News Stay informed about the latest enterprise technology news and product updates.

Grassley takes hold harmless clause between vendors, hospitals to task

The Iowa senator takes aim at the notion that health IT vendors may not be liable for mistakes made by health care providers using their products. Experts say such an idea is bunk.

The letter Iowa Sen. Charles Grassley wrote to hospitals last month began solicitously, asking how well IT vendors had performed and whether they made outrageous contractual demands for systems funded with $19 billion in federal stimulus dollars.

The letter quickly shifted gears, however, to question the process hospitals use to buy and maintain systems, to call into question the “hold harmless” clauses that purportedly absolve IT vendors of liability, and to ask whether the same potential conflicts of interest exist between hospitals and IT vendors as those between doctors and pharmaceutical companies, which have recently drawn fire for creating potential conflicts of interest in the drugs doctors choose to prescribe.

“A lot of what [the letter] targeted were provisions that could prevent customers from discussing problems in software that they uncover. I don’t really view that today as a problem,” said Frank Richards, CIO of Geisinger Health System, a network of three hospitals, two research facilities and clinics in the Danville, Pa., area.

“Every contract has nondisclosure clauses to stop you from talking about a vendor’s trade secrets, but I’ve not seen that prevent anyone from discussing a vendor’s software or talking about features and functions and workarounds,” Richards said. “You wouldn’t sign one that did.”

Hold harmless seen as protection for vendors, not patients

More provocative than the charge in Grassley’s letter -- that “gag orders” prevent CIOs from talking about their problems with health care IT systems -- was the suggestion that hold-harmless clauses in the contracts absolve IT vendors of any liability, even for deaths directly attributable to their systems.

Hold harmless is based on the idea that health care IT vendors specialize in IT rather than health care; moreover, they sell to “learned intermediaries” with both medical expertise and the ability to override any errors the vendor might introduce. That’s according to a letter published in a March 2009 issue of the Journal of the American Medical Association from sociologist Ross Koppel of the University of Pennsylvania, who specializes in the impact of health IT on quality of care, and David Kreda of Social Research Corp.

The hospitals’ role in keeping data up to date is legitimate, but the idea that a hold harmless clause absolves vendors of liability, no matter what mistakes they make, is almost certainly bunk, according to Jack Santos, executive strategist for the Burton Group consultancy, whose resumé includes stints as CIO at two hospitals and senior IT positions at several insurance companies.

“It’s a gray area that will eventually have to be decided in court, but no one doubts the vendors are liable for their own technology,” Santos said.

The accusation, as well as the implication that health care CIOs blindly or willingly endorsed hold harmless clauses by signing contracts containing them, enraged some in the health care community, who charged that signing hold harmless contracts violated a CIO’s ethical and fiduciary responsibility to a health care organization.

“Most contracts have indemnification language, and the vendors’ stance is that the customer should test everything,” Geisinger’s Richards said. “But what if a vendor gives you a dosage calculator and there’s an error in the calculation? Is the vendor liable? The answer is, yes, the vendor should be liable.”

Applying Stark regulations to health IT

Grassley’s letter and other efforts are designed to make sure health IT purchases are made based on ethical criteria, and create a regulatory structure to enforce that they are, in the same way the so-called Stark regulations passed in the early ’90s forbade doctors from referring patients only to medical facilities in which they had a financial interest.

[Hold harmless] is a gray area that will eventually have to be decided in court, but no one doubts the vendors are liable for their own technology.

Jack Santos, executive strategist, Burton Group Inc.

Grassley, the senior Republican member of the U.S. Senate Finance Committee, has been pushing for financial disclosure in health care for a decade, usually targeting physicians whose financial relationships with drug companies might affect what drugs they prescribe.

Grassley has also gone after medical journals, medical schools and most recently, patient-advocacy organizations in an effort to get the health care industry to reveal financial connections that may shape decision making about patient care.

“I’m interested in transparency. … [M]aking information public is basic to building people’s confidence in medical research, education and the practice of medicine,” Grassley said in a December announcement that he had asked 33 organizations, most of which describe themselves as patient advocacy groups, to disclose funding from pharmaceutical companies or others that might change the focus of their efforts.

Hold harmless, gag orders matter less than EHR improvements

Gag orders, financing and hold harmless agreements are important, but not as important as making sure data on drug dosages, patient histories and other content within electronic health record (EHR) and computerized physician order entry systems are kept accurate and up to date, Geisinger’s Richards said.

“We have something like 700 order sets for different disease conditions and patients and so forth that recommend medications and lab tests, etc.” Richards said. “What’s in those order sets comes from the vendor, but we maintain them. So, if the provider decides the default dosage should be 10 milligrams rather than 50 milligrams and we don’t make that change, and that mistake propagates to 100 other order sets for other situations, that’s a problem.”

By dedicating almost $20 billion to expanding EHR use in U.S. health care, the American Recovery and Reinvestment Act of 2009 (ARRA) gave a huge boost to health care IT. The bill also raised the profile of health IT enough to make such investigations as Grassley’s inevitable, according to Simon Kennedy, a partner in The Boston Consulting Group’s medical devices and technology practice.

The level of attention paid to the details of IT systems will be an annoying new experience for many health care CIOs, but is also important as a way to keep EHR developments on track both in individual hospitals and across the industry, Kennedy said.

“You’re talking about connecting referrals, triage, authorizations; taking administrative costs out of the system; making exams and writing scripts or orders much faster,” Kennedy said. “Some places, like Boston, maybe 50% of health care workers work in an environment where they can use electronic records. Nationally, that’s more like 2%.”

Grassley’s impact has generally been positive. He is off-base, however, in focusing too much on conflicts at the time of purchase that are more appropriate in prescribing decisions, rather than on long-term health IT decisions that involve more people and more diffuse decision making than is typical in most conflict-of-interest cases, Burton Group’s Santos said.

“If there are kickbacks going on, they should be prosecuted,” Santos said. “In general, in IT, there are no kickbacks.”

Kevin Fogarty is a contributing writer based in Boston. Let us know what you think about the story; email

Dig Deeper on Federal health care policy issues and health care reform

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.