An attorney expert examines some of the current legal issues around vendor contracts
Jeff Ganiban is a partner in the Washington, D.C. law firm Drinker Biddle and Reath LLP, specializing in healthcare technology, including information technology, and working with hospitals and physicians in the healthcare IT area. He has been consulting extensively with healthcare IT leaders regarding their preparations to meet the meaningful use requirements under the American Reinvestment and Recovery Act-Health Information Technology for Economic and Clinical Health Act (ARRA-HITECH). Ganiban spoke recently with HCI Editor-in-Chief Mark Hagland regarding some of the legal challenges that provider organizations are facing in the HITECH/meaningful use arena.

Healthcare Informatics: Where does attorney involvement come in, with regard to meeting meaningful use? Is it primarily around vendor contracts?

Jeff Ganiban: Yes, that’s correct; in fact, there is a whole slew of pieces around the HITECH Act, and around how I negotiate some protection around the incentive payments—the warranties and guarantees under the contract around vendor performance, related to the incentive payments under meaningful use. The other thing is, we get a lot of questions from our clients about meaningful use, including around the certification requirements, and around the attestation requirements. There’s a lot of misunderstanding around what the requirements are for providers and for vendors. So we spend a lot of time just answering those questions.

And there’s another piece of it, which was the preexisting piece around the relaxations around the safe harbors under the Stark regulations, in terms of physician subsidization, and the issues around physicians who are and aren’t employed by the hospital, and the different challenges they face.

HCI: What is the latest around guarantees in contracts with vendors?

Ganiban: There are a lot of things people are doing. And there’s a distinction between the adoption aspects of meaningful use, versus using certified vendor products. And of course, most vendors don’t want to be on the hook for adoption issues, but they’re promising to become certified, within a timeframe that would allow hospitals to get implemented. That seems to be less of a struggle; what seems to be more of a struggle is issues around stages two and three, and the consequences of not meeting elements of meaningful use at those later stages.

And for physicians, an additional issue is, what happens if you fall out of compliance as a physician, because of your vendor? For a hospital, if you fall out of compliance for one year, you can make up that loss of compliance, but for physicians, they have to be in compliance in successive years. Because what came out of the certification rule was this issue of, if you’re a meaningful user in your first year, you’ll be [a meaningful user] in Stage 1. But if you’re a later adopter, and you’re a Stage 1 user in 2013, you still have to implement technology that meets the stage 2 requirements, assuming the stage 2 requirements come out in time. The software must be certified under the most current certification requirements. And they’re doing this for two reasons: one, they don’t want to have two different standards for certification happening at the same time; and the second reason is that there may be changes over time. So that what you have to do to meet Stage 1 in 2013 could be different from what you have to do in 2011. So a lot of people are saying, OK, we got past Stage 1. But a lot of significant changes could occur during this process.

HCI: Can hospitals and medical groups put clauses into contracts requiring that their vendors become certified?

Ganiban: Yes, but it becomes complicated, because there are a lot of things that could happen over the course of certification over which they might not have control. They can guarantee certification, but getting them to guarantee the timeliness of implementation, that’s different. And then there’s the timeframe for rolling it out and adoption, and hitting that requirement for 90 consecutive days of adoption for Stage 1. The first part is easy: you can say, I will commit and covenant that I will have the product certified by a certain date.

HCI: Is the fact that you can help them with such aspects a draw for your firm?

Ganiban: We hope so. When we first created the consulting branch of our law firm, one of the elements in our minds was that it can be very difficult to parachute lawyers in at the last moment. And it’s very much on everyone’s minds right now. But the reality is, if you’re a hospital and looking at consequences of millions of dollars, vendors are not willing to write blank checks, so they’re pushing back on them.

The vendors are pushing back on providers in that they’re looking at the accounting rules around recognition of revenue that have evolved, and they have to look at contingencies, and the reserves of cash they would be required to hold against those contingencies. So if you’re a vendor, and you’re taking on a risk of $5 million under a contract that says, if I don’t deliver something or breach the agreement, and my penalty is that I have to pay $5 million, they have to reserve against that risk from an accounting perspective.

HCI: Are the hospitals and medical groups getting the guarantee clauses into their contracts?

Ganiban: Yes, they’re getting the clauses. The question remains what happens if something goes amiss. If I miss this deadline, do I have to give you a certain amount of money? So while as a provider you’re trying to push as much risk on your vendor as you can, they as a publicly traded company are trying to push as much risk away as possible. The other thing is that vendors are sometimes willing to delay payment, and that can be written into a contract. And there are discounts, reductions in the prices of goods and services, delaying payment, etc.

HCI: What would your advice be for CIOs and other healthcare IT leaders?

Ganiban: In terms of what people should be thinking about, we see clients who currently have EMR technology stepping back and figuring out what they have that’s certified, what they have that will be certified. In some cases, some vendors are saying they have no intention of certifying some things, such as older versions of some things. So a vendor will either have to forklift a product up to the next level, or we’re done, we’re not supporting this product anymore. But some clients of ours are in between. And they’re facing complex calculations around how to move forward. For example, if it’s going to cost me x number of dollars to buy an interim system, is that going to be enough to get me to Stage 2?

The question that vendors with both a legacy product and a new product face is, in effect, will they have to guarantee both products? And if in effect, you’re going to be implementing a new system with your same vendor, is this the appropriate time for me to determine whether there’s a better system out there?

HCI: Could you write a contract that’s enforceable saying the vendor will agree at their cost to get them to comply to Stage 2, based on certification for that level?

Ganiban: You could write a contract like that and make it enforceable, sure. The question is, would vendors ever sign such contracts? When the rubber hits the road, you typically find out there’s less there than advertised, because the vendors will start pushing back.

HCI: So you really have to look under the hood on any kind of ‘guarantee,’ then, right?

Ganiban: Yes, exactly. I think what they’re guaranteeing, when you peel it back, is that their software will comply with the Stage 1 certification requirements. As to whether they’ll update and upgrade their software as necessary to meet Stages 2 and 3, and it won’t cost you another dime, I haven’t seen that one yet.

HCI: Are there any big mistakes that people are making right now that you’re seeing, in terms of how people are negotiating or articulating contracts?

Ganiban: Well, that’s hard to say, because it won’t become apparent for a couple or few years as to whether the contracts being written now are being written well. It will show up during Stage 2 when vendors start coming back to people and charging them more.

Typically, people have sought to get the source code placed in escrow when signing a contract, and if you did that, you could support it yourself. But now that’s very complicated, because if you actually got that source code, you not only have to support it, but you’d have to get the software certified yourself now, too. It was always a difficult proposition in any event, and now when you overlay certification issues on top of that, it becomes very challenging. And at a certain point, with a merger, the company that’s dominant could end up stopping its support of the acquired company’s product; but that’s been an issue now for five years or so.

HCI: Is there any way you can protect yourself against that?

Ganiban: You can protect yourself legally if the surviving company sunsets your product, but again, you’re getting the source code. You liked Vendor B, not Vendor A, but now the fact that you can get Vendor A’s software isn’t appealing, because you didn’t want their product anyway; you really want to stay on Vendor B’s software.

HCI: What do you think will happen in the next few years?

Ganiban: One is, we’re going to see continued consolidation in the marketplace. I think we’re going to see some vendors that offer either EMRs or specialty applications, falling by the wayside. Will some of these smaller vendors consolidate, or go out of business? Clearly, the market is becoming overcrowded. And will certification be too costly for them? There will be a shortage of qualified human resources to implement and support all these products. And some of these companies will get a black eye with regard to service, implementation, supporting the software, and so on.