recommended reading

Liability an issue with health care software

The Obama administration must ensure vendors are held accountable for faulty health care technology fielded as part of efforts to expand electronic medical records, some health informatics specialists say.

"I think the intentions are good, but it's terribly misguided in that the hospitals and physician practices will be obliged to install software that is still immature, still undergoing development," said Ross Koppel, an adjunct professor at the University of Pennsylvania who researches sociology and clinical biostatistics. "At the moment, a lot of the programs are very buggy."

The administration views electronic records and other clinical data technologies as a way to cut costs and increase accountability in federally funded health care. But granting vendors immunity from liability for software that causes medical errors could run counter to that mission, according to academics and doctors who study health IT.

Koppel co-authored a March Journal of the American Medical Association article that found provisions in many health IT contracts bar clinicians from disclosing software flaws to colleagues, even doctors using the same products.

The article adds, "vendors avoid liability" by relying on legal language that states, "[health IT] vendors are not responsible for errors in their systems because physicians, nurses, pharmacists and health care technicians should be able to identify -- and correct -- any errors generated by software faults."

Health IT provisions in the economic stimulus package are integral to Obama's overall health care agenda, and give doctors and hospitals incentives to adopt certified electronic records by 2014. The Recovery Act appropriates about $20 billion in Medicare and Medicaid incentives to meet that goal.

Professionals who deploy certified electronic health records between 2011 and 2014 will be eligible for Medicare bonus payments, while hospitals that implement certified e-records by 2015 also will get bonuses.

Scot M. Silverstein, a medical informatics consultant, adjunct professor at Drexel University and former director of Drexel's Institute for Healthcare Informatics, said the timeline for adoption should be extended. Starting in 2015, the administration plans to dock Medicare payments for professionals and hospitals that fail to use certified e-records.

"I think the punitive aspects that kick in need to be eliminated," Silverstein said. "I think the government needs to re-examine its justifications for shoving IT down doctors' throats by 2014."

David Blumenthal, Obama's national coordinator for health information technology, said the government will tighten oversight of the certification process to address such concerns.

"Right now, we are reviewing that process to see how it can provide stronger guarantees that [products] will perform as they are promised to perform," he said. But the timelines for rollout of health IT are cemented in law, he noted.

Koppel urged professional associations to discourage their members from allowing nonliability and nondisclosure clauses in product contracts.

One such group, the American Medical Informatics Association, has not taken a position on accountability for faulty software. "We are having extremely brisk debate about it," said Dr. Don E. Detmer, president and chief executive officer of the association. "We are in active discussion on the options and if we can even agree enough to have an opinion."

On one hand, there is a need to stimulate deployment of health IT and there are some "quite good products," he said, adding, there also are mediocre and bad products.

"All of them will have some bugs at some point. This is not a situation where you buy, you plug it in and everyone sings 'Kumbaya' for the rest of the week," he said. "This is complicated stuff."

Health IT companies Allscripts, GE Healthcare and Microsoft were unable to respond Monday.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.