Executive Summary

The heightened role of private equity in extracting wealth from healthcare services has captured national attention in the media and academic research – with the massive bankruptcy of the Steward Healthcare System the poster child for 2024. Private equity firm Cerberus bought out Steward in 2011, sold off its property, cut staffing and supplies, extracted over $1 billion, and ran it into bankruptcy by 2024.

Much less sensational and hidden from view are many other financial actors who own and operate other parts of the healthcare sector.

In this two-part report, we examine the federal laws governing health IT and the cluster of firms that create, own, and operate the information infrastructure that healthcare providers depend on. These include venture capitalists, health IT vendors, and ‘Big Tech’ firms from Silicon Valley as well as private equity firms and other Wall Street actors. While health IT systems have become embedded in provider organizations as essential to decision-making processes, little attention has been paid to whether or how this change has increased healthcare financialization. By financialization we mean the extent to which actors with primarily financial interests penetrate the industry and shift the logic of decision-making and its outcomes away from its healthcare mission and towards financial goals. The answers to these questions are important for the current debates over what standards and guardrails should be adopted for AI and machine learning in healthcare.

The empirical question is whether these financial actors are creating value for healthcare more than they are extracting value from it. We begin with the observation that health IT may create value for clinicians and patients and enrich the firms best situated to profit from the technology. Whether this financial relationship enhances or limits the technology’s potential to improve healthcare delivery systems depends on the laws and regulations put in place to set standards and enforce them, the conditions under which it is implemented, and who has the relative power to set prices and quality. We are interested in the extent to which health IT has improved healthcare relative to its potential, how much external financial actors have extracted wealth from it, and whether this has come at the expense of healthcare organizations, employees, patients, and taxpayers.

This question is particularly salient now as the issue of artificial intelligence (AI) and machine learning (ML) in healthcare has come center stage and policymakers are debating how to regulate them. There is great enthusiasm that these technologies will cut costs and improve health care quality, while there also is great concern about accountability and the ability to regulate their use. The current public debate echoes that of thirty years ago over whether electronic health records (EHR) would achieve cost and quality improvements.

In Part I, we examine the evolution of electronic health record systems and their adoption based on an analysis of the laws, regulations, and empirical evidence on their use and outcomes over several decades. We reconsider the widespread assumption that health IT has reduced healthcare costs and improved efficiencies. Who are the leading actors in this domain? What are the relationships between health IT financiers, vendors, and healthcare provider organizations? Who has benefited, and who has borne the risks and costs of EHR implementation? To what extent have regulatory guardrails succeeded in providing transparency, accountability, and protections against EHR system failures or deficiencies?

Part II of the report considers a broader set of developments in health IT, including the role of venture capital, private equity, IT vendors, and Big Tech companies in the development of integrated health IT systems that healthcare organizations increasingly depend on.  EHR platforms became the foundation for layering on software systems for claims and revenue cycle management (RCM), data analytics, algorithmic decision-making, and AI and machine learning applications. The rapid development of these ‘end-to-end’ management systems that integrate patient data into financial accounting systems has positioned them to serve as the infrastructure for embedding AI and machine learning tools into healthcare decision processes – without prior safeguards or input from patients and healthcare workers and without regulatory standards, transparency, or safeguards. The federal government’s late-stage efforts to weigh in on AI applications in healthcare face a powerful set of financial players with deep stakes already planted in healthcare. Again, the empirical question is who benefits, and who absorbs the risks and pays the costs? Our analysis of the evolution and unintended consequences of health IT informs the current debates over regulating these recent developments in health IT.

In Part I, the findings from this research point to the important role that the federal government has played in mandating and subsidizing the adoption of health IT systems, but without providing sufficient guardrails or oversight to ensure that taxpayer dollars have been used to benefit clinicians, patients, payers, or the Medicare Trust fund. As a result, the evidence suggests that health IT financiers and vendors often have benefited at the expense of other stakeholders.

The evidence suggests that these outcomes are the result of an underlying faith that information technology, now including AI, is the key to reducing costs and streamlining the delivery of healthcare services. This belief took off as the digital revolution emerged in the 1980s and 1990s. The Clinton administration pushed through the 1996 HIPAA legislation in order to protect patient data privacy and support healthcare portability, which set the stage for standardized electronic patients records as well as billing systems. George W. Bush institutionalized federal support for health IT by establishing the Office of the National Coordinator for Health Information Technology (ONC); and in 2009, the Obama Administration mandated that healthcare organizations adopt EHR systems, providing billions of dollars of subsidies to do so under the HITECH Act. Features of the Affordable Care Act (ACA), as well as the federal push to adopt value-based care (VBC), have added incentives for the adoption of EHR systems.

But none of these laws and regulations provided guidelines for testing, monitoring, or regulating the use of IT in healthcare, nor did they offer protections for workers’ rights or funding to train employees in the use of health IT. Taxpayer dollars that subsidize the adoption and upgrading of health IT flow like water through healthcare organizations to a host of tech vendors, private equity firms, data mining and marketing companies, revenue cycle management firms, data analytics firms, and others.

The strengths and limitations in the HIPAA privacy rules, as amended under the HITECH Act, produced intended and unintended consequences. The HIPAA privacy regime offered major protections for patient electronic data privacy, limiting access to healthcare providers and payers; but it also allowed access to patient data by ‘business associates’ that provided services to providers and payers. As the health IT ‘ecosystem’ grew, hundreds of enterprises gained access to private patient health information, without patients’ full knowledge and often without any strong justification for their ‘need to know.’

The assumed cost effectiveness of health IT that fueled passage of the HITECH Act did not receive sufficient empirical scrutiny before federal adoption mandates were in place and billions of taxpayer dollars had been spent. While the mandates successfully ushered in rapid adoption of EHR systems, the systems were flawed, user-unfriendly, and lacked interoperability (the ability of EHR systems to share information), which was one of the central requirements of the HITECH law. As a result, healthcare organizations became laboratory sites for experimentation in which providers and patients often bore the costs of health IT glitches, inaccuracy, and lack of interoperability. Health IT lacks public oversight and guardrails, allowing venture capitalists and IT vendors to make billions on the adoption of unproven technologies by health provider organizations.

The HITECH adoption mandates led to ‘a rush to adopt’ EHRs, which also privileged the legacy IT vendors – allowing them to acquire asymmetric market power (and in some market subsegments, monopoly power), which has allowed them to charge high prices. Federal subsidies to support innovative startups, by contrast, did not emerge. The market leaders often maintained their dominance through anti-competitive strategies such as information blocking, through which they undercut federal guidelines for interoperability or charged high fees to physicians, clinics, or other users to link to their systems. It wasn’t until 2016 that Congress passed the 21st Century Cures Act, which mandated standards for interoperability for health IT developers and put in motion a national framework for health data exchange under the Trusted Exchange Framework and Common Agreement (TEFCA). Final regulations for the Cures Act were posted in May 2020, while those for TEFCA took until 2024. Fifteen years after the HITECH Act, 30 years after HIPAA, and 60 years after EHR innovations emerged, interoperability is viewed as ‘promising.’

Empirical evidence shows that EHRs have led to better billing processes and internal communications in provider organizations, but not necessarily cost savings. That is because few studies calculate total economic costs that include the hidden costs of installing, maintaining, and upgrading systems, as well as hiring, training, and retraining the entire healthcare workforce to be proficient in data management as these systems continually change. Large healthcare systems spend billions of dollars on EHRs while smaller hospitals are pressed for resources to install or maintain them.

A primary expectation among medical practitioners and EHR advocates was that EHRs would substantially reduce or eliminate medical errors due to human data input and updating. But hundreds of empirical studies from the 1990s to the present have found that inaccurate or outdated information is often embedded in patients’ EHRs. While both manual and electronic systems are subject to human errors of data entry, EHR systems encourage widespread use of cut-and-paste features, which may lead to the persistence of outdated information in patient records, information overload for physicians, delays in care, or more serious threats to patients’ lives.

The unanticipated negative outcomes of EHRs for physicians, nurses, and frontline workers are also well documented since the 1990s. As EHR systems became more complex, the data entry requirements for physicians and healthcare workers also increased, leading to excessive time spent by physicians on computers rather than direct patient care – with additional hours at home finishing up documentation. Physicians and nurses continue to report that systems are onerous, usability is low, much information is irrelevant or redundant, and the inefficient use of their time for clerical work has grown immensely – leading to high and growing quit rates. Information overload leads to cognitive overload, at times undermining patient care or safety. None of these costs are well-understood or integrated into cost-benefit analyses of the value of health IT.

The findings in Part II of this report identify the process through which EHR systems became the platforms for integrating claims and financial management systems, or end-to-end revenue cycle management.  While the legacy IT vendors, Epic and Oracle Cerner, diversified their revenue streams into claims and financial management systems, private equity firms bought out independent RCM companies, accelerating their acquisitions in the 2020s as the potential to further automate systems via AI and machine learning took shape. In addition to collecting medical debt via revenue cycle management companies, private equity firms have also bought up medical loan and credit card companies that often result in low-income patients paying more than they otherwise would have. The unanticipated developments in health IT over three decades have had – and continue to have – consequential outcomes for patients, clinicians, healthcare provider organizations, and the costs and quality of care.

Thus, a direct line of sight exists between the creation of EHR systems in the 1990s, their mandated use in 2008, their linkage to financial management systems in the 2010s, and their position today as laboratories for testing data-driven decision-making. Venture capital, private equity, and Big Tech have financed a range of firms using data analytics to experiment with cost management, risk management, algorithmic decision-making, ‘value-based care enablement’, and more recently AI and machine learning.

The platforms are virtually unregulated, with no independent process to scrutinize them before they are used in healthcare systems, and no guardrails against potential downside risks for patients. They are non-transparent, making it extremely difficult to assess whether AI is being used for cost saving or cost-shifting from insurers or healthcare systems to employees and patients. Early research has identified several major concerns over algorithmic and AI-driven decision-making systems. These include the inaccuracy and biases of data that AI uses, leading to improper diagnoses or care recommendations; racial and economic bias embedded in AI systems; the use of AI ‘recommendations’ as strict rules to be implemented; the hidden ways that data analytics may be used to shift costs from hospitals and insurance companies to healthcare providers and patients. In the meantime, Wall Street, Silicon Valley, and Big Tech actors are making billions selling data and AI systems that lack sufficient testing, transparency, or regulation.

The proprietary ownership of massive databases of patient health data also has raised major concern over its use for marketing purposes and private gain. While HIPAA privacy rules were designed to protect individual patient data, they also allowed ‘de-identified’ data (stripped of personal identifiers) to be used for secondary purposes, such as medical research or population health management. Following passage of HIPAA, however, large ad agencies and data mining companies that pre-dated HIPAA were well-positioned to take advantage of de-identified data to monetize it for marketing and private research. The unintended consequence is the growth of an unregulated multibillion-dollar industry in monetizing patient data for private gain without patients or healthcare providers’ knowledge.

Because deidentified data is costly and held by large EHR vendors and insurance corporations, academic medical researchers often do not have access to it. Instead, it is often sold to large data analytics and private research or pharmaceutical companies that do not have to follow traditional medical ethics standards and clinical research protocols. Given the proprietary nature of the data, studies cannot be replicated — and it is unclear whether this research meets scientific standards or not. The complete lack of transparency means that the public cannot assess the extent to which patient data is being used for private gain versus the public good.

A related and ongoing concern is patients’ privacy rights. As EHR has become the basis for integrating end-to-end revenue cycle management, hundreds or thousands of entities now have access to a patient’s personal health information: The ecosystem of healthcare organizations, providers, insurers, tech vendors, and related businesses with access to personally identifiable information has grown substantially over time. These actors can sidestep the protections in the well-intentioned but flawed HIPAA and HITECH Acts. Patients’ rights advocates are particularly concerned about the extent to which sensitive mental health and other personal information can be accessed by entities without a clear ‘need to know.’ A related concern is that de-identified information may be re-identified, as shown in a growing number of empirical studies using advanced data analytic techniques.

Moreover, the linkage of medical and financial records in end-to-end systems has made healthcare by far the most vulnerable industry to cyberattacks due to the high value of this sensitive information on the black market. Between 2009 and December 2024, data breaches affected some 748.5 million individual healthcare records. The number of data breaches of 500+ health records in provider organizations more than doubled between 2018 and 2023, and the 2024 Change Healthcare breach alone affected over 100 million individuals. Since 2020 the costs of healthcare data breaches have increased by 53.3 percent. In sum, the unregulated expansion of health IT infrastructure by financial actors has launched unparalleled demand for cybersecurity systems. Healthcare organizations must now invest billions more in cybersecurity systems, which are owned and operated by venture capital, private equity, and Big Tech firms.

Three Decades of Electronic Health Records – What Have We Learned?

There is widespread belief that healthcare information technology (health IT) plays a major role in reducing costs and streamlining the delivery of healthcare services. This belief took off as the digital revolution emerged in the 1980s and 1990s – leading the Clinton administration to back the 1996 Health Insurance Portability and Accountability Act (HIPAA), which set the stage for standardized electronic health records and billing practices. George W. Bush institutionalized federal support for health IT by establishing the Office of the National Coordinator for Health Information Technology (ONC), and in 2009 the Obama Administration mandated adoption of electronic health records (EHR) systems and provided generous funding to do so under the ‘HITECH Act’ (Health Information Technology for Economic and Clinical Health Act).

The central question we explore in this report is the extent to which electronic health record systems have served as a pathway for healthcare financialization – that is, the penetration of financially-driven actors, strategies, and decision making into healthcare services. What has been the role of the federal government in facilitating and regulating their adoption? Who are the leading actors? What are the relationships between Silicon Valley and Wall Street financiers, IT vendors, and healthcare provider organizations? Who has benefited, and who has borne the risks and costs of EHR implementation? The answers to these questions should inform health policy as lawmakers debate the appropriate standards and guardrails for implementation of AI and machine learning in healthcare.

