You Get What You Pay For: Hidden Costs of The Free EMR

There are a number of old maxims that one might want to ponder before considering a free EMR/EHR solution:

For example, “There’s no such thing as a free lunch.”

Or, “If something sounds too good to be true, that’s probably because it is.”

And, of course, “You get what you pay for.”

There are plenty of free EMR/EHR solutions currently available in the Health IT market from a multitude of vendors (we aren’t going to name any names, here—and we don’t need to. A simple web search is enough to determine what sorts of “free” EHR/EMR vendors are out there). 

Before you go looking for a “free” way to transition to EHR/EMR, however, there are some things you should consider:

• Few things in life are ever really free,
• There are almost always strings attached, and
• You should be aware of all the factors before you commit your practice to any EHR/EMR solution (free or otherwise).

Any business model that didn’t bring in revenue would be a foolish one indeed. Every business has to make money, and free EMR/EHR vendors are no different. Everyone has to eat, after all.

The question is, how do the vendors of these EMR/EHR solutions generate the revenues they need in order to stay in business, especially when they are offering their solutions free-of-charge? The answers might surprise you.

The Ad Revenue Model

In order to keep their systems free, some vendors rely on advertising revenues. This is probably the simplest way to generate revenue for any tech service that doesn’t charge its users. An ad revenue platform usually means users/physicians will see advertisements when using the free service.

On the surface, this doesn’t sound so bad. However, remember that we live in a world where “targeted” ads have become the standard for nearly all online advertisers. Think of those ads you may have seen on social media (such as Facebook), which are strangely relevant to something you’ve been posting about or searching for recently. These ads are determined by mining data from your online activity by groups like Google. Not surprisingly, free EMR/EHR vendors use the same data mining methods to create their own “targeted” ads. After selecting the record of a patient with a history of seasonal allergies, for example, you may see an ad for allergy meds such as Claritin, Zyrtec, or Allegra. 

This may not sound like such a big deal, so you may be wondering why you should view this kind of advertising as a problem.

Ask yourself this: How are such vendors able to customize these sorts of “targeted” ads?

Simply put, by scanning your data, i.e., the Protected Health Information (PHI) of your patients. While there is no law (not yet, anyway) against creating or customizing “targeted” ads in this way, the fact that they do so using PHI data certainly brings up a number of privacy and data mining concerns. What’s more, this could potentially open up your practice to the possibility of fines from HIPAA violations (we will get more in-depth on the pitfalls caused by data mining later in this article).

The “Pay-to-Play” Model

There are, of course, free EMR/EHR vendors who do not use advertising revenue to keep their systems free. Some rely on patient contributions to do so. This is similar to the “pay-to-play” model used by many videogame and gaming-app sellers in recent years. Physicians who use these services are required to ask their patients to pay for their use of the system.

And, yes, when it comes to patient relationships, this idea is absolutely as terrible as it sounds. 

This means you would have to ask your patients to foot the bill for your EMR/EHR system, costing each of them anywhere from $35.00 to as much as $125.00 a year depending on the vendor. In other words, patients who refuse to pay will not be allowed to access all the benefits of the system.

These pay-to-play vendors usually lure physicians in with the promise of building new revenue for their practices, offering to share as much as 33% of patient investments with the hosting physicians. Again, this sounds nice on paper. However, in practice, physicians who use these vendors quickly realize that they create a schism among their patients—those who pay extra for their doctor’s “free” EMR/EHR are allowed to do things that those who don’t pay are not.

For example, the system may reserve prime hours of the appointment schedule for “paying participants” only, while blocking these hours from patients who don’t pay. Additionally, some functions of the health records may only work for paying patients, even if the physician desires to use them. This is why the “Pay-to-play” EMR/EHR platform has come to be referred to by some as a “Concierge Model.” It only benefits those patients who are willing to pay for it.

This structure can eventually cause both groups of patients to develop feelings of resentment—those who feel they are being forced to pay extra and those who feel they are being penalized because they either cannot afford to pay or are unwilling to do so.

The “Not-So-Free Add-ons” Model

Vendors with this model use the offer of their free EMR/EHR systems as a lure to get new physicians/practices to sign up. The good news is that they don’t use ads and won’t require you to ask patients to pay for it. The bad news is that the “free” part ends with their EMR/EHR.

Users of this model are betting on the idea that once you’ve committed your practice to using their “free” stuff, you’ll eventually want all the bells and whistles that come with it—practice management, scheduling, billing, patient portals, etc.—but they aren't free.

Since you’ve already converted all your patient records to their system, they figure you’ll eventually upgrade to their extras (instead of choosing a new provider) when you decide you need practice management solutions, and the costs of these solutions are often higher than they would be with other HIT vendors, since the “free” vendors use the revenue from their other solutions to offset what they don’t earn from their no-charge EMR/EHR.

Think of it like this: You start out with a free EMR/EHR system, which seems like the most cost-effective method at first. Then you encounter a technical problem. You have to pay for someone to fix the issue. Then perhaps you decide to upgrade to some or all of the other practice management functions the “free” vendor has to offer. Soon, you may find that your initially “free” EMR/EHR system is now costing your office far more (in money and efficiency) than if you’d gone with a paid option from the beginning.

The “Use Patient Data as an ATM” Model

This model is probably the most common, and yet it is the least discussed because those who do it would rather their customers not know about it. These vendors generate revenue with their “free” EMR/EHR services by selling data they have mined from their users—and yes, this includes patient PHI.

What’s worse, even some of the vendors who use the previously mentioned revenue models are quietly generating extra cash by trading and/or selling user data. The privacy and security concerns raised by this practice are very severe and should be horrifying to any medical practitioner who does not wish to be slapped with any number of HIPAA violations.

The best way to identify vendors who use data mining tactics to generate revenue is to track down and read the privacy policies posted on their websites. If they do not have one posted—or if they do have one but it is not specific about exactly who owns and may use the patient data in their free EMR/EHR service—it’s pretty safe to assume that they are, at the very least, participating in some form of data mining.

Worst case scenario (which, sad to say, is the most likely), is that they are mining this data and trading/selling it to third parties.There is a lot of money to be made, after all, in selling medical data to pharma companies and medical research firms, among others.

Some vendors do have privacy policies that clearly explain the fact that they can and will use data mining for their own purposes. The reason this doesn’t seem to prevent customers from using them is that few people take the time to find and actually read the privacy policy. Therefore, many are unaware that this practice is even occurring until something happens that brings it to their attention.

Unfortunately, the issues with this model do not end with selling data. At least one free EMR/EHR vendor (we are choosing not to identify which one, in this article) was recently found to have sent promotional emails directly to the patients of its users, with the name of the patient’s physician on each email. The problem? The vast majority of the doctors had not been informed that the vendor was going to do this, nor had they authorized them to do so. Needless to say, such unauthorized emails are likely to result in a loss of confidence among patients in your practice’s ability to maintain their privacy.

The Decision is Yours...Knowledge is Power

When all is said and done, it is ultimately up to you to decide what form of EMR/EHR solution is the best fit for your practice. While the idea of a free option may look great on paper, keep in mind that it doesn’t always turn out so well in reality. No matter what solution you choose for your office, whether it is “free” or not, educating yourself is always the best move. Make sure that you know what you are getting into—pros and cons—before committing your patient data to any EMR/EHR vendor. The more research you do beforehand, the less chance you’ll have of regretting your choice later on down the line.

Editor's Note: This post was originally published in February 2015 by Nathan Brown and has since been updated for accuracy.