Spring is a Good Time to Clean Up Your Vendor Contracts

Whether it’s a new purchase or a contract renewal, every year physicians and hospitals commit financially to vendor contracts without fully understanding the terms and conditions of their obligations. Some of these contracts renew automatically without permission or approval and automatically increase in pricing. In some cases, practices may even be paying for services no longer used or maintenance fees for support services they do not need. Springtime is a good time to inspect your contracts to ensure they are squeaky clean.Reviewing vendor contracts can be intimidating because the language is often written in a way that it requires an interpreter to determine the intent. For example, vendors will often use friendly-sounding language in their agreements, but in reality, the wording allows them to escape their obligations. Here is an excerpt from a vendor contract covering their liability obligations. See if you can spot the issues with this term.‍

Limitation of Liability

VENDOR’s liability to customers for any losses or indirect damages, in contract, tort, or otherwise, arising out of the subject matter of this agreement shall be limited to those actual and direct damages which are reasonably incurred by CUSTOMER and shall not exceed the fees paid by CUSTOMER with respect to the services giving rise to the liability over the months in which liability occurred not to exceed twelve (12) months. VENDOR will not be liable for: (I) Special, punitive, indirect, incidental, exemplary, or consequential damages or loss of data, lost profits, loss of goodwill in any way arising from or relating to this agreement, the applications or services, even if VENDOR has been notified of the possibility of such damages occurring.On the surface, the above terms start with the promise to have some amount of liability, albeit limited. However, the less-direct statement indicates the vendor’s intent to cap its liability at whatever amount it has been paid in the last 12 months.

In most cases, this will just be your monthly maintenance fees, which usually is about 15% of what you paid for the system. The vendor is even attempting to exclude itself from being liable for damages in cases where it was notified in advance of the possibility of harm to the practice. What if there is negligence on the part of the vendor resulting in a cyber security attack? How will this cover the cost to re-mediate ransomware? The simple answer is, it will not cover your cost! You don’t have to be an attorney to know this is not a customer friendly term. The practice/hospital should not sign this agreement without significant modification to this term. For example, the vendor should be liable up to the amount of the total cost paid for the system, not just the last 12 months of payments. Moreover, while it may be difficult to get a vendor to cover 100% of your damages, it should have an obligation to pay up to the limits of their liability insurance. This obligation is especially true for gross negligence, such as one of its employees using customer data to commit fraud or in cases where the software was defective and caused harm to a patient. Here is another example of clever contract language from a vendor offering a compliance guarantee. Again, see if you can spot the problem.

‍Compliance with Regulations

‍The VENDOR represents that, to the best of its knowledge and understanding, the Software is compliant with all current applicable federal, state and municipal laws, regulations and certification standards. The VENDOR will use its best efforts to maintain such compliance over the entire term of this license. The VENDOR has received ONC-ATCB 2011/2012 complete EHR certification under the final rules. The Owner specifically states that the software will remain in compliance with the current ONC certification standard during the entire term of this license. Notwithstanding the foregoing, the VENDOR’s liability for any damages that may be suffered by the User as a result of the Software’s proven non-compliance to regulations shall be limited to those damages which can be shown to be the result of the Owner’s willful gross negligence of its responsibilities to maintain compliance with regulations, unless the damages are the result of a non-compliant condition that the VENDOR had knowledge of and did not cure within 90 days of receipt of that knowledge. Did you catch it?

In the second sentence, the vendor is ONLY offering to make best efforts to maintain compliance. Unfortunately, CMS will not accept “best efforts” if your system does not meet compliance standards. There should be no gray area in this term. The last sentence is also double talk. It suggests that the user must make the vendor aware so they can have “knowledge” of the non-compliant problem as if they expect their customers to police the regulations. They also want 90 days from the receipt of this knowledge to cure the problem. In most cases, if your software is non-compliant, the practice/hospital is often the last to know because vendors will not make these problems public. The responsibility should be 100% on the vendor to stay in compliance, period, and end of discussion. The termination clause in most contracts is very harsh and not user-friendly as it relates to the conversion from the old system to the new system. Most vendors require the practice to discontinue use of the software immediately upon termination, and some vendors will even go as far as deleting the software remotely without consent of the user. Here is another excerpt from a vendor’s contract describing how termination will be enforced.

