Top 5 EHR Contract Pitfalls Identified – Guest Post

The decisions don’t end after deciding on an EHR system for your medical practice. An EHR contract is an important and legally binding document, and it’s absolutely essential to consider every line of fine print before accepting the terms. O’Toole Law Group founder William O’Toole strongly believes that contract terms should be one of the top criteria in the EHR selection process.

Consulting with a lawyer before you sign is the best way to avoid difficult and expensive problems in the future. The following five issues arise frequently in EMR/EHR contracts, which are being rushed to execution by many practices that are aiming to qualify for federal funding under ARRA/HITECH. This is by no means an exhaustive list, but it aims to shed light on a few of the most frequent contract issues.

1. The EHR may not have the required certification. In order to qualify for federal funding under the ARRA’s Meaningful Use requirements, your EHR must be certified. Certification isn’t a totally black-and-white label, however – an EHR could be certified for the present but that certification could be withheld later on in the reimbursement period. The vendor is responsible for maintaining certification, so it’s important to determine for exactly how long the certification is guaranteed.
2. Your EHR vendor cannot guarantee that you will qualify for Meaningful Use. Meaningful Use – that is to say, your meaningful use of the EHR – is determined by you and your practice. Simply buying and setting up the EHR does not mean that you will qualify for reimbursement unless you follow the legal requirements and use it appropriately.
3. Your contract should include training time and support. Your staff will not be able to use the EHR system effectively without proper training, and if your contract does not guarantee a certain amount of training time (as well as specify exactly how and where the training will take place), your practice could be in trouble. Similarly, you will undoubtedly run into problems and your contract should specify support options for both day-to-day problems and long-term EHR product development by the vendor.
4. The EHR may not be guaranteed to be up and running by your deadline. If the EHR system is not ready to use in time for your Meaningful Use deadlines, you will certainly run into problems and lose reimbursement. While the vendor can’t guarantee a timeline for the work required of your practice, they should be able to promise timely delivery of all materials and support necessary on their part.
5. You could be surprised with licensing fees if you don’t carefully consider what type of license you’re paying for. In general terms, the license agreement with your EHR vendor could be one of two types: a perpetual agreement under which license fees are paid once up front, or a temporary SAAS-type license that requires ongoing payments and expires once your contract ends. Though an SAAS license may be less expensive initially, your costs could increase if you choose to stay with that same EHR vendor after the contract ends. A good legal representative can help you negotiate escalation amounts for the end of your contract.

About O’Toole Law Group
William O’Toole founded the O’Toole Law Group, specializing exclusively in healthcare information technology, following his long tenure as Corporate Counsel at Medical Information Technology (MEDITECH). Known and respected by executives, attorneys and consultants throughout the healthcare industry, O’Toole now represents healthcare provider entities and technology companies in all aspects of technology acquisition, development and distribution and stands among the most experienced and successful negotiators in the HIT industry.

For further detailed information on these and other hot topics regarding EHR contracts, see the popular white paper offered by O’Toole Law Group, entitled Selection and Negotiation of EHR Contracts for Providers (pdf).

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • 1) and if you are looking at a non-MU certified EHR, I have a bridge to sell you

    2) just like somebody guaranteeing page 1 results in search engines, if they say you are guaranteed MU qualification – RUN (not MU certified is very different from MU qualification)

    3) Definitely

    4) Good luck meeting a deadline, BUT never go LIVE before YOU are 100% ready…NEVER!!

    5) Licensing or MX fees – ensure you understand what is included with these fees, like upgrades to include any of their tech time, etc.

    The big picture of this post is:
    Having another set of eyes look over your agreement is the only smart thing to do.

  • Beware of the guarantees made by EMR vendors that their software is “all” you need to achieve Meaningful Use. Measure 15 of Eligible Professionals requires a “security risk analysis” under 45 CFR 164.308(a)(1). This type of analysis includes written HIPAA Security Rule policies, implementation procedures, staff training and written documentation which far exceeds what an EMR vendor can provide.

  • Wow, just discovered your blog – what a great resource! I work for a medical association in California. I am doing some preliminary research on a potential project, and wondered if I might contact you by phone or email with some questions?

  • Mike R,
    An EHR vendor could provide that if they wanted. It’s just likely beyond what they’re going to do. Unless you’re their MU model customer.

    I’ll send you an email. I’m happy to connect.

  • Dont forget to clarify the licensing terms as far as per provider, or concurrent based. sometimes you can save money if you go per provider and can as many users on as you want.

    I’d also submit that one of the best things you can do when selecting an EHR is visit a nearby practice using it, and not a specific reference site that the vendor has “groomed”, but a site that you are aware of from your own professional organizations.

    John – hit me up to connect


  • We also need to make certain the contract specifications of the actual signed contract are followed.

    In at least one case, once the contract was signed, the EHR vendor went off in a completely different direction and was not willing to follow any of the security requirements until I invoked the addendum to the contract we had attached and to which they had agreed.

    We are still not fully resolved as the vendor has stated, “your requirements to log the data outside of our database will require a major rewrite of the code.”

    My response was it is both a federal requirement that the log data be preserved in a format and location where it can be regularly polled for audits and network assessments and be secure from tampering, as well as a stipulated line item in the contract. Start rewriting the code – and don’t forget to resubmit for re-certification after you have completed the update.

Click here to post a comment