2 min read

Health IT Contracts Offer Little Protection For Buyers

Key questions healthcare providers should ask before signing an electronic health record vendor agreement detailed by lawyer.

Slideshow: Who's Who In Healthcare IT
(click for larger image and for full photo gallery)
According to Fox, as the timetable for implementing EHRs and demonstrating meaningful use requirements draws near, healthcare providers should be cautious of standard vendor contracts with calendar-based payment terms. Further, payments should be linked to vendors' performance toward achieving meaningful use criteria. Providers should also demand objective milestone payments to retain control of the implementation process.

"We do know there will be new meaningful use requirements for Stage 2 and 3, and it's a moving target. Many vendors are unwilling to agree to future, unknown regulations, saying 'We don't know what we don't know,' but vendors need to remember that providers are paying them a lot of money for support and maintenance to meet those requirements. This is a big area of tension between providers and vendors right now," Fox said.

For those providers adopting software-as-a-service models to outsource their EHRs, Fox recommends that providers restrict vendors from holding data "hostage" and ensure unfettered access to customer data, including protected health information (PHI), on vendors' systems.

He also said providers should insist that vendors routinely back-up data and mandate the return of customer data upon termination of the contract as well as ensure security of data and access to such data if the vendor goes out of business.

With regard to security, Fox said providers need to stress confidentiality of PHI and make clear who owns the data and establish guidelines for the use of data by a vendor. Healthcare providers should also negotiate agreements that include intellectual property issues, obligations of nondisclosure, remedies for breach of patient information, and indemnification obligations.