We focus on electronic health record systems because they provide the information infrastructure that undergirds healthcare organizations and subsequent software applications. We begin by putting the EHR segment in the broader context of health IT systems. The health IT market includes a wide range of software systems for healthcare provider and payer organizations for administrative and clinical purposes: Storing, retrieving, sharing, and using health and operations-related information. We explain the complex industry structure and range of financial actors in the EHR market and health IT more generally. What role are VC, PE, IT vendors, and other large corporations playing? Are they sufficiently testing IT systems before marketing and implementing them?

We then turn to the role of the federal government, which enacted laws and regulations in the 1990s, 2000s, and 2010s that created incentives and mandates for adoption of EHR systems, subsidized with taxpayer funds. We examine how this regulatory framework shaped the behavior of financial actors, leading to intended and unintended outcomes. The mandates led to widespread adoption of EHRs by the mid-2010s, as intended, but without the mandated information-sharing capabilities. The federal legal regime also had the unintended consequence of creating a market characterized by asymmetric power and market dominance by the legacy IT vendors, as illustrated in our case studies of Epic and Cerner Corporations. These vendors provided proof of concept and laid the groundwork for Big Tech firms such as Oracle and Amazon to buy out vendors and further consolidate the market. In the last section, we analyze the empirical research evidence on the impact of EHRs on healthcare organizations, physicians, healthcare employees, and patients.

Industry Structure and Financial Actors

The healthcare industry is commonly divided into four distinct market segments: Healthcare devices and supplies, healthcare services, healthcare technology, and pharmaceuticals and biotechnology (PitchBook 2023). Government financing and regulation varies considerably across these different segments. The National Institutes of Health, for example, has provided millions of dollars in funding for scientific research in medical and mental health as well as pre-clinical drug discovery. The Federal Drug Administration oversees clinical trials for new drugs and must approve them before they are released to market. Innovations in biotechnology and drug development as well as medical devices and supplies have been particularly important for advancing cures and care for many diseases. These are arenas in which federal dollars have largely supported value creation via innovation to improve medical science and its applications to healthcare services.

By contrast, little or no regulatory oversight of health IT innovations and applications exists. Health IT is a subsegment of the healthcare technology market and it includes payer and provider software systems. It is defined as “…the application of information processing involving both computer hardware and software that deals with the storage, retrieval, sharing, and use of healthcare information, health data, and knowledge for communication and decision making” (HealthIT.gov N.D.). Within health IT are a range of ‘verticals,’ or niche markets. PitchBook, a data research and analytics firm, identifies five verticals in health IT: Electronic Health Records (EHRs)¹ and clinical information, infrastructure and compliance, operations, data analytics, and revenue cycle management (PitchBook 2022).

Financial Actors in Health IT

Interest in electronic medical records grew in the 1960s, due in part to the influence of a 1968 article in the New England Journal of Medicine by Lawrence Weed, physician and entrepreneur, on the ‘problem-oriented medical record.’ Several academic medical centers and large hospitals experimented with them, funded by the National Institutes of Health and the National Center for Health Services Research and Development (Denver Department of Health, Beth Israel, Mass General Hospital, and others) (Cobb and Sauser 2014). Interest in health IT grew as the digital revolution exploded in the 1970s and 1980s. Innovators assumed that the systems could be adapted to any industry, including healthcare. Few doubted the assumption that health IT would substantially reduce healthcare costs by digitizing paper records and saving administrative costs via financial management tools. Electronic medical records (EMRs) facilitated the initial shift from paper to electronic formats for storing patient records in the 1980s, and by the 1990s incorporated a much broader array of patient information that was termed electronic health records (EHR).

As hospital and healthcare systems often lacked the capabilities or resources to manage IT systems, they became increasingly dependent on technology consultants and vendors to make decisions for them in the design and management of software platforms and applications. An array of financial firms and tech companies outside of healthcare have played major roles in EHR systems and other health IT applications that healthcare providers and payers now depend on. These financial actors include venture capital (VC), private equity (PE), other investor supported tech firms, data mining and marketing firms, and more recently Big Tech firms like Oracle, Google, and Amazon. Early innovators focused on the development of electronic medical records, and later on broader health information systems.

Financial firms and tech vendors have played different roles in the ‘health IT ecosystem’. While some have been active across many segments of health IT, others have been more focused. Venture capital’s primary role is to finance health IT startups and fund them through a series of growth stages. The VC business model is to finance a startup company and provide sustained financing and guidance over a period – up to ten years –- with one in ten investments typically yielding sustainable enterprises. At that point, the health IT firms exit VC funding by launching an IPO and going public, or by being acquired by a private equity firm or a firm seeking a strategic acquisition.

The private equity buyout model differs radically from that of venture capital. Whereas VC firms buy new shares in a startup company, providing it with cash, PE funds buy existing shares using substantial debt that is loaded on the target company, which receives little cash but is burdened by liabilities (debt). VCs provide firms with cash for investment, PE firms do not. PE firms have a time horizon of about five years, by which time their goal is to exit the investment and distribute returns to their investors that considerably beat the stock market. It is important to note that while PE firms invest very little of their own equity (less than 2 percent in a fund) and receive a 2 percent annual management fee from investors, they take 20 percent of the returns (Appelbaum and Batt 2014, 2020).

While a handful of venture capitalists began financing EMR startups in the 1970s, investment increased somewhat in the 1990s and even more in the 2000s. Private equity firms were only marginally active in health IT in the 2000s. Both VC and PE firms substantially increased their EHR and health IT financing following passage of the HITECH and Affordable Care Acts, which we discuss more in the following section.

In one of the few studies that has examined the link between federal funding and venture capital in health IT, researchers compared VC funding before and after the HITECH Act. Based on 70,982 investments between 2000 and 2019, they found that the law disproportionately stimulated VC activity in health IT compared to overall VC investments and non-IT healthcare investments: “After passage of the HITECH Act, investment in both health IT companies and EHR-related companies increased at a rate much faster (13.0% and 11.4%, respectively) than VC as a whole (6.9%)” (Lite, Gordon, and Stern 2020:1). Venture capital firms also invested more in early startup companies compared to the entire VC sample of transactions as well as to the non-IT health care transactions. Private equity allocations to health IT more than quadrupled in the 2010s compared to the 2000s. Between 2000-2008, their cumulative capital in health tech systems was only $14.1 million, equal to 7 percent of all of their financial activity in healthcare; but between 2010 and 2018, they allocated $70 million in capital to health tech, equal to 16 percent of their healthcare financing in that period (PitchBook, author’s calculations).²

To provide a sense of magnitude of VC and PE involvement in health IT in 2023, we drew on PitchBook’s database of 1,714 health IT companies with current or former VC/PE funding (PitchBook, author’s calculations).³ VC accounts for 41.5 percent of first deal financing (702 companies), private equity 26.5 percent (455 companies), and the remainder a mix of corporate, individual, and debt financing. Currently, 764 companies (45%) in this sample have VC financing status, while 675 (39.4%) have private equity financing status, and the remainder are formerly VC/PE backed. The most common exit strategy for former VC-backed health IT startups is private equity buyouts (35%) with another 30% exiting via private equity growth investments. Only nine formerly VC-backed companies exited via IPOs in this sample of firms, while about 30% exited via M&A. PE-backed health IT vendors, in turn, are often sold to other private equity firms in secondary buyouts or to strategic buyers. Of the 79 companies exited by PE firms, 43 percent have been sold to other PE firms in leveraged buyouts. PE firms have focused primarily on buyouts of EHR vendors (35%) and operations and RCM systems (44%).

Private equity’s role in health IT is very different from that of VC firms. While VC invests its own equity for IT innovation, PE acts primarily as a market aggregator, simply buying and selling companies — an intermediary between VC-backed startups and strategic buyers like large EHR vendors, insurance companies, and healthcare systems. PE firms buy out startups to create health IT platforms and add on similar firms, aggregating them until the firms reach the size and capabilities that are attractive to larger health IT vendors or corporations seeking strategic acquisitions. Case examples in this report show how VC funding and private equity LBOs (leveraged buyouts) are the financing mechanisms that have primarily created the massive health IT corporations that now serve as outsourced vendors to healthcare systems and physicians’ offices controlling their electronic health records, clinical support systems, data analytics, claims and payment administration, and financial management systems.

The role of venture capital in the development of major EHR vendors is illustrated in the case of Cerner Corporation (now Oracle Cerner), which is the second largest EHR vendor in the world. It was founded in 1979 and launched its core system in 1981. The company received $1.5 million in VC backing from First Chicago Capital Corp. in 1983 and a second VC infusion in 1984. By 1986, it was the market leader, was rebranded Cerner, and went public on the NASDAQ with $17 million in revenue and 147 employees (PitchBook 2024b). By 1991 Cerner had a client base of some 320 sites and revenues of $77 million. It was regularly featured in the annual BusinessWeek listing of the 100 Best (fastest growing) Small Companies. From the 1990s on, Cerner grew through a steady stream of acquisitions of tech companies – 39 between 1997 and 2021, most of which were VC backed or formerly VC-backed. It also began expanding at this time through joint ventures with major multinational corporations, and by establishing foreign subsidiaries in several countries (Cerner 2010; Companies History 2024; Funding Universe 1997). In 2022, Oracle bought out Cerner for $28.5 billion – Oracle’s largest deal ever – while its current CEO and former CEO each exited with golden parachute payouts worth over $20 million (Landi 2022a, 2022b).

Healthcare: A Lab for Unregulated IT Experiments

The idea of healthcare as a laboratory for unregulated IT testing is a theme that runs through this report. Unlike drug testing that requires clinical trials and regulatory standards that must be met before a new product can be released, or medical research that requires a patient’s informed consent for participation, IT vendors have been able to freely test their wares whether they are ready for prime time or not. While adoption of novel technologies without strong track records may not be harmful in some industries, healthcare experiments tangle with people’s lives.

A recent noteworthy example is General Catalyst, a VC firm with a portfolio of startups across everything from Airbnb to Snap, a visual messaging company. It has been expanding its healthcare digital technology investments for several years. In October 2023, General Catalyst (GC) announced the formation of a new business, Health Assurance Transformation Corporation, or HATCo, with the goal of ‘proving’ that it can transform healthcare through technology and capital inputs into patient care. Its first step was to sign a letter of intent to acquire an Akron, Ohio based hospital, Summa Health, a nonprofit integrated system with over 1,000 patient beds and 8,500 employees (General Catalyst 2024). Summa is one of the state’s largest integrated healthcare systems, with two acute care hospitals, a rehab hospital, a multi-specialty medical group, a health insurance arm, 15 community medical centers, and a research and medical education program. To lead the project, General Catalyst hired Intermountain Healthcare CEO Dr. Marc Harrison, with whom they had worked previously. Harrison described the GC project as “…helping the hospital build a new marketplace, much like the App Store, for healthcare.” Summa will serve as a ‘blueprint’ … “the first holistic transformation of a health system to a thoughtful combination of digital and in-person care” (Capoot 2024).

This hospital buyout moves VC closer to a private equity model and requires that the Ohio Attorney General first approve a change in the hospital’s ownership from nonprofit to for-profit. A member of the Akron city council raised his “… moral objection to the use of Summa, its staff and its patients as ‘guinea pigs’ for venture capitalists.” Healthcare experts point to the capitalists’ dilemma, “… you are going to take a nonprofit, community-based health-care entity, and now have it answering to investors and needing to generate profits” (Capoot 2024). In November 2024, General Catalyst signed a definitive agreement to buy Summa Health for $485 million, and when added to the health system’s current cash flow, would wipe out Summa’s debt of $850 million (Landi 2024).

These financial actors and high-tech firms have become important players in healthcare organizations with little or no regulatory oversight. In the next section we explain how and why federal regulations governing electronic health records emerged, their legislative intent, details of their provisions, and strengths and weaknesses.

Regulatory Framework and Federal Funding

The federal government began to take electronic health records seriously in the 1990s. By then, adoption of computer hardware had become more affordable and powerful, personal computers were more compact, and Internet speed improved. While the Institute of Medicine urged a shift from paper to electronic medical records in 1992, adoption was slow due to high costs, data entry errors, and physician resistance. At that time, a hybrid of paper and electronic records was used, with the latter mainly used for billing, scheduling, and some clinical uses. Their growing use plus the increase in reliance on third party vendors raised critical ethical issues of data ownership, data liability, informed consent, privacy, and security – spurring the introduction and passage of HIPAA in 1996. As attempts to use the massive amounts of data collected by EHR systems for secondary research emerged, the poor quality of the data became evident. This led to demands for improved standardization and the use of medical scribes to enter the data (Evans 2016). The 2000 Institute of Medicine (IOM) report, To Err is Human, which estimated that as many as 98,000 people die from medical errors each year, strongly recommended the adoption of EHRs as a solution to reduce errors and improve care quality (IOM 2000).

In 2004, President George W. Bush requested but failed to get Congressional approval for a doubling of funds for health IT adoption. He did, however, issue Executive Order 13335 to establish the Office of the National Coordinator for Health Information Technology (ONC) within the US Department of Health and Human Services (HHS) (Woolley and Peters 2004). The push for further federal regulation moved forward, culminating in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the Obama administration’s American Recovery and Reinvestment Act of 2009. The Office of the National Coordinator was codified in the HITECH Act and has become the key administrative agency overseeing federal regulations governing health IT.

