Negotiating EHR Agreements: Complying with HIPAA, Stark and AKS, Overcoming Privacy and Security Risks

Acquiring an EHR and Meeting Incentive Program Requirements

Recording of a 90-minute CLE webinar with Q&A

Conducted on Wednesday, July 16, 2014

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide healthcare counsel with a review of the complex legal issues involved in negotiating and entering into agreements with third-party vendors for electronic health records (EHR) management. The panel will provide their insights into critical EHR contract provisions regarding service issues to maintain and protect patient records and meet key regulatory requirements.


In response to the Medicare and Medicaid Electronic Health Record Incentive Programs and associated payment penalties beginning in 2015 (the Incentive Program) providers are implementing and/or upgrading their IT systems and exploring new models for acquiring access to certified electronic healthcare records technology (CEHRT). The accelerated timelines contemplated in the Incentive Program regulations can present serious technical, operational, security and risk challenges as providers strive to integrate the technology into operations as necessary to support attestation as a meaningful user under the Incentive Program.

To meet the Incentive Program requirements, physicians are turning to hospitals for a hosted solution or third-party vendors for a software as a service (SaaS) solution. Likewise, hospitals are finding themselves in a new role as the provider of IT services to their non-employed medical staff without regard to whether the hospital is hosting the EHR itself or acquiring it under a services agreement. The structure of how data is stored and accessed within a shared domain, the operational impact of implementing a standardized EHR and the attestation requirements can significantly complicate the delicate relationship between physician and hospital.

Counsel for hospitals and health systems negotiating agreements for the acquisition of CEHRT from vendors and for the provision of CEHRT to medical staff must consider complex and challenging issues to: (1) ensure the CEHRT performs in accordance with both current and future regulatory obligations; (2) identify ownership of patient records, rights to perform data analytics, and procedures for responding to record requests; (3) address privacy and security concerns for services offered through patient portals including compliance with HIPAA and state and federal consumer protection laws; and (4) navigate the Stark Law and Anti-Kickback Statute as medical staff are provided access to, educated on, and encouraged to use the developing technology.

Listen as our experienced panel of healthcare counsel explains the intricate legal issues raised in association with the acquisition and deployment of CEHRT systems. The panel will offer their experiences and strategies regarding navigating this rapidly changing and expanding regulatory environment.



  1. Initial considerations
    1. Why is the system being acquired (complete or module CEHRT)?
    2. What is the operational and capital investment for implementation?
    3. What providers will rely on the CEHRT for delivery of clinical care?
    4. What is the hosting model?
    5. What integration will be required with other providers (ACO, HIE, rural network)?
  2. Vendor agreements
    1. Definition of functionality and acceptance testing
    2. Regulatory compliance
    3. Transition and continuity plan
    4. Management of vendor to contractual obligations
  3. Provider agreements
    1. Compliance with regulatory obligations, including Stark, AKS and ACO waivers
    2. Data ownership privacy and security
    3. Hospital and participating medical staff governance of shared IT environment
    4. Patient portal considerations


The panel will review these and other key questions:

  • What are the potential legal risks involved in structuring an EHR agreement with a third-party vendor?
  • What are best practices for counsel in drafting and negotiating EHR agreement provisions to address the providers’ service needs and to ensure compliance with critical regulatory requirements?
  • What are the potential meaningful use and business associate contracting issues that arise with EHR agreements between providers and third-party vendors?


Michael Batt
Michael Batt

Hall Render Killian Heath & Lyman

Mr. Batt assists healthcare providers with practical solutions to the rapidly expanding challenges associated with...  |  Read More

Ammon R. Fillmore
Ammon R. Fillmore

Hall Render Killian Heath & Lyman

Mr. Fillmore focuses his practice on advising hospitals, health system and physician organizations on corporate and...  |  Read More

Pam Titus, MBA
Pam Titus, MBA
Senior Account Manager
Spectrum Health

Ms. Titus has worked at Spectrum Health, a not-for-profit health system, based in West Michigan, since 1986. For the...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Audio