puffery and vaporware, no currently available mechanism provides complete protection against such practices.

In addition, software licenses may present problems. If a software license is not sufficiently broad in scope or duration, a provider can find itself paying unexpected additional license fees to maintain its system. An insufficiently broad license could also leave a provider without rights to use software that is crucial to the functioning of its patient record system.

Access to the source code for software is essential to a health care provider's ability to support and maintain patient record application software. Therefore, the provider should attempt to obtain a copy of the source code, either as part of the initial license grant or in the event that the vendor breaches its support obligations or decides to discontinue supporting the software. Bankruptcy, particularly among small vendors, may make it more difficult, or even impossible, to obtain the source code from a software escrow or in the event the vendor discontinues its software support.

If software licensed or sold in connection with a patient record system infringes the intellectual property rights of another, the consequences to the provider that acquires the system can be severe—both in terms of liability and loss of the right to use the software. Therefore, vendors should be required to warrant that they own the software being licensed or have the right to sublicense it. In addition, the vendor should agree to indemnify the provider and hold it harmless against claims by third parties asserting that the software or the provider's use of the software, or both, infringes on their proprietary rights.

Of course, none of the legal remedies available to a health care provider for a patient record system vendor's breach of contract is as desirable as the vendor's performance of the acquisition agreement. Therefore, it is important to structure payment schedules and conditions to payment in such a way as to give the vendor incentives to perform the agreement.

The vendor should be required to warrant that the record system will meet key performance standards, such as system response time, capacity, and batch-processing capabilities. The use of such software mechanisms as viruses and keylocks to enforce a purchaser's obligation to pay for software is becoming increasingly common, particularly among smaller vendors. Because the law in this area is still unclear, the provider should insist on a warranty in the acquisition agreement that the software does not and will never contain such mechanisms. The provider should also obtain indemnification for resulting losses and damage if such mechanisms are ever used in the acquired software. Contractual limitations on the vendor's liability should be avoided because they may leave a provider without recourse to the vendor when a patient record system fails to function or malfunctions. Such limitations on liability include limitation on the dollar amount of damages, exclusion of liability for consequential damages, limitation of

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement