Letters of Agreement/Contracts (Updated)

Editor's note: The following practice brief supplants information contained in the "Letters of Agreement/Contracts" practice brief in the June 2001 Journal of AHIMA (vol. 72, no. 6).

Healthcare organizations enter into written contracts every day. Typically, the HIM professional secures contracts for transcription, record copying, imaging, record storage, coding, other outsourcing, or consulting services. Although contracts can prevent confusion and conflict, they can also bind the inattentive signer to conditions that are difficult or impossible to meet. The purpose of this brief is to empower HIM professionals to draft, review, and secure sound, discerning contracts.

The Department of Health and Human Services proposes model business associate contract language in the appendix to the final privacy rule published on August 14, 2002. Further, in its model compliance plans, the Office of the Inspector General advises against entering into a contract that may induce a vendor to commit a fraudulent practice, such as upcoding.

Legal and Regulatory Requirements

A contract is a legally binding and legally enforceable promise or set of promises between two or more competent parties. The requirements for a contract include:

  • an offer
  • acceptance of the offer
  • consent
  • consideration (the value, usually monetary)
  • competent parties' legality (the activities described therein are not contrary to law, public policy, or the peace, health, or morals of a community)
  • a requirement that some contracts be in writing

The standards for privacy of individually identifiable health information, also known as the HIPAA privacy rule (42 CFR Part 160-164), state that contracts between a HIPAA-covered entity (healthcare providers who submit health information electronically, health plans, and healthcare clearinghouses) and any business associate to whom protected patient health information is disclosed must establish the permitted and required uses and disclosures of information by the business associate. The contract may not authorize the business associate to use or further disclose protected health information (PHI) in a manner that would violate the requirements if done by the covered entity (CE), except that:

  • the contract may permit the business associate to use and disclose PHI for the proper management and administration of the business associate to carry out the legal responsibilities of the business associate
  • the contract may permit the business associate to provide data aggregation services relating to the healthcare operations of the CE

The contract must also provide that the business associate will:

  • not use or further disclose the information other than as permitted or required by the contract or as required by law
  • use appropriate safeguards to prevent use or disclosure of information other than as provided for by its contract
  • report to the CE any use or disclosure of the information not provided for by its contract of which it becomes aware
  • ensure that any agents, including a subcontractor to whom it provides PHI received from or created or received by the business associate on behalf of the CE, agree to the same restrictions and conditions that apply to the business partner with respect to such information
  • make available PHI in accordance with section 164.526
  • make available PHI for amendment and incorporate any amendments to PHI in accordance with 164.526
  • make available the information required to provide an accounting of disclosures in accordance with 164.528
  • make its internal practices, books, and records related to the use and disclosure of PHI received from or created or received by the business associate on behalf of the CE available to the secretary of HHS for the purpose of determining the CE's compliance with this subpart
  • at termination of the contract, if feasible, return or destroy all PHI received from or created or received by the business associate on behalf of the CE that the business partner still maintains in any form and retain no copies of such information; or, if such return or destruction is not feasible, extend the protections of the contract to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible
  • use PHI to report violations of law to appropriate federal and state authorities, consistent with 164.502(j)(1)

The contract must also provide that:

  • the business associate shall be notified by the CE of any limitation(s) in its notice of privacy practices in accordance with 45 CFR 164.520 to extent that such limitations may affect the business associate's use or disclosure of PHI
  • the business associate shall be notified by the CE of any changes in or revocation of permission by individual to use or disclose PHI to the extent that such changes may affect business associate's use or disclosure of PHI
  • the business associate shall be notified by the CE of any restriction to the use or disclosure of PHI that the CE has agreed to in accordance with 45 CFR 164.522, to the extent business associate's use or disclosure of PHI

The contract must authorize the CE to terminate the contract, if the CE determines that the business associate has violated a material term of the contract.

Accreditation Requirements

The Joint Commission on Accreditation of Healthcare Organizations evaluates all healthcare services provided by the organization for which the Joint Commission has standards. This could include any service provided under contract. HIM-related contractors must not only comply with applicable HIM standards, but with performance improvement, human resources, and other applicable standards as well.