A significant milestone in federal regulations was the 1996 Health Insurance Portability and Accountability Act (HIPAA), passed during the Clinton administration (U.S. CDC: 2024). It amended the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage, to provide privacy protection for individually identifiable health information (protected health information or PHI), and to set security standards for electronically held health information to prevent data breaches. Prior to HIPAA, patient health information was governed by a wide range of sometimes incompatible state laws (U.S. HHS. 2024).

Under HIPAA, the privacy rule prohibited the disclosure of personal health information (PHI, whether paper or electronic) by provider and payer organizations (covered entities), data clearinghouses, and ‘business associates’ (organizations managing claims, billing, data analysis, and utilization review). The information could be shared among covered entities and these related businesses, but could not be shared or transferred outside of that network without the patient’s consent or authorization. It turns out that the number of these covered entities and business associates grew to several thousand by the 2010s, according to the Harvard Data Map project (Hooley and Sweeney 2011). By contrast, there were no EHR-data regulations for ‘de-identified’ data (stripped of individual identifying information), and this data could be used or transferred without the knowledge of patients or providers.

This lack of regulation made millions of patient records available for ‘secondary uses’ such as research and marketing. The security rule under HIPAA had required the same entities to safeguard the confidentiality of all electronically held health information (e-PHI), but the rules were not enforced for business associates until passage of the HITECH Act (Enriquez-Serano 2020:2330-32).

Nonetheless, adoption of EHR systems in healthcare lagged considerably behind other sectors in the 2000s. While IT investment averaged $7,000 per worker per year in the private sector as a whole, and $15,000 in information intensive industries, it averaged just $3,000 in healthcare (Porter and Teisberg 2006). Many looked to the federal government as the key to jumpstart health IT adoption.

The HITECH Act is viewed by some as the most important healthcare policy since the passage of Medicare in 1965. It was designed to advance two goals: To encourage the adoption of EHRs and to encourage the exchange of health information via interoperable EHRs. It did so by enhancing HIPAA’s privacy and security rules, setting ‘meaningful use’ standards for EHRs, and providing financial subsidies for adoption as well as penalties for failure to adopt. Prior to the HITECH Act, only an estimated 10 percent of hospitals had adopted EHRs (Alder 2024a).

The HITECH Act strengthened the privacy rule by adding a ‘Breach Notification Rule’ that requires Covered Entities and Business Associates to report to patients any breaches of the privacy of their medical records. It strengthened the security rule by extending its coverage to Business Associates for the first time; and it increased financial penalties for violations of HIPAA privacy and security rules. It also requires that the public and US Department of Health and Human Services (HHS) be notified of any security breaches that affect more than 500 patients. This shifted the burden of proof from HHS to the non-compliant organization. Since 2009, the HHS Office of Civil Rights has tracked security breaches and published the names of organizations that experienced a breach, referred to as ‘The HIPAA Wall of Shame.’ Under the HIPAA Final Omnibus Rule of 2013, Business Associates were also subject to HIPAA audits and civil and criminal penalties for compliance failure (Goldstein and Thorpe 2010; Alder 2024a).

Financial incentives for EHR adoption were substantial. The Act allocated $49 billion in discretionary appropriations and mandatory spending to promote and support the adoption of health IT and especially EHRs. Physicians who demonstrated ‘meaningful use’ (such as e-prescribing or reporting clinical quality measures) of ‘certified’ EHRs could receive Medicare incentive payments for five years up to a maximum of $44,000 ($63,000 for Medicaid payments). ONC published certification standards that include specific basic capabilities for EHRs. After 2015, Medicare-eligible professionals who failed to comply with the HITECH EHR requirements received a 1 percent Medicare reimbursement penalty, and in 2017, a 3 percent penalty (Goldstein and Thorpe 2010, Alder 2024a). By 2017, the federal government had spent $30 billion in subsidies (Adler-Milstein and Jha 2017).

In May 2024, the Office of the National Coordinator celebrated its 20th anniversary of ‘joining the health IT revolution’. It views its activities as highly successful – as part of ‘a movement,’ not just an organization (Person 2024). It has received bipartisan support in Congress and the presidency over two decades and serves as the hub for the federal government’s efforts to advance the development and use of health IT capabilities and to promote data sharing and electronic exchange of health information. It is responsible for the administration’s health IT strategy planning and its coordination of federal health IT policies, technology standards, and program investments. Its budget increased from an estimated $66 million in 2009 to a proposed $103 million for 2024 (U.S. ONC N.D.).

While federal government initiatives have achieved several positive outcomes, which we document in the sections below, the hidden costs and unintended consequences of its rules are also salient. To summarize the federal government’s role to date, it provided billions in upfront subsidies to hospitals and healthcare providers for the initial adoption of EHR in healthcare systems and physicians’ offices, as well as billions in Medicare and Medicaid reimbursements — some of which may subsidize maintaining and upgrading these systems. The HITECH Act’s carrot and stick incentives pressured providers to quickly adopt EHR systems. The Centers for Medicare and Medicaid Services (CMS) also established rules that have shaped the direction of adoption in several ways. The data privacy and security rules were fundamental for patients and providers to be willing to switch from paper to electronic records. The ‘meaningful use’ standards in the HITECH Act helped set quality controls for providers to receive federal funding. However, while the rules mandated adoption of electronic record keeping, and the law stated they should be ‘interoperable,’ there were no sanctions for failure to adopt ‘interoperable’ systems.

While adoption rates were extensive, the key legislative goal of interoperability was illusive, blocked largely by legacy EHR vendors that dominated the market. Moreover, the federal mandate to adopt EHR systems by 2015 favored the legacy IT vendors – especially Epic and Cerner (later Oracle Cerner) – leading to their unregulated asymmetric market power. Epic has become the monopoly provider in Academic Medical Centers and large hospitals systems, while Oracle Cerner won the multibillion-dollar contract for the US military’s global operations and Veteran’s Administration hospitals. It is the dominant global EHR contractor.

The EHR Market

The federal mandates for EHR adoption – the combination of subsidies until 2015 and financial penalties after that – spurred hospitals and physicians to widely adopt these systems in that time window. But the federal mandates created a ‘rush to adopt’, and existing legacy systems were not equipped to handle interoperability — nor was it in their financial interest to do so. As a result, legacy EHR vendors came to dominate the market, and some gained monopoly control of market niches, as in Epic’s control of the Academic Medical Center market.

EHR Adoption Rates and Interoperability

The statistics on EHR implementation provide solid evidence that the HITECH Act led to widespread adoption of EHR systems but not to interoperability. Annual EHR adoption rates for eligible hospitals rose from 3.2% annually before HITECH, to 14.2% after the incentives took effect, based on the Annual Health Information Technology (IT) Survey of the American Hospital Association (Adler-Milstein and Jha 2017). Between 2007 and 2013, the adoption of at least basic EHR systems in physician offices rose from 17 percent to 78 percent (DesRoches et al. 2008; Hsiao and Hing 2014). Adoption rose disproportionately more in office-based physicians (86 percent by 2017) and non-federal acute care hospitals (96 percent in 2017) compared to other segments (Alder 2024a).

Figure 1

Federal initiatives were much less successful in forcing adoption of ‘interoperable’ electronic health information. The law did not require it per se, and it was not in the self-interest of leading EHR vendors like Epic, Cerner, and others to do so. ONC has tracked interoperability among hospitals and physicians since 2014, as measured by their use of four domains of interoperable exchange: finding, sending, receiving, and integrating patient health information. It found that 70 percent of hospitals ‘sometimes’ or ‘often’ engaged in all four domains of health IT, up from 23 percent in 2014 (see Figure I).

If the data is parsed by those hospitals that ‘routinely’ use interoperable systems versus those that ‘sometimes’ do, the extent of change diminishes: Between 2014 and 2023, those that routinely used interoperable systems rose from 28 percent to 43 percent, while those that sometimes used these systems grew from 18 to 27 percent. Moreover, hospitals with fewer resources (small, rural, critical access, or independent) reported much lower use of interoperable exchange when compared to their higher-resourced counterparts (see Table I).

Moreover, while use of interoperable exchange systems was high between acute care hospitals (70%) and between hospitals and ambulatory care centers (64%), it was much lower between hospitals and long-term care partners (27%) or behavioral health providers (28%).

According to the 2024 report by the ONC, “…the resources available to hospitals play a crucial role in interoperability engagement, with larger, urban, and system-affiliated hospitals demonstrating higher rates of engaging in routine interoperability across all four domains compared to their smaller, rural, and independent counterparts. Half (53%) of large hospitals often or routinely engaged in interoperable exchange compared to 38% of small hospitals. Furthermore, system-affiliated hospitals also reported higher rates of interoperability compared to independent hospitals, with 53% routinely engaging in interoperable exchange compared with 22% of independent hospitals. Similarly, urban hospitals more frequently engaged in routine interoperable exchange (47% were routinely interoperable) than their rural counterparts (36% were routinely interoperable)” (Gabriel et al 2024:7).

Legacy IT Vendors: Unregulated Asymmetric Market Power

The incentives under the HITECH Act created a ‘rush’ for adoption by 2015 in order to qualify for federal subsidies — privileging the established leaders in the market that included Epic, Cerner, and others. In the 2000s, high tech, insurance, healthcare, and other corporations lobbied heavily for passage of the HITECH Act, which they assumed would improve profits via more accurate and timely billing and claims payments while also curbing other administrative costs. Some of these organizations funded research to show that the adoption of electronic health records would lead to billions in healthcare cost savings.

Among the most influential reports was a series of monographs published by the RAND Corporation with funding from Cerner Corporation, General Electric, Hewlett-Packard, Johnson & Johnson, and Xerox (Bigelow, Fonkych, Fung, and Wang 2005). The study concluded that if 90 percent of hospitals and doctors adopted health IT systems, it would save $81 billion annually in costs. Implementation of the systems would cost US hospitals about $98 billion and physicians about $17 billion — an average of $7.7 billion per year over a 15-year adoption period, but the net savings would be higher. The research was reported in the widely read Health Affairs journal where it has been cited over 1,000 times (Hillestad et al 2005). Even though the Congressional Budget Office harshly criticized the findings as overly optimistic, the report was hugely influential in persuading Congress and the Obama administration to authorize billions for EHR adoption under the HITECH Act.

In 2013, a RAND reassessment acknowledged that the projections were overly optimistic but blamed that on design and implementation failures — as if RAND was not responsible to consider implementation costs in its original projections. They praised ‘homegrown’ systems like that of Intermountain Healthcare while critiquing commercial vendors for their lack of interoperability, ease of use, and accessibility for patients. They blamed the federal government for its compressed time frame that pushed healthcare providers to buy costly, hard-to-use commercial systems that would require costly replacement later, and for failure to require minimum usability and interoperability standards (Kellermann and Jones 2013).

Federal regulators underestimated the problematic nature of interoperability. The EHR vendors were against it as it would only reduce their market power. They wanted to expand their own internal IT client networks through ‘integrated systems’ across users of their proprietary system, not external links to competitors. The HITECH regulations on interoperability ended up weak and unenforceable. Whether industry lobbying played a role in this is unclear, but in 2009, Judy Faulkner — the founder and CEO of the leading EHR vendor Epic — was named to President Obama’s 2009 Health IT Policy Committee, to represent the health IT vendors. The new advisory body oversaw the development of a policy framework for the nationwide health IT infrastructure (GAO 2009). In August 2009, their recommendations to ONC on the criteria to define ‘meaningful use’ stated that the ultimate goal of meaningful use was interoperability, but that would take time⁴. Concerns over Faulkner’s conflict of interest became salient in 2015, when the ONC sent a report to Congress that accused Epic of ‘health information blocking,’ which we discuss in more depth below (ONC 2015).

From an economic perspective, the federal regulators failed to consider the positive network effects embedded in health IT. Network effects refer to the fact that as more users join a given network, the value of the technology grows and induces more users to join the same network, leading to a virtuous cycle of growth and to advantages of a centralized or standardized system. Vendors competed to become the dominant and most inclusive network, as AT&T did at the end of the 19th century. Economists at the time referred to telecommunications as a ‘natural monopoly,’ and for this reason, other nation states took ownership of these systems as a public good that should be universally available to citizens. The US allowed AT&T to form a private sector monopoly, but regulated it heavily to ensure price, quality, and safety standards.

These considerations were not part of the HITECH Act, in contrast to the approach taken to deregulate telecommunications in the 1980s. Then, the federal government intentionally created ‘asymmetric’ regulations that favored new entrants over established ones to create a healthy, competitive market. The HITECH Act did the opposite. It subsidized providers to adopt existing vendor systems rather than financing innovative startups, a point raised by industry analysts: Compared to the provider organizations who bought EHR systems from established vendors, “… newer venture capital adjacent EHR start-ups have not seen as much government money, resulting in higher barriers to entry” (Joseph 2023).

Information Blocking and Interoperability

By 2013, the failure of interoperable systems became salient because many physicians, clinics, laboratories, and other small healthcare providers complained about the hidden fees they had to pay to link their electronic records to other healthcare organizations. Exemplary is a six-physician primary group that had ‘gotten killed’ by interface fees: “The group will pay about $5,000 to the developer for an interface with a state public health registry, and another $5,000 for a patient portal, both Stage 2 meaningful-use requirements” (Conn 2013). But the federal ONC overseeing health IT rejected a proposed rule that would have compelled EHR vendors to provide ‘clear pricing’ on their websites. Instead, they said pricing transparency would be a ‘guiding principle’ (Conn 2013).

