With the American Reinvestment and Recovery Act/Health Information Technology for Economic and Clinical Health (ARRA-HITECH) Act incentives expiring in just a few years, healthcare providers will likely get only one chance to qualify for the full amount of incentive payments. Thus, successful installation and operation of an electronic health record (EHR) system by the vendor becomes critical to each healthcare organization trying to achieve meaningful use. Therefore, EHR contracts must include adequate protections, safeguards, and other rights reserved for the customer, in the event that the vendor defaults or otherwise fails to perform to the provider's satisfaction. This article provides a sampling of, though by no measure all, such protections and safeguards, along with some valuable suggestions for negotiating a fair deal for both parties.
Prior to even looking at the vendor's contract, it is important to remember that everything is negotiable, and that includes price, payment terms, limitations of liability, and warranties. This fact is too often ignored. Also, some providers make the mistake of advising a vendor that it has either been selected as the winner of the request for proposal (RFP) process or that it is the “vendor of choice,” and all that remains is to enter into a contract. That is a sure-fire method to undermine one's bargaining position.
It is much more effective to select the top two vendors, then advise the preferred vendor that if negotiations break down or do not go as expected, the second choice is waiting in the wings. In some cases, a dual-track negotiation process may even be worthwhile. These methods tend to keep the pressure on the preferred vendor and generate additional concessions. Nevertheless, both parties should aim for a win-win deal and keep in mind that the purchaser and vendor will have to work together in the future for an extended period of time.
IT IS ESSENTIAL TO DETERMINE THE CORRECT TYPE OF LICENSE FOR THE ORGANIZATION'S PARTICULAR NEEDS AND PROPOSED USE. THERE IS NO SUCH THING AS A ‘STANDARD’ LICENSE.
It is essential to determine the correct type of license for the organization's particular needs and proposed use. There is no such thing as a “standard” license. For example, there are shrink-wrap licenses, typically used for off-the-shelf software; site licenses, covering a specific geographical location; enterprise-wide licenses, encompassing an entire business or institution; named user or concurrent user licenses; and application service provider (ASP) or software as a service (SaaS) licenses (also known as “cloud” licenses), governing the right to use software on a subscription-type basis. Each of these and other types of licenses has its own inherent set of unique issues that must be carefully analyzed and dealt with.
INSIST ON MUTUAL CONFIDENTIALITY OBLIGATIONS WITH STRICT LIMITATIONS ON THE VENDOR'S USE OF THE ORGANIZATION'S PATIENT INFORMATION.
Other license terms must also be carefully reviewed. For instance, will the license be perpetual, for a fixed term or renewable annually? Will there be a single payment of license fees or are they to be paid for as long as the license remains in effect? Does the license limit the number of users, requiring additional fees and costs as the users increase? Can you use concurrent users instead of name users? If so, negotiate additional license fees up front, rather than agreeing to pay “then current” fees in the future. Is any third-party software included in the system that may necessitate a sub-license? If all of these issues are not addressed properly, this could lead to significant problems during the term of the agreement.
CONFIDENTIALITY, PRIVACY, AND SECURITY
Another set of hidden dangers relates to confidentiality and proprietary rights. Most of the boilerplate contract terms protect the vendor's trade secrets and restrict access to the software. However, it is less common to find similar protections for the purchaser's confidential and proprietary information. Insist on mutual confidentiality obligations with strict limitations on the vendor's use of the organization's patient information.
This is especially important in light of the substantial changes to the existing Health Insurance Portability and Accountability Act (HIPAA) regime, as mandated by the HITECH Act and the accompanying regulations. Privacy and security issues are directly related to a provider's ability to amend and/or terminate the contract for a vendor's failure to comply with applicable laws; fair allocation of compliance costs; and requirements for vendors to enter into business associate agreements, where applicable.