Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Covering Your Practice When Using a Hosted EHR

Posted on June 12, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest post by William O’Toole discussing a really misunderstood topic about clinic responsibility in a hosted EHR environment and how to protect your clinic. This ties in really well to Katherine’s previous post about Business Associates HIPAA Preparation.

Too many times people in EMR acquisition mode have made the assumption that hosted solutions automatically insulate the customer provider from liability for data breach or unauthorized disclosure of patient information, which is unsettling because it is simply not true. Health care providers are always responsible to patients for these unfortunate situations and nothing in HIPAA or the HITECH Act shifts that responsibility to the vendor of the hosted software solution. While HITECH does extend compliance requirements and potential penalties to vendors that provide services to providers involving patient information, this does not mean that the provider is not responsible to the patient.

All that gloom aside, it is completely possible to protect the provider organization through indemnification language in the software agreement with the vendor. In situations where the fault (violation of HIPAA) lies with the vendor that is hosting the software, and controlling and possessing patient data, if no indemnification provision exists, then any award for damages in a patient lawsuit would have to be paid by the provider without any contribution from the vendor. Think of the indemnification in that manner. It basically means that if there is a violation, and it is caused in part by the vendor, then the vendor will contribute to the payment of damages to the extent it was at fault.

An indemnification from a vendor Business Associate to a provider Covered Entity for any data breach or unauthorized disclosure of patients’ Protected Health Information (capitalized terms as defined under HIPAA) is critical in light of ARRA/HITECH and its impact on HIPAA. Briefly, ONC will be investigating, auditing, and penalizing both Covered Entities and Business Associates through powerful enforcement of HIPAA as mandated by the HITECH Act.

Providers should review all IT vendor contracts and Business Associate Agreements with those vendors. Ideally, for every vendor relationship with your hospital or practice, those two contracts should have matching language stating that the vendor will indemnify your organization for data breaches or unauthorized disclosures caused by the vendor. There are cases where the main customer/vendor agreement does not contain such language but the Business Associate Agreement does, which is still good. If absent from both, your organization is seriously exposed and you must consider the potential consequences and amend the agreements to include this type of protection whenever possible.

INDEMNIFICATION means a party to an agreement takes on financial responsibility for its actions and is legally obligated to pay damages to the other party. As you read a proposed contract, substitute “pay money to” in place of “indemnify”. It means the party will pay the damages resulting from its actions that would otherwise be paid by the other party if no indemnification existed. Look carefully at what indemnification(s) your organization is asked to provide, and what the other side is offering for indemnification. This comparison must be carefully considered before signing anything.

LIMITATION OF LIABILITY means the vendor is stating (often in ALL CAPS) what it is NOT responsible for. Typical exclusions are “special, incidental and consequential” damages. What this means is that while the vendor might take on responsibility for direct damages for something like product failure, which is often limited to the value of the contract, it purposely disclaims any responsibility for damages over and above the cost of the product. If consequential damages are disclaimed and excluded, the provider could only hope to receive a refund, which would exclude any additional costs like outside consulting trying to make the original product work for your organization, or the additional cost for a more expensive replacement product.

Important note: If you are able to obtain indemnification from a vendor as described above, you must also make sure that any limitation on consequential damages specifically and expressly excludes the indemnification provision. This means that the indemnification will cover both direct damages and then anything over and above that amount, which would be the consequential damages portion.

In summary, as a general statement, a hosting solution by itself does not provide legal protection for data breaches or unauthorized disclosures of patient information. That protection must be negotiated in your contract with the vendor in the form of an indemnification and it is very important.

This posting provides general contract information and is not intended as specific legal advice.

William O’Toole founded the O’Toole Law Group following twenty years as counsel for Medical Information Technology, Inc. (Meditech). His practice is concentrated in health care IT contract review and negotiation. He can be contacted directly at wfo@otoolelawgroup.com.