While interconnectivity between systems was technically possible (Epic was a leader in interoperable innovations), EHR vendors charged high upfront connecting charges and ongoing fees, which fostered “… a digital divide between large hospital systems that have money and technical personnel and small, rural hospitals or physician practices that are overwhelmed, financially and technologically” (Creswell 2014). Most EHR vendors had similar fees, but Epic became a target of public and legislative critique for its ‘closed system’ and high access fees. It also was featured as a case study in a 2014 RAND report (Cobb and Sauser 2014), and it refused to participate in a health information exchange network called CommonWell Health Alliance, a non-profit membership association founded in 2013 to share health information and solve problems of interoperability.⁵ In July 2014, at a House Energy and Commerce Committee hearing, Rep. Phil Gingrey (R-Georgia) attacked Epic for its ‘closed systems,’ drawing on evidence from the RAND study.

In the 2015 Continuing Appropriations Act, Congress requested a report on the issue of health information blocking and urged ONC to certify EHR systems that ‘do not block health information exchange, as it frustrates Congressional intent and devalues taxpayer investments.’ In ONC’s Report to Congress in April 2015, it defined information blocking as occurring “… when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information,” and it focused on health care providers, health IT developers, and vendors of EHR technology because they are the primary financial beneficiaries of the HITECH’s incentive programs (ONC 2015:8). Blocking practices include contract terms, policies, and practices that restrict individuals’ access to their EHRs or ability to share health records across providers; excessive fees charged for the ability to use or exchange electronic health records; or developing and implementing health IT in ways that are likely to “lock in” users (ONC 2015:13).

ONC culled evidence from public records and testimony, industry analyses, interviews, media, and 60 unsolicited reports of potential information blocking, and found that most complaints were directed at health IT developers due to cost-prohibitive charges to send, receive, or export EHR information, or the use of interfaces that do not allow information exchange. ONC highlighted ‘the significant lack of transparency’ in technology products and services, and in contractual arrangements that undermine the provision of care. Vendors charged high prices for such common interfaces as connections to local hospitals or labs or for extracting data from clients’ own EHR systems. They used contractual terms, technology designs, or practices that prevented information exchange with competing vendors, third-party IT modules, or specific providers. They used proprietary formats that ‘locked’ customers into their system. Hospitals were found to block information in order to control referrals and improve their market dominance. Some vendors required provider staff to take mandatory training or meet compulsory “certification” requirements before they could extract and use information or imposed ‘access and use agreements’ to prevent providers engaging third parties to help with data use (ONC 2015:17).

Vendor practices often locked providers and consumers into rigid technologies and information sharing networks that reinforced the market dominance of established players and prevented competition from more innovative technologies and services. Lock-in also significantly raised switching costs if healthcare organizations were dissatisfied with the vendor. ONC also found that larger hospital systems were more likely to exchange EHR data internally, but not externally with competing hospitals and unaffiliated providers. ONC concluded that many types of information blocking were beyond the reach of current federal law and that, “… it is apparent that some health care providers and health IT developers are knowingly interfering with the exchange or use of electronic health information in ways that limit its availability and use to improve health and health care. This conduct may be economically rational for some actors in light of current market realities, but it presents a serious obstacle to achieving the goals of the HITECH Act and of health care reform” (ONC 2015:33). Academic research found that for-profit hospitals were less likely than non-profits to exchange electronic health information externally, as were hospitals that do not have significant market share (Miller and Tucker 2014; Adler-Milstein and Jha 2014).

The problems of information blocking and lack of interoperability were finally addressed in 2016 in the 21st Century Cures Act (Black, Hulkower, and Ramanathan 2018), with final regulations taking effect in May 2020 (Federal Registrar 2020). But it took another four years for HHS to issue a final rule for the Trusted Exchange Framework and Common Agreement (TEFCA) – designed to create a national framework for healthcare organizations to share electronic health information while also maintaining privacy and security (Diaz 2024c).

Market Consolidation and Concentration

Overall, the EHR market grew rapidly and consolidated after the HITECH Act’s implementation – from over 1,000 vendors in 2009 to roughly 400 vendors in 2019, according to KLAS Research, the independent research firm that surveys the EHR market annually (Scarborough 2023). Epic, Cerner (Oracle Cerner since 2022 and now Oracle Health), and Meditech were the industry leaders pre-2008 and have gained relative market share over time, but Epic has dominated.

The leading vendors have gained concentrated power by focusing on specific market niches: Epic in large hospital systems and Academic Medical Centers (AMCs), Cerner in smaller hospitals where it customizes systems. Two other EHR vendors, AthenaHealth and NextGen – both owned by private equity – have large shares of the physician and ambulatory care market.⁶ The leading vendors also benefit from the ongoing M&As that drive acquired hospitals into one merged system (Perna 2023).

In 2022, EPIC and Oracle Cerner together controlled 61 percent of the US acute care hospital EHR market, according to KLAS – with Epic holding 36 percent of market share and 48 percent of all beds, compared to Cerner’s 25 percent share of the market and 26 percent share of beds (Epic contracts with larger hospital systems). Meditech has held 16.3 percent of the hospital vendor market for many years due to high retention rates (Table II) (Blauer and Warburton 2023).

Epic’s Growing Monopoly

Epic was one of the biggest winners from passage of the HITECH Act.⁷ In 2010, it had the largest one-year sales gain in its history – a 27 percent increase – bringing total revenues to $825 million (Content 2011). In 2011, it had a 45 percent sales increase over 2010, reaching $1.2 billion in total revenues (Freudenheim 2012). Between 2010 and 2020, it had a 15 percent annual growth rate, followed by a 13 percent rate during the 2021 pandemic year. Annual revenue was $3.2 billion in 2020, $3.8 billion in 2021, $4.6 billion in 2022, and $4.9 billion in 2023, when it employed an estimated 14,000 workers. In that year, Epic’s EHR systems covered an estimated 250 million patients globally (Kalinin 2024). EPIC founder Judith Faulkner owned 47 percent of the company and in 2024 her net worth was reported by Forbes at $8.0 billion (Dyrda 2022; Bruce 2024a; PitchBook 2024a).

According to KLAS Research, Epic’s share of the EHR market again increased in 2023 to 39.1 percent of hospitals (Blauer and Warburton 2024). According to an industry analyst at CB Insights, 15 percent of Epic’s wins in 2022 came from EHR standardization following an M&A (Perna 2023).

Epic appears to meet the criteria of a monopoly, defined as one actor holding at least 50 percent of its market and holding ‘durable power’ to maintain or increase that share. Epic had 39 percent of the overall EHR market share in 2023, but at least 60 percent in its market subsegment of large hospital systems and AMCs (Joseph 2024). As early as 2012, its dominance among AMCs was evident: “As the first EMR, Epic’s software has become the ‘de facto standard among the more complex academic health centers and multispecialty medical groups,’” according to Dr. John D. Halamka, chief information officer of Beth Israel Deaconess Medical Center and a professor at the Harvard Medical School (Freudenheim 2012). By 2018, the top 20 US Academic Medical Centers and hospital systems were using Epic (Spitzer 2018).

In 2023, Epic added more AMCs to its client list — including Northwell, Pittsburgh-based UPMC, and Salt Lake City-based Intermountain Health — as well as 15 children’s hospitals. In 2023, Epic also became the largest global provider of hospital EHR systems. Worldwide, Epic has 305 million patient records in its system (Bruce 2024a; Dyrda 2024). Epic’s large system contracts are also more lucrative than those of smaller hospitals because they are more profitable, invest more in health IT, and are growing relatively faster because of M&A activity (Joseph 2024).

As of 2024, Epic is installed in every health system on the U.S. News & World Report’s best hospitals list, where more than 90 percent of the country’s medical students are trained on Epic systems. As a result, the durability of its market power is supported: “It is the platform used in training a generation of providers, nurses and pharmacists as students and residents,” noted the vice-president of IT applications at the University of Rochester (Bruce 2022). Epic also regularly holds training sessions on its sprawling campus, with thousands of attendees each year.

Industry observers and government regulators also point to Epic’s monopoly tactics. While it was a pioneer in interoperability, it has only developed internally integrated systems. It was singled out in the 2015 ONC report as intentionally engaged in information blocking (ONC 2015). It allegedly increases the costs for third party developers by not allowing them to use their own employees to work on Epic systems. It makes extensive use of ‘a web of non-competes and contractual limitations’ that limit the job mobility of tech workers. It has recently increased its fee structure for third party developers who need to integrate with Epic to serve mutual patients.

Epic systems are also known to be extremely costly. A 2024 survey of EHR installation costs among the largest US healthcare systems found that those with Epic systems paid between $660 million for a small system (AdventHealth) to $1.2 billion for Mass General Brigham, and $4 billion for Kaiser Permanente (Bruce 2024b). Healthcare organizations also get locked into one system due to high switching costs, which means that the prices for upgrading may be dictated by Epic (Joseph 2024). Boston-based Mass General Brigham and Mayo Clinic reported spending over $1 billion to install Epic systems (Perna 2023). According to the senior vice president and CIO of Philadelphia-based Penn Medicine, “To change your electronic health record at this point, it’s literally hundreds of millions of dollars, if not billions, and then all the change management that goes with it. So once systems like this are in place, it takes a lot to remove them.” Another CIO of Chicago-based Rush University System said, “I cannot imagine a U.S.-based academic health center selecting any solution other than Epic at this point” (Bruce 2023). Here Epic’s lack of interoperable systems is important, as in the case of NYC Weill Cornell Medical, which uses Epic, but its largest affiliates abroad use Oracle Cerner (Bruce 2022).

Cerner: Cost Plus Government Contracts

Cerner Corporation (Oracle Cerner), which co-sponsored the RAND report pushing federal funding for EHRs, also saw its revenue triple between 2005 and 2013, from $1 billion to almost $3 billion (Abelson and Creswell 2013). As profiled earlier in this report, Cerner grew rapidly through VC- and PE-financed acquisitions. It was regularly featured among the fastest growing small businesses in the annual Business Week listing and was well-positioned to benefit from federal subsidies and mandates for EHR adoption under the HITECH Act. From 2011 on, its pace of acquisitions accelerated, as did their size – especially with a $1.3 billion buyout of Siemens health IT business in 2015, followed by buyouts of Essence Healthcare ($267 million), Kantar Health ($364 million), and Elligo Health Research (S135 million) (PitchBook 2024b). Its employment roughly doubled from 15,800 in 2015 to 29,000 in 2019, declined during the pandemic, and stabilized at 28,000 by June 2022, when it was acquired by Oracle (PitchBook 2024b).

While it has lost market share in the US to Epic, Cerner has a larger global footprint due in part to a multi-year 2015 contract with the Department of Defense (DOD) and the Veterans Administration (VA). Ten years later, the Oracle Cerner systems still had major problems that endangered patient care and safety. A 2022 independent study by the VA Office of the Inspector General found that the new EHR system rolled out in 2020 at a pilot site included unauthorized and inaccurate medication orders, patients’ name and gender errors, issues in scheduling primary care appointments, and the failure to deliver more than 11,000 orders for specialty care, labor work, and other services, causing ‘harm’ to 149 patients. Cerner had only rolled out the EHR system in six US medical centers, and the problems led Congress to delay any further rollouts (Smith 2022; Samora 2022). As of January 2025, the VA was ‘taking steps’ to roll out Cerner’s EHR system in just four facilities by mid-2026 (Olsen 2025).

Cost overruns were also substantial, with the original contract for $9 billion increased in 2015 to $16 billion. But a 2022 independent review by the nonprofit Institute for Defense Analysis estimated the EHR system would cost nearly $39 billion to implement in 13 years, including more than $17 billion to sustain the system (Samora 2022).

While the DOD-VA rollout of the Cerner system was failing, Cerner’s CEO was focused on negotiating a deal to be acquired by Oracle for $28.5 billion, which closed in June 2022. It was Oracle’s largest deal ever, and it saved Cerner — but prompted 12 of Cerner’s top clients to exit their contracts (Landi 2022b; Diaz 2024b).

The deal was premised on combining Oracle’s cloud-based software and enterprise resource planning (ERP), which manages business and financial functions, with Cerner’s EHR systems to create ‘end-to-end’ platform services. Oracle promised far better service to the DOD by shifting the Cerner Genesis system to Oracle’s cloud data centers to help prevent the system outages that had proven to be its greatest threat (Heckman 2022). In his press release at acquisition in 2022, Oracle Global Industries executive vice president Mike Sicilia promised, “For care delivery organizations, we’ll develop new cloud-enabled capabilities allowing providers to access the information they need, where and when they need it, on an interface that is easy to use. This will significantly reduce the time and effort required to find a patient’s information, even if the information is scattered across different providers or care settings” (Sicilia N.D.).

Oracle Cerner introduced several changes between June 2022 and June 2024. In October 2022, it announced changes to make Cerner’s EHR system a cloud-enabled platform, including a new dashboard to capture health outcomes, patient experiences, how to reduce burdens on staff, virtual models of care, and ways to simplify the billing process (Diaz 2022). It also cut $1 billion in expenses in three rounds of layoffs — eventually reaching several thousand by June 2024 (Clark 2023; Diaz 2024a).

Meanwhile Oracle Cerner’s Genesis system hobbled along until early 2023, when Republican and Democratic Congressional ire peaked. Rep. Matt Rosendale (R-Montana), chair of the subcommittee on technology modernization for the VA, introduced legislation that would terminate the VA’s multibillion-dollar contract with Cerner if improvements weren’t made, citing “unacceptable levels of productivity losses, patient safety risks and staff burnout” at five sites where the system had been deployed since 2018. Chair of the House VA committee Rep. Mike Best (R-Illinois) said that the system “… has crippled the delivery of care, put veteran patient safety at risk, and stressed an already overwhelmed healthcare system” (Landi 2023).

