News Feature | September 11, 2013

EHRs Collecting Patient Reviews: Is It A Violation Of Trust?

Source: Health IT Outcomes
Katie Wike

By Katie Wike, contributing writer

HTO Keyboard With Privacy Button

Doctors call Practice Fusion’s decision to email patients asking for physician reviews “spam” and “deception”

In April, Practice Fusion’s portal that allows patients to book appointments and access their personal health records was met with optimism. Healthcare Informatics reported at the time, “There will also be patient written ‘reviews’ of the doctor on the site” which “could be a well-timed release for Practice Fusion since, according to a recent report from PwC’s Health Research Institute (HRI), healthcare consumers are searching for reviews and ratings to guide their decision-making – but haven’t found what they need yet.”

Since then, the EHR has been used for more than giving patients access to health records. According to EHR & HIPAA forum, Practice Fusion has been sending emails to patients asking for doctor reviews - but these emails are made to appear as if they came from the providers themselves.

In the last year, Practice Fusion has sent an estimated 9 million emails and received nearly 1.9 million reviews. Doctors are outraged that their EHR provider would use their email and name to solicit reviews from patients. John Lynn, founder of HealthcareScene.com and author of the EHR & HIPAA article shares several of the comments he received from doctors, including:

  • “It’s deception! Unsolicited emails to our patients from PF should never be signed off as the doctor. Where is the trust?”
  •  “I just think of all the times I assured people that we would never email them with solicitations or spam, but only would use their private email addresses for emergency purposes or if they emailed us first.”
  • “PF obviously thought of doctor’s offices more like a restaurant or retail store than the rather unique provider of personal health care and protector of personal data.”

Practice Fusion responded to Lynn, writing in part, “The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch. We are passionate about making healthcare better and proud of our work to bring almost 2 million patient voices into the conversation. Patient transparency is a key part of the national move from quantity to quality in healthcare. The patient feedback program is designed to provide your practice with a controlled, quality channel for accurate patient reviews.”

Marla Durben Hirsch writes on FierceEMR, “The real issue, though, is whether the physicians ever gave Practice Fusion permission to engage in this kind of activity. According to the comments to Lynn's post, Practice Fusion's user agreement does allow it to send emails to patients, although I have not had a chance to corroborate whether the vendor contract actually permits as much.” She concludes, “But if you don't bother educating yourself about what you're signing, then you're not doing yourself any favors. It's important to trust your EHR vendor, but if you gave it permission to do something in your contract - even if you didn't realize it - you're out of luck.”