Healthcare News & Insights

Watch out for these common EHR contract pitfalls

152962821Finding a satisfactory EHR system is difficult, as evidenced by the fact that so many hospitals are shopping for new software to replace what they currently have. Aside from the software itself, one key for hospitals to focus on: understanding their contracts with vendors and getting a favorable agreement. 

EHR vendor contracts are becoming especially important as more systems are being offered through the cloud. Instead of purchasing software and installing it themselves, many healthcare providers pay the vendor a subscription fee to use the system.

In those cases, the software and information are stored by the vendor, so the hospital is depending on that organization to keep the system up and running, protect data from security breaches, and perform other critical operations. The vendor agreement can help avoid downtime or other problems and hold the software provider accountable when things go wrong.

When healthcare providers purchase software, vendor contracts are important, too, since the hospital may rely on the vendor for maintenance and other ongoing services.

Although those contracts are critical, understanding the terms and their impact remains a challenge for many healthcare providers. Often, that leads to providers signing agreements that are more favorable to the vendor than to themselves.

To help, the Office of the National Coordinator for Health Information Technology (ONC) recently published a guide to understanding the terms in EHR vendor contracts.

Here are some of the common — yet often misunderstood — terms covered in the guide:

Indemnification and hold harmless

Basically, if a customer agrees to “indemnify” or “hold harmless” the vendor for certain legal claims, that means the customer is agreeing to cover all the costs if a third party brings a lawsuit related to the use of the software.

That can be a problem in EHR vendor contracts if the language covers all claims that result from a patient being harmed due to problems with the EHR system. If that’s the case, the hospital will be held completely liable even if the vendor is at fault. Similar clauses might covers incidents in which patients’ privacy is breached.

ONC recommends trying to negotiate for mutual indemnification, in which the hospital and the vendor are both responsible for the problems they cause.

Limitations of liability

In addition to hold harmless clauses, EHR vendor contracts also often include caps that limit how much the vendor will pay for financial damages caused by the software. In many cases, liability is limited to the total amount the hospital has paid for the software.

Also, contracts may limit liability to certain types of damages. ONC recommends carefully reviewing contracts with an attorney, because many types of damages could be excluded, which might create a lot of risk for the healthcare provider.


Warranties are a key part of EHR vendor contracts, ONC says, because they can be used to guarantee that a system will work as advertised. Some warranties can be implied, meaning they’re not mentioned in the contract but can still be enforced based on the law.

However, many EHR contracts have disclaimers that exclude implied warranties, so it’s important to make sure the right amount of responsibility is explicitly stated in the contract.

One clause ONC recommends looking for is one that guarantees the software will work the way it’s described in its documentation. Hospitals that wish to participate in the federal EHR incentive program may also want a warranty clause that guarantees the software will meet the requirements for Meaningful Use.

Contract termination

Hopefully, once the hospital chooses a system it will continue using the software for years to come. But in reality, that often isn’t the case.

In case the hospital needs to change software, it’s critical that the vendor contract allows for a smooth termination and transition to the new system. Otherwise, the hospital may be left without access to its electronic records for a period of time.

ONC recommends looking for contracts that include transition services, in which the vendor agrees to help transfer data to a new system at the end of the contract period. The contract should at least have a guarantee that the hospital will be able to keep all of its data after it stops using the vendor’s system.

That should include all personal health information covered under HIPAA, but also all of the other important financial and organizational data.

In addition, hospitals should be careful about contract periods that are excessively long and keep track of renewal periods for contracts that automatically renew.

For more, download the full ONC guide.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.