EHRA’s EHR Code of Conduct – Will Anything Change?

The big news that had to be covered today was the announcement by the EHR Association about the EHR Developer Code of Conduct. The core topics of the EHR Developer Code of Conduct are great:

  • General business practices
  • Patient safety
  • Interoperability and data portability
  • Clinical and billing documentation
  • Privacy and security
  • Patient engagement

Certainly there are other areas that I would have loved to see included, like EHR usability, but if we could address each of the areas listed above we’d have a big improvement over where we are today. Be sure to also check out the EHR Developer Code of Conduct and FAQs document and the EHR Developer Code of Conduct Implementation Guide for the full details on the EHR Code of Conduct.

The problem I have with this EHR Code of Conduct is that it has no teeth. There’s no enforcement mechanism or reporting mechanism to show how an EHR vendor has chosen to implement the code of conduct. They won’t even commit to having a list of EHR vendors that have adopted it. Trust me when I say that for every element of the EHR Code of Conduct, there’s A LOT of room for interpretation.

Where there’s room for interpretation, there’s room for abuse.

Obviously, when you bring together 40 EHR vendors it’s a real challenge to create something that has no interpretation. However, it seems they could have created a way to display how an EHR has chosen to meet the EHR code of conduct guidelines.

For example, the guideline says, “We will work with our customers to facilitate the export of patient data if a customer chooses to move from one EHR to another.” Then, it even sets a minimum export of a CCD/CCDA document. We could discuss how that type of document is nearly enough to switch EHR software, but even if it was enough, there’s a lot of ways you could implement this guideline. An EHR vendor could let the customer download a CCD for each patient individually and leave it to the customer to download all 5000 individual CCDs for their patients. That meets the guideline, but would be very different than an EHR vendor that gave you a one click download of CCDs for all your patients.

This qualitative data about how an EHR vendor has implemented the code of conduct should be easily available to doctors to compare across vendors. Otherwise, it has much less meaning and a lot of doctors will get bamboozled by the impression “commitment to the EHR Code of Conduct” implies. It’s similar (and even worse) than the pass/fail EHR certification. Not all certified EHR are created equal and not all EHR Code of Conduct adopters will be equal either. Why not be transparent about how they meet the code?

In the webinar they suggested that “the industry itself will kind of make it transparent who has adopted the code and who hasn’t adopted the code.” Maybe a third party will make that data available, but it’s a lot of work without a clear mechanism to pay for the work.

The other part of the code of conduct that really bothers me is the question posed in the title of this blog post: Will anything change? I loved a question that was asked on the webinar, “What pieces of the code of conduct were an EHR vendor not doing before the code?” They skirted the question saying that they couldn’t comment on it and some other tap dancing around the question. Does this mean that EHR vendors will just use the EHR Code of Conduct’s false trust to sale more product while doing little to change operationally? I’m certain this is not the intent of the committee, but could be the end result if those adopting the EHR Code of Conduct aren’t held accountable.

I got comments from two EHR vendors about the EHR Code of Conduct. Take a look to see what SRSSoft’s CEO Evan Steele said in their press release:

“SRS has always been committed to the principles identified in the Code of Conduct—designing our products with patient safety in mind, supporting physician/patient ownership of their data, safeguarding privacy and security, and communicating honestly in the marketplace,” says Evan Steele, CEO of SRS. “We are pleased to be among the first EHR companies to adopt the formal code, and hope that all vendors will follow suit.”

And John Glaser in the Siemens comment:

“The release of the EHR Developer Code of Conduct by the EHR Association is an important milestone in the maturation of the healthcare information technology industry, and we at Siemens Healthcare are proud to have supported its drafting and ratification,” said John Glaser, PhD, CEO, Siemens Healthcare, Health Services. “The Code of Conduct includes many elements that just make too much sense to be ignored and it’s my belief that Siemens and many players in this industry have already been adhering to many of these principles. Codifying these principles and providing a transparent way to show customers that companies are going to adopt them will help propel our industry’s ability to deliver safer, more effective and more interoperable solutions.”

It’s not like an EHR vendor’s going to come out and say they weren’t following the Code of Conduct principles. They’re not going to come out and say they don’t care about the EHR Code of Conduct principles either. The question is whether they state it in public or not, will EHR vendors really change? I have my doubts without a clear mechanism of accountability.