Contracts in General

Typically, contracts or letters of agreement with healthcare organizations include:

  • the date the agreement was entered into
  • a clause describing the relationship between the parties, such as independent contractor
  • a description of the services to be provided
  • any expectations relative to completion, accuracy, or turnaround
  • what the services will cost and when payment is due
  • how or when the contract will terminate
  • the contractor's obligation to secure and safeguard confidential patient health and proprietary information
  • the contractor's obligations to meet or exceed applicable accreditation standards
  • a "hold harmless" clause in which the contractor accepts responsibility for his or her actions and agrees to indemnify or compensate the healthcare facility for any claims against it that are the result of the contractor's actions or inaction
  • when appropriate, a clause that neither organization will solicit an employee of the other party for a specified period without prior written approval of the other party
  • when appropriate, a statement addressing the retention of intellectual property rights of tools, methodologies, and techniques in possession of the contractor or healthcare facility prior to the effective date of the contract
  • a clause relative to dispute resolution
  • authorized signatures

Most vendors develop standard agreements/contracts for the products and services they provide but are generally willing to negotiate changes to those agreements to meet specific needs. HIM professionals who are independent contractors usually meet with an attorney once and obtain a contract that can be enforced in court. With minor revision, the same contract can be used for future clients.

Recommendations

Prior to entering into any written contract, the HIM professional should:

  • make sure the contract addresses the legal and accreditation elements described above
  • ensure the contract addresses applicable contract elements described above
  • conduct a literature, Web, and listserv search specific to the type of agreement being negotiated
  • make sure the terms offered by a vendor are acceptable and appropriate to the situation
  • include pertinent safeguards or clauses gleaned from searches of literature, the Web, and listservs
  • discuss the contract, safeguards, and clauses that need to be included with risk management (if applicable) and legal counsel
  • make sure the terms in the agreement require the contractor to originate, maintain, and make available on request documents showing compliance with various accreditation standards, such as copies of documentation showing employee competence
  • secure two signed copies of the original contract once approved by the vendor, appropriate manager(s), risk manager (if applicable), and legal counsel. Distribute one signed contract to the vendor and the other to the healthcare organization
  • maintain a master inventory of contracts, including the location of the master copies and any renewal or termination dates

HIM professionals who are independent contractors and must generate contracts frequently may find it useful to purchase legal document software. Those who choose to do so should compose a contract as they would for the typical client and have legal counsel review it.

The termination clause should require written notice if either party plans to terminate the contract. The number of days written notice required should take into account the length of time it will take the healthcare organization to procure alternative services.

In addition to addressing the general legal, accreditation, and standard contract items discussed above, HIM professionals should make sure items specific to certain types of common HIM contracts are addressed as outlined in "Additional Elements Appropriate to Specific Contract Types" below.

For a sample consulting agreement contract, see below.

Sample Contractual Agreement

This agreement is made effective as of [date], by and between [client and client address] and [contractor and contractor address]. In this Agreement, the party who is contracting to receive services shall be referred to as [client acronym], and the party who will be providing the services shall be referred to as [contractor acronym].

The parties agree as follows:

Description of Services: Commencing [date], [contractor] will provide the following services (collectively, the "Services"):

(Spell out specific services, any required due dates, and any required outcome measures. For example:

  1. Review policies, procedures, and systems relative to health information privacy and security for compliance with federal and state law and regulation and standards of practice
  2. Review policies, procedures, and systems relative to electronic signatures for compliance with federal and state law and regulation and standards of practice
  3. Provide a written assessment identifying any shortcomings or opportunities for improvement and suggested methodologies for bringing existing practice into compliance with federal and state law or existing standards of practice)

Performance of Services: The manner in which the Services are to be performed and the specific hours to be worked by [contractor] shall be determined by [contractor]. [Client] will rely on [contractor] to work as many hours as may be reasonably necessary to fulfill [contractor's] obligations under this agreement.

Price and Payment Terms: [Client] will pay a fee to [contractor] for the Services in the amount of [dollar amount]. This fee shall be payable [method of payment, i.e., in a lump sum upon completion of the service, based on an hourly rate billed at the end of the month and payable within 30 days, etc.]. Upon termination of this Agreement, payments under this paragraph shall cease, however, [contractor] shall be entitled to payments for periods or partial periods that accrued prior to the date of termination and for which [contractor] has not yet been paid.

