The hidden cost of free EMR systems

Electronic health records (EHR) systems are expensive. Really expensive. In fact, there have been reports of these systems causing significant revenue decreases or business interruptions — such as Henry Ford Health System in Michigan reporting that implementing EPIC was a direct cause of their 15 percent net income decline in 2012. Using a free EHR system is a tempting alternative for many independent doctors or small practices. But are there tradeoffs for doctors who use these free systems?

There are several free EHR systems available, including Practice Fusion, Hello Health and Kareo, but their revenue-generating models all differ. Practice Fusion, for instance, has said it relies on advertising to help keep the system free. The physician will see a small ad on the bottom of the screen that might be targeted to what they’ve diagnosed. For instance, click that a patient has allergies, see an ad for Zyrtec. That in itself has brought up data mining/patient privacy concerns, as well as possible HIPAA rule violations — but more on that later.

Hello Health relies on patient contributions to make its EMR free. You heard right — physicians who use Hello Health ask patients to pay for the system, generally anywhere from $36 to $120 annually. This model is actually billed as potentially revenue-building for offices, as doctors get about one-third of the patient’s total investment directly. In return, however, the patient gets access to things other patients who don’t pay for Hello Health don’t get. For instance, online appointment scheduling with blocked out periods of time strictly for Hello Health patients, virtual visits and emailing their doctor directly. It’s more of the concierge model for patients who want to pay for it.

Kareo has given away its EHR for free in the hopes that offices will buy their other products. The company also offers practice management and billing services.  Add their practice management service to your office and you’re looking at $299 per month per provider (plus the free EMR).

The biggest drawback to these free EMR systems seem to be data and security concerns. Kareo for its part has said on its website that they won’t sell the data to third parties, however, the company doesn’t list a fully privacy policy on its website. And both Practice Fusion and Hello Health make no such claims regarding data selling. This has many users and practices asking who owns the patient data in a free EMR, and what is being done with it?

For instance, a recent article focused on Practice Fusion emailing product reviews directly to the patient with the doctors’ name on the email – making it seem the email came directly from the doctor, when many had no idea this was happening.  And Hello Health’s privacy policy also says that the data they collect can be used to send customers product news, send surveys or collected for research purposes (they do say the data is “anonymized” prior to being sent).  Many have suggested that the real revenue stream for these free EMRs will be the selling of patient data to drug companies, researchers and others.

So while zero dollars is a cost most practices can live with, the real question is what is the true cost of these “free” systems?

Elizabeth Hipp is social media director, Transcription Outsourcing, LLC.  She blogs at the Transcription Outsourcing Services Blog.

Comments are moderated before they are published. Please read the comment policy.

  • Kernos

    You completely fail to mention open source EMR software such as openEMR.

    Like Ron Smith, I have been using software I started developing in the early ’90s.

  • Elizabeth

    Thank you for the link. Kareo’s customer data policy on their site reads like this:

    “All data entered by Customer remains the sole property of Customer, as between Kareo and Customer (Customer Data), subject to the other terms of this agreement. Customer grants Kareo a non-exclusive term license to use, modify and otherwise make available the Customer Data for purposes of Kareo performing under this agreement.”

    Now I’m not saying that they are going to use the information for some devious purpose, however the bottom line is information like that can bring in revenue, and to me their data policy is a little hard to understand. To me it sounds like Kareo does have the right to use the customer data for their own purposes. But you can make your own judgement call after reading.

    • Joe

      Hi Elizabeth, I think the key statement in the Kareo customer data policy is the last one in your quote above. Specifically, the policy highlights that the data belong to the customer and Kareo’s license to use the data is limited to delivering to the commitments made in the customer agreement. In other words, Kareo can use customer data only to the extent this use is needed to delivery its applications / services to the customer. This seems to eliminate the potential for uses that solely benefit Kareo but not the customer. Thanks! Rob

      • GT

        “Rob”? “Joe”? How many user accounts (which have each just been created recently, and have only been used to comment on this one specific blog post, and both times in enthusiastic support of Kareo), do you have?

        Just out of curiosity, do you have some connection to Kareo?

    • guest

      Do you or does anyone know in general how data mining is used in the case of pt medical records? I am sure it is like everything else. The pt is not the consumer but the pt information is sold in some fashion I imagine like facebook works. Perhaps the names are not known but the data? I have to wonder when I keep hearing that the EHR’s are used for billing purposes and data mining. Anyone know? I have a feeling there are ways they have made certain ways of data mining legal and HIPAA compliant –even with medical records.

      • Elizabeth

        HIPAA allows for patient information to be sold to third parties and/or used for research purposes once it is “de-identified” – i.e. once the 18 personal identifiers that are specifically mentioned in the rule are removed from the record. These include information such as names, addresses, birth dates, social security numbers, etc.

        • guest

          I don’t mean to act stupid here but can you give me some idea why this is valuable to third parties?

          • Elizabeth

            Sure! It can be used in a number of ways, but one example to illustrate is companies such as pharmaceutical companies use this information to help their advertising reach the right people. So if Pfizer knows through health records that 100 doctors in New Hampshire prescribed Claritin instead of Alavert, they can target those doctors with marketing materials or rep visits, or increase their ad revenue for the whole state to increase the number of billboards or commercials. That’s just one example of how the info can be used, but as they say, knowledge is power – the more companies know the more sophisticated their marketing is.

          • guest

            Thank you so much for the in depth response. What i find disturbing here is that people think HIPAA protects them when in essence between the EHR and the HIPAA laws the patients are being used and marketed. And i would guess no one knows that. I bet in a survey people would not believe that to be true. Why is no one complaining about this? There are a few people that complain about facebook data mining but this seems much worse. So you are saying they can read the entire record and note minus the name and ID info? Unbelievable and scary. I thought 1984 was just a novel.

  • guest

    wow i am glad I am not alone. Thanks for the tip. Around that time, 2010 I had a prescription filled out of state. No insurance was involved. I paid for it in cash. Soon after that, i was asked to upgrade an insurance i have but that it would require my medical consent since they would be reviewing my medical records. Low and behold they found the medication and others where I paid for it in cash. One I prescribed myself they found. At that time I falsely had the idea that this was privileged info between myself and my doctor.
    I have become more aware since then of a multi billion dollar business that works as the investigational arm for the insurance company called Milliman. I had never heard of them before but I was appalled that they legally had all this information about me at their disposal including SSN. I have since learned there is no privacy with prescriptions but did not realize it was the same with medical charts in hospitals as well.

  • guest

    Great Post M.K.C. My first reaction as well. ( with the Walgreens debacle you mentioned). My guess is some lawyer told them that they would not have a case for privacy. It’s like pain and suffering. There are severe limits on what you can get and most lawyers I don’t think go for those cases. Most lawsuits or even malpractice suits focus on economic damages. So I think that was their spin. But I’m confused why every person that buys a prescription or goes to the hospital doesn’t sue in the same way.

Most Popular