Residency Advisor
The biggest legal disasters I’ve seen for young physicians did not come from their employment contracts. They came from the tech contracts they barely read and then “just signed so IT would set things up.”
You are most vulnerable to bad technology contracts in the first 3–5 years after residency. You’re eager, you want tools, you’re used to clicking “Accept” on everything, and you assume legal/IT/admin has your back.
They often don’t. Or they’re not thinking about your personal risk.
Let’s fix that.
1. The Dangerous Myth: “IT/Legal Already Reviewed This”
This is the first and most expensive lie young doctors believe.
“I thought compliance already approved this.”
“I assumed legal looked at the BAA.”
“They said the health system uses this everywhere.”
I’ve heard all of those right before someone realizes they signed something personally binding and ugly.
Here’s the problem: there are three distinct layers of review, and you’re probably assuming all three are happening when—at best—one is.
| Role | Whose Risk They Prioritize | Looks At Individual Physician Liability? |
|---|---|---|
| Hospital IT | System security, uptime | Rarely |
| Compliance | HIPAA, regulatory | Occasionally, indirect only |
| Hospital Legal | Institution’s exposure | Only if asked, and often minimally |
| Your Lawyer | You and your license | Yes |
Most post-residency doctors make three assumptions that are flatly wrong:
- If the hospital “approved” a product, my personal liability is covered.
- If it’s a popular app or device, the contract must be standard and safe.
- Click-through agreements are “just boilerplate” and not enforceable.
Those assumptions are how you end up with:
- Personal indemnity clauses that survive your employment
- Quiet non‑competes that follow you when you leave
- Data ownership terms that block you from your own charts or research
- Revenue-sharing deals you can’t unwind if the tech fails or your group dissolves
If you remember nothing else, remember this: institutional approval is not synonymous with personal protection.
2. Indemnity & Liability: The Clause That Can Wreck Your Finances
If there’s one part of a tech contract that should make you slow down, it’s the indemnity section. This is where companies quietly shove risk back onto you.
You’ll see phrases like:
- “Physician shall indemnify and hold harmless…”
- “User agrees to defend, indemnify, and hold harmless Company from any and all claims arising from…”
- “Customer assumes all responsibility for clinical decisions…”
The mistake: physicians read that and think, “Well, I have malpractice insurance.” Then they sign.
Here’s what they miss:
Malpractice doesn’t cover contract breaches.
If a patient sues you for negligence, that’s one thing. If a tech vendor sues you because the hospital terminates the agreement and they claim you breached your obligations as a “user” or “partner,” that’s a contract dispute. Very different insurance world.“Any and all claims” often includes regulatory and third‑party claims.
That can mean:- Data breach fallout
- Misuse of software
- Alleged misrepresentation in your use of their tool (e.g., AI‑generated notes, coding suggestions)
Personal vs. institutional liability is often blurred on purpose.
Many template agreements are written for solo practices, then lazily used with employed physicians. The company doesn’t care who pays the bill. They just want someone on the hook.
Red flags you should stop on immediately:
- Any clause where you or “the physician user” indemnify them
- Any language that shifts responsibility for “accuracy of the tool’s recommendations” onto you
- Any statement that you “accept full responsibility for all clinical decisions made based on the platform’s outputs”
That last one is a favorite in AI decision support tools and “clinical analytics dashboards.” They’re telling you: if the algorithm is wrong and you followed it, that’s on you.
Do not just “accept and move on” because everyone else is using it. If there is a personal indemnification clause with your name or signature on it, you need it softened, limited, or removed—and you need your own lawyer to help.
3. Data Ownership & Access: The Trap That Locks Up Your Life’s Work
You will regret this mistake ten years from now, not tomorrow. That’s why so many people walk into it.
