Commercial risk will be a critical catalyst of progress – it’s complicated, but is it possible? We think so.

Blog Post

How to protect providers' access to patient data

September 24, 2014

    Clare Rizer, Daily Briefing

    In today's Daily Briefing, we explained how German-based EHR vendor CompuGroup blocked Full Circle Health Care's access to about 4,000 patient records after the small medical practice allegedly failed to pay up to $20,000 in fees over a 10-month period. The lockout left nurses and doctors unable to use the system to access patients' records.

    See the full story in today's Daily Briefing

    When I asked our Advisory Board experts for their thoughts on the story, they all said the same thing: "I've never heard of this happening before." (Which is good, considering the patient harm that could come from providers being unable to access patient records.)

    According to our experts, the biggest takeaway for providers is the importance of carefully reviewing all business contracts before signing them.

    "How could CompuGroup's fees jump from $300 to $2,000 per month? Why is there no dispute resolution defined?" asks Health Care IT Advisor (HCITA) executive director Jim Adams. He says that practices of all sizes must have knowledgeable legal professionals review all of their vendor contracts.

    "A well-constructed contract will include service level agreements and specific dispute resolution processes and remedies, to protect both parties, and by extension the patients," says Meg Aranow, senior research director for HCITA.

    The contract should also make clear that the health system owns the patient data—not the vendor, HCITA managing director Kenneth Kleinberg told me. He adds that contracts should contain specific provisions—with third parties if necessary—to provide access to patient data in an emergency or a situation like the one with Full Circle.

    Kleinberg also notes that—when it comes to EHR vendors—"there is some safety in numbers." Namely, he says that providers may have more influence when they work with a vendor used by many other organizations.

    At the end of the day, HCITA senior research director Doug Thompson says, "The vendor has done irreparable damage to its reputation and its market prospects in the United States. No amount of money is worth that."

    Vendor evaluation: How six enterprise EHR vendors stack up

    Providers seeking to consolidate their vendor portfolios must seek out a vendor that minimizes integration challenges and support challenges—in other words, a single source based on an enterprise architecture. And with the staggering costs of health care IT and EHRs, organizations must carefully weigh their options.

    We selected six of the leading enterprise EHR vendors to evaluate based on seven major criteria, both short-term and long-term, taking into consideration everything from support and services to overall vision and leadership.


    More on Epic. Learn how leading organizations are taking an aggressive "advise and consent" approach to Epic implementations—allowing them to benefit from Epic's strengths while taking ownership of factors critical to success. Get the briefing now.

    Have a Question?


    Ask our experts a question on any topic in health care by visiting our member portal, AskAdvisory.