Cloud-based services can offer great advantages providing a reduction in the need for on-site tech support and guaranteed backups. However, the contract for cloud-based EHRs deserves careful consideration. Who owns your patient data, when it is hosted by a different organization? Does the contract allow the data hoster to anonymize, search, and/or share your patient data?
The data contract should include not only who owns patient data, but also who can use it–especially if or when the contract is dissolved. This article provides an overview of many of these concerns, but the main takeaway is:
“When contracting with a vendor, practices and hospitals should understand not only who owns the data, but who can use it; who determines who can use it; how, or even if, you can exclude someone from using it; and how to access it, especially if you part ways with the vendor.”
Aggregate data can be used for many purposes, such as figuring out how to improve cloud hosting services. But the contract should specify who, how and why–and, perhaps most critically, when that access is no longer allowed, or how to terminate access.
Asking these kind of questions about an EHR contract can give you a window into how the vendor will respond to technical problems as a whole. These kind of negotiations and discussions also give you insight into other areas to be concerned with such a service levels as outlined in this article, key issues in IT support for EHRs.
- Contracts include clauses about who can use and access data, and understanding those is key.
- Contracts should protect your patient data in case you choose another vendor in the future.
- Aggregate data has many purposes, including improving your service. However, the contract should specify who and how can see your patient information.