Attorney: Cloud vendor contracts wrought with pitfalls

Despite the surge by providers to cloud-based electronic health record systems, cloud vendor contracts still are wrought with pitfalls and "threats", according to attorney Steven Fox with Post & Schell, who spoke April 4, on a webinar sponsored by the American Bar Association's Health Law Section.

"All cloud providers are not created equal," he warned.

Fox, whose presentation was based in part on a similar presentation he gave at HIMSS 2014, pointed out that many of the contract terms in vendors' form contracts heavily favor the vendor, and called some, such as an arbitrary cap on damages ridiculous.

"Never accept the vendor's standard form contract as the final word," he warned.

Some issues flagged by Fox that he said providers should be mindful of included:

  • Understanding pricing and payment structure
  • Whether the provider is getting a perpetual or term license
  • If the license allows the provider to use the EHR for data sharing, such as with health information exchange
  • Uptime and downtime guarantees

Fox also stressed that cloud vendors needed to take steps to keep patient information safe. "I can't emphasize enough privacy and security," he said. "With the cloud, it's super important. You need to make sure that privacy and security is one of their priorities."    

Cloud vendors and the providers who use them may come under increased scrutiny, as the Office of Inspector General's 2014 work plan has, for the first time, stated that it will be looking at how well such vendors and their customers protect patient data.

To learn more:
- read about ABA Health Law Section events

Read more on