In May 2023, the VA finally renegotiated the Oracle Cerner contract to set better accountability measures, including larger fines if the company did not meet expectations and a change from a five-year contract to five one-year contracts (Dille 2024; Graham 2024). In January 2024, Oracle hired the former head of CMS under the Trump administration, Seema Verma, to lead Oracle Health (Diaz 2024b). But in March 2024 the Department of Veterans Affairs released three reports detailing major system problems, including scheduling errors that may have contributed to the death of a patient who accidentally overdosed, and pharmacy problems posing ‘high risk’ to patient safety. The reports identified basic problems like inaccurate patient demographic information and inability to send automatic appointment reminders (Olsen 2024). The Government Accountability Office (GAO) released a report showing very low satisfaction rates at the pilot Cerner system sites at DOD and VA facilities. Only 20 percent of users agreed that the Genesis system had the response time they expected or that it made them more efficient, and only 30 percent agreed that the system allowed them to deliver patient-centered care. Satisfaction scores for efficiency, accessibility, and patient-centered care were all significantly lower than the scores for DOD’s legacy system (GAO 2024). Despite the low performance, the VA extended Oracle’s $16 billion contract for another 11 months (Diaz 2024b).

Despite the ongoing problems at DOD-VA facilities, Oracle and Larry Ellison, the company’s co-founder and chief technology officer, were doing well. Between December 2023 and December 2024, Oracle’s stock price almost doubled, reaching a high of $198 per share (NYSE 2025). Larry Ellison, with a 40 percent ownership in Oracle, became the 3rd richest person on the Forbes list, with a net worth of $209.6 billion (Forbes 2025).

Opening the Doors to Big Tech

For the health IT industry more broadly, the Oracle-Cerner deal is viewed as a signal that Big Tech is moving into the industry – and with it the transformation of EHR applications to cloud-based systems. Oracle views Cerner as its ‘anchor asset’ to expand its cloud business into the $3.8 trillion US healthcare market as well as internationally, as Cerner has a presence in some 30 countries due to its acquisition of Siemens health IT (Southwick 2021). Oracle Cerner plans to consolidate the diverse dimensions of health IT into an ‘entire lifecycle’ of healthcare services — “to integrate our infrastructure, platform, and applications capabilities for a more fully connected operational, administrative, and clinical system” (Sicilia N.D.).

Other Big Tech and private equity firms have been negotiating megadeals in EHR as well, including Microsoft’s $19.7 billion bid for Nuance, which is known for its voice recognition technology. Two private equity firms bought out Cerner competitor Athenahealth, a cloud-based EHR company, in 2019 for $5.7 billion, only to flip it in 2021 to two other PE firms for $17 billion (Landi 2021). “[The health IT market] was traditionally the showcase domain for EHR vendors, up until the likes of Microsoft, Amazon, Google and Oracle made their moves. The industry will never be the same,” noted Mutaz Shegewi, research director at the strategic consulting firm IDC Health Insights (Landi 2022b).

As a result, the sector has witnessed the growth of even more concentrated power among a small number of high-tech vendors. This tendency is enhanced due to the high costs of switching from one system to another, which leads to client ‘lock-in’ to one system regardless of its defects: “An EHR transition typically takes years and can cost many millions of dollars depending on the scale of the system” (Palmer 2022). Switching costs include financial burdens, interoperability, cybersecurity issues, data integrity during migration, the need for skilled staff trained on unique systems, patient safety threats from limited access to legacy records, and physician burnout, according to an extensive review of the academic literature (Huang et al 2020). Transition teams must overcome inadequate human infrastructure, technical challenges, security gaps, unrealistic providers’ expectations, workflow changes, and insufficient training and support — all factors affecting potential clinician burnout.

EHR Outcomes: Healthcare Organizations, Employees, Patients

Health IT was supposed to save costs and improve efficiencies for healthcare systems, but almost no empirical evidence supports this claim. While financial actors and tech companies have made billions as EHR vendors, subsidized by taxpayers, the evidence on positive outcomes for healthcare organizations, patients, and healthcare professionals is thin. Most important, recent studies that were conducted a full 10-15 years since passage of the HITECH Act continue to show a host of negative outcomes: Hidden costs, inaccurate information in EHR records that are cut and pasted over time, a shift in work time from patient care to EHR data entry, and physician and healthcare worker burnout.

The academic studies on this question are voluminous. Here we summarize the findings from the major reviews of the literature as well as exemplary studies with rigorous methodologies and case studies that provide additional insights. A central problem in evaluating organizations and patient care outcomes is that most studies draw on samples of evidence from organizations in which the full range of factors affecting implementation are not controlled for. Nonetheless, organizational and case-based studies provide insights into the key technological challenges that healthcare professionals have uncovered, thereby providing a pathway for understanding the challenges of applying generic EHR systems to healthcare realities.

For organizations, outcomes have been measured in terms of a) costs of implementation and maintenance; b) savings; c) accuracy and efficiency of billing and other administrative functions; and d) interoperability. For patients and healthcare professionals, the key metrics have been a) accuracy of patient records to deliver better care quality; b) accessibility and user friendliness; c) improvements in care coordination via interoperability; and d) satisfaction rates. Below we review the empirical evidence on these dimensions.

Healthcare Organizations

Few studies have found that healthcare systems have saved money by implementing EHR systems compared to the costs of implementation — even in the most recent literature reviews that consider outcomes more than a decade since passage of the HITECH Act. The reasons for this, as noted earlier, include the hidden costs and unanticipated problems of implementation, the fact that EHR technology was not sufficiently advanced, and that the government didn’t mandate interoperability before passage of the HITECH Act. The HITECH mandates privileged existing vendors, and the positive network effects and switching costs have led to lock-in and monopoly power. The high and often hidden costs of installation, maintenance, and upgrading of systems were unanticipated. EHR expenses include investments in hiring permanent skilled IT professionals or outsourcing maintenance to third party vendors, plus the need for widespread and ongoing training of all frontline staff who use the EHR interface. Without regular upgrading, data breaches or legal problems are likely. Patient care may be interrupted during periodic maintenance, upgrades, and outages. The vulnerabilities of these systems to cyber-attacks — including hackers, malware, ransomware, phishing attacks, and cloud threats — are costly, extensive, and have grown.

Through about 2015, many empirical studies and literature reviews were highly critical of the performance of EHR systems. Most notable is the 2013 RAND reassessment of the evidence on outcomes, which found no savings and admitted that the 2005 RAND study considerably overstated expectations. The RAND authors blamed that on ‘implementation.’ They found no major gains in efficiency or quality (Kellermann and Jones 2013). A major 2013 literature review concluded that health IT had failed to achieve anticipated benefits and costs savings due to unintended consequences from flawed design and implementation (Bowman 2013).

“The emergence of EHR-related errors results in data being lost or incorrectly entered, displayed, or transmitted, leading to loss of information integrity. Although little published evidence quantifying the magnitude of health IT-associated risks exists, as health IT products have become more intimately involved in the delivery of care, the potential for health IT-induced medical error, harm, or death has increased significantly.”

Based on the empirical evidence she reviewed, Bowman cited several causal factors: EHR system design flaws, poor system usability and improper system use, inappropriate documentation capture, the widespread use of copy/paste features in the EHR systems, automatic fill-in features in templates, poor decision support rules, and inadequate user training, among other things. She also cited the lack of shared accountability between system developers and users for product functioning, and the lack of regulatory requirements to evaluate EHR system efficacy and safety or systematically track adverse outcomes.

Recent reviews of empirical research cite more positive developments, including better administrative efficiencies, billing, scheduling, data accessibility, and care coordination (Evans 2016Tasi et al. 2020; Al Bahrani and Medhi 2023). In a 2017 survey of 4,200 physicians in Rhode Island, 77.6 percent said that EHRs had improved billing processes, and others pointed to better communication within hospitals (Gardner, Cooper, Haskell et al. 2019).

Still troubling, however, are the ongoing problems they cite, including the high costs of implementing, maintaining, and upgrading systems; lower efficiency and the increased worktime devoted to data entry and management; flaws in interoperability; and inaccurate information embedded in systems or added through copy-paste behaviors; and the resulting medical errors for patients — sometimes life-threatening. Also noteworthy is the vulnerability of these systems to cyber threats that have escalated in recent years. While a strict cost-benefit analysis isn’t possible, the fact that these problems continue after some 50 years of experimentation with IT in healthcare is of concern.

For example, Tsai and colleagues culled 7,641 studies published between January 2005 and May 2020, and after reviewing them for methodology and relevance, selected 141 to analyze. Most were published between 2017 and 2019 (n=91), which provides a decent interval since the HITECH Act of 2009. Almost 70 percent (96) were based on US data. Their bottom line is:

“Approximately 25 years after the emergence of EHRs, substantial progress has been made regarding EHR implementation, adoption and use. Unfortunately, … Many of the initial expectations regarding time efficiency, productivity, and increased quality of care have not been met or have only been partially realized, and ‘current EHRs still do not meet the needs of today’s rapidly changing healthcare environment’ [Evans 2016].” 

Tsai and colleagues counted the number of studies that found positive outcomes versus negative ones along a series of dimensions. By this counting exercise, Tsai and colleagues found relatively more studies that reported better outcomes for communication, data accuracy and accessibility, and care quality. By contrast, the number of studies with negative findings swamped the positive ones with respect to worsened efficiency, increased workload, and dysfunctional workflows. A consistent finding across the studies was the lack of training and technical support, lack of technical literacy, lack of user involvement, poor system integration and interoperability, lack of trust and belief in EHRs, problems of data privacy and security, and resource constraints.

In 2023, another major literature review examined research over 20 years (Al Bahrani and Medhi 2023). It identified a series of empirical studies showing data improvements due to EHR systems, including reduced manual data entry, better accuracy, real-time record access, costs savings from reduced physical storage space, and better communication; but it went on to review many studies that documented the ongoing flaws in EHR systems.

Quantitative analyses like these are problematic, however, because they count as equal the findings of studies with radically different methodologies and institutional contexts around the world. A more persuasive study examined the three top hospital vendors — a research strategy that should provide the most positive results (‘as good as it gets’), given their deep expertise and experience. Beauvais and colleagues (2021) evaluated 2,667 hospitals using Epic, Cerner, or Meditech as their primary vendor and examined net income, Hospital Value–Based Purchasing Total Performance Score (TPS), unweighted subdomains of efficiency and cost reduction, clinical care, patient- and caregiver-centered experience, and patient safety. They found mixed results but primarily no effects or negative ones. While incentive payments from the HITECH Act raised operating income in the two years following EHR implementation, the EHR systems were not associated with improvements in operating margins. After this initial period, Beauvais and colleagues found that none of the systems had a significant positive relationship with net income. Epic had a significant positive association with TPS outcomes and higher patient perceptions of quality but negative associations with patient safety quality scores. Cerner and Epic had significant, positive association only with improved efficiency. None of the three were significantly related to measures of clinical care.

Other studies emphasize that patient care outcomes depend on whether employers invest sufficient resources in training employees and involving them in EHR implementation strategies. The quality of care depends on the quality of jobs and the resources that healthcare workers have to meet patients’ needs. The groundbreaking research by Adam Litwin highlights this point (Litwin 2011). In his three-year mixed-methods study of Kaiser Permanente, he examined EHR adoption in the context of a strong positive union-management partnership in which both parties cooperated in the rollout of the system. He measured changes in patient satisfaction with time spent on phone calls for appointment scheduling. They improved over time with the introduction of the EHR system, and considerably more so in those units in which employee involvement and training were higher. However, less than 10 percent of hospitals in the country are unionized, and data on the extent to which hospitals have invested in training in conjunction with EHR implementation does not exist. Another study of 304 nursing homes in New York found modest positive effects of EHRs on productivity and efficiency, offset by higher operating costs of 2.7 percent, and no effect on healthcare quality; the positive effects improved in facilities that emphasized employee involvement (Hitt and Tambe 2016).

Physicians, Nurses, and Healthcare Workers

Physicians, healthcare professionals, and workers have reported particularly negative outcomes working with EHR systems. Healthcare employees, like those in other industries, lack consultation rights or regulatory protections from the negative effects of new technologies on their working conditions and ability to perform their jobs (Bernhardt, Kresge, and Suleiman 2023). A large body of academic research shows how the implementation of EHRs have led to increased workloads, a shift from patient care to computers, and information overload, leading to burnout and lower quality care. For example, in a 2016 time and motion study of residents at NewYork-Presbyterian/Columbia University Medical Center, residents spent 52.1 percent of their time on computers compared to 9.4 percent with patients (Mamykina, Vawdrey, and Hripcsak 2016). A 2022 meta-analysis of 28 empirical studies of physician use of EHRs between 2010 and 2020 found consistent evidence of increased information overload and error rates, with some studies linking these to patient safety concerns (Nijor et al 2022). An analysis of EHR log records of first-year residents at Stanford found that they spent an average of 5.6 hours on the computer in a typical workday of 10-12 hours (Wang, Ouyang, Hom, Chi, and Chen 2019).

As additional stakeholders are added to the system, the demands for more data entry and documentation have increased, as has system complexity and redundancy. The length of clinical notes alone has doubled. Physicians report that, “Billing and documentation have been the primary drivers of EHR design, not patient needs and health management” (Budd 2023:1). In other words, as EHRs are linked to claims and revenue cycle management systems, insurers and hospitals are demanding more documentation. Insurers are scrutinizing bills more carefully to save costs while some hospitals use billing practices to increase revenue by including codes for patients’ health problems that are marginal at best. These practices, referred to as upcoding, raise health care costs. Physicians point to these increased documentation burdens as a reason to sell their practices to private equity firms, which they assume will reduce their workload; unfortunately, as PE firms take charge of billing and administrative tasks, they often intensify pressure to increase patient volumes while physicians still need to provide patient documentation.

