EHR Association Launches Developer Code Of Conduct
Industry leaders praise voluntary code as move in the right direction. However, some of the code's fine print is not so inspiring.
9 Mobile EHRs Compete For Doctors' Attention
(click image for larger view and for slideshow)
The HIMSS Electronic Health Records Association (EHRA) has unveiled a developer "code of conduct". According to a press release, the association created the guidelines "as a reflection of its members' commitment to supporting safe healthcare delivery, fostering continued innovation, and operating with high integrity in the market for EHR users and their patients and families."
No companies are required to abide by the code, but those that do will be able to feature it in their marketing materials, along with an EHRA-designed logo.
The EHR developer code of conduct focuses on general business practices, patient safety, interoperability and data portability, clinical and billing documentation, privacy and security, and patient engagement.
The area of the code that received the most attention from attendees at an EHRA press conference was the requirement that adopting companies participate in patient safety organizations (PSOs) and report health IT-related patient safety incidents. In addition, participating vendors cannot contractually prohibit customers from discussing patient safety issues associated with their products.
An EHRA spokesperson told InformationWeek Healthcare that some of EHRA's 40 members -- which include all of the leading vendors -- belong to PSOs today. But she couldn't say how many did or name any of them.
Another code provision that stands out is one requiring vendors to help customers transfer their patient data when they switch from one EHR to another. Some vendors have made that very difficult in the past.
Industry leaders present at the conference were effusive in their praise of the EHRA's code of conduct. Farzad Mostashari, national coordinator of health IT, singled out the data portability, patient safety, and interoperability provisions. Michael Barr, senior VP of the American College of Physicians, also lauded the patient safety provision and said that there should be no contractual limits on discussions of safety issues.
However, some of the code's fine print was less inspiring. For example, although adoptees promise to participate in one or more PSOs, the code contains a long list of caveats about the timing of such participation, such as waiting for "the outcome of current industry and policy discussions."
The first statement in the code commits vendors to "emphasize accurate communication about the functionality and benefits of our products and services." Every vendor purports that its marketing claims are accurate; but if customers find that that's not true, they have no one to complain to but the vendor.
Similarly, all participating vendors must promise to enable their customers "to exchange clinical information with other parties, including those using other EHR systems … to the greatest extent possible." But Mostashari told Healthcare IT News only a few months ago that his office was still getting complaints from providers who said their vendors were making it difficult to exchange information.
The EHR Association does not intend to check on whether EHR vendors that claim to adhere to the code actually do so. Instead, it states, adopting firms will be responsible for deciding how to apply the code. Nevertheless, a company's commitment to following the code can be incorporated into its marketing materials, which can also sport an EHRA logo.
Asked at the press conference whether there's a system for ensuring that adopting vendors actually adhere to the code, EHRA chair Michele ("Mickey") McGlynn, senior director for strategy and operations at Siemens, replied that vendors need to have documentation showing that they've adopted the code and make that available to customers upon request.
"We believe that it will become transparent as to who adopts [the code] because people will ask whether or not a company follows the code," she said.
The association encourages any EHR vendor, regardless of whether it belongs to the EHRA, to subscribe to the code of conduct. Although the focus is on vendors of complete systems, association officials said that modular EHR vendors can sign on, too.
The EHR Association's members approved the code of conduct, which was developed over several months with input from medical societies and other stakeholders. But until the code was officially released, no vendors could actually pledge to follow the code. So nobody had signed on the dotted line at press time, although many companies are expected to in the near future.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.