Term/Termination: This Agreement shall terminate automatically upon completion by [contractor] of the Services required by this Agreement. Either party may terminate this agreement with or without cause by submitting a 30-day written notice.

Relationship of Parties: It is understood by the parties that [contractor] is an independent contractor and not an employee of [client]. [Client] will not provide fringe benefits, including health insurance, holidays, paid vacation, or any other employee benefit, for the benefit of [contractor].

Confidentiality: [Contractor] recognizes that [client] has patient health information and other proprietary information (collectively, "Information") which are valuable, special, and unique assets of [client]. [Contractor] will not divulge, disclose, or communicate in any manner any Information to any third party without prior written consent. [Contractor] will protect the Information and treat it as strictly confidential. [Contractor] will abide by the requirements of 42 CFR, Part 164.506, Standards for Privacy of Individually Identifiable Health Information: Proposed Rule. A violation of this paragraph shall be a material violation of this agreement.

Legal Fees and Court Costs: In the event any legal action is taken to enforce this agreement or any portion thereof, the party that prevails in that suit shall be entitled to recover from the other, reasonable attorney fees plus the cost of said suit.

Notices: All notices required or permitted under this Agreement shall be in writing and shall be deemed delivered when delivered in person or deposited in the United States mail, postage prepaid, addressed as follows:

[Client Contact Name and Address]
[Contractor Contact Name and Address]

Such address may be changed from time to time by either party by providing written notice to the other in the manner set forth above.

Entire Agreement: This Agreement contains the entire agreement of the parties and there are no other promises or conditions in any other agreement whether oral or written. This Agreement supersedes any prior written or oral agreements between the parties.

Amendment: This Agreement may be modified or amended if the amendment is made in writing and is signed by both parties.

Severability: If any provision of this Agreement shall be held to be invalid or unenforceable for any reason, the remaining provisions shall continue to be valid and enforceable. If a court finds that any provision of this Agreement is invalid or unenforceable, but that by limiting such provision, it would become valid and enforceable, then such provision shall be deemed to be written, construed, and enforced as so limited.

Waiver of Contractual Right: The failure of either party to enforce any provision of this Agreement shall not be construed as a waiver or limitation of that party's right to subsequently enforce and compel strict compliance with every provision of this Agreement.

Applicable Law: This Agreement shall be governed by the laws of the State of [state].

Signature Party Receiving Service _________________________________
Signature Party Providing Service___________________________________

Additional Elements Appropriate to Specific Contract Types

Contracts for transcription services should also address:

  • how and when physician demographic information will be supplied
  • how and when patient demographic information will be provided
  • the formats in which documents will be transcribed
  • who will provide dictation and transcription equipment
  • who will pay for dictation and transcription-related supplies and service contracts required to maintain equipment and supplies
  • who will pay local and long-distance telecommunication expenses
  • how dictated health information will be secured during transport to the transcription service
  • how turnaround time will be defined and measured, that is, from dictation to transmission of typed report
  • expected turnaround time for various report types and correcting errors
  • how the chargeable unit will be defined and computed (such as lines, words, or characters)
  • cost per chargeable unit
  • additional charges (such as stat or changes to the original document made at the request of the dictator)
  • how the charges will be adjusted when the transcription service fails to turn around documents in the time frames specified
  • how many errors per unit will be considered acceptable
  • how transcript errors will be corrected
  • how the transcription service will ensure and measure quality
  • how often reports of quality improvement (QI) activities will be provided by the transcription service
  • how and in what medium transcribed documents will be returned to the healthcare organization
  • how information will be transported to and from the healthcare facility
  • how long information dictated and transcribed will reside on any transcription service database
  • how information retained on transcription service database will be destroyed to ensure confidentiality

Contracts for record photocopy/disclosure services should also include:

