Skip to Main Content

Epic, the nation’s largest electronic health record (EHR) company and a major beneficiary of a $48 billion Obama-era federal program to promote the adoption of EHRs, has launched a full-scale effort to block the flow of data out of its software and into apps that benefit doctors and patients. That’s wrong for many reasons.

Epic is attempting to scuttle finalization of a rule from the Department of Health and Human Services that would implement the interoperability and information blocking provisions of the 21st Century Cures Act. The thoughtfully crafted rule, proposed by the Office of the National Coordinator for Health Information Technology, and now under final review at the Office of Management and Budget, requires that EHRs operate seamlessly with third-party apps, and prevents EHR vendors and health care systems from blocking or inhibiting the flow of information between health information technology systems or to patients. The rule is intended to underpin a digital ecosystem on top of the government’s investment to transform the health care system.


Perhaps reluctant to see data flowing out of Epic’s monopolized silos, the company’s CEO, Judith Faulkner, wrote to leaders of hospital systems, asking them to oppose the proposed HHS rule. And if that effort doesn’t work, Faulkner told Politico that her company might sue HHS over the final rule.

By opposing the rule at this pivotal moment, Epic is doubling down on its monopolistic hold on American health care and would be blocking vital improvements in it.

Interoperability, along with better and more affordable information flow, will benefit patients, improve outcomes, and reduce costs and waste by the health system. The proposed rule would also meaningfully enforce individuals’ right to access digital copies of their health records, something that was theoretically possible under the Health Insurance Portability and Accountability Act (HIPAA).


Hold on a second, you might say. Isn’t health care already a data-driven enterprise? Most Americans believe that the information their clinicians type into their EHRs during appointments is used to benefit their care, perhaps to ensure that a patient isn’t placed on a medication that that hasn’t worked for other patients like her, or to automatically detect a decline in kidney function that means he needs to see a specialist, or to coordinate essential information across different sites of care.

But it doesn’t really work like that. At the cost of millions to billions of dollars per hospital or health system, health care relies on pre-internet proprietary and non-interoperable software where, as in the old “Roach Motel” ads, data check in, but they don’t check out. In addition, EHR software is sold under contracts that contain both hold harmless clauses to abdicate responsibility for adverse events associated with their products and nondisclosure clauses to inhibit reporting of serious adverse events. As described in “Death by a Thousand Clicks, EHRs have contributed to an epidemic of physician burnout.

In Faulkner’s missive to health leaders, she misleadingly claims that patients have been able to download copies of their records since 2010. In fact, that was not possible at scale until about a year and a half ago.

In early 2018, Apple used the SMART on FHIR Application Programming Interface (API) — an interface we developed so apps could be added to or deleted from an EHR just as on smartphones — to connect its native Health App to hundreds of health care systems so iPhone users can acquire copies of their health records in an electronic computable format. What is important about this approach to standardized data download is that Apple’s Health App users acquire a structured and computable copy of their data that they can then share with a growing number of apps of their choice.

SMART on FHIR is required under the proposed rule, which also makes imperative that Epic and other EHR companies expose a much fuller data set to patients who want it. Access to all elements of a patient’s record across an API is required under the 21st Century Cures Act; the proposed rule details how that must be done.

Epic’s CEO points out that in an imagined world where Epic is the only EHR, data can be exchanged between health care systems using the company’s Care Everywhere. Unfortunately, this vision of interoperability for the entire U.S. health care system relies on information technology provided by a single, privately held company.

In its arguments against the rule, Epic claims that its concern is about protecting patient privacy. It is supporting a meme that patients cannot be trusted to choose their own health apps. We fully agree that patient protections are needed and have long argued for privacy-preserving patient control of health data. Here, Epic has taken the position of the fox arguing that chicken wire is a threat to chickens’ freedom to walk around.

Rather than continuing to work as a member of a larger ecosystem to ensure appropriate patient protections in the digital and connected information economy, Epic is instead deflecting progress in the fundamental need for interoperability. A cynic might believe that Epic prefers not to share the vast amount of data its systems collect in order to commercialize it. Anyone doubting that Epic’s position is monopolistic should read the recent editorial by Tommy Thompson, a former HHS secretary and Wisconsin governor, opposing HHS’ proposed rule to protect jobs in Wisconsin and bemoaning that it would require Epic to “spend a significant amount of its time on work to share its trade secrets with newcomers.”

Yet many of those “trade secrets” were underwritten by billions of dollars in federal investment, not to mention the original work at Massachusetts General Hospital that underlies Epic’s technology.

Epic could have decided to fully support the patient-enabling API and interoperability specified in the proposed rule and committed itself to making sure its implementation of the rule is a model of patient control and data security. Instead, by conflating these two goals, the company is attempting to provide political cover to stop what it sees as a threat to its business model.

For the past several years, Epic representatives have been collaborative and effective in participating in coalitions of academic and commercial groups that have made real progress toward universal APIs and interoperability. That makes the 11th hour full-on opposition to the proposed rule a particularly unfortunate assault on shared progress. If Epic is allowed to position itself as the only party able to innovate in health IT, then the health information economy should prepare for a recession.

Patient advocates — and that means all of us — are standing by to welcome Epic back to the table as a member of a growing community. But in the meantime, it should take back its last-minute call to thwart the HHS rule and inform its representatives in Congress and hospital leaders that the company supports the final rule because it will lead to better and safer care.

Kenneth D. Mandl, M.D., is director of the Computational Health Informatics Program at Boston Children’s Hospital and professor of pediatrics and biomedical informatics at Harvard Medical School. Isaac S. Kohane, M.D., is chair of the Department of Biomedical Informatics and professor of biomedical informatics and pediatrics at Harvard Medical School.

  • this article is pretty spot on. i worked at epic systems and confirm this entire opposition by epic is another example of their age old song and dance to protect their monopolistic business. nothing new here. luckily judy is 77 this year and will probably be dead in 3 years.

Comments are closed.