Request demo Call athenahealth Menu

Honest Opinions: CommonWell, the “Big EMR Switch,” and Cloud Security

by Dan Haley, SVP and General Counsel

I recently connected with the HL7 Standards blog’s Chad Johnson (@OchoTex) for a fun “5 question” Q&A. We touched on CommonWell, the athenahealth Code of Conduct, cloud security, the unique characteristics of athenahealth culture that allow us to be so engaged in policy conversations, and the always-around-the-corner “Big EMR Switch.” I’ve included some highlights from our conversation below, but you can also check out the full interview.

If you feel compelled to ask, “Dan, how much did you pay Chad to ask these softball questions?” that would not be an unfair question. But I assure you, Chad came up with these all on his own.

1. What do you think the CommonWell Health Alliance will have accomplished a year from now?

When it comes to CommonWell, “where will you be in a year?” is exactly the correct question. The first stage of the Alliance is a one-year pilot program, to test the basic assumptions about the model and ensure that it works the way the founding companies intend. At the end of that first year, we expect the members to be sharing data between and among their systems. If we didn’t expect that, athenahealth would not be involved. A lot of work will go into making that happen.

The CommonWell Health Alliance represents a real effort to snap together some of the vertebrae to create that national information backbone. After years of annual conferences where executives of the big electronic medical record (EMR) companies stood up and solemnly pledged to solve the interoperability problem that still plagues health IT, this year at HIMSS some heavy-hitters finally took a tangible step toward that goal. We’re pleased and excited to be a part of that. We view it as a step more than a solution in and of itself, but it is an important and necessary step.

2. What struck me as interesting about the Code of Conduct was the first provision, which is a vow to pay for and facilitate the transfer of a provider’s clinical data if they choose another EMR vendor, which can be a huge endeavor. Why did athenahealth think this challenge was necessary? And do you think your competitors will sign on?

Here’s the thing about our proposed Health Information Industry Code of Conduct: it isn’t a challenge. We aren’t daring our peer companies to sign on; we’re asking them to agree to a core set of very simple principles that we believe can, if broadly adopted, help pull our industry into the 21st century. No legalese, no weasel-words, no out-clauses. Just five basic principles that we think and hope our industry can get behind. When one of our peer companies signs on we put its logo right up there on the signatory page with ours. It isn’t supposed to be “an athenahealth thing.”

Because we were able to ask ourselves a simple question–what basic propositions do we think could materially impact our industry?—and then reduce those principles to a clear, concise, one-page document, we think we managed to put forward a proposed Code that is easily understood, broadly appealing, and capable of attracting support from a wide range of forward-thinking industry stakeholders. We are also able to push on our industries in a way that consensus groups cannot do.

The provision you asked about is a perfect example. We believe absolutely that no doctor should be locked into an EMR out of fear of having to lose his or her clinical data, or having to start from scratch with a new system. That kind of ‘lock-in-by-incompetence’ model wouldn’t be accepted in any other industry in 2013. It should not be accepted in health care. A company that is confident in the quality of its services should have no problem committing to pay for data transfer for a client who decides to move on.

3. Security is a prime concern in health IT and cloud offerings are often the target of criticism. John Halamka even described it as “your mess run by someone else.” What steps are you taking to assure your clients and prospects that clinical data is just as secure in the cloud as it is in a hosted solution?

Done correctly, cloud-based services are “your mess, cleaned up and run by someone else.” Underlying the athenahealth vision is a basic approach that characterizes every service we provide to doctors, and every service we contemplate providing in the future: we look constantly for new and better ways to take administrative burdens out of care provider workflows so that they can concentrate on patient care. It allows us not only to organize our clients’ information but also to actually do the work for our clients, in real time. Moreover, while we’re doing that work, our clients have real-time, always-available access to their information. The impact of that difference in approach cannot be overstated. Cloud services aren’t an alternative to a hosted solution. Cloud services are a different proposition entirely.

As to security, clinical data is not “just as secure in the cloud as it is in a hosted solution.” Assuming one is dealing with a competent, responsible cloud provider, it can be more secure. Do a Google search for news stories on health data breaches and you find story after story reflecting the same basic incident patterns: institutions printing out medical records and losing track of the paper, which no technology can solve; and human beings misplacing portable media (laptops and thumb drives) containing PHI. Cloud services obviously eliminate the possibility of the latter because protected data is stored remotely, on highly-secure servers, not locally on any media that can be left in a cab.

4. athenahealth representatives seem more willing than other EMR vendors to engage in public conversations and “make waves.” That’s definitely refreshing, but I imagine it causes your marketing team to stock up on antacids. What is it about your company and its culture that fosters this type of open dialogue with the health IT community?

Stated simply, it starts from the top. We have a CEO, Jonathan Bush, who shoots from the hip all day long, every day. He’s the last person who would ever come down on an employee for maybe getting a little bit too enthusiastic in communicating our company point of view on the important issues impacting our industry. In fact, not only am I free to engage in the public conversations you ask about, but it is part of my job. We want athenahealth to be part of those conversations. On any number of issues, we have a point of view that is markedly distinct from—sometimes diametrically opposed to—the rest of our industry. So in a very real sense we need to be part of those conversations. We cannot rely on others to make our arguments for us.

5. I’ve read that Black Book has named 2013 the “year of the great EMR vendor switch.” Since switching EMRs is no small task — especially if the provider intends on migrating old data – do you think this prediction will come true?

I certainly hope it will. I don’t think an impartial observer would argue with the proposition that there are a lot of lousy products out there, and a lot of fed-up care providers stuck using them. In my Capitol Hill wanderings, I often say that health IT lags a decade behind the rest of the information economy. The next time you are in a doctor’s office, take a look over the check-in desk and tell me I’m wrong. In some offices, the technology being used is more than a decade behind.

I have to believe that, at some point, a critical mass of doctors will not accept that the technology they are forced to use in their professional lives is so exasperatingly inferior to the technology they (and their kids!) use in every other aspect of their lives. At that point, they will finally start to demand better of their vendors. That inevitability, in my view, is the best hope for an eventual “great EMR vendor switch.”

Of course, it would help if the government would stop paying doctors to buy static software-based technology that should have gone the way of the dodo around the end of the last century… but that is a whole other set of questions.

I welcome any and all questions regarding our work down in D.C. Comment below or find me on Twitter at @DanHaley5.

View full profile and posts from author

Cloudview Blog

Ideas, insights and analysis to help physicians, medical groups and health systems stay informed and profitable in today's challenging health environment.

Latest from Twitter

Post your comment

These security checks help us prevent unauthorized access to your account.

Schedule an inside look

Thanks for your interest in athenahealth. We're excited to learn more about your practice.

* All fields required

We will never share your email without your permission. View our Privacy Policy or Terms Conditions.


Thanks! We'll be in touch soon!

In the meantime, please feel free to give us a call at 800.981.5084, explore the site or check out a video.


An error occurred

Please feel free to give us a call at 800.981.5084.

Request a live demo