Contracts for electronic health records (EHR)
A practice manager’s life is hectic enough, without the extra headache of negotiating contracts on behalf of the practice.
Contracts for electronic health records (EHR) can be more tricky than most, because security of patient records is so vital for practices, and because this area is fraught with complex legal and professional issues.
Here are some tips on what to look out for in any EHR contract, and how to handle negotiations with the provider:
- When selecting a provider, don’t go on price alone. Make sure the provider has a good track record, and that the service it is offering is right for you.
- Don’t leave the contract until the last minute, or you may have to start using the service before you have signed – meaning that, if something goes wrong, you may not be able to make the provider resolve the problem.
- Your ability to negotiate the contract terms may depend on which provider you choose – the bigger providers may insist you accept their standard contracts.
- Even if you cannot change the terms, it is crucial that you understand what the contract says and that the wording achieves the effect you want. In particular, make sure you understand what obligations you are taking on, especially if you are being asked to give any ‘indemnities’ – promises to pay for any loss suffered by the provider.
- The contract should include a detailed specification that describes how the service will work and sets the standard the provider must achieve.
- If the contract refers to a separate set of terms and conditions, ensure you have read them and understand what they say.
- Avoid leaving any aspect of the service to be agreed after you have signed the contract: if you can’t reach agreement when the time comes, the whole contract may become unworkable.
- Make sure you understand how much you are paying for the service, and when – if you have to pay in advance, can you get your money back if something goes wrong?
- Are there any hidden costs, especially for items which you thought were already included in the service, and can the provider increase the price during the contract term?
- Will you have to pay VAT and, if so, is this included in the contract sums or on top?
- If the provider includes a clause limiting its liability, make sure this does not go too far, letting the supplier off the hook for types of loss which really matter, such as loss of data.
- Consider including a regime of service credits, whereby a failure by the provider will result in a repayment of part of the service fee – or a credit against future invoices.
- Patient confidentiality is a key professional issue for GPs, so make sure that the contract imposes strict obligations on the provider to keep all your EHR absolutely confidential and indemnify you against any breach.
- The handling or ‘processing’ of data, especially ‘sensitive personal data’ such as EHR, is subject to strict rules resulting from the Data Protection Act 1998. Make sure you understand your and the provider’s respective responsibilities, including as ‘data controller’ and ‘data processor’ – who is doing what and what are your rights and responsibilities if something goes wrong?
- When will the contract terminate? If it has a fixed or minimum period, make sure this is not too long and that you can terminate early if the provider becomes insolvent or commits a serious breach. Consider including a general right for you to terminate by notice to the provider, even if it has done nothing wrong, to give you flexibility to change provider. Termination provisions are important, so make sure you understand how they might work in practice.
The above points are not comprehensive so, if in doubt, please contact:
T. 020 7227 7441
This briefing is for guidance purposes only. RadcliffesLeBrasseur LLP accepts no responsibility or liability whatsoever for any action taken or not taken in relation to this note and recommends that appropriate legal advice be taken having regard to a client's own particular circumstances.