Think about that Elon Musk had determined to purchase Epic as a substitute of the platform previously generally known as Twitter. Think about that he had developed his personal EMR and knowledgeable each Epic consumer that they need to watch their e-mail for his or her assigned migration dates to the system he had developed, to be accomplished within the subsequent 60 days. Anybody who has ever participated within the set up of a primary EMR or the migration to a second is aware of that this might lead to an unimaginable degree of disruption to well being care operations in lots of hospitals in the US and around the globe.
I’m writing as a result of that is an unimaginable situation, however there’s nothing in any respect beneath current regulation to stop it. It’s taking place now to customers of an EMR system primarily utilized by psychiatrists. This method was acquired by one other firm in April of 2023. The buying firm introduced final week that they’re shutting the system down. Customers have been instructed to enroll to be assigned the date of their migration to the brand new system and knowledgeable that their accounts could be deleted 30 days after their migration date.
I don’t know what’s in Epic’s contract with its customers. However I think that, just like the contract with me, there is no such thing as a promise to proceed operations in perpetuity, and I perceive that’s not one thing that may ever be required of a non-public firm.
This has opened my eyes to a vulnerability that all of us share. The HITECH Act of 2009 required a serious sector of the U.S. financial system to place its data, its functioning, and its potential to look after the well being of the nation into the palms of software program distributors whose merchandise met necessities for significant use. There was no requirement within the regulation for the soundness of operations of these firms. It’s time to provide them some accountability beneath the regulation for the vital position that they now play in public security and commerce within the U.S. No less than because it applies to the cessation of operations, distributors of digital medical document programs needs to be regulated as public utilities.
Rules may embrace requiring sufficient discover of shutdown, to permit for the choice, buy, and set up of different software program, together with the orderly migration of information, workflow redevelopment, and coaching of employees. The regulation may specify totally different timeframes for “sufficient discover” relying on the dimensions of the affected group. Distributors may very well be required to reveal that they’ve the capability to offer a replica of a consumer’s knowledge in an organized and usable kind within the occasion that they stop operations or to reveal the devoted capability and funding to maintain their current software program working in read-only mode for the time the regulation requires for the retention of medical data. The regulation may require that customers who wished to undertake to switch a working copy of the software program and their very own knowledge to their very own servers be on condition that possibility at costs reflecting the truth that the software program would, at that time, be an deserted asset for the seller.
Others might have higher concepts; I hope that this text opens a broader dialogue. For software program firms that will bristle on the considered this type of regulation, please do not forget that the HITECH Act gave your business an accelerated entry right into a privileged area. I’m positive that there are lots of devoted software program builders who’re dedicated to performing responsibly in that area. Given the latest expertise of about 4,500 psychiatrists, we want extra formal safeguards.
Cathleen Gould is a psychiatrist.