Burnout from EHR systems is a major point of anger among physicians and healthcare workers, pre- and post- COVID. A particularly persuasive review of 36 empirical studies of physician burnout between 2010 and 2023 documented consistent evidence linking burnout to EHR systems among primary care physicians. Burnout manifests itself, “… as a chronic stress response with components of depersonalization, emotional exhaustion, or impaired feelings of accomplishment” (Budd 2023:1). The survey evidence shows that physician burnout has increased since 2011, and EHR use is a major factor as reported by respondents. Based on a synthesis of findings from 36 studies, he reported that the research links physician burnout to EHRs use and in turn poor patient care outcomes, including poor quality care, safety incidents, major medical errors, patient dissatisfaction, and workforce turnover. The evidence from many studies backed up these relationships: EHRs “…are a significant source of burnout along with varying combinations of time pressures, chaotic work environments, low control of pace, family responsibilities, COVID-19 pandemic stressors” (Budd 2023:1).

A sample of the study findings shows consistent evidence linking EHR use to a range of negative outcomes for healthcare providers and patients. For example, a 2018 Harris poll sponsored by Stanford Medicine found that half of the 521 primary care providers surveyed said that EHRs impair clinical effectiveness. Forty-four percent viewed EHRs as a data storage tool, 62 percent felt EHR time demands led to insufficient time to address patient questions or concerns, 59 percent said their EHR system needed a complete overhaul, and only three percent thought its primary value was related to patient care. A 2019 academic survey found that 70 percent of physician respondents linked EHR use to increased stress, while 70 percent said that it fails to improve job satisfaction, and 50 percent disagreed that it improves workflow. A 2020 study reported that 75 percent of those reporting burnout symptoms identified the EHR as a source. Another survey found that 87 percent of physicians sampled felt that EHRs required excessive data entry. Physicians are doing clerical work that could be done by others, thereby contributing to inefficiency at work. Physicians needed up to 2 hours additional time for data entry for every hour of direct patient care, and those without enough time for documentation were 2.8 times more likely to report symptoms of burnout. Information overload from EHR use increased physicians’ cognitive demands and undercut their ability to locate critical clinical information, contributing to burnout (Budd 2023).

Dissatisfaction with EHR systems also leads to nurses’ burnout risk and higher quit rates, according to a KLAS survey of 75,000 nurses in 2023. One-third of respondents said that EHRs were a major source of burnout, and among that group, 40 percent said they would probably quit their jobs within two years (Anderson and Manzione 2024). The assumption that younger generations will adapt to EHR systems also doesn’t appear to hold. A Mayo Clinic survey of 6,000 physicians found that EHR dissatisfaction rates were 55 percent for those under 40 compared to 66 percent for those 60 and older (Shanafelt, Dyrbye, Sinsky et al. 2016).

Patients and Care Quality

Recall that the 2005 Rand report authors and other commentators believed EHRs would improve patient outcomes across the board due to improved accuracy of data, real time access to health information, and coordination of patient care across healthcare providers. The evidence on these points is also thin. Early adopters identified key problems in adapting generic systems to their practices and no improvement or negative effects on care quality. A 2008 study, for example, published in a top-tier cardiology journal, Circulation, found that there was little improvement in quality of care for 15,000 patients with heart failure with EHRs compared to paper records (Groopman and Hartzband 2009). A 2010 case study in Health Affairs identified “Limitations in the technology gave rise to medication errors, interruptions in workflow, and other problems common to paper systems. Our experience should encourage providers and policy makers to consider alternative software and informatics models before investing in currently available systems” (Fernandopulle and Patel 2010).

A decade later, most academic studies of EHR use and care quality show similar results. An exception is a longitudinal study of EHR integration between ambulatory and hospital facilities. Meyerhoefer and colleagues (2016) found that primary care physicians’ productivity fell by 11 percent, but increases in treatment intensity led to a 37 percent reduction in the severity of adverse birth events. But that study is unusual. A 2019 national study of hospital systems with EHRs revealed no significant improvements in mortality or readmission rates. The study controlled for the level of “meaningful use” status attributed to each system, which affects the level of reimbursement received from the government for implementation. The study found that meaningful use status had no correlation with improved outcomes, nor did vendor choice or length of EHR use. In some cases, systems with “CPSI EHR systems performed worse on several process and outcome measures” (Yuan et. Al. 2019).

A fundamental concern regarding EHR usage and patient care is the accuracy of information initially input into a system through copying and pasting from one point in time to another. For at least two decades, and long before passage of the HITECH Act, medical researchers and physicians signaled the pervasiveness of this problem. A 2003 study, for example, found that one in 10 electronic charts in their sample contained ‘high-risk’ copying errors (Hammond, Helbig, and Benson 2003). In 2007, Thielke and colleagues studied 167,000 VA records and found that copying of medical exam information occurred in 25 percent of patient charts (Thielke, Hammond, and Helbig 2007). Many published articles prior to the HITECH Act documented how repeated copying and pasting led to outdated information in charts and to patient care delays, medication errors, or more serious life-threatening medical errors (Hersh 2007).

Since then, a steady stream of credible research in medical journals has continued to document the extent and seriousness of copy-paste errors pre- and post-passage of the HITECH Act. A 2010 review of 100 patients’ electronic records found that 78 percent of sign-out notes and 54 percent of progress notes were copy and pasted (Wrenn, Stein, Bakken, and Stetson 2010). A 2013 review of 2,000 pages of notes for 135 patients in Cleveland Medical ICU unit reported that over 75 percent of physician notes had at least 20 percent of the material copy and pasted (Thornton, Schold, Venkateshaiah, and Lander 2013). In that year, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) published an audit that surveyed 864 hospitals with Medicare funding and found that only 24 percent of the hospitals had policies in place regarding copying and pasting in EHR systems, while 61 percent said they have policies that make it the EHR user’s responsibility to ensure correct data entry when using copy and paste (OIG/HHS 2013). It cautioned that copy-paste information that is not updated could lead to improper charges to patients or payers and recommended to ONC that it develop guidance on the use of copy-paste features. A follow-up OIG report in January 2014 criticized CMS for its failure to adopt integrity practices to address vulnerabilities in EHR systems and failure to provide guidance to contractors (OIG/HHS 2014). It particularly highlighted the vulnerability of these systems to fraud. EHRs make it easier to commit fraud by inflating or duplicating claims or creating fraudulent claims. It particularly cited the practices of copy-pasting and overdocumentation (inserting false or irrelevant documentation) as potential causes.

In a 2017 study of medication errors in ICUs following EHR implementation, researchers found that “one-third of all medication errors were EHR related,” while “EHR-related errors had the potential for more serious patient harm compared to non–EHR-related errors.” The predictive nature of clinical EHRs means that “omitted information and duplicate orders” may change the level or type of care provided, threatening patient outcomes (Carayon et al. 2017).

In 2023, a 20-year review of the research literature showed that copy-pasting has continued to be a widespread practice and that it continues to introduce information errors into patient records (Al Bahrani and Medhi 2023). They found that roughly 35 percent of physicians they surveyed rely on copy-paste features of electronic systems and that 25 percent believe it can lead to a high frequency of medical errors. While many studies acknowledge the benefits of EHR systems in terms of efficiency, real-time record access, care coordination, and cost reductions, they also highlight the ongoing vulnerabilities that put patients at risk.

Conclusions

The goal of this Part I report was to assess the extent to which financialization in healthcare has been exacerbated by the growth of electronic health records as a fundamental part of healthcare organizations’ infrastructure. Central to the analysis is whether the laws and regulations put in place to advance the adoption of EHRs have been sufficient to foster improvements in healthcare systems while limiting the use of public funds for private gain. The evidence suggests that they have not.

The federal government played a critical role in passing laws that encouraged and then required EHR adoption among healthcare organizations and physicians, but did not enforce standards for IT vendors or require data or price transparency. The assumed cost effectiveness of health IT that fueled passage of the HITECH Act did not receive sufficient empirical scrutiny before federal adoption mandates were in place and billions of taxpayer dollars had been spent. While the mandates successfully ushered in rapid adoption of EHR systems, it turned out that the available systems had important limitations, including inefficiencies, inaccuracies, and lack of interoperability – the latter being a central goal of the HITECH law. As a result, venture capitalists and IT vendors used healthcare organizations as laboratory sites for experimentation. Healthcare organizations, physicians, workers, and patients often bore the costs. Federal rules did not provide consultation rights for healthcare employees with respect to new technologies they were required to use, nor did they provide any funding for technology training and skills upgrading.

It is not possible to do a cost-benefit analysis of health IT over time. Systematic data on the costs and quality of these systems is not available, and little or no transparency exists regarding the contracts and financial details between tech vendors and healthcare organizations. We do know that the HITECH mandates required quick implementation but without enforceable standards or guardrails in place. This gave legacy IT vendors billions in taxpayer subsidies and a free hand in the market – allowing them to acquire asymmetric market power and, in some market subsegments, monopoly power. The federal government did not set aside funding for new IT innovations or startups to provide alternative solutions. Taxpayers subsidized billions for health IT adoption that flowed through healthcare organizations to the pockets of venture capitalists and IT vendors, who now dominate the market.

Empirical evidence shows that EHRs have led to better billing and internal communications, but few studies calculate the net economic effects that include the hidden costs of installing, maintaining, and upgrading systems – as well as hiring, training, and retraining the entire healthcare workforce as systems continually change. Large healthcare systems spend over a billion dollars just to install these systems, while smaller hospitals are pressed for resources to install or maintain them, leading some to seek to be acquired – further consolidating the industry.

Inaccurate or outdated information embedded in patients’ EHRs is well-documented by hundreds of empirical studies in the 1990s and 2000s and continuing into the 2020s. Errors occur at the initial point of data entry or are incurred through widespread use of cut-and-paste features of systems, which leads to outdated information in patient records, leading to delays in care or more serious threats to care quality.

The negative outcomes of EHRs for physicians, nurses, and frontline workers continue to be documented in the academic literature, as are the negative spillover effects on patients. As EHR systems have become more complex, the data entry requirements also increase, which physicians and other healthcare workers are responsible for. Widespread dissatisfaction and burnout are linked to the excessive time spent by physicians on computers rather than direct patient care – with additional hours at home finishing up documentation. Physicians report that systems are onerous, usability is low, data required is redundant, and the use of their time for clerical work is highly inefficient. Excessive email messaging is a leading cause of high and growing quit rates among physicians and nurses. Information overload may lead to cognitive overload, undermining patient care and safety. These are the hidden costs of EHR systems.

Once the institutional structure for EHR systems was established, it laid the groundwork for integrating other financial and data management systems, including revenue cycle management, and more recently data analytics and AI and machine learning. Part II of the report will explore this broader set of developments in health IT. The standardization of patient health information and more accurate billing in EHRs created incentives to link them to claims and revenue cycle management (RCM) systems. Venture capital financing and private equity buyouts of RCM vendors took off and accelerated in the 2010s, as RCM systems developed more capabilities and were integrated into EHR platforms. EHRs have become the key platforms to integrate patient health information with operations management, data analytics, claims management, and RCM systems – in what is referred to as ‘end-to-end’ revenue cycle management.

The rapid development of end-to-end management systems that integrate patient data into financial accounting systems has positioned them to serve as the infrastructure for integrating AI and machine learning tools into healthcare decision processes – without input from patients and healthcare workers nor regulatory standards, transparency, or safeguards. The federal government’s late-stage efforts to curb these applications in healthcare face a powerful set of financial players with deep stakes already planted in healthcare. Again, the empirical question in Part II is who benefits, and who assumes the risks and the costs? To what extent are these systems another pathway for Silicon Valley and Wall Street actors to experiment with health IT systems without bearing the downside risks? Part II considers these questions and the evidence regarding outcomes for healthcare providers and patients, including the question of patient privacy rights and data security. The linkage of medical and financial records in end-to-end systems has made healthcare by far the most vulnerable industry to cyberattacks, which in turn is spurring demand for yet another set of financial actors to penetrate the healthcare market – now to clean up the problems created by massive electronic information systems created by their predecessors.

References

Adler-Milstein, Julia, and Ashish K. Jha. 2017. HITECH Act Drove Large Gains in Hospital Electronic Health Record Adoption. Health Affairs, 36(8). https://doi.org/10.1377/hlthaff.2016.1651

Al Bahrani, B, and I Medhi. 2023. “Copy-Pasting in Patients’ Electronic Medical Records (EMRs): Use Judiciously and With Caution.” Cureus, 15;15(6):e40486. doi: 10.7759/cureus.40486. PMID: 37461761; PMCID: PMC10349911.

Alder, Steve. 2024. “What is the HITECH Act?” The HIPAA Journal. January 11. https://www.hipaajournal.com/what-is-the-hitech-act/ (accessed June 22, 2024).

Anderson, Jenna, and Lauren Manzione. 2024. “KLAS Arch Collaborative Nursing Guidebook 2024.” KLAS Research. August 20. https://klasresearch.com/archcollaborative/report/klas-arch-collaborative-nursing-guidebook-2024/573 (accessed January 5, 2025)

Appelbaum, Eileen, and Rosemary Batt. 2020. “Private Equity Buyouts in Healthcare: Who Wins, Who Loses?” Institute for New Economic Thinking and Center for Economic and Policy Research. Working Paper 118. March 15. https://www.ineteconomics.org/perspectives/blog/private-equity-buyouts-in-healthcare-who-wins-who-loses

Appelbaum, Eileen, and Rosemary Batt. 2014. Private Equity at Work: When Wall Street Manages Main Street. New York: Russell Sage Foundation.

