Health IT and Liability: How to Protect Your Hospital When Software Fails

Disputes between healthcare organizations and IT vendors are becoming more common with increased use of technology, such as electronic health records. As the government attempts to recoup money spent on failed health insurance exchanges, disputes with vendors are also becoming commonplace in other sectors.

When healthcare organizations implement software and it does not perform as promised, they are often only able to recoup the purchase price of the product. Because of that, hospitals need to take steps to help ensure they are not implementing bad software and to help protect them if the product does not live up to marketing promises.  

Vetting the vendor

Before entering into contracts with software vendors, hospitals should always ask for a list of other healthcare organizations that are using the same product. This should be taken with a grain of salt. Although this information is beneficial for the hospital to have, "vendors are only going to tell purchasers the names of other organizations where using the software has been a huge success," says E. Andrew Norwood, a partner with Waller Lansden Dortch & Davis in Nashville, Tenn. whose practice focuses on licensing and contract issues.

To help avoid references to only software success sites, hospitals should ask vendors for a full and complete list of organizations that have implemented the software. It is important healthcare organizations "choose the other software users they speak with and not be steered by the vendor, because some vendors will provide financial incentives to be a demonstration or reference site," says Michael Dagley, an attorney who specializes in software disputes at Nashville, Tenn.-based Bass, Berry & Sims.

By asking vendors for references, hospitals and health systems are also able to identify if they are one of the first to use the software. Hospitals need to stay competitive, but they also need to exercise caution with software that has not proven itself. "Healthcare providers need to do due diligence before entering into a contract," says Mr. Dagley. They need to know how long software has been on the market and every implementation the vendor has attempted. For example, if a vendor says it has 48 customers, "with some digging, a provider might find 28 of those were failures, and the hospitals have quit using the software," he says.

Asking the right questions

Once a hospital decides to purchase software from a vendor, traditionally, the vendor dictates the terms of the contract to hospitals and health systems, says Mr. Dagley. This presents problems: Contracts are often too complex, do not include language to protect hospitals and the terms can change after the contract is signed.

Girard (Kan.) Medical Center had firsthand experience with a complex vendor contract. In 2012, the medical center filed a lawsuit against Cerner in U.S. District Court in Kansas City, Mo. According to the lawsuit, even though the medical center paid Cerner $1.2 million, it still did not have an electronic health record system a year and a half later, which it claimed Cerner promised to provide. 

The problem was this: No one at Gerard Medical Center understood the contract authored by Cerner, and yet, the medical center still signed off on it. The contract "was incredibly complex and difficult to understand," said Holly Koch, CFO at Gerard Medical Center, in a Wall Street Journal report. "We relied on them to explain to us what the contract represented." Gerard Medical Center also had no IT team of its own that could review the contract.

To avoid encountering a similar issue, when negotiating a software contract with a vendor, hospitals need to ensure it includes language that provides them with protections.  

The sales people who work for IT vendors "can be overly enthusiastic about their products, and sometimes the representations and product performance don't match up," says Mr. Norwood. "Hospitals need to attempt to get language included in the contract that says the sales representations govern performance." Unfortunately, "this is not going to happen often," he says.

Mr. Dagley advises hospitals to ask very specific questions to vendors before signing a contract, as vendors tend to overpromise their capabilities. By asking the right questions, healthcare organizations can ensure both parties understand the expectations for the product. In meetings with vendors, "healthcare organizations should designate someone to take thorough notes and to save all of the notes and related materials," he says.

Negotiating the contract

In cases involving failed IT, vendors have been very successful in limiting healthcare organizations' monetary recovery to the price of the software. In light of this, hospitals need to attempt to get all "vendor marketing promises incorporated into the contract and also specific performance metrics," says Mr. Dagley. This is extremely important because if left unchecked, many vendors will try to leave language out of the contract that would otherwise let hospitals measure software performance, he says.

"Software vendors are some of the most aggressive at trying to limit their liabilities," says Mr. Norwood. "Vendors will try to disclaim any type of performance standards."

If hospitals are unable to get vendors to agree to integrate specific performance metrics into contracts, "hospitals need to build contracts around what to do when software doesn't live up to marketing promises," says Mr. Norwood. For example, "there needs to be repercussions if software errors are not corrected in a certain amount of time," he says.  

