Long-time readers will chuckle – but after years of affirming and reaffirming that I would never adopt electronic records in my practice, I’m in the process of doing just that. It still runs contrary to my better judgment; but the advent of ICD-10, combined with space issues and other factors that I won’t bore you with, has forced my hand.

Before implementing any electronic health record system, you first must sign an end-user license agreement (EULA) with the EHR vendor. The sales manager for the company I had chosen assured me that the EULA was a “routine” document.

“Just sign it,” he said. “It’s all basic stuff … but you can read it, if you would like.” Of course I would like. First, it was quite clear that the agreement was designed primarily to protect the vendor. (Not surprising, since the company’s lawyer wrote it.) But then I noticed that the vendor assumed no liability at all in the event of accidental destruction of my records. And when I saw, a few paragraphs later, that the vendor would have the unrestricted right to sell my practice data to third parties, I knew I would not be “just signing” anything.

My attorney referred me to a colleague with expertise in technology contracts and HIPAA law. I asked him if EULAs were always this one-sided. “Some are much worse,” he replied. Why would any physician sign such an egregious document, I asked? “Because most of them never read it.”


A couple of weeks later, my attorney and the vendor’s counsel signed off on a much fairer agreement. The bill was significant – but it was money well spent.

A EULA details your and your vendor’s responsibilities relating to installation of your EHR, training your staff, and ongoing software and hardware support. Sales reps will often chide you (as mine did) for “taking this much too seriously.” Any legal document that you sign – and by which you will be bound for the foreseeable future – must be taken seriously. You should never allow yourself to be pressured into signing anything that you cannot comfortably live with in perpetuity.

So if you are taking the EHR plunge, find a lawyer who understands tech contracts and medical privacy laws before you sign anything. Make certain that he or she knows your concerns, and the provisions that you can and cannot live with. Among other things, my attorney succeeded in removing clauses requiring a minimum contract term, and a hefty fee if I wanted out; a nondisclosure clause preventing any public criticism of the vendor; and that crazy provision giving them the right to sell or give practice data to anyone who asked for it.

One EHR installation in three ultimately fails, according to one management firm; so more than anything else, you need to be certain that you do not get locked into a long-term contract should your EHR turn out to be a poor performer. Be sure that the agreement allows you to terminate the contract if the product’s performance – by your criteria – proves to be inadequate.

Some seemingly obvious considerations need to be spelled out; for example, that you will have ownership of your data. You need to know exactly what happens to your data if the vendor goes out of business, or if a flood wipes out its servers, or your contract is terminated by either party, or anything else that forces you to switch vendors. The process of migrating your records to a new platform can go smoothly, or it can be a nightmare – depending on the agreement in place. It should include specific methods by which data will be migrated; and be sure to lose any clauses that force you to pay a “ransom” to regain control of your own records.

You will want to know how your data is backed up – and how the backup is backed up – and whether you can maintain a separate backup in-house if necessary. My attorney also insisted on a “guarantee of system uptime,” including the steps the vendor agrees to take in the event of a significant crash or other prolonged downtime.

The basic point, of course, is never sign a EULA without having it reviewed by an experienced technology attorney. A good one should be able to eliminate the more onerous clauses; but don’t expect perfection. My vendor refused to cave on several of my attorney’s concerns. “The agreement is still one-sided,” he told me, but it’s the best we will get at this point. Once there is more competition in the EHR field, things will be different.”

Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is the author of numerous articles and textbook chapters, and is a longtime monthly columnist for Dermatology News.


You May Also Like

Racial differences in skin cancer risk after organ transplantation

FROM JAMA DERMATOLOGY Nonwhite organ transplant recipients (OTRs) are more likely to present with ...

Clinicians persist in prescribing antibiotics for acne

FROM JAAD Prescribing systemic antibiotics for acne remains a common clinical practice, despite recommendations ...

Medicaid expansion meant earlier presentation, better surgical outcomes

FROM JAMA SURGERY The Patient Protection and Affordable Care Act’s Medicaid expansion led to ...