look before you leap: avoid (too) strong dependence on your ICT supplier

Healthcare processes are rapidly digitising and the Corona pandemic has only accelerated this process. The use of ICT to support or improve care is now a must. Because ICT has become so important for the delivery of care, healthcare institutions have become increasingly dependent on their ICT suppliers. That dependence has also increased because healthcare institutions are increasingly outsourcing their ICT infrastructure. Where previously local servers under own management were the starting point, nowadays they increasingly work in the cloud. In addition, in-house ICT departments are shrinking and ICT support is increasingly being provided externally and purchased on demand. The advantage of outsourcing is that it often results in cost savings. The disadvantage is that a (too) strong dependence on ICT suppliers may arise. The consequences of this dependence can be considerable.

The ACM warns

In June of this year, the Netherlands Authority for the Financial Markets (“ACM”), the regulator that oversees properly functioning markets, warned that the healthcare ICT markets are not yet functioning properly. The ACM concluded this based on research into the markets for hospital information systems and electronic patient records (HIS/EPD systems). Although the ACM study specifically relates to the market for HIS/EPD systems, the ACM notes that the outcomes are likely to apply to all healthcare ICT markets.

HIS/EPD systems are often the internal core system of a healthcare institution because of the numerous integrated modules and links with other healthcare software. According to the ACM, the central problem in these markets is vendor lock-in: once a choice for a HIS/EPD system has been made, it is often difficult for a healthcare institution to switch to another supplier, and only at great cost (lock-in). This is because the healthcare institution usually does not have the relevant information needed to make the switch. In addition, transferring data and information from the old to the new HIS/EPD system is crucial. This data portability is not always possible and certainly not without the cooperation of the old ICT vendor. The latter is often not very keen to help its departing client, or only helps at (extremely) high costs. Switching is therefore sometimes not possible at all and in many cases not a realistic option. In addition, the supply of alternatives is (very) limited, as the market is largely dominated by a few large players.

Vendor lock-in does not only cause problems when switching from one supplier to another. The ACM also warns against the consequences that vendor lock-in can have during the provision of services. For instance, ICT suppliers can – without running the risk of losing customers – raise prices, lower the service level or not allow it to grow in line with demand, deactivate functionalities or no longer support them, refuse to implement improvements or delay the turnaround times of improvement projects and in the meantime unilaterally implement changes in the conditions that are unfavourable for the customer. There are also signals from the field that ICT suppliers refuse to allow (parts of) implementations to be carried out by a third party, that they force unnecessary upgrades and payment for them, that they refuse to enable links with (certain) other healthcare systems and software (interoperability), that they favour their own products and services by keeping their own system closed, and that they force their own products on others by selling them as part of packages that have to be purchased (bundling). All of this inhibits innovation and has a negative impact on the price and quality of services and products. This ultimately has a negative impact on the quality of care and therefore on the patient.


There is no single solution. However, there are various possible solutions, in which, according to the ACM, all parties in the market have a role to play.

By improving the possibilities for data portability and interoperability, it will become easier to switch from one ICT provider to another, to cooperate and to exchange data between and with healthcare institutions. In order to achieve this, the ACM considers it important that open, standardised links are created and that data exchange is standardised. The initiative for this lies with the market, which will eventually be helped by the new Electronic Data Interchange Act for Health Care. The Act is expected to come into force in 2022 at the earliest. Until then, the solutions must be sought elsewhere.

In the short term, health insurers can indirectly influence the choice of certain ICT suppliers through their purchasing policy and reimbursements to healthcare institutions. Healthcare institutions themselves can prevent (excessive) dependence on suppliers by promoting professional and well-organised procurement. Good procurement requires sufficient knowledge and experience, a clear procurement policy and cooperation between the Board of Directors, procurement officers, the ICT department, healthcare providers and patients (representatives). Cooperation between healthcare institutions can also help to exchange knowledge and experience, with the result that the negotiation position of healthcare institutions vis-à-vis ICT suppliers is strengthened. Combining technical and purchasing expertise can then lead to better contract conditions and less dependence on suppliers.

Points to consider when contracting

The consequences of careless or insufficiently critical procurement can be enormous. Unintentionally, a (too) strong supplier dependency can arise, while that is not necessary. Therefore, when procuring healthcare ICT, always consider the guarantee of continuity of care.

In this context, please note at least the following points:

  • the influence of the ICT application on the care to be provided. The greater the influence of ICT on the care to be provided, the more important it is to make clear agreements in order to avoid (excessive) dependence.
  • the links that may need to be established with other ICT applications (interoperability) and at what cost. Ensure the cooperation of the ICT supplier.
  • the extent to which standard software is supplied and whether customisation is required. Customisation makes one more dependent because of the maintenance to be carried out, but also because of intellectual property rights that in principle remain with the supplier if the parties do not agree on them.
  • The expected level of service. Make clear agreements in a Service Level Agreement. Consider the following:
    • (Un)planned maintenance. Keep the role of the ICT application in the care process in mind and ensure that the availability and accessibility of care is not compromised by maintenance;
    • improvements, updates and upgrades. For example, lay down how to deal with deactivating or no longer supporting functionalities, whether it is compulsory to carry out updates and upgrades and whether there are any costs involved.
  • having back-ups made regularly, so that the continuity of care is safeguarded as much as possible in the event of loss of data or if data are temporarily unavailable. If necessary, make arrangements for an escrow arrangement. This may allow continued use of the software in predetermined cases where the continuity of the ICT supplier is endangered.
  • A possible exit. Before concluding the agreement, discuss whether data and information can be transferred to another system at a later date (data portability) and under what conditions the supplier will cooperate. In addition, make agreements about the removal of data and back-ups by the ICT supplier.


Supplier dependence cannot be eliminated completely. And that is not necessary either. However, good agreements are indispensable. Purchasers therefore have an important role to play. In order to prevent worries afterwards and also to actively contribute to the provision of good care.