Mr. Dagley also believes there needs to be repercussions included in the contract. "Vendors draft the contracts and most hospitals sign them without thinking about the consequences," he says. It is vital hospitals "have the consequences of not meeting marketing promises in the contract, including having the right to an early termination of the software," he adds.

Healthcare organizations also need to make sure they are aware of all governing contract terms. Vendors will want language included in the contract that says the contract is controlled by the documentation supplied to the hospitals, and some vendors are now putting a link to the documentation in an online version of the contract. Mr. Norwood says this allows vendors to change the terms contained in the documentation on a whim, and the hospital may not even know. "There are contracts that even say the vendor may change the terms at any time, and hospitals are signing off on the contracts," he says.

Some vendors will also only supply a very brief one or two page contract and provide a website where the rest of the terms can be found. "This is a really dangerous route for a software user," says Mr. Norwood. Hospitals should have all terms contained in the contract they are physically provided with to ensure the terms are not subject to change without their knowledge. 

Understanding the risks

Even if a hospital gets all of the terms it wants in the contract, disputes with a vendor concerning product use may still arise. "Anytime a provider makes a change in software, there is an inherent risk it will not work, and even if the software works there can be implementation issues," says Mr. Dagley.

However, even with the increased risk, some hospitals are switching software multiple times. In April, EHR reviewer Software Advice released the results of a survey that found about 40 percent of healthcare providers shopping for a new EHR system during the first quarter of 2014 were seeking a replacement for their current EHR. The percent of prospective buyers looking for a replacement EHR has grown 30 percent since the first quarter of 2013.

Some hospitals are replacing their EHR systems because of the need for regulatory compliance or because their current system is outdated. But if a hospital's current system is efficiently working, Mr. Dagley believes it should stick with it. "There needs to be a compelling reason to make a software change," he says. There needs to be a vital reason to change a healthcare organization's software. "If I were in the C-suite of a hospital, I would be asking a lot of questions about why my organization should switch," he adds. 

Government involvement in IT gone wrong

In the health insurance exchange sector, the risks associated with software implementation have become very apparent, causing some states to make a software switch and consider legal action against vendors.

In addition to problems last fall with the federal HealthCare.gov website, many of the 14 states that created their own health insurance exchanges as part of the Patient Protection and Affordable Care Act have dealt with malfunctioning and glitch-ridden systems. For instance, the federal government spent a total of $474 million on the development of exchanges that failed because of technical problems in Massachusetts, Maryland, Oregon and Nevada.

HHS Secretary Sylvia Mathews Burwell publicly stated at her final confirmation hearing in May that the government should use the full force of the law to recover federal money spent improperly on flawed state exchanges from vendors.

The state of Oregon is also considering legal action over its failed exchange site. The state has already signed a $2 million contract with a law firm to assist it with a lawsuit against Oracle — a computer technology company and contractor for the state's health insurance exchange site.

In April, the board overseeing Oregon's health insurance exchange voted to abandon its malfunctioning site in favor of relying on HealthCare.gov. By that point the state had spent at least $134 million on its exchange site and another $7 million processing paper applications after Oracle was unable to repair the site's technical problems.

Although a lawsuit has not yet been filed, Maryland intends to try and recoup a significant amount of the $55 million it paid to Noridian Healthcare Solutions, the company that developed the state's failed exchange. 

State officials from Massachusetts have said they will replace the state's flawed exchange, developed by CGI, with new off-the-shelf enrollment software. Massachusetts paid a total of $52 million to CGI for it failed exchange site.

Mr. Norwood believes the government will continue to pursue vendors to try and recoup payment. The Congressional Budget Office stated in an April report that it is no longer possible to assess the economic impact of certain provisions of the PPACA. The CBO's decision to stop assessing the budgetary impact of all of the law's components will make it unclear whether the PPACA is actually reducing the federal deficit and shrinking the uninsured population. 

"Now that the CBO is refusing to score the PPACA, people are going to be paying more attention to how much exchanges are really costing," says Mr. Norwood. Because of the spike in interest, "there will be pressure on the government to recover the money."

More Articles on Health IT:

12 Challenges Faced by CAHs in EHR Adoption
Senators Push for Less Health IT Regulation
EHR Adoption Still Physicians' Top Tech Concern

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months