Is eClinicalWorks the Next Volkswagen?

Since the Department of Justice announced the ground-breaking $155 MM settlement with eClinicalWorks (ECW) on Wednesday, industry response has been dizzying.  Let’s collect the facts and review what it means.  I reviewed it all in greater detail yesterday here.

A short summary:  EHR developer eClinicalWorks settled a legal dispute with the Department of Justice that commits them to pay $155 Million, provide free services to customers, and undergo oversight for five years.  The government found that ECW faked certification testing: the EHR software was certified as having capabilities that it didn’t have. Tens of thousands of care providers collected millions of dollars when they attested to the meaningful use of a certified EHR. DOJ therefore states that “ECW caused the submission of false claims for federal incentive payments based on the use of ECW’s software.”

Through social media and (gastp!) real-life conversations, we’ve heard:

  1. Too hot: This is evidence that ONC’s certification program isn’t working and should be rolled back
  2. Too cold:  This is evidence that ONC’s certification program is too easy and should be enhanced
  3. Just right:  This is evidence that ONC’s certification program is appropriate, and expects participants to have integrity

And we’ve heard the analogies:

  1. ECW is the health IT version of Volkswagen:  they faked a test, got caught, and have to pay the price.  Shame on them.
  2. ECW is the health IT version of Uber:  they developed shady software, used it to make millions of dollars, got caught, and have to pay the price.  Shame on them.
  3. ECW is Ray Stoller the car salesman, who sold cars that weren’t safe to unsuspecting purchasers and refused to make good on their commitments.  Shame on them.

Is this an indictment of the certification program?  Not at all.  While the program may not yet be “just right,” without certification, there would be no basis for any legal complaint against ECW, and this would all have remained hidden.  Despite the persistent calls for ONC to roll back the program, this case makes it clear that such a move would be a direct threat to public safety, and would invite more of these shenanigans.  ECW is indeed the VW/Ray Stoller of health IT (I don’t think the Uber metaphor sticks) but just as there are more car manufacturers than just VW who cheated on diesel emissions, there are more health IT developers who cheated too.  Perhaps not so boldly or carelessly as ECW, but I am 100% certain that there are other companies who have done this, and I’m confident that the government is investigating these others.

What this means for the industry

Some have argued that care providers are going to “go after” health IT developers and mimic the original plaintiff in hopes of “cashing in” or punishing these companies for “usability and design issues.”  But this is not the case.  This happened because of faked tests, not just bad design.  The industry is full of careful, thoughtful, passionate software designers and engineers who are working hard to deliver great products that improve health, and facilitate safe, efficient medical care.  Just as VW’s root problems were cultural, the root cause here is a “check the box” mindset that was pervasive at ECW.  Indeed, I had direct personal interactions with ECW staff when I was at ONC that confirmed ECW’s consistent lack of understanding of some facets of the certification program.  If one views EHR certification testing as an annoying hurdle that must be jumped, the program (and the policy goals it represents) wont’ be taken seriously, and cheating won’t seem unethical.   Would you want your EHR to be developed by someone with this mindset?

The culture that EHR developers need to maintain is one of integrity, transparency, collaboration, and humility.  This event is a great reminder for health IT companies to reinvest in the important (but sometimes forgotten) work that creates such a culture.

Purchasers of health IT who are unable access system capabilities for which their products are certified (check the certification status here) should first contact their EHR developer and insist that the capabilities be enabled.  (There may be additional cost for this – but the developer is required to publish the costs and limitations.  Here is the ECW disclosure as an example.  Find the link to disclosures on the certification status page.)  If you still can’t find a way to get the software to behave properly, contact ONC.

Categories: Uncategorized

11 replies »

  1. This is exactly the reason we can’t assume government and the political climate will do anything to change the course of our health IT destinies. However, we are not left without any options. Sure it’s a hard road the take; but the path is clear. It may not outright overthrow the entrenched systems in place, but we’ve seen quiet and incremental disruption in favor of community instead of profits and proprietary software (Linux vs Windows servers – not desktops; also Android for smartphones too which has put Linux over the top in number of installs on devices throughout the world).

  2. “BREAKING: Cerner scores VA EHR system contract”

    By Rachel Arndt | June 5, 2017

    The U.S. Department of Veterans Affairs has picked Cerner Corp. to develop its electronic health record system, Secretary of Veterans Affairs Dr. David Shulkin announced Monday.

    In selecting Cerner to create its EHR system, the VA leaves behind its home-grown VistA EHR, a move that’s been on the horizon since Shulkin suggested in March that the department would be moving to a commercial product…


    So much for open source.

