Recently, there has been a significant increase in the adoption of new and renewed electronic patient record (EPR) solutions. This pattern is likely the result not only of existing contracts reaching their end of term and coming up for renewal, but also of two key themes that are dominant within the healthcare sector at the moment:
- the development of Integrated Care Systems, Provider Collaboratives and Place-based partnerships to deliver integration across healthcare systems and improved patient outcomes; and
- the drive to increase digitally enabled care, adopt new cost-effective technology, and develop compatible ways of working across these new integrated relationships.
These themes are reflected in the government’s recently published plan for digital health and social care. They are shaping a new landscape for healthcare providers, and efficient digitised record systems are a core part of this new landscape. When coupled with the fact that many EPR contracts are contracted for terms lasting 10-15 years, the enduring nature of these critical systems means it is crucial for NHS organisations to make sure their EPR solution is fit for purpose and supported by a robust contract.
Buyers of EPR solutions should also be mindful of the potentially reduced market available to suppliers as a result of integration, which in turn is likely to increase tension when procuring as contracts become more scarce and therefore valuable to suppliers. This may make suppliers more willing to challenge procurement awards and so organisations will need to ensure they minimise the risk of a challenge wherever possible.
In this article, we set out what we see as some of the key considerations when procuring for a new EPR solution and provide guidance on how to set up your EPR procurement process to be a successful one.
Avoiding early pitfalls
It is understandable to think that the key considerations when negotiating an EPR contract do not really arise until late in the procurement process when the legal teams start to hammer out the finer points of the contract. However, in our experience we often find that the die is cast much sooner than this stage, and so there are several things that are worth addressing from the outset wherever possible:
- Picking the right procurement route. Frameworks may often be seen centrally as the solution to enable easy adoption of EPR solutions, but they should not be taken for granted. Supplier approaches vary considerably and so framework contracts will almost always have to be tailored. Suppliers will also look to adjust framework terms to reduce their risk exposure, even when the framework terms are already well-established. Different frameworks have their own intended purposes and not all of them are well-suited to SaaS-based EPR solutions. It is in a buyer’s best interests to invest in the effort from the very start and identify the most appropriate framework to meet its needs to try and minimise these frictions.
- Negotiating strategy. Rightly or wrongly, suppliers have developed the habit of negotiating heavily against the terms of framework call-off agreements, even when they have already signed up to the relevant framework and accepted those terms in principle. One consequence of this is that buyers should be aware that the procurement process will take longer than expected to complete. Larger suppliers will negotiate hard and the process of finalising a contract can potentially take months. Buyers should therefore take care to plan their timelines well enough in advance to allow for this.
- Stakeholder engagement. We understand that resources are in high demand, and it can be difficult to ensure the availability of key personnel for the length of time a procurement process needs. However, in our experience, the best EPR procurements are those where the organisation actively engages its internal subject matter experts throughout the process. This enables the organisation to fully assess the supplier offerings and identify any significant hurdles in areas such as cyber security, data protection, or service integration. This also enables organisations to give clearer instructions to their legal advisers when it comes to finalising the contract.
- Partnering. Organisations may want to consider the potential benefits in partnering with other buyers for a shared EPR solution; this can take the form of a joint, collaborative, procurement for a new solution or may involve joining an existing EPR solution. Partnering with other organisations in this way can provide significant benefits for interoperability. Organisations may find this is an attractive opportunity that fits well with wider plans for integrated healthcare.
- Legal input. Legal input is often sought late in the process, meaning legal teams do not have the opportunity to support NHS organisations on legal pros/cons of particular frameworks and suppliers. However, early engagement can ensure legal are fully briefed and provide maximum value at each stage of the process.
Key legal / commercial issues
Agreeing the wider approach to an EPR negotiation will stand an EPR buyer in good stead, but there will always be issues that arise during the contracting stage as the details of the supplier’s EPR solution come under scrutiny. If the relevant requirements are set out clearly in the tender documents, supplier expectations can be managed and their offerings can be evaluated accordingly to obtain the best solution available. Where the issues are not properly considered until the contract is being negotiated with the preferred bidder, buyers can be left in a difficult position. For this reason, we recommend that buyers look to establish their requirements early on in relation to the following common pressure points:
- Intellectual property. One major issue that is sometimes overlooked is the treatment of intellectual property rights (IPR) within the contract. Many frameworks are designed for solutions that are not SaaS based models, and many suppliers are concerned by the surrender of IPR that frameworks seek. A common result is that suppliers seek to re-work the IPR clauses, which can result in difficult negotiation. As such, organisations should try to ensure they go to market with appropriate IPR clauses from the outset.
- Service levels and KPIs. These are a key element of any managed service contract and EPR solutions are no different. By their nature, service level agreements (SLAs) are very subjective to each supplier. This means it is key for organisations to properly scrutinise SLA offerings during the bidding/best-and-final-offer stage of a procurement to avoid a weak negotiating position when appointing the preferred bidder. Organisations should also make sure that the SLA is able to appropriately incentivise performance without punishing a supplier; if the SLA is too weak then the supplier will not heed it, but if the SLA cripples the supplier then the service will suffer anyway.
- Duration and termination. 10 years is a long time in the IT industry, and so organisations need to ensure an EPR contract contains suitable obligations to keep the EPR solution up to date. Conversely, regulatory obligations can also change significantly, and suppliers are nervous about being caught on the hook by a change in law – especially US-based suppliers. Termination rights are often the most common remedy offered for these problems, but buyers are unlikely to want to leave early due to the hassle of re-procuring. Buyers should be alert to the fact that termination rights are poor remedies in these situations and should challenge suppliers to engage with more realistic ways to tackle these issues.
- Suspension rights. EPR suppliers will always try to seek a right to suspend the services, either to protect their IPR or to protect the IT security of both the supplier and the buyer. Objectively these concerns are not unreasonable; however, for EPR services, this is a major issue due to the critical involvement the service has for patient care. Where any suspension right is agreed it should be specific, limited, and subject to suitable escalation before the trigger, as well as detailing obligations to get the service back up and running. Buyers should be aware of this risk and shape their procurement evaluation/scope to flush out this issue early on.
- Data protection and cyber security. Suppliers are generally aligned with the major UK GDPR provisions now but can often haggle over nuanced provisions because they want to maintain unrestricted operational freedom. This can have implications for an organisation’s obligations to maintain oversight of sub-processing and international data transfers, and so organisations should always seek to ensure their Data Protection Officers and Information Security teams are engaged in the discussions early so that these tricky details can be resolved.
- Implementation. Suppliers often like to propose a more holistic and collaborative approach to implementation than most framework terms start with, and this means they resist provisions that set out a more rigid plan. This sounds attractive and is often a clever idea given the common goal of getting a successful solution up and running, but suppliers may also use this cooperative approach to remove the remedial mechanisms an organisation would otherwise have when the implementation timeline slips. Organisations should take care to ensure that the implementation plan always has an effective way to hold their supplier to account if things go wrong, and to keep the project on track.
For further information, please contact:
David Baines, Hill Dickinson
david.baines@hilldickinson.com
