Provisions that can protect your agency
Ambulance companies unfortunately were not included in the “meaningful use” financial incentive program established by the Patient Protection and Affordable Care Act (PPACA). Nevertheless, because of the requirements of their customers and the need to perform efficiently in an electronic world, a tremendous proliferation of electronic patient care report (ePCR) systems exists in the public and private sectors of the EMS industry.
As a result of not being included, and because of the need to comply with a company’s customer requirements, some providers have encountered significant challenges getting their ePCR systems up and running or keeping them operating appropriately. Therefore, it’s important that effective contractual protections be built into the relationship with ePCR vendors. The following are some of the key issues to address.
Vendor staff continuity
A limited number of proven ePCR vendors exist, and there’s an even more limited number of true subject matter experts with application-specific and battle-tested experience in ePCR implementation projects. It’s important to carefully vet the personnel offered by the vendor and consider making their assignment to your project a contractual requirement that’s subject to change (e.g., through substitution of alternative personnel) with your written approval only. Capturing the right personnel for your project and assuring staff continuity are important keys to success.
Integration & system configuration
Providers are typically buying an ePCR solution–not just a piece of software. The agreement should require the ePCR applications to integrate, interface and interoperate with each other, with third-party software and with any existing legacy systems. Further, the ePCR solution must work properly on the designated hardware platform. In many cases, companies also require the vendor to ensure compliance with some, or all, of the company’s customers.
In addition, consider requiring a warranty from the vendor that the system, including the ePCR software and your hardware, in the vendor’s recommended configuration, is sufficient in size, capacity and processing capability to meet your needs. Further, consider requiring that the vendor be financially responsible for acquiring and installing any additional equipment, applications, interfaces, network infrastructure, connectivity or operating systems later determined to be necessary if they breach the warranty.
In some cases, companies have required consultants and vendors to put some “skin into the game” and have them contractually bound to stand behind their recommendations and approval of the company’s existing or to-be purchased systems that they will be compatible with the vendor’s solution.
Scope of software license
As part of an ePCR application, providers typically purchase a software license. Remember to ensure that the scope of the license covers your intended use, both internally and in connection with the transmission of data to hospitals, EMS agencies and, on request, to patients. Many vendor licenses are written in terms of allowing you to use the software for your “internal purposes only.” Such a restriction likely won’t encompass all the uses for which you may want to use the software. A better, more encompassing approach is to draft the license in terms of permitting you to use the software for your “business purposes.”
Many vendors initially push back on this contracting point, claiming that limiting use of the software for “internal purposes” is typical and customary language in a software license agreement. However, it’s important to keep the nature of ePCR software, how it’s used and what third parties have rights to access the information contained therein in mind. Remember that such a provision could likely put a company in breach of its contracts with its customer and likely create problems with governmental and regulatory agencies.
“No service bureau” provisions are also common in software licenses and may preclude you from using your system with hospitals and patients if the concept of “service bureau” isn’t appropriately addressed.
Confidentiality & security
For business and regulatory reasons, confidentiality and data security are critical issues, particularly as related to protected health information (PHI). The vendor must execute the applicable business associate agreement (BAA) as required by the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules, modified as appropriate to comply with the HITECH Act. To summarize, as a business associate, the vendor must comply with the following requirements:
- The security breach notification requirements imposed by the HITECH Act;
- The HIPAA security rule standards and implementation specifications for administrative, physical and technical safeguards; and
- A requirement added by the HITECH Act that if the vendor uses subcontractors that will have access to electronic PHI, the vendor must enter into a business associate agreement with such subcontractors, incorporating all the requirements that the business associate itself must satisfy.
Continuous software support
Vendors of ePCR programs have been in a state of flux, with companies merging with or acquiring each other. Further changes in the industry are likely. They could potentially affect providers’ investments in their vendor’s product. Frequently, these changes result in the surviving company phasing out redundant or overlapping products. Consider including protections in the agreement that provide you with a right to move to a “replacement product” of a successor entity at no additional cost, in the event the original ePCR product isn’t being adequately supported by the successor entity.
Another option is to have the software escrowed, and based on any of the conditions above, including for any failure by the vendor to properly support the software (as discussed below), the customer will be entitled to the source code and any vendor personnel sufficient to maintain and support the software, regardless of any non-solicitation provisions contained in the software license and/or support agreements. In the alternative, the agreement can provide that instead of requiring the vendor to have its personnel maintain and support the software, the company can turn to a third party to maintain and support the software. In this case, it’s important to require the vendor to deposit the source code with the escrow agent. It’s also important to update the escrow with all upgrades, updates, improvements, fixes and modifications of the software in a timely manner.
Maintenance & support
All forms of software improvements should be included in your maintenance and support agreement, including revisions brought about by regulatory requirements and market forces. If this issue isn’t addressed, you may be charged more for “new” functions.
You should seek service level commitments relating to support request response and resolution time to ensure that errors are being addressed in a timely manner. A system that’s not functioning properly in terms of availability and response times is viewed by users as broken, even if the ePCR system does what it’s supposed to do. In order to motivate the vendor to meet these various service level commitments, appropriate financial remedies must be associated with service-level failures. You should also have a termination right for vendor’s repeated service-level failures.
Interim remedies
Interim remedies are essential to successful implementation because they motivate the vendor to perform in accordance with the agreement or correct problems with performance. For example, the withhold remedy is one of the most useful remedies in practice, allowing a company to withhold payment in the event that the vendor isn’t performing under the agreement. In addition, in the event the vendor fails to achieve any of the specified service or delivery dates specified in a statement of work (SOW), a withhold remedy can be used for each day of delay beyond the scheduled completion dates.
Definition of services
Effectively managing change, vendor scope and budget is critical to a successful ePCR implementation. The definition of “services” is of critical importance in an ePCR implementation agreement. Whether the agreement is priced as a fixed-fee transaction, time and materials, or a hybrid, the importance of the definition of services can’t be overstated. The implementation of an ePCR program is characterized by a good deal of “inflight” change.
Change is necessary, and in many cases, good. However, between the vendor and the company, the vendor is the party with the knowledge, skill and expertise and understanding of the solution and has learned from past experiences with licensing and implementing its solution with its other licensees, and not company.
Consequently, the company is relying on the vendor’s recommendations and suggestions based on the vendor’s past experiences. There should be little, if any, scope change unless the result of changes in legal or regulatory requirements.
In general, the company should only be responsible for expenses associated with a scope change as a result of customer’s requested changes or due to its failure to disclose material information.
Accordingly, a change that isn’t minimized and adequately controlled in the SOW can be expensive. Typically, vendors take the position that any change not included in the applicable SOW is a change–and the vendor isn’t obligated to work on a change if it doesn’t agree on price and schedule adjustments. Therefore, it’s important that each SOW provides a complete and detailed description of services.
Conclusion
The acquisition and implementation of a sophisticated ePCR system is one of the most important transactions a provider will typically undertake. These suggestions are intended to help protect the provider from inadequate performance. However, it’s also critical that other provisions in the agreement be effectively negotiated.