcare IT are Insufficient"), and as many others noted as well:

Healthcare IT News (3/10, Merrill) reported, a survey conducted by the American College of Physician Executives found "that although more physician leaders are using healthcare information technology, they still find it clunky and unresponsive to their needs." The survey of 1,000 ACPE members "revealed that the biggest source of frustration is a lack of input from physicians when designing and implementing healthcare information technology systems. Many said involving clinicians at the planning stages would pre-empt many of the problems that crop up later." One respondent noted that "systems are chosen according to administrative criteria rather than what physicians need."

Without accountability, a manufacturer is unmotivated to produce quality products at the expense of profits. They become complacent and lazy. This is an excellent reason why major HIT applications are as abhorrent as they are and violate so many fundamental principles of human computer interaction and resilience engineering.

It can also explain why talent management within the vendors is biased against hiring medical informatics experts, who would resist intellectual laziness of their non-informatics profit oriented (and unaccountable) counterparts.

Koppel and Kreda note that such stipulations defeat patient safety efforts and are contrary to the principles of evidence based medicine. I can add that such stipulations are contrary to the principles of good engineering.

These stipulations further instantiate my observation that health IT lacks the rigor of medical science itself, its major Achilles heel. This is one reason why I believe a national HIT initiative at this point in time is going to be, as in the UK, nothing short of an expensive debacle.

The existence of "hold harmless" clauses and gag orders raises many questions:

  • Clinical supervisors of other physicians are indeed practicing medicine. Are Health IT vendors in fact practicing medicine by cybernetic proxy via these IT systems?
  • Aren't the vendors' own claims of revolutionary healthcare quality improvements mediated via EMR's, alerts and reminders, clinical decision support, etc., malfunctions of which physicians may be held liable, prima facie evidence that the vendors are in fact practicing medicine by proxy?
  • Should not these purveyors of cybernetic (i.e., virtual) medical devices be held accountable for their products, as in the pharmaceutical and the non-cybernetic (i.e., physical) medical device industries?
  • How did such a situation regarding critical healthcare devices arise?
  • In what other healthcare or other technology intensive industries, if any, do similar conditions exist, and what are the repercussions?
  • How long has this situation existed?
  • Why is it tolerated by clinicians?
  • Why is it tolerated by clinical leaders?
  • Why is it tolerated by medical professional societies, such as the AMA, the ACPE, etc., supposedly representing their members' interests?
  • Why is it tolerated by hospitals and their executive leadership and boards of directors?
  • Why is it tolerated by IS departments in hospitals?
  • Why is it tolerated by hospital general counsel?
  • Are there possible civil tort/RICO (racketeering)/criminal implications regarding patients injured by defective health IT where defects were known but not disclosed?
  • Is not such a protective arrangement prima facie evidence that this technology is indeed experimental, with patients and clinicians as unconsented experimental subjects?
  • Why is it tolerated by our government?

Regarding the last point, the Obama administration has promised an atmosphere of national accountability and responsibility. Why, then, has it simultaneously employed the coercive force of government (payment penalties for HIT non adopters after the absurdly short period of five years from now, 2014) to push an exploratory medical device from an unaccountable industry of unproven ROI at a cost of tens of billions of dollars on to the medical profession? This reality raises another question as I suggested in my WSJ Letter to the Editor of February 18, 2009. I wrote:

Dear Wall Street Journal:

You observe that the true political goal is socialized medicine facilitated by health care information technology. You note that the public is being deceived, as the rules behind this takeover were stealthily inserted in the stimulus bill.

I have a different view on who is deceiving whom. In fact, it is the government that has been deceived by the HIT industry and its pundits. Stated directly, the administration is deluded about the true difficulty of making large-scale health IT work. The beneficiaries will largely be the IT industry and IT management consultants.


In other words, was the administration misled by the health IT industry? I believe it might have been.

As an example, Mr. Obama's healthcare IT policy campaign adviser per the WSJ Glen Tullman, CEO of HIT vendor AllScripts and Board member of the industry-created government contractor CCHIT ("Certification Commission for Healthcare IT"), probably didn't tell Mr. Obama his company was selling goods that did not function properly. (Here is a link to my organization's Civil Complaint against AllScripts, PDF). We apparently cannot know how many other organizations had their own complaints that might not have made it into litigation, due to the aforementioned gag orders. (Ironically, I found out about the lawsuit at my own organization only through an anonymous comment at the HIT gossip site HISTalk.)

Incidentally, by matter of pure speculation, I was not permitted involvement in that implementation despite having been a pioneering CMIO at a larger healthcare system years prior and the only formally educated medical informaticist at my organization. My writings on health IT dysfunction were well known to the IT staff and likely the vendor after a short web search; it would have been in the vendors' interests to keep me away from sales and implementation of known deficient health IT. Again, this is simply speculation.

On the other hand, I am aware of major healthcare organizations with "portfolios" of hundreds or thousands of issues and defects awaiting remediation, and CMIO's struggling against cavalier bureaucracies who want the doctors even in critical care areas to live with the problems, and vendors who are not in a hurry to fix their products.

Some of the problems rise to the level of critical with regard to patient safety. Under contract, the problems cannot be disclosed to the public, to patients whose care might fall under the aegis of these systems, or to other healthcare organizations seeking the same systems. I hope to be a plaintiff's witness when the inevitable lawsuits for patient injury place such capricious vendor, hospital and IT leadership on the witness stand.

Finally, in fairness the JAMA article discusses issues beyond the vendors' control such as misuse or poor training done by the host organization using the IT.

Possible remedies to the situation of unaccountability for the outcomes of HIT misdesign, malfunction and other defects are outlined in the article. See it or the press release at the above links if you lack JAMA access.

As I've written numerous times on this site, due to the implications and especially now due to the revelation that the scarcity of adverse events information related to HIT is probably by design, I favor stringent health IT regulation as in pharmaceutical IT.

Whatever happens, however, I know this. For the sake of patient safety:

This sorry, abusive and inexcusable travesty must end ... now.

Finally, to health IT vendors, as my early medical mentor, pioneering cardiovascular surgeon and educator Victor P. Satinsky, MD might have said:

If you can't take the heat of the responsibilities of clinical medicine, then get out of our kitchen.

-- SS