Most tech contracts bury data terms deep in the middle:
- “Company shall own all de‑identified or aggregated data…”
- “Provider grants Company a perpetual, irrevocable license to use data…”
- “Customer shall not access raw data except through Company‑provided interfaces…”
On call at 2 a.m., you don’t care who owns de‑identified data. But when you try to:
- Build a longitudinal research database
- Take your panel attribution history to a new job
- Prove outcomes to negotiate a better contract
- Publish on your own patients’ results
Suddenly, data ownership matters.
Two especially ugly mistakes I’ve seen:
Physicians signing “innovation” or “pilot” agreements with AI/documentation vendors
They think: “Cool, I’m an early adopter.”
The contract quietly says:- All derivative models built from your charting/data belong to them
- You have no right to audit or export the underlying data feeds
- They can use your cases for training and commercial purposes indefinitely
Then you leave the institution and can’t even access datasets for follow‑up research on the cohort you helped build.
Remote monitoring and digital health companies using patient data as their asset
On paper: they “help you manage chronic disease patients” with wearables and dashboards.
In the contract:- They own the monitoring data
- They can sell de‑identified trends
- You get only limited portal views, no extract
If you later want to switch vendors, you lose continuity on all that monitoring data. And good luck explaining to patients why their device history fell into a black hole.
Look for:
- Who “owns” the data (word for word)
- Whether they can use it “for any commercial purpose”
- Whether you have rights to export full, usable datasets
- Whether your rights end when the contract ends (another trap—post‑termination access is critical)
If you’re doing any research, QI, or plan to build a niche reputation based on data, signing these away casually is a long‑term career error.
4. Quiet Non‑Competes and Exclusivity: The Clause That Follows You
Everyone knows to look for non‑competes in employment agreements. Almost no one looks for them in tech contracts.
They’re often camouflaged as:
- “Exclusivity”
- “Preferred partnership”
- “Territory restriction”
- “Non‑solicitation” that’s actually broader than it looks
I’ve seen a post‑residency doc join a “telehealth startup partnership,” sign a tech/affiliate agreement, then three years later get blocked from joining a large competitor platform because that original contract said:
- They couldn’t provide telehealth services through any “competing platform” for X years
- They couldn’t “encourage patients to use alternative telehealth solutions”
- The definition of “competing platform” was basically any virtual care company operating in the same state
And the kicker: the exclusivity survived termination. So even once they left, they were still bound.
You urgently need to watch for:
- Any “exclusive use” requirements (e.g., only this app for telehealth, remote monitoring, second opinions)
- Any restrictions that continue “for X years after termination”
- Definitions of “competitor” or “similar services” that are too broad
This matters most in:
- Telehealth platforms
- Remote patient monitoring companies
- Digital therapeutics partners
- AI‑driven second opinion or radiology tools where you might later work with a competitor
If your plan is to build a niche in digital medicine, you can accidentally handcuff yourself to the first mediocre platform that gave you a consulting title.
Do not trade your future flexibility for a fancy “medical director” line on your CV and a $5k stipend.
5. “Pilot Programs” and Beta Tools: You Are Not Just a Tester
Post‑residency physicians are prime targets for “beta” and “pilot” tech because you’re young, adaptable, and more tech‑comfortable.
You get the pitch:
“We’re partnering with a few forward‑thinking physicians to pilot our AI note writer / decision support / scheduling intelligence. You’ll help shape the product.”
Sounds fun. Feels flattering. Then they slide you a 10-page “pilot participation agreement” and you sign without blinking.
Typical landmines in these “simple” pilot agreements:
You assume all responsibility for validation.
Language like: “Physician is responsible for independently verifying accuracy of all system outputs prior to use in clinical care.”Of course you should verify. But when it’s written this way, if something goes wrong, they’ll argue it was your failure to verify, not their failure to design safely.
They disclaim clinical use… while marketing it as clinical support.
One sentence says: “For informational purposes only, not intended to diagnose or treat.”
Meanwhile they demo it as “optimized for sepsis prediction in ICU.”That’s them trying to have it both ways: use‑case hype without responsibility.
They get IP rights to your feedback and workflows.
