Elsevier

Dental Abstracts

Volume 60, Issue 5, September–October 2015, Pages 236-237
Dental Abstracts

The Front Office
Contracts for EHR services

https://doi.org/10.1016/j.denabs.2015.07.013Get rights and content

Section snippets

Background

Contracts with vendors who provide electronic health record (EHR) services for dental practices should be carefully evaluated to ensure they can deliver the needed services. The storage and management of patient records must be conducted in compliance with the Health Insurance Portability and Accountability Act (HIPAA), its regulations, and privacy laws. The contract terms may also affect the transferability and release of EHRs back to the dentist or the next EHR vendor. General contract terms,

General Terms

Dentists should be prepared to negotiate the general terms of any contract to ensure that they are appropriate and complete as far as what is covered. At a minimum, the contract must address the term, costs, warranties and disclaimers, indemnification, assignability, and termination concerns. Most vendors offer long-term agreements but a termination option should be included so the dental practice can discontinue the agreement without penalty. More and more vendors are also including an

Training and Software

EHRs require training for many staff members, and the contract should detail how much training the vendor will provide. The owner dentist should be covered as well as staff members to prevent loss of productivity if a staff member is lost. The service contract should specify how many staff members will receive training, whether the dental practice will have to close to implement the program and train the staff, and where training will be delivered. Sometimes only off-site training is offered.

Access to Information

The integration of the EHR software with existing software components are an important aspect of the process. The dental practice must ensure that the EHR software will integrate well with their existing programs to remain efficient.

HIPAA requires that electronic patient health information (ePHI) be encrypted both at rest and during transmission and sets out certain guidelines. Dentists should use encryption for ePHI whenever possible, recognizing that old software or hardware may require

BAA Issues

EHR vendors and cloud providers that store ePHI are likely to meet HIPAA’s definition of a business associate, therefore requiring a BAA to be in place. Failure to have a required BAA may constitute a security incident, trigger breach-reporting requirements, and subject the dentist to fines and penalties.

The minimum requirement for the BAA are the specification of the permitted and required uses and information disclosure; the prohibition of improper uses or disclosures; termination

References (0)

Cited by (0)

Mostofi S, Hoffman AL: Legal considerations for electronic health records. Calif Dent Assoc J 43:245-249, 2015

Reprints available from S Mostofi; e-mail: [email protected]

View full text
Copyright © 2015 Published by Elsevier Inc.