Overcoming Contractual Barriers To EHR Research

Recently, so-called “gag clauses” in electronic health record (EHR) vendor contracts have made the news. The impression, really the misimpression, left by a recent Politico article is that physicians are “barred” by EHR contract terms from complaining about their EHRs.

The attorneys I have spoken with, who have negotiated hundreds of EHR vendor contracts, have not seen true “gag clauses” that prevent “disparagement” of EHRs. The people bound by EHR contracts, including physicians, can complain about, indeed publicly disparage EHRs; they run into problems if they do so in ways that run afoul of the confidentiality and intellectual property terms in contracts.

The true “gag clause” problems with EHR vendor contracts appear to be related to the confidentiality and intellectual property terms, which are overbroad and unclear, and limits on “authorized uses” of the EHR, as those terms apply to research and reporting that requires access to the EHR and use of screenshots. One expects to find confidentiality and intellectual property terms and use restrictions in EHR contracts. However, problems arise when it is unclear whether or not research is an “authorized use” of the EHR at all. Then, when researchers are allowed to do research using EHRs, they are typically bound by confidentiality and nondisclosure terms that give EHR vendors some control over the use of confidential information and intellectual property, including screenshots, in research and publications. The penalties available to vendors to remedy, enjoin, or mitigate breach of these terms are potentially very serious.

So, health information technology (IT) safety researchers have legitimate reasons to feel “gagged.” These contractual terms can limit, chill, bias, and prevent research, especially research on the EHR screens used by clinicians in patient care. Furthermore, vendor contract language is broad enough to inhibit adverse event reporting to patient safety organizations (PSOs) and accrediting organizations, like the Joint Commission, if the report includes a screenshot. Since problems with poor “usability” at the “human-computer interface” (e.g. confusing, misleading EHR screens) are a significant source of serious patient harm, the contractual control that vendors exercise over health IT safety research and adverse event reporting in this area is troubling and deserves policy attention. The Institute of Medicineand the American Medical Informatics Association have also raised policy concerns about EHR contractual terms with regard to research and reporting.

EHR vendors are concerned that the substantial effort they have put into their EHRs, their “crown jewels,” will be lost or diminished, unless they are able to exercise some control over research that uses their EHRs, in particular research that includes publication of screenshots. Those vendors that have invested in the usability of their screens worry about loss of competitive advantage if other vendors can “steal” the look of their screens based on published screenshots.

Conversely, based upon conversations with health IT safety researchers, they believe the EHR vendors’ fears about loss of value of the intellectual property in their screens are exaggerated, mainly because it is not that hard to discover what different EHRs look like. For vendors hoping to improve their EHRs by “stealing” from others, waiting for research with screenshots to be published would be an exceptionally inefficient way to do so.

Researchers also believe vendor concerns about loss of the value of their intellectual property are less important than unbiased and transparent research to improve patient safety and EHR performance. They believe the oft-heard mantra in the patient safety community that “you do not compete on safety.”

Things That Should Not Happen But Do

One example illustrates the problem. I have spoken to well known health IT safety researchers who faced a refusal by one major EHR vendor to allow usability research requested by the Food and Drug Administration that looked at EHR screens used in medication ordering. The research was designed to evaluate safety issues related to ordering different medications with similar names, where confusion in presentation of the medications to the ordering physician could contribute to medication errors.

The researchers were able to gain access to a number of different EHRs in health care organizations, which means they overcame some contractual issues. However, for the final research paper, while most vendors would have allowed publication of their screenshots, one crucial vendor denied permission to publish its screenshots.

Some researchers are also uncomfortable criticizing vendors for fear that they will not get vendor permission for future research.

Finding The Right Balance And Building Consensus

EHR vendors have legitimate interests in “fair and reasonable intellectual property protections,” which is the standard suggested in the EHR developers’ code of conduct. They do not have a legitimate interest in overbroad contractual terms that inhibit or bias research or adverse event reporting using EHRs, screenshots in particular, that could help make care using EHRs safer and better. The question is how to strike the right balance.