Many pilots say any “suggestions, ideas, workflows” you share become their intellectual property. If you help them refine the perfect handoff template, that’s theirs to monetize.No clear exit if the tool starts harming your workflow.
Some pilots lock you in for 6–12 months with usage minimums tied to “success metrics.” That can turn into a full‑time fight to feed their dashboard while your clinic backs up.
You should insist on:
- Clear language that vendor is responsible for the tool’s technical performance and safety testing
- Explicit statement that participation is voluntary and terminable by you without penalty
- No volume or utilization quotas tied to your continued participation
And if they call you an “early adopter,” translate that in your head as: “We’d like you to absorb some of our risk.”
6. Compensation, Up‑Codes, and Stark/AKS Headaches
Here’s a mess I’ve personally seen more than once: a shiny tech platform offers revenue sharing or “efficiency bonuses” tied to the use of their tool.
Example: A remote patient monitoring platform offering you:
- A cut of RPM CPT revenue
- “Shared savings” from reduced hospitalizations
- Bonuses tied to generated billings from their clinical documentation templates or AI coding suggestions
On the surface, it looks like a smart partnership. Under the hood, it can trigger:
- Stark Law issues
- Anti‑Kickback Statute (AKS) concerns
- Over‑coding risk if their templates “optimize” documentation beyond what you actually did
Common mistakes:
Confusing institutional compliance approval with personal immunity.
Just because some admin said, “Legal cleared the model,” doesn’t mean your individual billing is safe, especially if you’re signing separate participation or compensation addenda.Letting the platform auto‑populate visit levels or diagnoses.
If their documentation assistance keeps “helpfully” nudging encounters upward and you sign the notes, you own those codes.Tying your compensation directly to volume on a specific tech platform.
That starts looking, to regulators, like inducement to use a particular service or vendor—exactly what Stark/AKS care about.
You need to be wary of:
- Any language tying your compensation to “increased utilization of covered services through the Platform”
- Any suggestion to “let our algorithm suggest the highest appropriate E/M level” without you understanding exactly how it works
- Vague assurances like “other doctors are doing this with no issues”
Get your own health care regulatory counsel if you’re touching shared savings, RPM revenue splits, or anything that looks like referral‑linked compensation via tech. This is not an area to “hope it’s fine.”
7. Click‑Wrap & Online Terms: The Contract You Signed Without Realizing
You will be tempted to treat app sign‑ups and online dashboards as “not real contracts.”
They are very real.
The “I Agree” button on:
- A telehealth platform portal
- An AI scribes service
- A remote EHR access app
- A cloud storage/communication tool
…often binds you to:
- Governing law in some distant state
- Mandatory arbitration in a forum you’d never choose
- Severe limitations of liability in their favor
- Wide‑open data reuse rights
You make two big mistakes here:
You assume your employment contract overrides these.
It usually doesn’t. If you personally click “I accept,” you’re now a party to that agreement too, separate from whatever your hospital signed.You underestimate how enforceable these are.
Courts uphold click‑wrap terms more often than you’d like to think, especially if the checkbox was clear and the link to Terms was visible.
At minimum, before you click through:
- Skim for bold headings: “Limitation of Liability,” “Indemnification,” “Arbitration,” “Data Use”
- Check if you are named as the “user” or “customer” versus just the institution
- If you see anything that sounds like you personally promising to indemnify or waive rights, stop and escalate
If your organization wants you to use a platform, they should be the contracting party. Push it back up: “I’m not comfortable personally accepting these terms. Can this be set up under the institution’s master agreement instead?”
Yes, that’s annoying. Yes, it’s worth it.
8. Termination, Sunset, and “You Thought You Were Done, But You’re Not”
One more area doctors gloss over: what happens when this tech relationship ends.