  • a statement that the copy service will comply with facility policy as well as state and federal law in evaluating and disclosing health information
  • a specific number of hours or days that turnaround time will not exceed and how turnaround will be defined
  • the types of requesters who will incur charges and the fees they will be required to pay
  • mechanism that will be used to ensure that turnaround standards are met
  • the QI mechanism that will be used to assure the healthcare organization that the copy service is adhering to facility policy and state and federal law and frequency of QI reports
  • the mechanism for reporting incidents (such as a record released with improper signatures or records mailed to the wrong person)
  • the manner in which requests will be tracked and disclosures documented
  • the process for handling disclosures when records cannot be located
  • identification of the party that will perform the various activities associated with processing requests for information
  • provisions that each party will be provided access to and any training needed to use specific systems owned or leased by the other party needed to carry out disclosure activities
  • standard document sets that will be included in response to specific types of requests
  • a clause that specifies how, on termination of the contract, the parties will assure the healthcare facility has complete and accurate information regarding all requests and disclosures made during the contract

Contracts for imaging services should also include:

  • the manner in which imaging will be performed
  • a definition and standard for turnaround
  • the media to be used and method of labeling
  • identification of the party that will perform the various activities required to facilitate imaging
  • the manner in which progress will be tracked and the frequency or means by which it will be communicated to the healthcare facility
  • the mechanism that will be used to ensure quality and when and how those activities will be communicated
  • all charges, including those associated with returning a file to the healthcare facility
  • a requirement that the imaging vendor provide the healthcare facility with electronic indexing information in a format that can be merged with the master patient index
  • a clause that addresses disposition of the record after imaging

Contracts for record storage providers should also include:

  • the provisions the record storage company will employ to safeguard patient records
  • the precautions employed by the record storage company to ensure information is disclosed only to authorized requesters
  • the definition of turnaround standards and fees for various types of requested information
  • retrieval procedures for stat, after hour, weekend, and routine provision of health information
  • how record locations will be tracked and the process and fees associated with searches for misplaced records
  • any adjustments in charges when records are not provided to the healthcare facility within agreed-on time frames

Contracts for coding providers should also include:

  • provisions that allow the healthcare facility to review assigned coders' resumes, contact previous healthcare facilities, and reject any coders believed to be a poor fit for the facility
  • the type of coding to be done and any facility-provided encoding technology the coder is expected to use
  • a statement as to acceptable standards of coding accuracy and how performance will be measured and that contract coders will adhere to specific coding guidelines
  • standards for terminating the use of a particular coder (i.e., seven days after verbal notice) when acceptable standards of accuracy are not maintained
  • standards for productivity and the method for determining whether adequate levels of productivity are maintained

Revised by

Harry Rhodes, MBA, RHIA, director of HIM products and services

Originally prepared by Gwen Hughes, RHIA

References

Abdelhak, Mervat et al. Health Information: Management of a Strategic Resource. Philadelphia: W.B. Saunders, 1996.

Department of Health and Human Services. "42 CFR, Parts 160-164 Standards for Privacy of Individually Identifiable Health Information; Proposed Rule, November 3, 1999, part 164.506." Available at http://aspe.dhhs. gov/admnsimp.

Joint Commission on Accreditation of Healthcare Organizations. Comprehensive Accreditation Manual for Hospitals. Oakbrook Terrace, IL: Joint Commission on Accreditation of Healthcare Organizations, 2000.

Office of Inspector General compliance program guidances are available at www.oig.hhs.gov/authorities/Frnotices.html.

"Standards for the Privacy of Individually Identifiable Health Information; Final Rule." 45 CFR Parts 160-164. Federal Register 65, no. 250 (December 28, 2000). Available at http://aspe.hhs.gov/admnsimp/.

"Standards for the Privacy of Individually Identifiable Health Information; Final Rule." 45 CFR Parts 160-164. Federal Register 67, No. 157 (August 14, 2002) Available at http://aspe.hhs.gov/admnsimp/.

Tepper, Ron. The Consultant's Proposal, Fee and Contract Problem Solver. New York: John Wiley and Sons, 1993.

Acknowledgments

Mary Brandt, MBA, RHIA, CHE
Jill Callahan Dennis, JD, RHIA
Beth Hjort, RHIA, CHP
Monica Pappas, RHIA

Source: Rhodes, Harry and Gwen Hughes. "AHIMA Practice Brief: Letters of Agreement/Contracts" (Updated April 2003)