‍Termination of License.

1. Termination by User.
2. If User’s account is current, User may terminate this Agreement at any time, for any reason, upon 30 days’ written notice to the VENDOR.
3. User agrees that if User terminates this License Agreement, User will not have any rights to use the Software.

• User agrees that if User terminates this License Agreement, User will allow VENDOR access to all User servers and computers in order that VENDOR may remove the Software from all User servers and computers.

1. Termination by VENDOR.
2. VENDOR may terminate this Agreement only if User is in material breach of any of the User’s obligations under this Agreement, including, but not limited to non-payment of any Fee due to Owner and the User has not cured such breach within 60 days of written notice of such breach having been sent to User by Owner.

The terms in this termination clause are completely unreasonable and inappropriate. Many practices or hospitals are unaware of these provisions until they attempt to cancel their contract, then, they realize there will be a major problem. The practice/hospital must be given time to work down their system, and under no circumstances should a vendor be allowed to force a shutdown of the software. It would be a deal breaker for any vendor who is unwilling to be flexible on termination.

‍Reviewing the Contract and Negotiating the Terms and Conditions

‍The contract review process should include both a business and a legal review. Organizations like Coker Group specialize in vendor contracting and procurement and can offer some assistance in reviewing these types of agreements.To prepare for a contract review and negotiations, develop a list of all issues that need to be addressed. Define the issues and the desired outcome. Prioritize the list and identify your non-negotiable criteria. Sort your priority items by deal-breakers, neutral issues, and “wish list” matters.The following are some key points to include in your contract review:

• Implementation plan

• Roles and Responsibilities
• Timeline
• Budget
• Travel Expenses and Travel Policies
• Pre-screening of the trainer
• Software customizations
• Criteria for acceptance
• Data conversions
• Future updates and new releases
• Software end-of-life protection
• Assignment
• Governing law and venue
• Liabilities and Warranties
• Product defects
• Terms of payment
• Software and hardware maintenance fees
• Price protection on maintenance fees
• Cost of system
• Addition of future providers
• Future recurring fees
• Government mandates

• Meaningful Use guarantees
• ICD10 guarantees
• MIPS/MACRA
• Interfacing, especially with outside systems
• How problems are handled
• How to terminate and exit the relationship
• Having a simple problem resolution clause in the contract will allow you and your vendor to work through any difficulties

In addition to the above core items, you will want to negotiate the terms and conditions and the contract language. The easiest way to negotiate the payment terms is to establish a fee schedule that is tied to deployment success.

Usually, we most recommend the following terms:

1. 25% due at signing of the contract
2. 25% due after successful and “tested” install of the hardware
3. 25% due after successful and “tested” install of the software
4. 25% due after successful go live

Your terms should also state that maintenance will be paid after the system is implemented. Most vendors try to collect the annual maintenance at the time of signing the contract.

‍Modifying the Contract Language

‍It should come as no surprise to hear that vendor contracts are not designed with the client’s best interest in mind. This is not to say the vendor is trying to beat you out of a good deal; it’s just that vendors have a lot at risk also, and they can be easy targets for lawsuits. To some extent, you want your vendor partner to be protected from clients who bring unwarranted lawsuits against them, which puts them and the clients they support in jeopardy. Never is it in a vendor’s best interest to have a dissatisfied client. Most vendors who are serious about staying in business will exhaust all reasonable efforts to keep their clients happy. Future sales depend on it!It is also important to be respectful and professional during the negotiations, and it is unwise to push your vendor unreasonably. You will be relying on the vendor for several years. The end goal should be to reach mutually acceptable terms and conditions.

The following is a list of recommended contract modifications to request from your vendor.

• New Purchase
• Adding modules
• Replacing your system
• Data protection through cyber security
• Addressing of MIPS/MACRA
• Meaningful use Guarantees and/or compliance with federal standards
• System upgrades to meet new requirements such as ICD-10
• Vendor performance warranties
• EHR to EHR replacement or conversions
• Software End of Life Protection
• Vendor mergers and consolidations