Great Advice – Check Your EHR Bill

Posted on January 10, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In a post done in 2009 that’s still getting comments, Diane G. offered some interesting commentary that I think is fair warning for those purchasing an EHR (names removed since it could apply to a lot of EHR vendors):

We use Software A for our EMR, but Company A provided the equipment and installation quote for Software A and I can tell you, you’ll want to look at EVERY line they bill to your company. We have been billed for equipment that we never received and interfacing that was never launched. I have spent hours explaining to them what services they have billed us but didn’t provide. I am extremely grateful that we did not purchase their EMR and/or Practice Management product!!

Definitely a good warning for all purchases, but applies to EMR software as well. A number of EHR software companies have really simplified the way they bill and so this is less of a problem with those EHR vendors. However, many EHR vendors still try to pilfer doctors for the extras which can often add up to more than the core product. It’s ugly and unfortunate since it leaves a bad taste in doctors mouths.

Along these same lines is making sure your EHR contract is sound. There’s a whole section on EHR contracts in my EHR Selection e-Book that is worth looking at if you’re going through the EHR process.

Top 5 EHR Contract Pitfalls Identified – Guest Post

Posted on July 22, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The decisions don’t end after deciding on an EHR system for your medical practice. An EHR contract is an important and legally binding document, and it’s absolutely essential to consider every line of fine print before accepting the terms. O’Toole Law Group founder William O’Toole strongly believes that contract terms should be one of the top criteria in the EHR selection process.

Consulting with a lawyer before you sign is the best way to avoid difficult and expensive problems in the future. The following five issues arise frequently in EMR/EHR contracts, which are being rushed to execution by many practices that are aiming to qualify for federal funding under ARRA/HITECH. This is by no means an exhaustive list, but it aims to shed light on a few of the most frequent contract issues.

1. The EHR may not have the required certification. In order to qualify for federal funding under the ARRA’s Meaningful Use requirements, your EHR must be certified. Certification isn’t a totally black-and-white label, however – an EHR could be certified for the present but that certification could be withheld later on in the reimbursement period. The vendor is responsible for maintaining certification, so it’s important to determine for exactly how long the certification is guaranteed.
2. Your EHR vendor cannot guarantee that you will qualify for Meaningful Use. Meaningful Use – that is to say, your meaningful use of the EHR – is determined by you and your practice. Simply buying and setting up the EHR does not mean that you will qualify for reimbursement unless you follow the legal requirements and use it appropriately.
3. Your contract should include training time and support. Your staff will not be able to use the EHR system effectively without proper training, and if your contract does not guarantee a certain amount of training time (as well as specify exactly how and where the training will take place), your practice could be in trouble. Similarly, you will undoubtedly run into problems and your contract should specify support options for both day-to-day problems and long-term EHR product development by the vendor.
4. The EHR may not be guaranteed to be up and running by your deadline. If the EHR system is not ready to use in time for your Meaningful Use deadlines, you will certainly run into problems and lose reimbursement. While the vendor can’t guarantee a timeline for the work required of your practice, they should be able to promise timely delivery of all materials and support necessary on their part.
5. You could be surprised with licensing fees if you don’t carefully consider what type of license you’re paying for. In general terms, the license agreement with your EHR vendor could be one of two types: a perpetual agreement under which license fees are paid once up front, or a temporary SAAS-type license that requires ongoing payments and expires once your contract ends. Though an SAAS license may be less expensive initially, your costs could increase if you choose to stay with that same EHR vendor after the contract ends. A good legal representative can help you negotiate escalation amounts for the end of your contract.

About O’Toole Law Group
William O’Toole founded the O’Toole Law Group, specializing exclusively in healthcare information technology, following his long tenure as Corporate Counsel at Medical Information Technology (MEDITECH). Known and respected by executives, attorneys and consultants throughout the healthcare industry, O’Toole now represents healthcare provider entities and technology companies in all aspects of technology acquisition, development and distribution and stands among the most experienced and successful negotiators in the HIT industry.

For further detailed information on these and other hot topics regarding EHR contracts, see the popular white paper offered by O’Toole Law Group, entitled Selection and Negotiation of EHR Contracts for Providers (pdf).

“WIIFM” (What’s in it for Me)

Posted on July 8, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I can’t remember exactly where I saw someone talk about the “WIIFM” (What’s in it for Me) principle, but it really is an important principle that when understood can have an amazing impact for good. This post isn’t about whether you should live a life asking WIIFM. I’ll leave that question to people much smarter than me. Instead, I want to look at how applying the WIIFM principle to others can help those working on a successful EHR implementation.