Beauvais B, C Kruse, L Fulton, R Shanmugam, Z Ramamonjiarivelo, and M Brooks. 2021. “Association of Electronic Health Record Vendors with Hospital Financial and Quality Performance: Retrospective Data Analysis.” J Med Internet Res, 23(4):e23961 https://www.jmir.org/2021/4/e23961; DOI: 10.2196/23961

Bernhardt, Annette, Lisa Kresge, and Reem Suleiman. 2023. “The Data-Driven Workplace and the Case for Worker Technology Rights.” ILR Review, 76(1):3–29 DOI: 10.1177/00197939221131558.

Bigelow, James, Katya Fonkych, Constance Fung, and Jason Wang. 2005. “Analysis of Healthcare Interventions that Change Patient Trajectories.” RAND Corporation. Sept. 12 https://www.rand.org/pubs/monographs/MG408.html (accessed June 27, 2024)

Black, Jennifer, Rachel Hulkower, and Tara Ramanathan. 2018. “Health Information Blocking: Responses Under the 21st Century Cures Act.” Public Health Rep. 2018 Sep/Oct;133(5):610-613. doi: 10.1177/0033354918791544. PMID: 30134128; PMCID: PMC6134556

Blauer, Tyson, and Paul Warburton. 2023. “US Hospital EMR Market Share 2023 Market Energy Driven Mostly by Small Organizations.” May 23. https://klasresearch.com/report/us-hospital-emr-market-share-2023-market-energy-driven-mostly-by-small-organizations/3013 (accessed July 3, 2024)

Blauer, Tyson, and Paul Warburton. 2024. “US Acute Care EHR Market Share 2024
Large Organizations Drive Market Energy.” KLAS Research. May 17. https://klasresearch.com/report/us-acute-care-ehr-market-share-2024-large-organizations-drive-market-energy/3333 (accessed July 3, 2024)

Boulton, Guy. 2016. “Epic Systems Soars with Transition to Electronic Health Records.” Milwaukee Journal Sentinel. January 24. https://archive.jsonline.com/business/epic-systems-soars-with-transition-to-electronic-health-records-b99642837z1-366328781.html (accessed Jun 18, 2024)

Bowman S. 2013. Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications. Perspect Health Inf Manag, 10(Fall):1c. PMID: 24159271; PMCID: PMC3797550

Bruce, Giles. 2022. “Why Big Health Systems are Moving to Epic”. Becker’s Health IT. October 17. https://www.beckershospitalreview.com/ehrs/why-big-health-systems-are-moving-to-epic.html (accessed June 30, 2024).

Bruce, Giles. 2023. “How Epic Won over Academic Medical Centers.” Becker’s Health IT. October 24. https://www.beckershospitalreview.com/ehrs/how-epic-won-over-academic-medical-centers.html (accessed June 30, 2024)

Bruce, Giles. 2024a. “Epic’s Dominance in 12 Numbers.” Beckers Health IT. https://www.beckershospitalreview.com/ehrs/epics-dominance-in-12-numbers.html?utm_campaign=bhr&utm_source=website&utm_content=latestarticles (accessed July 18, 2024)

Bruce, Giles. 2024b. “25 Largest Health Systems’ EHR Costs.” Beckers Hospital Review. December 31st. https://www.beckershospitalreview.com/ehrs/top-25-health-systems-by-ehr-cost.html?origin=BHRSUN&utm_source=BHRSUN&utm_medium=email&utm_content=newsletter (accessed January 5, 2025).

Budd J. 2023. “Burnout Related to Electronic Health Record Use in Primary Care.” Journal of Primary Care & Community Health, 14, 21501319231166921. https://doi.org/10.1177/21501319231166921 (accessed June 22, 2024)

Capoot, Ashley. 2024. “Venture Capital Firm’s Plan to Buy Nonprofit Hospital System Has Ohio Community on Edge.” CNBC. March 2 https://www.cnbc.com/2024/03/02/heres-why-general-catalyst-is-trying-to-buy-summa-health.html (accessed March 4, 2024)

Carayon, P., Du, S., Brown, R., Cartmill, R., Johnson, M., & Wetterneck, T. B. 2017. EHR-related medication errors in two ICUs. Journal of Healthcare Risk Management, 36(3), 6–15. https://doi.org/10.1002/jhrm.21259

Cerner Corporation. 2010. “Cerner Timeline.” http://cerner.com/public/Cerner_2.asp?id=27167 (accessed July 3, 2024).

Clark, Lindsay. 2023. “Oracle Cerner Bleeds Jobs as Veterans Affairs Project Stalls.” The Register. June 16. https://www.theregister.com/2023/06/16/oracle_cerner_job_losses/ (accessed July 11, 2024)

Cobb, Enesha, and Kori Sauser. 2014. “Electronic Health Records,” in Steven Garber et al., Redirecting Innovation in U.S. Health Care: Options to Decrease Spending and Increase Value: Case Studies. RAND Health. RR-308.

Companies History. 2024. “Cerner.” January 21. https://www.companieshistory.com/cerner/ (accessed July 9, 2024)

Conn, Joseph. 2013. “Fee Frustrations: Connecting EHR Systems Too Pricey, Providers Say.” Modern Healthcare. July 17. https://www.modernhealthcare.com/article/20130727/MAGAZINE/307279974/fee-frustrations (accessed July 14, 2024)

Content, Thomas. 2011. “Software Firm Reaches for the Sun.” Milwaukee Journal Sentinel. June 5. https://archive.jsonline.com/business/123206273.html (accessed June 25, 2024).

Creswell, Julie. 2014. “Doctors Find Barriers to Sharing Digital Medical Records.” New York Times. Sept 30.  https://www.nytimes.com/2014/10/01/business/digital-medical-records-become-common-but-sharing-remains-challenging.html?_r=0 (accessed May 20, 2024)

DesRoches, Catherine M., et al. 2008. “Electronic Health Records in Ambulatory Care—A National Survey of Physicians.” New England Journal of Medicine 359(1): 50–60.

Diaz, Naomi. 2022. “Oracle Touts Plans to Modernize Its EHR System.” Becker’s Health IT. October 18. https://www.beckershospitalreview.com/ehrs/oracle-touts-plans-to-modernize-its-ehr-system.html (accessed June 22, 2024)

Diaz, Naomi. 2024a. “Oracle Health Workforce Steadily Decreases.” Becker’s Health IT.  May 2. https://www.beckershospitalreview.com/ehrs/oracle-health-workforce-steadily-decreases.html (accessed July 11, 2024).

Diaz, Naomi.  2024b. “Oracle Health’s Biggest Moves in 2024.” Becker’s Health IT.  June 18. https://www.beckershospitalreview.com/ehrs/oracle-healths-biggest-moves-in-2024.html (accessed June 28, 2024).

Diaz, Naomi. 2024c. “HHS final rule aims to boost interoperability.” Beckers Hospital Review. December 11. https://www.beckershospitalreview.com/healthcare-information-technology/hhs-final-rule-aims-to-boost-interoperability.html?origin=CIOE&utm_source=CIOE&utm_medium=email&utm_content=newsletter (accessed January 5, 2025).

Dille, Grace. 2024. “Senators Push VA for Tougher EHRM Contract with Oracle Cerner.”  MeriTalk. May 13. https://www.meritalk.com/articles/senators-push-va-for-tougher-ehrm-contract-with-oracle-cerner/(accessed July 10, 2024)

Dyrda, Laura. 2022. “Epic’s Revenue up 13% in 2021, Hit $3.8B.” Becker’s Health IT. July 13. https://www.beckershospitalreview.com/ehrs/epic-is-no-1-worldwide-after-adding-356-hospitals-last-year.html?utm_campaign=bhr&utm_source=website&utm_content=latestarticles (accessed July 9, 2024)

Dyrda, Laura. 2024. “Epic is No. 1 Worldwide After Adding 356 Hospitals Last Year.” Becker’s Health IT. July 8. https://www.beckershospitalreview.com/ehrs/epic-is-no-1-worldwide-after-adding-356-hospitals-last-year.html (accessed July 8, 2024)

Enriquez-Sarano, Louis. 2020. “DATA-RICH AND KNOWLEDGE-POOR: HOW PRIVACY LAW PRIVATIZED MEDICAL DATA AND WHAT TO DO ABOUT IT.” Columbia Law Review, 120(8): 2319–58. JSTOR, https://www.jstor.org/stable/26965837 (accessed May 15, 2024)

Federal Registrar. 2020. “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.” https://www.federalregister.gov/documents/2020/08/04/C2-2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification (accessed August 15, 2024).

Fernandopulle, Rushika, and Neil Patel. 2010. “How the Electronic Health Record Did Not Measure Up to The Demands of Our Medical Home Practice.” Health Affairs, 29 (4): 622-628. https://www.healthaffairs.org/doi/epdf/10.1377/hlthaff.2010.0065 (accessed May 28, 2024).

Freudenheim, Milt. 2012. “Digitizing Health Records, Before It Was Cool”. The New York Times. January 14. https://www.nytimes.com/2012/01/15/business/epic-systems-digitizing-health-records-before-it-was-cool.html?pagewanted=1&_r=1&smid=fb-share (accessed July 7, 2024)

Forbes. 2025. “Larry Ellison, CTO and Founder, Oracle. Forbes, January 5. https://www.forbes.com/profile/larry-ellison/ (accessed January 5, 2025).

Funding Universe. 1997. “Cerner Corporation History.” “International Directory of Company Histories, Vol. 16. London, UK: St. James Press.  http://www.fundinguniverse.com/company-histories/cerner-corporation-history/

Gabriel MH, C Richwine, C Strawley, W Barker, and J Everson. 2024. “Interoperable Exchange of Patient Health Information Among U.S. Hospitals, 2023.” Washington DC.: ONC Data Brief: 71. https://www.healthit.gov/data/data-briefs/interoperable-exchange-patient-health-information-among-us-hospitals-2023

GAO (Government Accountability Office). 2009. “GAO Announces Appointments to Health Information Technology Policy Committee.” Washington, DC. April 3. https://www.gao.gov/press-release/gao-announces-appointments-health-information-technology-policy-committee

GAO. 2024. “Electronic Health Records: DOD Has Deployed New System but Challenges Remain.” GAO-24-106187 Washington, D.C. Apr 18. https://www.gao.gov/products/gao-24-106187

Gardner, RL, E Cooper, J Haskell, DA Harris, S Poplau, PJ Kroth, and M Linzer. 2019. Physician Stress and Burnout: The Impact of Health Information Technology. J Am Med Inform Assoc, 26(2):106-114. doi: 10.1093/jamia/ocy145. PMID: 30517663; PMCID: PMC7647171

General Catalyst. 2024. “Our Acquisition of Summa Health.” January 17. https://www.generalcatalyst.com/perspectives/our-acquisition-of-summa-health

Goldstein, Melissa, and Jane Thorpe. 2010. “The First Anniversary of the Health Information Technology for Economic and Clinical Health (HITECH) Act: The Regulatory Outlook for Implementation.” Perspect Health Inf Manag. 2010 Sep 1;7(Summer):1c. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2921301/

Graham, Edward. 2024. “VA Extends EHR Contract with Oracle Cerner For 11 Months.” Washington Technology. June 14. https://www.washingtontechnology.com/contracts/2024/06/va-extends-ehr-contract-oracle-cerner-11-months/397387/(accessed July 7, 2024)

Gregory, John. 2017. “Cerner Wins Veterans Affairs EHR Contract Without Competitive Bidding Process.” Health Exec. June 6. https://healthexec.com/topics/patient-care/digital-transformation/cerner-wins-veterans-affairs-ehr-contract-without

Groopman, J., and P. Hartzband. 2009. “Obama’s $80 Billion Exaggeration.” Wall Street Journal. March 12. https://www.wsj.com/articles/SB123681586452302125

Hammond KW, ST Helbig ST, CC Benson, et al. 2003. “Are Electronic Medical Records Trustworthy? Observations on copying, pasting and duplication.” AMIA Annu Symp Proc. 2003:269-273. https://pubmed.ncbi.nlm.nih.gov/14728176/

HealthIT.gov. N.D. “Health Information Technology Fact Sheet.” https://www.healthit.gov/sites/default/files/pdf/health-information-technology-fact-sheet.pdf (accessed May 12, 2024).

Heckman, Jory. 2022. “VA Scraps Last EHR Go-Live Date in FY 2022, Amid IG Accounts of Patient Harm.” Federal News Network. https://federalnewsnetwork.com/veterans-affairs/2022/07/va-scraps-last-ehr-go-live-date-in-fy-2022-amid-ig-accounts-of-patient-harm/?readmore=1 (accessed July 10, 2024)

Hersh, William. 2007. “Copy and Paste. Agency for Healthcare Research and Quality.” Agency for Healthcare Research and Quality. August 21. https://psnet.ahrq.gov/web-mm/copy-and-paste

Hillestad, Richard, James Bigelow, Anthony Bower, Federico Girosi, Robin Meili, Richard Scoville, and Roger Taylor. 2005. “Can Electronic Medical Record Systems Transform Health Care?: Potential Health Benefits, Savings, and Costs.” Health Affairs, 24(5):1103–17.

Hitt, L. M., and P. Tambe. 2016. “Health Care Information Technology, Work Organization, and Nursing Home Performance.” ILR Review, 69(4), 834–859.  https://journals.sagepub.com/doi/abs/10.1177/0019793916640493

Hooley, Sean and Latanya Sweeney. 2011. “Survey of Publicly Available State Health Databases.” Harvard University: Thedatamap. https://thedatamap.org/1075-1.pdf

Hsiao, Chun-Ju, and Esther Hing. 2014. “Use and Characteristics of Electronic Health Record Systems Among Office-Based Physician Practices: United States, 2001–2013.” National Center for Health Statistics Data Brief 143. https://pubmed.ncbi.nlm.nih.gov/24439138/

Huang, Chunya, Ross Koppel, John D. McGreevey III, Catherine K. Craven, and Richard Schreiber. 2020. “Transitions from One Electronic Health Record to Another: Challenges, Pitfalls, and Recommendations.” Applied Clinical Informatics, 11(05): 742-754. https://www.thieme-connect.de/products/ejournals/abstract/10.105

IOM (Institute of Medicine (US) Committee on Quality of Health Care in America). 2000. To Err is Human: Building a Safer Health System. Linda T. Kohn, Janet M. Corrigan, Molla S. Donaldson, editors.  Washington (DC): National Academies Press (US).

