Picture of the logo of Health Informatics Europe
What's new
HIE wire
Meeting place
Who's who
Library
Directory
Search
About HIE


Editor
Dr Ahmad Risk 

Committed to the Open Source Movement in Healthcare

Established
16 October 1998

Copyright © 1998–2008
Health informatics Europe

HIE r_aro.gif (116 bytes) Library r_aro.gif (116 bytes) Papers

updated: 14 April 2005


Choosing a health information technology vendor: guidelines for success

By Davis Wright Tremaine LLP 

The successful implementation of health information technology (HIT) can provide extraordinary benefits for healthcare-related organizations, including accessibility to comprehensive patient information, error reduction, greater efficiency and financial savings. HIT is a tool, however, and along with potential benefits come limitations and risks that must be addressed in any project or operation for it to succeed. The goals of HIT implementation ultimately depend on the successful procurement of the underlying information technology. To realize the potential benefits while minimizing negative risks, buyers must be sure to make the wisest possible decisions when purchasing HIT systems and associated services. Without smart decision-making at the beginning of a new project or operation, a buyer is likely to have a troubled or failing HIT project within a year to 18 months. Accordingly, buyers should consider the following:

HIT must satisfy a buyer's business needs and price plan

Most buyers have defined their "business" needs, e.g., identified operations that require automation and then face the daunting task of determining which HIT product or service can best meet these needs. Moreover, the buyer must decide up front if it needs or wants to own software or if a license will suffice. Unless the agreement specifies that the developer has transferred its ownership rights to the buyer, the developer owns the software and the buyer has only the licensed rights described in the agreement. If a buyer does not own the software, it potentially could lose the rights it has under the license and/or be required to pay additional license fees whenever it expands its HIT to new sites. Of course, the buyer also must also determine whether the price for the product or service is appropriate.

Pay only for deliverables that work

There is usually some compromise between the vendor's need to have some funds for technology as soon as possible - for paying hardware suppliers, for example - and the buyer's need to pay for actual products and to retain some funds until the service or product has been successfully implemented and tested. Buyers should retain a significant percentage of the total price until the acceptance of deliverables or services. An additional percentage might be withheld until an entire system has performed successfully for 60 or 90 days after its acceptance.

Perform acceptance tests and require a refund for failed systems or services

A buyer should only choose a vendor that allows the buyer to test new systems or services after they are installed to confirm that they operate according to all necessary specifications. The acceptance tests should have defined periods (in the work plan) for testing, corrections of failures and retesting the system as a whole. The work plan should have a "drop-dead date" by which the system must work in accordance with its specifications. If the technology does not work by the drop-dead date, the buyer should have the option to terminate the contract, in whole or in part, or to require the vendor to continue to fix and retest the technology. If the buyer decides to terminate the contract, then the vendor must remove the technology and refund any money the buyer has spent for the returned technology."

Test entire services or systems, as well as isolated parts

Buyers reduce risks by testing each of the specific functions of the HIT system or service and then testing the entire integrated and networked system, which should operate without failure when interfaced to other systems. If corrections are made to address failures that occur in one part of the system, the whole system should be retested to confirm that it all works correctly.

Acceptance and Warranty Performance Specifications Should Be Objective and Absolute
A preferred vendor will agree with a buyer upon objective performance standards and specifications that must be met before acceptance of the technology, which also will be included in the warranty. Specifications should include standard, published user and technical documentation, all documents and standards relied upon by the buyer in making its purchase decision (e.g., requests for proposals, vendor proposals, brochures, and other standards that the technology must meet) and detailed performance standards such as response times, batch processing time and uptimes.

Beware of qualifiers in acceptance or warranty standards

Vendors try to have buyers accept systems that work "substantially" or "materially" in accordance with the specifications. Allowing such qualifiers or hedges into an objective standard, however, will severely limit the likelihood that the buyer will receive the system it thinks it has purchased and will lead to arguments about how close the system is to its specifications."

A warranty is a promise the vendor must keep

HIT vendors should warrant that the system or service will: (i) operate in accordance with the mutually established specifications; (ii) comply with all federal, state, county, and local regulations, statutes, guidelines, and codes; and (iii) contain no viruses, bombs, or disabling devices that could be triggered if the buyer fails to perform one of its obligations, such as making a payment when due. The warranty may be limited to a certain period, such as one year from acceptance of the entire system for large purchases. For a breach of warranty, the vendor should repair or replace the service or system, in part or in whole, at no additional cost. If a vendor cannot satisfy its warranty obligations, then the buyer should have the right to terminate the agreement and receive a full refund.