Research and reporting are already regulated to protect patients and, in some cases, health care providers. So in addition to dealing with the usual requirements for research, is it fair and reasonable to require health IT safety researchers to ask for EHR vendor permission to do research that involves their EHR and screenshots? Doesn’t this inevitably introduce bias and discourage research and publication on the safety and safe use of EHRs?

While “fair and reasonable intellectual property protections” could be a workable standard, it is not working now under typical vendor contract terms, which give vendors the final say. As long as researchers must ask vendors for permission to do research or to publish screenshots, and as long as vendors can deny permission for any reason, including not liking the results, there is a serious danger that research will be designed and findings presented in ways that garner vendor permission. The situation is fundamentally contrary to scientific norms for research and should not be accepted as a method for achieving “fair and reasonable intellectual property protections.”

Stakeholder groups for patient and EHR safety, including parties to EHR contracts, should share interests in making health IT safety-related research and reporting as easy as possible. EHR vendor contracts should reflect as much consensus on these issues as is possible. This consensus should build upon and strengthen existing standards for patient safety and for health IT quality and risk management, as well as respecting scientific norms for research.

Any credible consensus must address the needs and experience of key stakeholders – EHR vendors, clinicians, health care organizations, researchers, patients and families, and patient safety organizations – while acknowledging patient safety as the highest value. This kind of consensus cannot be reached through private contract negotiations. Something like the Health IT Safety Center recently recommended by an Office of the National Coordinator for Health Information Technology (ONC)-funded stakeholder task force could help build this consensus, and perhaps craft guidance.

I suggest the following expectations of EHR vendor contracts as a starting point for discussions that might build consensus.

No ‘Gag’ Clauses

• EHR vendors should have no non-disparagement language in their contracts. EHR contracts should not inhibit criticism of EHRs by any person bound by the contracts in any forum.
• EHR vendors should have no language in their contracts that prevents or inhibits benchmarking or evaluation of the performance or nonperformance of EHR products by their customers.

Encourage Reporting

• EHR vendors should have no language in their contracts that might inhibit complete and accurate reporting of adverse events and unsafe conditions from any cause, including by inhibiting or preventing screenshots from being included in reports, to any organization that aggregates and analyzes such reports to improve the quality and safety of health care. Such reporting should be encouraged.
• EHR vendors should have no language that might limit what organizations that receive the reports of adverse events and unsafe conditions may do with the information related to the vendor’s software, including any limits on identifying vendor products by name or on reproducing screenshots.

Encourage Research

• EHR vendors should include language in their contracts that clearly authorizes access to and use of the EHR for research (assuming the research is approved by the health care organization that has contracted for the EHR and follows applicable legal requirements for research).
• EHR vendor contracts should not require researchers to agree to confidentiality, intellectual property, or non-disclosure terms that require vendor permission for use or publication of screenshots, or other confidential information or intellectual property related to the research, as part of approved research that could make health care safer and better, in particular research that furthers health IT safety, usability, and interoperability.

EHR vendors should be able to agree with the suggested expectations on gag clauses and reporting since their contracts do not currently contain “non-disparagement” gag clauses. Their code of conduct already encourages adverse event reporting to patient safety organizations. On those points, EHR vendors should be able to dispel lingering doubts and unilaterally clarify contract language.

It might be more difficult to find consensus on encouraging research, but the effort is essential if we want more and better research on EHR safety and usability, including comparative evaluation of screens used in patient care.

Author’s Note

I retired from the Office of the National Coordinator for Health IT (ONC) in May 2015, after working on health IT safety for several years. Before working at ONC, I practiced health law, including negotiating EHR vendor contracts. While the opinions and analysis in this article are entirely mine, I have benefitted enormously from conversations about EHR contracts with attorneys who have negotiated hundreds of them, with all of the major EHR vendors and many of the smaller ones. Special thanks to Ray Bonnabeau, Marilyn Lamar, and Elisabeth Belmont.

I spoke to five well-known health IT safety researchers, who say they represent widespread experience among other researchers. Some were concerned that vendors might deny permission to do research if they were seen as critical of the vendors, so asked not to be identified.