The Health Information Technology for Economic and Clinical Health (HITECH) Act has flooded billions of dollars into health information technology projects. Part of the HITECH Act includes incentive payments through the Medicare and Medicaid programs for meaningful use of electronic medical records and back-end penalties for failing to meet the requirements. Successfully choosing and implementing any health information technology project presents some unique problems, and any purchaser should consider the following:

 

(1) Define the needed functionality. Smaller organizations may rely on existing functionality listings. In particular, physician practices may use Tennessee's Regional Extension Center to aid them in choosing and implementing an electronic medical record system. Larger purchasers, however, will want to customize a functionality listing and issue a request for proposal. Legal involvement is helpful at this stage in defining some key requirements including compliance with certain laws and regulations including requirements related to certification, meaningful use functionality and other standards as well as compliance standards. For example, organizations in Tennessee may want to be able to exchange health information through a local health information exchange such as Mid-South eHealth Alliance, Middle Tennessee eHealth Connect, or CareSpark. In addition, the ability to access certain statewide services such as medication history and laboratory translation services through Health Information Partnership for Tennessee will need to be considered.

 

(2) Legally, there are a host of laws, rules, and regulations that impact health information technology. The HITECH Act, alone, added significant requirements regarding breach notification and business associate liability issues that will need to be addressed in the contract or a business associate agreement. There are extensive privacy and security issues that must also be addressed.

 

(3) Ensure that the vendor's bid includes all of the hardware and software necessary to operate the system. Beyond the core application, purchasers will need to consider document imaging options, operating systems, interface engines, as well as identity and security management systems. In addition to the main server, purchasers may need routers, additional laptops, desktops, tablet PCs, printers, scanners, bar code readers, and other hardware items.

 

(4) Location of the systems can have major impact. Some purchasers will host the systems on-site or, for multi-site locations, a purchaser may use a central data center. Some purchasers may want the vendor to host and run the entire system from its own data center. Each of these has significant impact on data liability issues, as well as responsiveness of the system that must be addressed.

 

(5) Carefully evaluate all licensing options including choices between term and perpetual licenses, rights of use, system location, limitations, payment metrics and flexibility. Whichever licensing option is chosen, plan for projected growth.

 

(6) Develop a Workplan that sets forth the implementation responsibilities of both the vendor and the provider. The Workplan should define the implementation tasks, including interfaces, data conversions, education and training. Most importantly, the Workplan should set forth the criteria for acceptance of the system, including all necessary functionality, network, inter-operability and stress testing.

 

(7) Negotiate warranties that insure the functionality of the system as well as the adequacy of the recommended hardware. Warranties with regard to meaningful use payments should be carefully covered, especially since all meaningful use criteria are not yet known. Other warranty considerations include the rights to grant licenses, no disabling code, core functionality and other items. Carefully scrutinize disclaimers regarding use of the system for patient care and limitations on express warranties.

 

(8) Liabilities are one of the most hotly negotiated set of provisions. The vendor should provide intellectual property and data breach indemnifications. Any limits should be tailored to the scope of the project, the duration of the implementation, and the impact on operations.

 

(9) Maintenance and support agreements should define adequate response and repair times, as well as upgrades and the continued functionality of the system. Service-level agreements should provide adequate carrots and sticks to help ensure the vendor's system remains running and does not slow down or impede patient care.

 

(10) Payments should be tied to implementation milestones. This provides the greatest assurance of vendor performance.

 

(11) Insist that the vendor employees or agents assisting in the implementation be certified or experienced in the installation of the system you are purchasing. Also, retain and exercise the right to remove any vendor employee or agent if they are unable to adequately perform.

 

(12) Review the termination provisions of the agreement and insure they protect you against premature termination before installation is completed. Dispute resolution provisions should provide methods to discuss and resolve disputes in a collaborative and collegial manner before resorting to litigation.

 

Purchasing health information technology requires major capital outlays and often transforms an organization. Given the cost and impact of these systems, buyers should address these and other issues during contract negotiations to help protect the investment and make sure the system will meet the needs of your organization for years to come.

 

Randall E. Sermons, attorney at law, provides legal support for healthcare businesses including regulatory analyses, health information and health information technology as well as general corporate assistance. He may be contacted at res@randalle.us.