Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

A Lawyer’s Perspective on EHR Vendors Holding EHR Data Hostage

Posted on October 23, 2015 I Written By

The following is a guest blog post by Bill O’Toole is the founder of O’Toole Law Group.
William O'Toole - Healthcare IT and EHR Contracts
The recent post, EHR Data Hostage Wouldn’t Exist if EHR Were Truly Interoperable, on EMR & HIPAA got me thinking, and I wanted to offer a few observations from my experience as an HIT lawyer.

The goal is wonderful. However, it would take years and years to achieve such a goal. Data extraction and subsequent import take time, sometimes lots of it. What if there were a standardized specification to which vendors could design extraction tools and programs? Follow that with contractual commitment that the vendor adheres to those specifications. We did it with HL-7, why not data transport?

Thankfully I have not yet represented a vendor that withheld data solely due to the departure of a customer. I have however been involved in very tough situations where the vendor treads a fine line in not releasing data until customers fulfill their obligations (such as paying for use of the software). I like to believe that there is more to the story in the vast majority of data hostage disputes, and in my experience, this has always been the case.

The emergence of the hosted subscription model has resulted in a control shift to the vendor, as opposed to the on premises model where the customer is in control and a vendor can be shut out. That said, vendor assistance is usually required to extract data.

“HIPAA vs. vendor rights” is a very hot topic for me. Providers must provide patient data on request. Vendors have a right to be paid. The contractual right of a vendor to suspend customer access to a hosted EHR butts head-on against HIPAA. I have discussed this with ONC and while the problem is recognized, there is no solution at the present time.

Bill O’Toole is the founder of O’Toole Law Group of Duxbury, MA. You may contact him at

Have You Ever Tried to Cancel an EHR?

Posted on July 15, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A caller’s attempt to cancel their Comcast service is going around the internet. About 10 minutes into the call, the husband got on the line and started recording the call for all of us to see how the Comcast retention rep acted. You can listen to it embedded below.

I imagine most of us have had an experience trying to cancel our service at one time or another. It’s not a fun experience. Although, I know some people who call to cancel their cable service every 3 months in order to have the customer retention representative give them a lower cost deal. You know that offering you a 3 month lower cost (or something like that) is one way they try to retain you as a customer.

As I listened to the call, I was thinking about some of the experiences I’ve read and heard about clinics cancelling their EHR service. Unlike a cable or TV service where it’s quite easy to switch services, switching EHR software is a much more involved process. In many cases EHR vendors hold you “hostage” more than the Comcast retention rep above.

In most cases, the EHR vendor will go radio silent on you or responses to your inquiries will take a really long time. Plus, when you ask for access to your EHR data, you’ll often get hit with a hefty price tag. It’s a shameful practice that many EHR vendors employ to try and lock their customers in and prevent them from switching EHRs. We’re entering the era of EHR switching and this is going to impact a lot of practices going forward.

I’ve debated for a while now creating an EHR “naughty” and “nice” list which outlines the good and bad business practices by EHR vendors. One of the challenges is defining what’s naughty and what’s nice. There’s a lot of grey area in the middle. Although, I think that aggregating this type of information would be really valuable. I’m just afraid that many EHR vendors won’t want to share.

I’ve written posts before about why I think holding a practice’s EHR data hostage is a terrible business practice. The medical community is small and an EHR vendor that tries to do this will definitely suffer from negative word of mouth. What do you think? Should we create a list of EHR vendors and their policy on EHR cancellations?