In some ways this reminds me of the doping scandal in cycling. Everyone knew that everyone else was doing it and no one wanted to say anything to rock the boat because it would mean they’d have to admit to doing it. Once a few cyclists stopped doping, they were at a disadvantage to those who continued the unhealthy practices.

I vividly remember in the post-Lance Armstrong years an interview with Levi Leipheimer where he was asked about doping. He tersely responded, “I hope all the dopers and cheaters get caught. It’s not fair that I’m having to compete with them.” (Not an exact quote, but you get the gist) Once he stopped doping he knew he was at a disadvantage. He wanted those that were still doping to be held accountable. I wonder if we’ll see something similar play out in the EHR world. Some EHR vendors follow the letter and intent of the code of conduct while other EHR vendors continue to skate around the edges since there’s still nothing holding them accountable. Just like Levi couldn’t name names in his interview, EHR vendors won’t be able to name names either.

As I said to start this post, I love the intent of the EHR Code of Conduct. I just worry that it will do little to change the EHR world as we know it.

I’d also be remiss if I didn’t also share a comment someone made on the Code of Conduct announcement webinar. Someone obviously didn’t realize their mic was on and they said, “It’s a love fest, an EHR Love Fest!” I’m not sure who it was that said it or why exactly they said it, but it gave me a good laugh. I always love a good EHR love fest myself.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • Hi John,

    I was proud to work together with my peers on the EHRA committee which produced this first version of the EHRA Code of Conduct. (We do expect future versions to emerge, keeping in step with changes in our industry.) While EHRA acted as the catalyzing force, providing leadership and the forum for the collaborative development of the code, EHRA cannot provide enforcement once the code is published. However, I do believe that this code has ‘teeth’ and here’s why:

    (The views expressed are my own, not necessarily reflective of EHRA in general, or of the Code of Conduct committee in particular.)

    The ‘teeth’ to the EHRA Code of Conduct are – the consumers. At SRS, we hope that consumers – hospitals, practices and physicians – will understand the importance of the code and become familiar with its principles and ideals. Educated consumers should ask specific questions of their current vendor, or prospective vendor, as to how that vendor implements the principles defined by the code. Where the consumer is not satisfied with the response, the consumer can ‘enforce’ the code by walking. Consumers should walk away from vendors who cannot demonstrate compliance, toward vendors who can and do.

    In this respect, the code is a valuable educational tool to help consumers evaluate the EHR which will play a highly critical role in the care which they will provide to their patients in coming years. The code instructs consumers as to the core principles and commitments which they should expect from their vendor, and consumers provide ‘enforcement’ by exercising their options accordingly.

    Thanks for providing the forum for this exchange of ideas!


    Joseph Geretz
    Chief Software Architect

  • Joseph,
    Thanks for sharing your insight. You’re right in some cases that it will help some doctors to ask more questions they wouldn’t have thought of asking otherwise. The problem I have is that from my experience with EHR certification instead of asking more questions, the customer assumes that their interpretation of the code (or certification) is what the EHR vendor actually implemented. Then, when they start implementing they realized they should have asked more questions.

    I guess it’s worth noting that I don’t think the EHR Code of Conduct is a terrible thing and as I said the ideals are good. We just need to be sure to make the customers aware of what it does and doesn’t do. I also have a lot of other ideas on how to add some more accountability to the code. I’m just not sure I have the “bandwidth” to make it happen. I do love holding people accountable. It’s a great part of blogging.

  • Hi John,

    > …the customer assumes that their interpretation of the code
    > (or certification) is what the EHR vendor actually implemented.
    > Then, when they start implementing they realized they should
    > have asked more questions.

    Agreed. In general, we find that the ‘consumer awareness quotient’ is relatively low when comparing the purchase of an EHR system with other large purchases (automobile, home, etc.). This is unfortunate. Were this one factor to change, so that consumers do become more aware of all aspects of the system which they are purchasing, and the vendor from whom they are purchasing, we’d see positive improvements in the marketplace.

    And I agree that folks should be held accountable – consumers as well as vendors.


    Joseph Geretz
    Chief Software Architect

  • Whether or not the code becomes a significant factor will depend on vendors giving it life and users seeing it as valuable.

    While it is certainly too soon to know, we do think that users should be able to find if vendors support the code, so we’ve added this as a Yes/No feature to the

    Vendor subscribes to Electronic Health Record Association’s EHR Developer’s Code of Conduct.

    Carl Bergman
    Managing Partner

Click here to post a comment