EHR contracts are not neutral documents; they are written from the vendor’s point of view and to the vendor’s advantage. Getting a fair contract is not impossible; however, it does require attention to detail. In this post, I will cover contracting issues that are a continual source of problems for unsuspecting practices. First, a few cautions:
- Never sign a contract without having it reviewed by professionals who understand technology contracts. Often, this may require a review by an attorney and an EHR technology professional.
- If it is not in the contract, then it is not true. One of the most common EHR horror stories begins, “No, it isn’t in the contract, but they promised to…” No matter how personable, sincere, and kind the EHR sales rep is, get every promise in writing, in detail.
- There is no such thing as a “HIPAA-compliant” EHR. There are rules and regulations that one can use to determine if covered entities, such as hospitals and physician practices, are HIPAA-compliant, but no such regulations exist for EHR products. (Current EHR certification requirements only assure that EHR products meet certain HIPAA security requirements for technical safeguards such as encryption and audit trails.)
- Never pay for everything up front. Instead, set payments to match milestones in your implementation plan.
Each of the items listed below has been a source of misery for countless practices. Don’t join them!
Laboratory interfaces, especially bidirectional ones, are a notorious source of trouble for many practices. When they do not work reliably, the practice is often caught between the EHR vendor and the laboratory with no one accepting responsibility for the problem. It is not unusual to find that an interface is not working six months or longer after implementation has begun. Avoid this situation in your practice by tying the final payments for the EHR to having working interfaces in place. Do not forget to include interfaces for specialized equipment and your practice management system.
Many clinicians assume that data put into an EHR belongs to them. Welcome to the real world. In general, ownership in the software world is different from everyday experience. For example, when you pay $20,000 for a car, you actually own it. However, when you pay $20,000 for a software package, you have only purchased a license to use it. It still belongs to the company. Many boilerplate EHR contracts either assign ownership to the company or are silent on the issue. Avoid ambiguity; make sure the contract unequivocally assigns data ownership to your practice.
Contract termination is not a pleasant topic to bring up when you are negotiating for your EHR, and some find it uncomfortable to discuss, but it is important. Use this portion of the contract to provide an out for your practice for things such as poor performance (vendor or software). In addition, try to set terms for moving data to a new system, and providing access to an archival copy of the old system in case of subpoenas and e-discovery issues. Pay particular attention to any monetary cancellation penalties. Unscrupulous vendors and resellers may use termination penalties to dissuade practices from ending a contract.
EHR pricing is usually based on the number of seats or licenses. This usually covers only the cost of the EHR itself. If additional software components are required, and they always are, be sure they are included in the contract. Too often practices find they have purchased an EHR only to discover later that there are additional fees for code sets or third-party software components that were not listed in the original contract.
Disaster Recovery/Business Continuity
Disasters come in all types: fires, floods, earthquakes, tornadoes, and really unhappy ex-employees. Backups are a good thing, but they are useless without the hardware required to run them. Contracts should clearly state the maximum turnaround time for getting the system back on line. For minor problems such as a hard disk crash or physical damage directly to the server, the lag time should be no more than a few hours. If someone other than the EHR vendor provides your hardware, be sure to have both companies agree to recovery procedures.
If an Internet-based EHR is being considered, uptime guarantees should be included in the contract. Finally, what if your Internet-based EHR vendor goes out of business? Data access contingencies should be included for this scenario.
Meaningful Use Reporting
In order to satisfy meaningful use requirements, EHRs must be able to generate reports for all required measures. Currently, practices receive incentives based on attestation alone; that is, without submitting actual data to prove compliance. If an audit occurs, practices would be expected to generate data to prove attestations were accurate. One would think that using a certified EHR would guarantee accuracy for meaningful use reports. However, the recent revelation from GE healthcare concerning inaccurate reports with some of their products proves otherwise. With this in mind, practices that intend to apply for EHR incentives should make sure there is a clause in the contract that assures the vendor will indemnify the practice against any inaccuracies in meaningful use reports that are due to technical issues with the EHR.
When negotiating a contract, don’t rush to get it completed. Spend as much time as necessary to check out every provision and have it properly reviewed– an ounce of prevention is worth a pound of cure.