Vendor should provide firm schedule for performance of all obligations

A preferred vendor (and a successful HIT project) will have a detailed work or project plan for the entire system or project, with mutually agreed upon firm dates, for such important events as delivery, installation, data conversion, the beginning and projected ending of acceptance testing, implementation and project completion.

Buyer and vendor must manage the project carefully

Unmanaged projects fail. Both the buyer and the vendor must carefully manage their parts of the HIT project. Preferred vendors agree to stay on schedule every day or update the schedule in an acceptable way and subject to the buyer's agreement, attend meetings, provide weekly and monthly reports, fully staff the project, make decisions in a timely manner, stay within the scope of the project, perform change orders as needed and timely perform their other obligations.

Buyer and vendor should negotiate terms of maintenance services upon initial purchase

The buyer should negotiate maintenance terms at the time of purchase, when it will be more likely to obtain significant support concessions. Since maintenance agreements generally cost 18 to 25 percent of the initial purchase price, maintenance agreements are as important as the purchase agreements.

Vendor should agree to give buyer remedies for foreseeable problems

Technology projects rarely proceed as planned. This contingency should be built into a procurement contract. Typical remedies in large technology agreements include free hardware for performance standard failures, termination for default or convenience, software source code escrows, liquidated damages to compensate the buyer for failures by the vendor to perform key obligations, temporarily withholding payments from nonperforming vendors until they perform all of their obligations up to the standards (sometimes even withholding payments for acceptable work if the vendor is in default of another obligation), permanently setting off payments that would otherwise be made to a vendor due to the vendor's breach, and letters of credit.

Vendor should indemnify buyer from certain harms

Most standard vendor contracts contain only limited indemnification or do not provide for indemnification by the vendor at all. At a minimum, a buyer should try to receive general indemnifications against harm caused by the vendor's acts or omissions (or by its negligence or willful misconduct), against the vendor's disclosure of the buyer's confidential information, and against the system's failure to meet all applicable laws and guidelines. In arrangements with vendors, particularly those that are installing sophisticated HIT and using licensed software or creating custom software to operate the equipment, indemnifications against infringement or misappropriation of intellectual property are increasingly critical.

In many cases, HIT will be involved in making crucial medical decisions. Buyers should consider indemnity provisions that protect against malpractice or related claims that result from faults in the HIT. Buyers, however, also should resist reverse indemnification provisions, where a vendor will attempt to be indemnified if it is sued directly by an injured party. If the buyer is unable to resist these types of reverse indemnification provisions, the buyer should verify that its insurance will cover such a contractual obligation.

Vendors should agree to strong confidentiality and security obligations

Data managed by HIT in most cases will include sensitive personal information. The implementation of HIT must comply with general federal and state privacy laws, such as the Health Insurance Portability and Accountability Act ("HIPAA"). Most vendors, in implementing and maintaining HIT, will be business associates of a covered entity buyer. Therefore, the required provisions for a business associate contract must be included. Moreover, confidentiality, privacy and security provisions should include mitigation and indemnity clauses that survive any disclaimers and termination provisions in the contract. The confidentiality provisions also should include an appropriate definition of the information to be protected, the standard of care to be used, a limitation on the purposes for which the confidential information may be used, and a clear statement of who will retain property rights in the information. In addition, a HIT contract should contain specific notification requirements in the event that a party improperly publishes or discloses confidential information and should entitle the injured party to immediate injunctive relief without requiring a cure period.

Damages disclaimers and limitations must be mutual for both sides and carefully crafted to lift the limits for certain harms

A damages disclaimer is a provision that disclaims responsibility for certain types of damages. Damages limitations impose a total cap on damages recoverable under the contract. If these provisions are included for the vendor, the vendor still should be liable for all damages arising from its indemnification obligations, breaches of its obligations to protect the buyer's confidential information, and federal penalties and disallowances.

By Davis Wright Tremaine LLP 
2600 Century Square
1501 Fourth Avenue
Seattle, WA 98101
USA

14 April 2005