In most cases I’m talking about, the WIIFM should be changed to “What’s in it for Them?” Understanding the answer to this question can help you as an EMR consultant, an EMR vendor or even a practice manager or doctor that’s trying to work through an EMR implementation.

One of the first things I cover in my e-Book on EMR selection (It’s free, check it out) is the idea of getting buy in from those that will be affected by the EHR implementation (that’s usually everyone). One of the best ways to get EHR buy in from people is to understand the WIIFM. It’s not fool proof, but it’s one good strategy for getting people on the same bus, going the same direction.

Let me tell you that there’s always a way to find a WIIFM in an EHR implementation. This list of EMR and EHR benefits is a great place to start. However, many of those benefits can be extrapolated in ways that will show what’s in it for every person in the clinic.

Let’s say for example, that your goal for implementing an EHR is to increase clinic revenue by freeing up chart storage space so you have an extra exam room for another provider. You can then talk about what that new revenue can be used for to improve the clinic. Maybe it could include bonus checks or other incentives. These become tangible things that staff can use to better understand WIIFM in an EHR implementation.

I’m sure many of the nay sayers out there are thinking, but an EHR doesn’t provide those benefits. That’s why it’s so important that you define which benefits your clinic is striving to achieve before you select or implement an EHR. The list of benefits you use to show WIIFM ends up being your goals for your EHR implementation. They can be used to define your EHR selection process. They can be included in the EHR contract so you have some assurance or protection if the EHR vendor can’t deliver on their sales promises. Not to mention, after the EHR implementation you have a way to measure if it was a success or not based upon those goals.

Test the WIIFM principle. Not from an arrogant Me Me Me approach. Instead, step into the other people’s shoes and ask WIIFM. This approach can really help improve any EHR Implementation if applied correctly.

Complaints of EMR Documentation Aren’t Completely the EMR Vendors’ Fault

Posted on November 24, 2010 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the biggest complaints surrounding the implementation of an EMR is the way the EMR software handles the documentation method. Beyond just the learning curve, there are plenty of EMR software that have a terrible user experience.

While I don’t want to totally let EMR vendors off the hook, I do think it’s worth noting that EMR vendors aren’t completely to blame for the unwieldy interfaces. I believe one of the biggest reasons that the EMR documentation interfaces are so terrible is thanks to the crazy insurance billing and documentation requirements.

Seriously, it’s a total mess. Everyone that’s involved with insurance billing in healthcare knows what I’m talking about. Trying to code an application that’s easy to use, works well for the doctors and still handles all the insurance billing and documentation requirements is a serious challenge and so it’s not surprising why so many EMR software fails to deliver a great user experience.

That’s not to say that all EMR software have terrible user experiences. Although, let’s be honest that they’re taking on a nearly impossible task. I guess I compare the insurance documentation and billing requirements to cleaning a toilet. Nobody really likes to do either. Yet, they’re absolutely necessary jobs. Certainly there are some tools that can make cleaning a toilet easier (gloves, wands, cleaning solutions, etc). However, it’s still a task that isn’t fun to do no matter how you slice it (unless you pay someone else to do it, but the pain of the expense is still there). The billing and documentation parts of an EMR software are trying to do the same thing: make a task that no one likes easier. Unfortunately, using an EMR isn’t going to change a task that no one likes into something fun.

I hope that EMR vendors don’t use this as an excuse to not focus on creating usable software. It’s NOT! However, I think it’s important to consider the true impact of the EMR. Is it really the EMR software that is so bad or did you hate these parts of practicing medicine before having an EMR as well?

If you find that it’s the EMR software that’s so bad, then hopefully you were smart in the contract you signed with your EMR vendor (see the EMR contract section of my Free EMR Selection e-Book). You won’t be the first or the last practice to switch EMR vendors.

Of course, if the complicated insurance billing and documentation is the problem. Maybe Obamacare’s single payer insurance plan will help to solve that issue. At least there would only be one organization to deal with.