Find a Doctor Near You? Yes, but Medical Booking Sites Have Downsides, Too.
Not all doctors are listed, and privacy protections may be lacking
People often ask Ken Duckworth, MD, chief medical officer of the National Alliance on Mental Illness, whether he can recommend a psychiatrist.
“I literally tell them, I have no idea who’s taking patients now,” he says. “Finding a provider is actually a very big hurdle, even if you have insurance, if you speak English, and you have the time to find one, because demand has been crushing supply, particularly in the pandemic.”
Locating a new doctor and booking an appointment, especially on short notice, was never easy in our complex and fragmented healthcare system, and the COVID-19 crisis made matters worse. However, a number of online health scheduling companies say they can make booking a visit—whether for a psychiatrist or any other type of doctor—far more convenient.
Advertising, Not Referrals
Medical appointment websites can save patients a lot of time and effort if they’re searching for a specialist.
A recent Zocdoc search for a psychiatrist near Miami quickly turned up an appointment the next day in Boca Raton, Fla., 40 miles away; a mental health nurse practitioner available five days later; and several appointments via video within a few days. A search for a cardiologist in Modesto, Calif., found three different doctors that day for video consultations, or an in-office doctor appointment more than 50 miles away the following day.
These websites generally charge doctors a subscription, or a fee for each booking, or both. For example, Zocdoc charges doctors $40 to $140 per new appointment, according to Zocdoc’s vice president of strategy, Richard Fine.
Charging doctors per booking is controversial because U.S. laws prohibit doctors from paying other medical professionals for referrals. However, because Zocdoc does not recommend any one physician over another, U.S. and state agencies allow this billing model. “Zocdoc is an advertising platform, not a referral source. Just as a search engine, phone book, or insurance directory does not make referrals, neither does Zocdoc,” Fine says.
“Zocdoc, to their credit, created a technology that was pretty convenient for the consumer,” says Andrew Brotman, MD, executive vice president and vice dean for clinical affairs and strategy at NYU Langone Health, a New York hospital system. But once Zocdoc started charging doctors by the referral in 2019, NYU Langone became one of a number of healthcare providers to stop using the service and instead set up ways for patients to book on their own sites.
Many of these web portals rely on the services of big electronic records companies such as Cerner and Epic, whose MyChart portal has relationships with medical practices that include 415,000 physicians, or about half of all the doctors licensed in the U.S.
Those portals have some advantages, especially when it comes to protecting your privacy (more on that below). Yet some of the upstart, lesser-known websites offer their own advantages. An example is MDSave, a company that advertises a guaranteed, no-surprises total price for medical procedures in 36 states. The company’s site says that, nationally, the average cost of a colonoscopy is $4,615, but that MDSave’s users pay much less on average. And the site lists the prices for specific providers, such as one charging $2,096 in Chicago and another charging $1,263 in Oklahoma City.
MDSave builds in a 10 percent patient transaction fee, which covers credit card processing and other costs, and a licensing fee for doctors and hospitals, says Paul Ketchel, the company’s co-founder and CEO. About 75 percent of MDSave customers have insurance policies with high deductibles and 20 percent are uninsured, he says. Other patients using the site are seeking procedures not covered by their insurance plans, such as weight-loss surgery.
Confusing Rules on Privacy
When you provide information to a website to book a doctor’s appointment, your information is generally covered by HIPAA. But the same protections may not apply to information collected when you’re simply searching through listings of doctors or reading reviews by patients—even on the same website.
“These companies are not necessarily covered under regular privacy regulations that govern most of medical care,” says Matthew Wynia, MD, director of the University of Colorado Medicine’s Center for Bioethics and Humanities. “They’re having to make this up because they don’t have HIPAA to regulate them. So they choose what their self-regulatory regime is going to be.”
Some companies that are careful not to share personally identifiable patient information may still make money by selling anonymized data to other companies, a practice that’s allowed under HIPAA. And data sold about you without your name but with your medical issues carries risks. Just three pieces of information—date of birth, ZIP code, and gender—are enough to identify the overwhelming majority of Americans, according to a study by Latanya Sweeney, PhD, Harvard data scientist and former Consumer Reports board member who published the research when she was a researcher at Carnegie Mellon.
Your data is especially likely to be for sale from sites that don’t collect fees from either patients or doctors, experts say. “If there is no business model and yet they’re in business, there’s a good chance that they’re selling data to somebody,” says NYU Langone’s Brotman. “And there are a lot of willing buyers.”
