Concerned the eClinicalWorks fiasco could happen to your EHR? Take these steps now

Every hospital should be thinking about protecting their data today even if they use a different electronic health record software.
By Tom Sullivan
09:57 AM
eClinicalWorks lawsuit

The eClinicalWorks National IT Implementation and Architecture group convened on Thursday afternoon to discuss the newest service packs from the EHR vendor — and that conversation took a last-minute twist.

“The whole story is not out,” Jason Pomaski, who co-heads the group, said of the lawsuit eClinicalWorks and the DOJ settled on Wednesday. “Many loose ends and open questions remain and the two letters Girish sent don’t answer them.”

Pomaski was referring to Girish Navani, the CEO of eClinicalWorks and a pair of emails he sent to customers during the call, which was open to some 1,300 customers.

[Also: DOJ demands eClinicalWorks transfer data to rival EHRs]

Healthcare IT News obtained both of those letters and confirmed that they do not answer the most pressing questions of the day. Navani doesn’t actually say much but, instead, struck the legal posture that his company agreed to rigorous federal government demands even though it takes pains to dispute any guilt.

Safeguard your EHR data today

But before getting to those questions, what Pomaski advised eClinicalWorks customers to do immediately consists of practical steps that every hospital should be taking regardless of which EHR vendor they use. 

Whatever you may decide about switching to a new vendor in the future given the settlement mandate that eClinicalWorks foot the bill for transferring your data to a rival EHR, act in good faith today and upgrade to eClinicalWorks Service Pack 2 and newer enhancements. If you use Epic, upgrade to its latest edition, the same goes for Cerner, Allscripts, McKesson and so on.

[Also: eClinicalWorks whistleblower: NYC health department was indifferent to EHR flaws]

Then contact eClinicalWorks or your vendor and demand its list of known bugs, press your contacts there for issues corrected and release notes, all of which Pomaski said have been challenging to get in the past.

Perhaps most important, back up all EHR and patient information eClinicalWorks has access to and retain a snapshot of it on a year-to-year basis. Think of this action item like a tax return and include times before upgrades you’ve done in the past. “The breadcrumbs and forensics aspects should be there,” he added. 

And get your contracts in order. That means ensuring that you have access to your data in eClinicalWorks software or cloud servers especially if you are thinking about breaking away and finding a new EHR vendor. The trick is to stay at least a step ahead of any vendor lock-in attempts.

[Also: Not just Epic and Cerner: Hospitals have several EHR options if they abandon eClinicalWorks]

“eClinicalWorks currently charges SaaS customers to log ship their data from cloud to on-premise for reporting reasons,” Pomaski said. “Data transparency post-settlement is a must and should be free regardless if customers stay with eClinicalWorks or not.”

Pomaski also recommended expediting hearsay, focusing on facts, getting educated before making any drastic decisions, and that means answering what happens if you stick with eClinicalWorks? Conversely, what are the challenges and unforeseen circumstances of moving to a new vendor?  

“When will eClinicalWorks tell us what the big picture is?” Pomaski added.

What every hospital IT shop should be asking its EHR vendor

Farzad Mostashari, MD, former head of the Office of National Coordinator for Health IT, tweeted in response to the settlement that “there are a lot of doctor’s office staff looking at their EHR today and wondering if there’s $30 million worth of false promises hidden there.”

That $30 million is the amount that the eClinicalWorks whistleblower, Brendan Delaney, collected in the final resolution.

This obviously is not just about eClinicalWorks.

To give other EHR vendor’s customers a taste of what was pulsing through the minds of eClinicalWorks customers during that Thursday afternoon meeting, they began with the matter of whether the now-public allegations of fraud will trigger a class-action lawsuit under the False Claims Act not altogether unlike what happened with Volkswagen, including the possibility of a similar buyback option, only for EHRs instead of automobiles.

Indemnification. Will practices and hospitals that attested to meaningful use and collected reimbursements be indemnified or have to pay any money back? On the flip side, what about the customers who were previously fined for not attesting, will they be paid back?

Other issues that the group surfaced include whether eClinicalWorks settlement agreement to transfer data to competing EHRs will also include user and staff training or not, as well as what to happens to customers in the cloud.

Another one is what kind of power the Office of the Inspector General’s mandated corporate integrity agreement (CIA) that requires the EHR vendor to retain an Independent Software Quality Oversight Organization will give the federal government when it comes to monitoring eClinicalWorks’ customers data.

It’s not exactly going out on a limb to say that the DOJ deal could ultimately be a precedent-setter and, should that become the case, all the questions that eClinicalWorks proactive customers are asking right now pertain to any hospital executive, administrator, IT leader, privacy and security officers and even EHR users. 

“I just want them to fix things,” Pomaski said. “And provide a clear and open path.” 

Twitter: SullyHIT
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn