Adoption and convergence of electronic patient record (EPR) solutions in the NHS continues apace, spurred on by investment from the NHS England Transformation Directorate’s frontline digitisation campaign and the target for all NHS Trusts to have an EPR in place by March 2026.
A well-prepared procurement exercise will usually take several months to run from initiation to contract award. Similarly, large IT solutions such as an EPR system will often require approximately six to nine months to implement. As a result, we expect to see a large number of NHS Trusts begin the procurement process for a new EPR over the next few months in order to ensure their project timelines are on course for the 2026 target.
In recent months there have been several news stories published regarding both successful and unsuccessful EPR procurement exercises. A general theme found in all of these stories is that the successful procurement of an EPR solution requires careful and detailed planning that engages clinical and technical expertise throughout the process.
For those Trusts that are about to embark upon a new EPR procurement exercise, we set out below our recommendations when procuring for a new EPR solution and provide guidance on how to set up your EPR procurement process to be a successful one.
Avoiding early pitfalls
It is understandable to think that the key considerations when negotiating an EPR contract do not really arise until late in the procurement process. However, in our experience we often find that the die is cast much sooner than this stage, and so there are several things that are worth addressing from the outset wherever possible:
Picking the right procurement route. Frameworks may often be seen centrally as the solution to enable easy adoption of EPR solutions, but they should not be taken for granted. Supplier approaches vary considerably and so framework contracts will almost always have to be tailored. Suppliers will also look to adjust framework terms to reduce their risk exposure, even when the framework terms are already well-established. Different frameworks have their own intended purposes and not all of them are well-suited to SaaS-based EPR solutions. It is in a Trust’s best interests to invest in the effort from the very start and identify the most appropriate framework to meet its needs to try and minimise these frictions. If in doubt, we recommend seeking early advice from specialist procurement lawyers.
Stakeholder engagement. We understand that resources are in high demand, and it can be difficult to ensure the availability of key personnel for the length of time a procurement exercise needs. However, in our experience, the best EPR procurements are those where the organisation actively engages its internal subject matter experts throughout the process. Several reviews of previous EPR procurement exercises tell the same story and recommend that a successful process is one that fully engages clinical expertise during evaluation and governance. This enables the organisation to fully assess the supplier offerings and identify any significant hurdles in areas such as cyber security, data protection, or service integration. This also enables organisations to give clearer instructions to their legal advisers when it comes to finalising the contract.
Negotiating strategy. Rightly or wrongly, suppliers have developed the habit of negotiating heavily against the terms of framework call-off agreements, even when they have already signed up to the relevant framework and accepted those terms in principle. One consequence of this is that Trusts should be aware that the procurement process will take longer than expected to complete. Larger suppliers will negotiate hard and the process of finalising a contract can potentially take months. Trusts should therefore take care to plan their timelines well enough in advance to allow for this in order to avoid a weakened negotiating position.
Partnering. Trusts may want to consider the potential benefits in partnering with other Trusts for a shared EPR solution; this can take the form of a joint, collaborative, procurement for a new solution or may involve joining an existing EPR solution. Partnering with other Trusts in this way can provide significant benefits for interoperability. Trusts may find this is an attractive opportunity that aligns well with wider NHS aims for increased integration across healthcare systems.
Legal input. Legal input is often sought late in the process, meaning legal teams do not have the opportunity to support Trusts on legal pros/cons of particular frameworks and suppliers. However, early engagement can ensure legal advisers are fully briefed and provide maximum value at each stage of the process. Many attributes of a procurement exercise become very difficult to amend once the tender is published, so expert legal advice can often provide the most value when engaged before going to market.
Key legal / commercial issues
Agreeing the wider approach to an EPR negotiation will stand a Trust in good stead, but there will always be issues that arise during the contracting stage as the details of the supplier’s EPR solution come under scrutiny. If the relevant requirements are set out clearly in the tender documents, supplier expectations can be managed, and their offerings can be evaluated accordingly to obtain the best solution available. Where the issues are not properly considered until the contract is being negotiated with the preferred bidder, Trusts can be left in a difficult position. For this reason, we recommend that Trusts look to establish their requirements early on in relation to the following common pressure points:
Intellectual property. One major issue that is sometimes overlooked is the treatment of intellectual property rights (IPR) within the contract. Many frameworks are still designed for solutions that are not SaaS based models, and many suppliers are concerned by the surrender of IPR that frameworks seek. A common result is that suppliers seek to re-work the IPR clauses, which can result in difficult negotiation. As such, Trusts should try to ensure they go to market with appropriate IPR clauses from the outset and a clear understanding of the rights they need.
Service levels and KPIs. These are a key element of any managed service contract and EPR solutions are no different. By their nature, service level agreements (SLAs) are very subjective to each supplier. This means it is key for Trusts to properly scrutinise SLA offerings during the bidding/best-and-final-offer stage of a procurement to avoid a weak negotiating position when appointing the preferred bidder. Trusts should also make sure that the SLA is able to appropriately incentivise performance without punishing a supplier; if the SLA is too weak then the supplier will not heed it, but if the SLA cripples the supplier, then the service will suffer anyway.
Duration and termination. Many EPR contracts are engaged for 10 years or more. 10 years is a long time in the IT industry, and so Trusts need to ensure an EPR contract contains suitable obligations to keep the EPR solution up to date. Conversely, regulatory obligations can also change significantly, and suppliers are nervous about being caught on the hook by a change in law – especially US-based suppliers. Termination rights are often the most common remedy offered for these problems, but Trusts are unlikely to want to leave early due to the hassle of re-procuring. Trusts should be alert to the fact that termination rights are poor remedies in these situations and should challenge suppliers to engage with more realistic ways to tackle these issues.
Suspension rights. EPR suppliers will always try to seek a right to suspend the services, either to protect their IPR or to protect the IT security of both the supplier and their customer. Objectively these concerns are not unreasonable; however, for EPR services, this is a major issue due to the critical involvement the service has for patient care. Where any suspension right is agreed it should be specific, limited, and subject to suitable escalation before the trigger, as well as detailing obligations to get the service back up and running. Trusts should be aware of this risk and shape their procurement evaluation/scope to flush out this issue early on.
Data protection and cyber security. Suppliers are generally aligned with the major UK GDPR provisions now but can often haggle over nuanced provisions because they want to maintain unrestricted operational freedom. This can have implications for a Trust’s obligations as controller to maintain oversight of sub-processing and international data transfers, and so Trusts should always seek to ensure their Data Protection Officers and Information Security teams are engaged in the discussions early so that these tricky details can be resolved. As has been highlighted in reviews of previous EPR procurements, this engagement is handled best when it is comprehensive. Trusts may find it useful to combine such engagement as part of wider data mapping exercises. We also recommend that Trusts carry out a thorough assessment of the data quality and data readiness within their existing record system as part of, or in advance of, the implementation of their new EPR solution.
Implementation. Trusts should ensure that any implementation plan contains sufficient detail of the activities to be carried out during the implementation process. Particular activities that have been suggested as crucial to a successful EPR implementation include end-to-end testing and a continuous programme of training for Trust personnel. Suppliers often like to propose a more holistic and collaborative approach to implementation than most framework terms start with, and this means they resist provisions that set out a more rigid plan. This sounds attractive and is often a clever idea given the common goal of getting a successful solution up and running, but suppliers may also use this cooperative approach to remove the remedial mechanisms a Trust would otherwise have when the implementation timeline slips. Trusts should take care to ensure that the implementation plan always has an effective way to hold their supplier to account if things go wrong, and to keep the project on track.