Which Sites to Trust? It's Hard to Know
This spring, a number of websites were promising to help people find elusive appointments for COVID-19 vaccinations. Rebecca Gluskin, PhD, a statistician who worked on a recent report on potential misuse of health data during the COVID-19 pandemic, says that some of these deserve scrutiny for how they use patient data.
One site, Dr. B, didn’t actually book appointments, but it collected all the information appointment sites required to determine eligibility, such as the user’s birthdate, cell phone number, occupation, and a list of health problems. The site is still in operation, and still asking the same questions, even now that age and occupation requirements have largely been eliminated from the vaccine process and it’s easy for most people in the U.S. to get vaccinated.
A recent MIT Technology Review investigation raised questions about how many people Dr. B actually helped find an appointment. “After weeks of looking, I was unable to identify a single individual who successfully got a shot through the service,” the article’s author said.
The company founder, Cyrus Massoumi, who was also a co-founder and CEO of Zocdoc until 2015, declined to answer detailed questions but provided a short statement: “Dr. B only asks for data directly needed for providing the service and protects that data up to HIPAA standards,” he said. “We don’t sell patient data.”
When asked about their data practices, several medical booking sites assured Consumer Reports that they behave responsibly, even if their privacy policies allow them to sell patient data. But there’s at least one cautionary tale from the recent history of the industry where a medical middleman crossed serious ethical and legal lines.
In 2013, a company called Practice Fusion unveiled what it called the largest U.S. doctor appointment booking site, Patient Fusion. But in 2016, the Federal Trade Commission alleged that the company had deceptively solicited reviews of doctors by emailing patients and asking for feedback on the quality of the care they had received, then publishing the responses on the website. Many patients thought the information was going to their healthcare providers, and therefore included very personal information about their medications or conditions that was then posted publicly by Fusion, according to the FTC. Patient Fusion settled with the agency without admitting or denying the allegations, and agreed to avoid such deceptive conduct in the future.
Even worse, in 2020, Practice Fusion agreed to pay a settlement of $145 million after U.S. officials alleged the company had sought out and took kickbacks from a drug company to promote opioid use through a health records system that it ran along with the medical appointments site. By then Practice Fusion had been bought by another health-tech company, Allscripts. The new company’s settlement to the U.S. government and states was much more than the $100 million the acquisition had cost.
I spoke to Ryan Howard, Practice Fusion’s co-founder and then-CEO, back in 2015 for a book I was writing on the business of patient data. But when I reached out to him recently for this article, he responded with a three-word email that contained my name and a two-word expletive.
“That’s a good illustration of the potential peril,” Wynia of the University of Colorado says, referring to both the terse email and the company’s history. When online entrepreneurs see a way to turn big profits in healthcare, the results may often be good for consumers, he acknowledges, but you can also end up with a “toxic mixture” that puts patients at risk.
Best Ways to Book a Doctor
If you’re using a doctor booking site, experts say, it’s important to understand the trade-offs.
First, it’s smart to share personal information with as few websites as possible. If you already have a healthcare provider, make an appointment with the office directly, either by telephone or through its own website, which will typically have stronger privacy protections. You can also find a new doctor and book an appointment with them on many hospitals’ websites.
The fact that doctors pay for their listings on many sites means that a lot of great practitioners in your area may not appear. If you’re looking for a new doctor, a straightforward Google search might yield the most complete results. You can also consult the American Medical Association’s DoctorFinder website.
In addition, Brotman, who is chief clinical officer at NYU Langone Health along with his other roles, advises skepticism when researching doctors through these sites, especially if you’re trying to see what kinds of services a practice provides. “I wouldn’t take seriously any issue about quality, or scope of practice that the [practitioners] have, because they all come from the doctor themselves, not from any third party,” he says. “They’re advertising.”
Jane Sarasohn-Kahn, a health economist who maintains a blog called HealthPopuli, advises consumers to try to research any doctor before making an appointment. “It’s good to know, for example, that a physician is Board certified in a particular specialty, attended a particular medical school, or even lawsuit/liability history,” she says.
Also, look up state doctor certification sites, says Duckworth, of the National Alliance on Mental Illness. “These things all have different names,” he says. “But it’s all state by state.” Names of such agencies include the Medical Board of California and the Texas Medical Board. Or you can start your research with these nationally focused websites: Certification Matters and DocInfo.
“Mostly, it’ll be pretty boring. Bob Smith has a license. But that’s the start. Because that’s better than Bob Smith is under probation. Bob Smith was, you know, his license terminated four years ago, and now reinstated.”