EHRA code of conduct only a baby step toward greater patient safety

I read with great interest the HIMSS Electronic Health Record Association's new EHR Developer Code of Conduct, released this week. The much-anticipated document--created by EHRA with the help of government, provider and consumer stakeholders--is intended to be an "accurate communication" about the functionality and benefits of EHR products and services.

It's already been heralded by the EHR vendor industry. Siemens CEO John Glaser called the document an "important milestone in the maturation of the healthcare information technology industry," adding that he thinks it "will propel our industry's ability to deliver safer, more effective and more interoperable solutions." SRSsoft adopted and "fully" endorsed the document within hours of its release, as well.

The code of conduct is an impressive document, and goes further than perhaps might have been anticipated. Some of the most interesting features--and biggest concessions from the vendor industry--include:

  • Vendors won't contractually limit customers from discussing patient safety issues in "appropriate venues." In other words, vendors are willing to loosen their overbearing gag clauses on providers
  • Vendors will participate in patient safety organizations and other similar programs in reporting, review and analysis of adverse patient safety events
  • Vendors will work with customers to "facilitate export of patient data" if the customer decides to switch vendors. No more "lock out" scenarios as punishment for jumping ship.

Despite all of the surrounding optimism, I can't help but be cynical, though. While having a code of conduct is a positive development, it's clear that creating one is the industry's attempt to avoid having the federal government impose harsher requirements, such as mandated reporting of adverse safety events and establishment of an independent federal entity to investigate them, as recommended by the Institute of Medicine.

Moreover, even a shallow dive into the document reveals loopholes a vendor could drive a truck through.

For instance, vendors who adopt the code won't contractually limit providers from discussing patient safety issues in "appropriate venues." But when you get to the frequently asked questions, "appropriate venues" means entities such as the Joint Commission, patient safety organizations, or a state agency. Providers still can be prohibited from talking to each other, patients, or the public about patient safety problems with their EHRs. Those discussions might adversely affect sales.

Or, rather, look at the "no lock out" provision. The document says that it will "work with customers" to facilitate export of data. EHRA doesn't say, though, that vendors will do this gratis. How does this differ from before, when a vendor would gladly allow a provider to switch vendors--for a price?

The document also says that the vendors will work toward interoperability, and protect the privacy of patient data. Vendors already are required to take such measures.

Don't get me wrong. It's great for the EHR vendor industry to develop and embrace a code of conduct. It's a nice start toward better transparency and collaboration with "customers."

But people shouldn't be fooled by this document. It's, at best, a baby step. Whether it creates actual improvement in patient safety remains to be seen. - Marla (@MarlaHirsch)