  3. Agree with Dr Z completely.
    I would have selected Dr Z to represent me and my front line colleagues in any EHR cert/mandate issues. He is not only a real practicing MD, he has experience actually writing EHR systems and going through the ridiculousness of certification, when his customers really wanted what he was providing…MD/HIT working together. This most distressing part of this is that the so-called leaders still have no clue on what damage they have done and still want to double down on poking meat certification of EHRs. When does this end?
    Certification drove out many small VERY effective EHRs that MDs wanted to use, that were safe, secure, usable, efficient and customized. We are left with 800 pound gorillas, that really want certification so it keeps newcomers or innovators out. Jacob, you should take no comfort in your position of “keep the cert” faith and really should open your ears and eyes to the incredible damage your ONC/CMS teams did to HIT and the practice of medicine.

  4. As Adrian pointed out and with my previous blog post that was referenced, it’s not surprising that events such as this have occurred with this proprietary software with certification boondoggle. Other industries have recognized the immense value of open source and it’s all around us (just not with much fanfare). When will physicians recognize there is much in common to what we do in our profession and the intrinsic ethos of open source software (which does exactly that Dr Zwerling had suggested – having the code out in the open to review, improve with physician input?). This is not a novel concept and the only ones who can make a choice and break away from this proprietary with or without certification duopoly are the end users themselves – patients and physicians.

    As others have pointed out in other related blog posts on this site, we can’t realistically go back to pen and paper. We also can’t turn back time to undo the damage and $$$ lost with MU. With our political climate, we can’t hope and wait for legislation to turn things around in the next few months or even years. It’s in our hands. The tools are there for us. It’s not a theoretical proposition. We need to seriously talk about the prospect of open source and for those that are unfamiliar with it, get immersed and get to know more about it. It costs nothing and you can try it out (HIE and One and NOSH) and start that conversation. These open source projects only thrive if a community supports it. To me, the key value propositions of a meaningful open source health project are better patient care with happier physicians like me who are back in the business of taking care of their patients. Just that simple.

  5. If I don’t laugh, I will cry. Imagine what that $$$$ could have done to provide basic healthcare for millions of Americans? So glad it went to something way better than that. Technology is obviously the best way of improving patient outcomes.

  6. “I had direct personal interactions with ECW staff when I was at ONC that confirmed ECW’s consistent lack of understanding of some facets of the certification program.”

    …As someone who has personally taken my EHR through MU stage 1 certification, and was all too familiar with the MU requirements, I can attest that rules of certification were very clear. ECW’s decision to “cheat” on the test was a deliberate decision by ECW and was not the result of a misunderstanding. Either the management of ECW is stupid (and unable to read instructions) or they are not ethical. You decide.

    I must also disagree with the author’s opinion that MU and Certification have served a useful purpose and deserve to be continued. For years I have argued that those mandates were impediments to the development of innovative health information technology.



    I stand by those assessments and I would point out that many reputable health information technology geeks have also come to that conclusion.

    Finally, this case of “cheating on the test” is clear prove that the source code of all the major EHRs needs to be available for inspection by the public, as I have argued previously. The risk of allowing errors to exist in EHRs is much too high.



  7. ONC policy is the root of the problem and has caused the general erosion of trust in federal health initiatives that we have today.

    Certification is a poor substitute for sunshine. The reason we have cheating in Volkswagen or eCW is that software that impacts our health is not open source. However, the harm of secrecy is clearer when the software can produce a medical error directly rather than just statistically impact our health through environmental damage.

    Certification institutionalizes the growing practice of making medicine itself proprietary and secret. Open source medical software, like medical knowledge itself, is safe and trusted because it’s open to peer review and has no economic incentive to hide bugs or to cheat. On the contrary, open source software creates the incentive for bugs and shortcuts to be publicized in the hope that they will be quickly fixed. This is how medicine works as well, where we understand the critical importance of reporting adverse events.

    My colleague Michael Chen, MD has authored the New Open Source Health (NOSH) EHR that’s at the core of our HIE of One initiative. His comments about certification and ONC policy in April and our other posts before predicted the failure of confidence that we are seeing with eCW and ONC today: https://noshemr.wordpress.com/2017/04/07/picking-a-scab-with-a-zombie/

    ONC policy to protect proprietary EHRs by erecting a certification barrier to open source software is the root of the problem. As Michael notes, it’s also the root of the “information blocking” / interoperability problem we have. How many lives and hundreds of $Billions is that costing us? Adding more regulations by certifying more secret software will not solve the problem of trust. Our physicians need to be using tools that are open to inspection, free to teach, to share, and to improve. It’s medicine.

  8. “gastp!” – “covfefe!”


    Will ONC claw back incentive funds paid to eCW users?

  9. I thank God for two things
    I don’t have to use EMR.
    I will be retiring in about 6 years.

  10. via TweetBot So… @eClinicalWorks is one of the best EMRs out there. If they have to pay $155 mil for shortcomings, then all others should be shot dead.