If you are in the market in 2012 to purchase a cloud-based Health IT system, protect your investment with these contracting tips.
Top 10 Contracting Tips
1. Promises, Promises – Get Them in Writing
Whatever aspects of the vendor's product offering were the basis of your procurement decision – promised features or functions, scalability, 24 by 7 support, on-site training – make sure all of those commitments are clearly memorialized in the contract.
2. Good Planning Means Implementation Success
Take the time and engage the resources to scope the implementation with the vendor before signing the contract. Set clear timelines and clear deliverables and incorporate the detailed implementation plan into the contract.
3. Payment Terms that Reflect a Commitment to Success
Structure the payment terms so that payment for the system occurs after successful implementation and launch of the system has been achieved in your organization.
4. Protect Against Obsolescence
Select a vendor that will agree to provide updates to the offering to keep pace with regulatory changes as well as with innovations in technology. Make sure that the vendor will continue to support the product for a long enough period of time to justify your investment.
5. Know Your Vendor
Conduct due diligence on the quality, integrity, and financial stability of the vendor. Protect yourself against a vendor delegating its responsibilities to a less reliable party by requiring the vendor to get your consent before using a subcontractor. Require the vendor to conduct background checks on its personnel, including any approved subcontractors.
6. Know Where Your Data Resides
Require the vendor to maintain the data in a location that you have the right (and reasonable ability) to inspect. Restrict the vendor from relocating the data without your prior consent.
7. Your Data – A Valuable Asset
Restrict the vendor from using your data for any purpose other than to provide the services under the contract. Ensure that you will always have the ability to retrieve your data from the vendor promptly, in a user-friendly format, with no exorbitant fee for such return.
8. Protect Your Data – It's the Law
Require the vendor to comply at all times with applicable privacy law and the vendor's written security policy (the adequacy of which you have confirmed). Require the vendor to perform best practices backup procedures and maintain a best practices disaster recovery plan (the adequacy of which you have confirmed).
9. SOC 2 Report
Verify that the vendor undergoes an annual audit of its service organization controls (SOC) and require the vendor to provide you with a copy of its annual SOC 2 report. The SOC 2 report will attest to the vendor's controls over its systems relative to security, availability, processing integrity, confidentiality and privacy.
10. Plan for Termination Now
Negotiate now for a transition period that gives you ample time to transition away from the vendor's solution no matter what the reason for termination. Require the vendor to assist with your transition at a reasonable hourly rate.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