Hidden problems show up in clauses like:
- “Obligations that by their nature should survive termination shall survive”
- “Post‑termination cooperation” with vague requirements
- “Runoff” periods where you’re still bound by certain use or non‑use terms
Common nasty surprises:
- You remain prohibited from working with a competitor for 1–3 years
- You remain bound to confidentiality about how the system works, limiting your ability to warn future colleagues or testify honestly in disputes
- You lose access to data you need for patient continuity or research
- You’re still bound to respond to audits, inquiries, or discovery requests related to your prior use of the system, with no compensation for your time
For clinical tech, you should insist (or at least push) for:
- A clear explanation of post‑termination data access: format, duration, and cost
- Reasonable time‑limited survival clauses, not “forever, basically”
- No post‑termination exclusivity or non‑compete language tied to the platform’s industry
The rookie mistake is to treat termination like “we unplug it and we’re done.” For most serious tech, termination is when the real pain begins if the contract was sloppy.
9. A Simple, Ruthless Checklist Before You Sign Anything Tech‑Related
You don’t need to become a tech lawyer. But you do need a gut‑level process that prevents the worst errors.
Before you sign or click “I Agree” on any post‑residency tech contract or participation agreement, ask yourself:
| Category | Value |
|---|---|
| Indemnity | 90 |
| Data Ownership | 80 |
| Exclusivity | 70 |
| Compensation Risk | 65 |
| Termination | 60 |
Who is the actual contracting party?
You individually? Your group? The hospital? If your individual name is anywhere, that’s a yellow flag.Who owns the data, and what can they do with it?
Can they use it for “any commercial purpose”? Is there a clean, affordable export path for you or your institution?Where does liability land for clinical decisions?
Are they trying to dump all responsibility for AI suggestions, auto‑coding, decision support on you?Are there hidden non‑compete or exclusivity obligations?
Anything that limits your ability to use other tools, platforms, or employers now or after termination?Is there any personal indemnification clause?
If you see “physician shall indemnify,” pause. That’s usually not fixable without negotiation.What survives termination?
Data access? Non‑competes? Confidentiality? Cooperation duties? Spell it out in your head.Have you shown this to your lawyer, not just “the hospital’s”?
If the answer is no and the deal touches your license, data, or independent income, you’re gambling.
10. How to Protect Yourself Without Becoming “That Difficult Doctor”
You don’t have to be the person who refuses every tool. You just have to stop being the person who signs everything in a rush.
Here’s a sane, low‑friction flow to follow:
| Step | Description |
|---|---|
| Step 1 | Receive Tech Agreement |
| Step 2 | Ask if Institution Can Contract Instead |
| Step 3 | Skim For Red Flags |
| Step 4 | Step Back From Signing |
| Step 5 | Send to Your Lawyer |
| Step 6 | Confirm Data Ownership and Exit Terms |
| Step 7 | Decide to Sign or Decline |
| Step 8 | Named Party is You Personally |
| Step 9 | Institution Will Take Over? |
| Step 10 | Indemnity or Exclusivity Present? |
Key moves that do not make you “difficult”:
- Saying: “I’m not comfortable signing this personally; can this be routed through the group/hospital agreement?”
- Emailing: “Before I accept, I’d like clarification on data ownership and post‑termination access for patient continuity and research.”
- Asking: “Does our malpractice or institutional insurance cover the indemnification language here?” (Often the answer is silence—that’s your answer.)
A mature organization will respect those questions. An immature one will pressure you to “just sign, everyone else did.” That alone tells you something about whether you should proceed.
| Category | Value |
|---|---|
| Residency | 10 |
| PGY-3 | 20 |
| First Job | 30 |
| 5 Years Out | 55 |
| 10+ Years | 70 |
You don’t need to read every word of every tech contract. But you do need to stop pretending they’re harmless.
Today, do one concrete thing:
Pull up the last technology platform, app, or “pilot program” you agreed to use in your new job. Find the terms of use or participation agreement and search—literally hit Ctrl+F—for “indemnify,” “exclusive,” and “data.” If any of those sections make your stomach drop, forward the contract to a healthcare attorney with a single sentence:
“Before I go further with this platform, I need to know what personal risk I’ve just agreed to take on.”
