RSS

Tag Archives: EMR Hosting

Top 5 Compliance Trends for MSP’s and SPLA

There are so many license changes and gotchas with SPLA, Azure, AWS, and all the others that I thought I would highlight for you some of the trends we see when it comes to compliance.

  1. Licensing Office Standard when Office Professional is installed.  In many cases, an IT administrator will inadvertently install Office Pro, report Office Standard to their procurement team who in return reports it to the reseller.  The IT admin will leave the company, and the procurement team continues to report Standard not knowing Pro is installed until audit time.  In this situation, Microsoft will check when Office was installed, and take the delta of what was reported (STD) v. what should be reported (Pro).  Don’t make this mistake.  Many partners are only charging their customers for Standard pricing!
  2. Not reporting SPLA at all.  Sounds silly, but many providers focus on developing software and not on the licensing.  We have found instances in which the procurement manager (who was in charge of reporting SPLA) left the organization and no one else took over their responsibility.   The reseller continues to email the procurement manager but obviously the email goes unnoticed.  After many months, their SPLA will be terminated and all licenses will have to be trued up.  The problem with this scenario is not just unexpected licensing expense, but when your SPLA terminates, you must sign a new one.  When you sign a new SPLA, you must adhere to the latest SPUR use rights.  As an example, if you had a SPLA prior to the Windows core licensing change, you could continue to report processors.  If your SPLA terminates, you would be forced to license by core now instead of later when your previous agreement (that is now terminated) expired.
  3. Using a VL copy of Office to deploy Shared Computer Activation (SCA).   SCA is specific to Office 365.  If you install Office Pro Plus VL, it goes against the product use rights in which Office (without SCA) cannot be installed on shared hardware.  It takes a lot of negotiation power and time to prove you are SCA eligible, the customer purchased Office 365, and you inadvertently installed the wrong product.
  4. Using License Mobility without License Mobility.  This is by far the most popular compliance trend.  Many organizations do not know what is installed in their datacenter when it comes to customer owned licenses.  Be sure to have the right documentation, addendum, and licensing to ensure compliance.
  5. Leasing an application, hosting the application, and purchasing volume licensing agreement to offer software as a service.   A healthcare company may lease an EMR application, host the application to other healthcare organizations, and license the infrastructure through volume licensing.  If your organization does not own the application you are hosting, you must license it through SPLA.  Self-Hosted for ISV is only eligible for providers who develop and own the application.  This means the code, the rights, everything must be owned by the organization.  Leasing the application and using other plugins you may have developed does not qualify.

I hope this provides you a little insight into the world of compliance.  If you find yourself out of compliant, let us know and we can connect you to the right resource.  info@splalicensing.com

Thanks for reading,

SPLA Man

Advertisements
 
Leave a comment

Posted by on July 5, 2017 in Compliance

 

Tags: , , , , , , , , , , , , , , ,

Epic Community Connect and SPLA

The healthcare community has increased concerns with the way they have deployed (and licensed) their electronic medical record (EMR) software such as Epic Community Connect and others.  As a reader of this blog, you know that when you deploy software for the benefit of a third party (non employee) SPLA must be part of the conversation.  The only exception to this rule is if you actually own the code to the software you are hosting.  In other words, if you developed the software, you can use your own volume licenses to host your software.  If you host a third party software (such as Epic) you must license this in SPLA.   In most cases, many healthcare companies do not own the application, but lease it from the EMR vendor.

Rewind a few years and let’s pretend you are a large hospital who partnered with Epic to provide best in class patient record management for your clients, doctors, and other clinics. Your Epic deployment resides on a Windows Server, SQL Server, and RDS.  As the IT director, you purchased several server licenses and hundreds of Client Access Licenses (CAL) to cover all the external users.  You think you are covered; no one mentions you need to license this via SPLA.  Your reseller didn’t tell you, Microsoft didn’t tell you, and for that matter the vendor didn’t tell you.  You think all is well based off the information you received.  Fast forward 3 years and your volume licensing agreement is up for renewal.  Someone on the licensing side informs you that you shouldn’t true-up licenses or renew your agreement under volume licensing, you need to license SPLA.  You think that’s fine, if you must license under a different program who are you to argue. But what about all those license you already purchased and own?  Unfortunately, you cannot return them, you must allocate those internally.  You think to yourself that’s fine, except for one minor detail…. you purchased hundreds of CALs and you do not have hundreds of employees; those license you own are essentially worthless.  On top of everything else, you just received an audit notification.

Why would they receive an audit notification?  Once a vendor recognizes you have been under-licensed, the vendor might want to dig in deeper to see how long you have been out of compliant and if you purchased enough licenses to cover all the users.  In 90% of all audits, the customer is under-licensed.  Now you own licenses you don’t need, but should’ve purchased more because you don’t own enough licenses to cover all external users initially.  The vendor will want you to pay the delta of what you should’ve paid under SPLA and what you purchased under volume licensing (plus an audit fee).

If you are a healthcare provider and have been notified by Microsoft or any other vendor, please contact us.  We have found that in many cases the licenses report is not always 100% accurate.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on October 12, 2016 in Compliance, EMR Software, Self Hosted

 

Tags: , , , , , , , , , , , , , , , ,

 
%d bloggers like this: