Switching EHRs: Planning ahead

By Daniel F. Shay, Esq. , March 1, 2020

Physician use of electronic health records (EHRs) is a modern fact of life; so is physicians switching from one EHR to another. The process of switching EHRs can be complicated, however. Two primary concerns in any EHR switch relate to compliance with HIPAA, and interoperability and data conversion. This article discusses why physicians switch EHRs, illustrates the potential HIPAA and data conversion problems that can arise, and discusses steps physicians can take to mitigate these problems.

Why switch?

EHR adoption rates have risen significantly. Between 2004 and 2015, physician adoption rates for EHRs grew from 20.8% to 77.9%. Many physicians switch simply because the software is not user-friendly or lacks functionality offered by newer software. Physicians also switch because older software has lost its certification status under federal programs. In addition, newer software may provide greater specialty-specific support that is attractive to physicians, as is the case in the field of dermatology-practice-oriented EHRs.

Other EHR switches may be involuntary. For example, EHR vendors may discontinue support for older software versions, and offer newer versions that are less attractive or useful. In other cases, EHR vendors may go out of business or may be absorbed by larger vendors who offer a different product altogether. In any of these circumstances, two problems may arise: continued HIPAA compliance, and data conversion.

HIPAA considerations

Under HIPAA, EHR software vendors are considered “business associates.” By law, business associates must return or destroy all copies of protected health information (PHI) to the covered entity (in this case, the physician practice) upon termination of the underlying agreement. If they cannot feasibly return or destroy the PHI, they must maintain it in accordance with HIPAA’s regulations until such time as it is possible to return or destroy the data. These obligations include providing the physician and their patients with continuing access to the PHI. However, some EHR vendors, upon termination of a license, refuse to return PHI. Others deny access to PHI in the event of billing disputes. Some vendors may demand what they believe to be unpaid fees upon termination and may refuse to return PHI when requested if the physician disputes the owed amount.

When this occurs, a physician has few good options. They may attempt to sue for breach of contract but cannot sue for a breach of HIPAA because there is no private right of action under HIPAA. Alternatively, the physician may refer the case to the Department of Health and Human Services’ Office for Civil Rights (OCR) — the government entity responsible for enforcing HIPAA. However, both OCR investigations and lawsuits can take time. In the meantime, the physician’s patient data is still being held hostage. The OCR is aware of this problem, and considers vendors blocking access to PHI a violation of the HIPAA Privacy Rule. However, the OCR has stated that covered entities remain responsible for the disposition of PHI. Thus, the fact that a vendor held data hostage will not protect the physician for their failure to meet their own HIPAA obligations.

As a result, the smartest move may be to pay to regain access to the data, and sue afterwards, if the amount in question makes a lawsuit worthwhile. We represented a client who had decided to switch EHRs, notified the vendor, and was told it would have to pay roughly $800 to convert the client’s data from the EHR’s proprietary file format to a “neutral” format (e.g., a PDF). This cost was not specified in the original license and the vendor would not return the data in a useable format without the payment. Our client was understandably furious. However, the $800 cost would pale in comparison to the potential expenses of a lawsuit over breach of contract, and to the potential exposure under HIPAA that the client might have faced if it had ignored its own HIPAA obligations. As a result, the client paid grudgingly, and moved on. Had the amount requested by the vendor been higher, it might have made sense to sue the vendor after paying, but under the circumstances, the “least bad” approach was to pay the vendor and walk away.

Data conversion considerations

Data transfer itself presents another problem in switching EHRs. Most EHRs store data in proprietary formats that can only be read by the EHR software itself. So, there is no easy way to transfer data from one EHR to another. Our own clients have struggled with these issues when switching EHRs. Many use PDF copies of old records following termination of their prior EHR license agreement. However, PDFs are unlikely to retain the functionality of EHR software and serve as digitized photocopies unless the user significantly alters them to function differently. In one instance, because of the age of the prior EHR in question, our client had to maintain two separate computers after switching: one to access the old EHR, and one to access the new one.

Ideally, the EHR license agreement will explicitly address both the costs for data conversion, as well as the format in which data will be provided. At the very least, the data should be provided in PDF format or some similar format which the physician can easily use and read, even if it loses some of the advanced features. Ideally, such a license clause would also indicate that other data formats are possible for additional fees. Some agreements reference providing “comma delimited” records, which essentially means that the files separate individual data points using commas. This format might be capable of being imported into another EHR, but any anticipated conversion using comma delimited records should be researched to ensure the new software can accept and use the comma delimited data. Regardless of the format, the fact that the physician owns the data, and a guarantee that the data will be returned in a neutral, usable format should be made explicit in the license agreement. Likewise, the agreement should include injunctive relief to permit a physician to obtain a court order compelling the vendor to return all PHI when possible to the physician, regardless of the reason for termination. The agreement itself should prohibit the vendor from “holding data hostage.”

It is likely that most physicians in the digital age will switch EHRs at some point in their career. The best approach is to plan for such an eventuality by having license agreements carefully reviewed prior to signing. Knowledgeable health care legal counsel can help.

Additional DermWorld Resources