In Vendors We Trust

We put a lot of faith and power, in the hands of vendors that collect, store, and transmit data. Data is exceptionally valuable in healthcare for a lot of different parties, and it can be used for both good and evil. A good use of data would be to provide population health-based insights that help prioritize and roll out campaigns for different segments of the population. A bad use of data would be to increase the cost of coverage (not as much of an issue any more) or to market health services directly to patients that might not be in their best interest, whether that be for medical or financial reasons. There are many gray areas there as well.

We do it outside of healthcare, too, with the data we passively and actively give to companies like Google, Facebook, and Twitter. These companies exist largely on data and the insights and marketing they can derive and sell from it. I don’t mind too much the tracking outside of healthcare because I’m resigned that it’s just the way things work.

I’ve written before about free services not really being free. In that article, I spoke about my preference to pay for services I use. I still prefer to pay for services and I happily pay for things I use and value. The list of services I use and pay monthly for has grown –  Buffer, Dropbox, Google Apps (the transition from free to pay was abrupt, but this is for business), Trello (I don’t even really use the premium services, but I love Trello enough to pay for it), Path, Evernote, ContactMonkey, Nimble, and probably a few others I can’t remember right now. The major drawback is that it does become challenging if you change your credit card info.

But back to free services, vendor trust, and the use of data. Eighteen months ago I specifically called out PracticeFusion as an example in my post, for no other reason than that it was a free HIT offering. PracticeFusion is the reason for this post. Has everybody been following the recent privacy debate that’s been unfolding related to PatientFusion, a PracticeFusion product that is meant to compete with ZocDoc? The privacy issues and data relate to some of what was pitched as the core value of PatientFusion, the reviews by "verified patients."

This all started over a year ago when PracticeFusion started sending patients post-appointment emails asking them to rate their experiences with PracticeFusion providers. Great, PracticeFusion was proactively getting feedback from patients. That’s pretty helpful information. Providers could probably benefit from it, and consumers too. In fact, according to PracticeFusion, providers asked for this. So when PracticeFusion announced PatientFusion, it launched the new site with tons of reviews from "verified patients," reviews it had collected over time as an add-on to the core PracticeFusion offering. PracticeFusion is a in a unique position to collect ratings and reviews from real, verified patients as opposed to some of the review sites that can’t verify patients that review providers.

Populating sites with real data is one of the major challenges of launching sites, especially those targeting consumers. It doesn’t even always have to be real data — look at how Reddit got started. Populating new sites is a chicken-and-egg problem, and PracticeFusion strongly launched with a clear value proposition to people looking for doctors – lots and lots of validated reviews from real patients. That’s a pretty nice way to play catch-up when you launch a product a couple of years after your main competition, in this case ZocDoc. There are other, less well-funded startups than PracticeFusion that are going after ZocDoc but with other approaches, like focusing locally now that ZocDoc is spread across so many geographies.

With PatientFusion, it wasn’t the reviews that were necessarily the problem. I have no idea if PracticeFusion violated HIPAA or not – that will take a few million dollars’ worth of legal fees to answer. That’s really not the problem as I see it. Simple searches make it clear that these reviews were not intended for public viewing. The article linked above has some pretty good example reviews in which "Anonymous" reviewers included full names in the review itself. Some of the reviews were very specifically meant for the provider and for the office staff. Whatever the disclaimers and education patients got about the reviews, not all of them understood it. Again, that’s not surprising.

But the response from PracticeFusion CEO’s is that a "handful of surveys posted online where patients mistakenly entered their personal information. These were removed immediately." is misleading. I only searched for one specialty in my local area, looked at results for only the two providers with the most reviews, and both had multiple reviews that contained full patient names.

The problem ultimately stems from a lack of transparency and on the part of PracticeFusion. When I wrote my post 18 months ago, I wrote that, "I don’t have a fundamental problem with companies selling my data, but please at least tell me what you’re going to sell." Maybe or probably PracticeFusion followed the best legal advice in the world when it went down the path of sending out reviews for doctors, and maybe it has every "i" dotted and "t" crossed when it comes to HIPAA, but its clearly created some confusion amongst the patients. I’m sure patients and providers had options and opted into or out of these things, and providers likely signed BAAs that allowed for using data this way. But not everybody seems to understand the nuances.

Just acknowledge that the site has lots of reviews that contain personal information and that fixing that will likely be hard considering the number of reviews. Maybe we can all learn from the experience and better understand how to help patients make more informed decisions about their health data.


Travis Good is an MD/MBA involved with health IT startups. More about me.

↑ Back to top

Founding Sponsors

Platinum Sponsors