Why the federal government must regulate EHR vendors

I find it rather interesting that National Coordinator for Health IT Farzad Mostashari chastised electronic health record vendors last week for improper conduct, and warned them to shape up or face additional government regulation.

I certainly don't blame him. Some EHR vendors, which Mostashari noted are the "exceptions," have not been playing fair, with opaque pricing and unreasonable contract terms. He's asked them to do what's "moral and right." It's much easier, he said, for ONC to try to get the EHR vendor industry to police itself rather than having the government step in to do so.

But would self-policing work? It hasn't worked so far.

Take a look at some other segments of the healthcare industry. The U.S. Department of Health & Human Services' Office of Inspector General released a series of guidances for "voluntary" compliance programs starting back in 1998. We know all too well that some providers didn't embrace that self-policing.

As a result, the 2010 health reform law now requires providers to have compliance programs. The industry currently is waiting for new rules to implement these requirements. In the meantime, the government has recovered a record $4.2 billion in fraud and abuse recoveries in fiscal year 2012 alone, up from almost $4.1 billion in 2011.

Or, let's look at the pharmaceutical industry. It said that it would police itself when it came to compliance and ethics in its sales and marketing to healthcare professionals. Its trade association--the Pharmaceutical Research and Manufacturing Association (PhRMA)--even issued a code of ethics for members to follow.

Somehow that didn't really take, either. So again, the government had to step in to regulate interactions between pharma and device manufacturers and physicians and academic medical centers. Now payments of $10 or more to providers must be posted on the internet to dissuade undue influence and conflicts of interest. Welcome to the Sunshine Act.

EHR vendors seem to be going down the same path. HHS' proposed health IT safety plan, issued in December in response to the Institute of Medicine's report about the need to reduce patient injures stemming from EHR use, took a soft approach with EHR vendors. The plan does not require vendors to report adverse patient events related to their products, and asks instead for a voluntary code of conduct.

We've seen how those voluntary programs pan out, so why wait years to watch them fail, and put patients at risk in the interim? Requiring vendors to provide transparent pricing, report EHR-related patient injuries, release patient data at the end of a contract without imposing a ransom on providers, and take responsibility for their errors sounds reasonable and a mark of progress as we march forward toward the widespread adoption of health IT.

I hope that the federal government puts its money where its mouth is on this one. Self-discipline is all well and good, but anyone who has tried to diet or start an exercise regime knows how hard it is to stay disciplined without an external motivator.

If the EHR vendor industry can't police itself, then the government may have no choice anyway. - Marla (@FierceHealthIT)