With the deadline for incentive payouts under the HITECH Act (Health Information Technology for Economic and Clinical Health) only a couple years around the corner, small practices are flocking to electronic health record (EHR) systems in hopes of earning Meaningful Use incentives and avoiding future penalties. In this transition, some providers have found themselves locked into restrictive contracts with vendors that don’t fulfill their obligations or live up to their original promises. Now, instead of focusing on patients, some physicians find themselves tied up in contractual disputes. When you commit to an EHR vendor, you’re putting a lot more at stake than licensing fees. For instance, all information entered into an EHR could be used as evidence during litigation. For this and many other reasons, it’s important that small practices understand all the details and make their needs and objections known. According to a report sponsored by the Office of the National Coordinator for Health Information Technology (ONCHIT), most EHR vendors will agree to negotiate on at least some terms within a standard contract. There are four main areas of EHR contracts that healthcare providers should be especially vigilant about.


In the case of EHRs, “data” refers to patient records. The patient record is the building block of medical care in any practice. Doctors rely on records to provide them with insight about medication and treatment history as well as current symptoms, notes from nurses, allergies, etc. Because of this, EHR contracts can have large implications for your practice’s data.
  • Who maintains control? This largely depends on whether you choose an on-site or cloud-based EHR. With on-site, you purchase a one-time license to physically install the software, which of course lets you maintain control over data. With cloud-based (or SaaS) EHRs, you pay a monthly fee for access to the software, meaning the data will still technically belong to you, but will be housed on remote servers.
  • Who is responsible for data back-up? If a provider chooses on-site software, the EHR contract will most likely require them to be solely responsible for backing up and protecting their own data. With SaaS products providers should try to ensure that the contract requires the vendor to back-up data. To ensure data security, practices using cloud-based EHRs should also verify that providers are using redundant storage practices, and that the backups are located in separate data centers.
  • Termination/Transition procedures: Based on historical EHR usage trends, many providers will at some point decide to terminate service with their EHR or transition to a new vendor. This is another place where fine print can make a world of difference. First of all, you want to ensure that your practice will have continuous access to patient records. Does the contract provide for data access during the transition period? Has the vendor ever used a data “black-out” to hold a provider hostage during a dispute? Does the vendor charge a data retrieval fee (such fees could range from $125/hour for technical assistance to a $50,000 surcharge)? These are all questions that need to be answered before a contract is signed.
  • Data Confidentiality: Vendors want to protect their intellectual property, and often place a confidentiality agreement in the contract that forbids providers from sharing detailed information about the software. What they don’t always do is include a provision for confidentiality of patient data. Because of your liability under the Health Information Portability and Accountability Act (HIPAA), you may want to negotiate for specific clauses preventing EHR developers from using your patient information for any outside purposes.


EHR vendors are conservative when it comes to guarantees. They like to file contracts that hold them accountable to only the minimum performance standards. Don’t rely on any promises that you feel are “implied,” or that are communicated to you in any other place than the contract (i.e. email, over the phone, etc.). Many contracts include language that negates all implied warranties, which is more reason for providers to negotiate specific, written warranties for the features that are most important to their practice. Some examples:
  • Meaningful Use (MU) certification and continued adherence/adaption to new standards. Medicare will begin penalizing providers who fail to meet MU standards with a 1% reduction in Medicare payments next year, and up to 5 percent in subsequent years.
  • Maintenance and support for an allotted time: A “perpetual license” doesn’t always mean the vendor will continue to provide support and updates indefinitely.
  • Interoperability: According to HealthIT.gov, “HR Interoperability enables better workflows and reduced ambiguity, and allows data transfer among EHR systems and health care stakeholders.” If your vendor has made specific promises about their software’s ability to share information between multiple systems and users, make sure this is guaranteed under warranty.
  • Protection against premature “sunsetting”: Make sure your license is grandfathered in and will continue to receive support, even if the developing company decides to phase it out for a different system or more profitable license arrangement.


When one party indemnifies another, it means the indemnified party is released from liability under the claims specified. For example, if a vendor requires you to “indemnify and hold [them] harmless” in cases where patient harm is caused by operation of the EHR software, it means they would be released from responsibility to that claim, even if the patient was harmed due to an error with the software, not its operator. Be very careful about indemnification language. If you think your malpractice insurance will cover mistakes made due to EHR use, you may be wrong. Many policies exclude coverage for product liability and indemnification of third parties. If there’s any doubt, double check with your insurer and the EHR vendor. “Mutual indemnity,” which requires both parties to be responsible for their own acts and omissions, is a good middle ground for providers and vendors.


Small practices can’t afford to be surprised by hidden fees or rate changes. Luckily, EHR vendors will often be willing to negotiate licensing costs up front, especially when they know you’re considering making a commitment. There are many different aspects of pricing to consider – among them early termination fees, the cost of adding users, installation fees, data retrieval fees, interface/interoperability development, and upfront licensing costs (for on-site software). In the interest of avoiding data-hostage situations, many practices reserve the right to withhold payment during disputes with SaaS vendors. If the vendor hikes your subscription price by 20 percent, for example, you would be contractually allowed to withhold payment until reaching an agreement with them. Otherwise, you risk having system access cut off, which would mean losing access to medical histories, medications, allergy lists, and other important patient records.


If you don’t already use an EHR system, finding a reliable solution should be one of your top priorities. This article is not intended to scare you. In fact, you should know that EHR adoption has largely been a positive experience for health care providers. The National Center for Health Statistics reports that 71 percent of EHR adopters would purchase their EHR system again, if given the choice. Have you recently negotiated an EHR contract, or had a dispute with a vendor? Share your experiences or tips in the comments below.

Top Electronic Health Record Software Recommendations