HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

ONC Issues Guidance for Negotiating EHR Contracts

The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has issued guidance for HIPAA covered entities to assist them when negotiating EHR contracts. The guidance offers advice on how to select and negotiate terms with EHR vendors, and helps covered entities understanding the fine print of contracts.

The benefits of EHR systems are clear; however, in practice those systems do not always live up to expectations. If mistakes are made in the selection of EHR systems, or errors made negotiating contracts, the systems can result in unexpected costs being incurred, business efficiency can be disrupted, and covered entities may even be prevented from accessing patient records.

Many healthcare organizations fail to appreciate that while an EHR system includes the data repository and software for creating, maintaining, and accessing data, the EHR will need to be interoperable with other healthcare IT systems. Compatibility issues with those systems can prove extremely costly.

Many of the implementation, maintenance, and access problems that covered entities experience stem from mistakes that are made in the contracting process. The purpose of the guidance is to make healthcare organizations aware of some of the common problems that can arise and the errors that are all too often made during contract negotiations.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

While the guidance is specifically written to assist covered entities when selecting an EHR systems and negotiating contract terms, many of the elements included in the guidance can be applied to other health IT products and services.

The guidance has been written for healthcare decision makers (and their advisers) and covers specific issues relating to the Health Insurance Portability and Accountability Act. The guidance aims to enhance understanding of core EHR issues and provides practical advice to help decision makers communicate their needs and requirements to EHR vendors.

The guidance covers safety and security, system performance, data rights, interoperability and integration, intellectual property, liability, dispute resolution, data access, and transition issues.

The document is not a comprehensive covering all issues related to the selection and acquisition of an EHR system, but it does go into sufficient detail to help covered entities avoid the common pitfalls, of which there are many. The guidance touches on HIPAA, but does not explain all HIPAA requirements in full, such as the need to enter into a Business Associate Agreement with the EHR provider prior to disclosing any PHI. Detailed information on HIPAA requirements for EHRs can be found in other HHS resources.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.