Joseph, Seth. 2023. “Into the Death Zone? What Digital Health Can Learn from Epic’s $3.8B Revenue.” Forbes. November 28. https://www.forbes.com/sites/sethjoseph/2023/11/28/into-the-death-zone-what-digital-health-can-learn-from-epics-38b-revenue/ (accessed June 27, 2024)

Joseph, Seth. 2024. “Epic’s Market Share: Who Should Control the Levers of Healthcare Innovation?” Forbes. Feb 26. https://www.forbes.com/sites/sethjoseph/2024/02/26/epics-antitrust-paradox-who-should-control-the-levers-of-healthcare-innovation/ (accessed July 8, 2024)

Kalinin, Konstantin. 2024. “Epic vs. Cerner: Comparison of Leaders in Healthcare IT Solutions.” Top Flight. March 8 https://topflightapps.com/ideas/cerner-vs-epic/ (accessed July 2, 2024).

Kellermann AL, & SS Jones. 2013. “What it Will Take to Achieve the As-Yet-Unfulfilled Promises of Health Information Technology.” Health Affairs, 32(1):63-8. doi: 10.1377/hlthaff.2012.0693. PMID: 23297272.

Landi, Heather. 2022a. “Golden Parachute Payouts Worth $20M for Cerner’s Feinberg, Former CEO With Proposed Sale to Oracle.” Fierce Healthcare. Jan 26. https://www.fiercehealthcare.com/tech/golden-parachute-payouts-worth-20m-for-cerner-s-feinberg-former-ceo-proposed-sale-to-oracle (accessed July 8, 2024)

Landi, Heather. 2022b. “Oracle closes $28B deal to buy EHR giant Cerner.” Fierce Healthcare. June 7. https://www.fiercehealthcare.com/health-tech/oracle-gets-european-approval-28m-cerner-deal-set-close-next-week (accessed July 8, 2024).

Landi, Heather. 2023. “GOP Lawmakers Ready to Scrap Oracle Cerner’s $16B VA Contract Unless ‘Deeply Flawed’ EHR Fixed.” Fierce Healthcare. Feb 1. https://www.fiercehealthcare.com/health-tech/gop-lawmakers-ramp-pressure-va-and-oracle-cerner-fix-16b-ehr-project (accessed July 8, 2024)

Landi, Heather. 2024. “General Catalyst’s HATCo Moves Forward on $485M Summa Health Deal.” Fierce Health. November 7. https://www.fiercehealthcare.com/health-tech/general-catalysts-hatco-moves-forward-485m-summa-health-deal (accessed January 14, 2025).

Leventhal, Rajiv. 2018. “Report: DoD-Cerner EHR Contract Ceiling to be Raised by $1B.” Healthcare Innovation. July 26. https://www.hcinnovationgroup.com/interoperability-hie/news/13030569/report-dod-cerner-ehr-contract-ceiling-to-be-raised-by-1b (accessed July 9, 2024)

Lite, S., WJ Gordon, and AD Stern. 2020. “Association of the Meaningful Use Electronic Health Record Incentive Program with Health Information Technology Venture Capital Funding.” JAMA Network Open, 3(3):e201402. doi:10.1001/jamanetworkopen.2020.1402

Litwin, Adam Seth. 2011. “Technological Change at Work: The Impact of Employee Involvement On The Effectiveness of Health Information Technology.” ILR Review, 64(5): 863–88.

Mamykina L, DK Vawdrey, and G. Hripcsak. 2016. “How Do Residents Spend Their Shift Time? A Time and Motion Study with a Particular Focus on the Use of Computers.” Acad Med. 91(6):827-32. doi: 10.1097/ACM.0000000000001148. PMID: 27028026; PMCID: PMC4879085.

Meyerhoefer, C. D., Deily, M. E., Sherer, S. A., Chou, S.-Y., Peng, L., Sheinberg, M., & Levick, D. 2016. “The Consequences of Electronic Health Record Adoption for Physician Productivity and Birth Outcomes.” ILR Review, 69(4), 860-889. https://doi.org/10.1177/0019793916642758

Miller, Amalia and Catherine Tucker. 2014. “Health Information Exchange, System Size and Information Silos.” Health Econ. 33:28-42. doi: 10.1016/j.jhealeco.2013.10.004. PMID: 24246484 (accessed July 27, 2024)

Nijor Sohn, Gallis Rallis, Nimit Lad, Eric Gokcen. 2022. “Patient Safety Issues from Information Overload in Electronic Medical Records.” J Patient Saf. Sep 1;18(6):e999-e1003. doi: 10.1097/PTS.0000000000001002. PMCID: PMC9422765

NYSE. “Oracle Corporation: Market Summary.” https://www.google.com/search?client=firefox-b-1-e&q=oracle+stock+price (accessed January 5, 2025)

OIG. 2013. “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology.” December. https://www.modernhealthcare.com/assets/pdf/CH92135129.PDF (accessed July 13, 2024)

ONC. (Office of the National Coordinator for Health Information Technology). N.D. “ONC Budget and Performance.” Washington, DC: ONC.  https://www.healthit.gov/topic/onc-budget-and-performance (accessed July 15, 2024)

ONC. 2009. “Health IT Policy Committee: Recommendations to the National Coordinator for Health IT.” August 9. https://www.healthit.gov/sites/default/files/facas/hit_pc_transmittal_ltr_7-16-09.pdf (accessed July 10, 2024)

ONC. 2015. “REPORT TO CONGRESS. Report on Health Information Blocking. April. https://www.healthit.gov/sites/default/files/reports/info_blocking_040915.pdf (accessed July 15, 2024)

ONC. 2019. “State Health Information Exchange.” September 29. https://www.healthit.gov/topic/onc-hitech-programs/state-health-information-exchange (accessed July 31, 2024)

Olsen, Emily. 2024. “OIG Details Errors with VA, Oracle EHR Deployment.” Healthcare Dive. https://www.healthcaredive.com/trendline/electronic-health-records/263/?utm_source=HD&utm_medium=Library&utm_campaign=Optimal&utm_term=Healthcare%20Dive%20Weekender (accessed December 20, 2024)

Olsen, Emily. 2025. “VA to Resume Oracle EHR Deployments in Mid-2026.” Healthcare Dive. January 2. https://www.healthcaredive.com/news/veterans-affairs-oracle-ehr-deployment-mid-2026/736308/?utm_source=Sailthru&utm_medium=email&utm_campaign=Issue:%202025-01-02%20Healthcare%20Dive:%20IT%20%5Bissue:69138%5D&utm_term=Healthcare%20Dive:%20IT (accessed January 5, 2025).

Palmer, Katie. 2022. “A Troubling Report On Cerner’s VA Rollout Offers a Rare Look Into the Hidden Harms of Health Records.” July 25. STAT News. https://www.statnews.com/2022/07/25/cerner-veterans-electronic-health-records-harm/?matchtype=&keyword=&cid=21378541377&agid=&device=c&placement=&creative=&target=&adposition=&utm_source=google&utm_medium=cpc&utm_campaign=pmax-catchall&utm_term=&utm_content=&hsa_acc=5862992171&hsa_cam=21378541377&hsa_grp=&hsa_ad=&hsa_src=x&hsa_tgt=&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_ver=3&gad_source=1 (accessed July 10, 2024)

Perna, Gabriel. 2023. “How Epic Took Over the Hospital EHR Market.” Modern Healthcare. September 18. https://www.modernhealthcare.com/digital-health/epic-cerner-meditech-ehr-market (accessed July 5, 2024).

Person, Lisa Lewis. 2024. “ONC @ 20: Celebrating the People.” HealthITbuzz: The Latest on Health IT From ONC. May 1. https://www.healthit.gov/buzz-blog/onc-at-20/onc-20-celebrating-the-people  (accessed July 8, 2024).

PitchBook. 2022. “Q4 2022 Launch Report: Healthcare IT. VC and PE Trends and Emerging Opportunities.” Emerging Tech Research. PitchBook Data, Inc. 2023.

PitchBook. 2023. “Industries and Verticals.”  Seattle, WA: PitchBook Data, Inc. April.

PitchBook. 2024a. “PitchBook Epic (Other Software) 2024_07_09_14_45_53_07.” PitchBook Data, Inc.

PitchBook. 2024b. “PitchBook Oracle Cerner 2024_07_20_15_52_10.” PitchBook Data, Inc.

Porter, Michael, & E.O. Teisberg.  2006. “Redefining Health Care: Creating Value-Based Competition on Results” (Boston: Harvard Business School). https://www.hbs.edu/ris/Publication%20Files/20060502%20NACDS%20-%20Final%2005012006%20for%20On%20Point_db5ede1d-3d06-41f0-85e3-c11658534a63.pdf (accessed July 20, 2024).

Samora, Sara. 2022. “Cost of VA’s New Electronic Health Record System Could Triple to More Than $50 Billion; Launch At Boise Facility Delayed.” Stars and Stripes. July 21. https://www.stripes.com/veterans/2022-07-21/veteran-affairs-electronic-health-records-6724241.html (accessed July 23, 2024).

Scarborough, Nickey. 2023. “EHRs Ranked by Market Share.” Healthgrades. May. https://www.healthgrades.com/pro/ehrs-ranked-by-market-share (accessed July 23, 2024).

Shanafelt TD, LN Dyrbye, C Sinsky, et al. 2016. “Relationship Between Clerical Burden and Characteristics of the Electronic Environment with Physician Burnout and Professional Satisfaction.” Mayo Clin Proc.,91(7):836-48. doi: 10.1016/j.mayocp.2016.05.007. PMID: 27313121

Sicilia, Mike. N.D. “Oracle’s Acquisition of Cerner: The future of Healthcare.” https://www.oracle.com/health/acquisition-of-cerner-the-future-of-healthcare/ (accessed July 11, 2024)

Smith, Orion Donovan. 2022. “Watchdog Reveals Flaw in Cerner Computer System Caused Nearly 150 Cases of Harm at Spokane VA Hospital.” The Spokseman-Review.  June 19. https://www.spokesman.com/stories/2022/jun/19/watchdog-reveals-flaw-in-cerner-computer-system-ca/ (accessed July 11, 2024).

Southwick, Ron. 2021. “What Oracle’s Acquisition of Cerner Means for Healthcare.” Chief healthcare Executive. December 21, 2021. https://www.chiefhealthcareexecutive.com/view/what-oracle-s-acquisition-of-cerner-means-for-healthcare (accessed July 11, 2024)

Spitzer, Julie. 2018. “All of US News’ top 20 Hospitals Use Epic”. Becker’s Hospital Review. August 16. https://www.beckershospitalreview.com/ehrs/all-of-us-news-top-20-hospitals-use-epic.html (accessed July 4, 2024).

Thielke S, K Hammond K, and S Helbig. 2007. “Copying and Pasting of Examinations Within the Electronic Medical Record.” Int J Med Inform. 76(suppl 1):122-128. https://pubmed.ncbi.nlm.nih.gov/16899403/

Thornton, JD, JD Schold, L. Venkateshaiah, and B. Lander. 2013. “Prevalence of Copied Information by Attendings and Residents in Critical Care Progress Notes. Crit Care Med, Feb;41(2):382-8. doi: 10.1097/CCM.0b013e3182711a1c

Tsai, CH, A Eghdam, N Davoody, G Wright, S Flowerday, and S Koch. 2020. “Effects of Electronic Health Record Implementation and Barriers to Adoption and Use: A Scoping Review and Qualitative Analysis of the Content.” Life (Basel).10(12):327. doi: 10.3390/life10120327. PMID: 33291615; PMCID: PMC7761950.

U.S. CDC (U.S. Centers for Disease Control and Prevention). 2024. “Health Insurance Portability and Accountability Act of 1996 (HIPAA).” Public Health Law. Washington, D.C.: U.S. CDC. https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html

U.S. HHS. 2024. “The HIPAA Privacy Rule.” https://www.hhs.gov/hipaa/for-professionals/privacy/index.html (accessed May 15, 2024).

Wang JK, D. Ouyang, J Hom, J Chi, JH Chen. 2019. “Characterizing Electronic Health Record Usage Patterns of Inpatient Medicine Residents Using Event Log Data.” PLoS One., 6;14(2):e0205379. doi: 10.1371/journal.pone.0205379. PMID: 30726208

Woolley, John, and Gerhard Peters. 2004. “Executive Order 13335—Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator.” The American Presidency Project, UC Santa Barbara. https://www.presidency.ucsb.edu/node/217361

Wrenn, JO, DM Stein, S Bakken, PD Stetson. 2010. “Quantifying Clinical Narrative Redundancy in An Electronic Health Record.” J Am Med Inform Assoc, 17(1):49-53. doi: 10.1197/jamia.M3390. PMID: 20064801; PMCID: PMC2995640.

Yuan, N., RA Dudley, WJ Boscardin, and GA Lin. 2019. “Electronic Health Records Systems and Hospital Clinical Performance: A Study of Nationwide Hospital Data.” Journal of the American Medical Informatics Association. JAMA, 26(10), 999–1009. https://doi.org/10.1093/jamia/ocz092