What happens to your patient data if your HMS provider shuts down?

It is a question that rarely comes up during the sales demo but matters enormously in the long run: what happens to your hospital's patient data if your HMS vendor goes out of business, gets acquired, or simply decides to discontinue their product?

In India's growing health-tech market, this is not a hypothetical scenario. Over the past five years, multiple HMS startups have shut down, pivoted to different products, or been acquired by larger companies with different priorities. Each time, their hospital clients were left scrambling to extract their data — sometimes successfully, sometimes not.

The data that is at stake

Think about what your HMS holds after even one year of use. Patient demographics and contact information for thousands of patients. Visit histories, prescriptions, and clinical notes. Lab reports and diagnostic images. Billing records, insurance claims, and payment histories. Staff records and operational data.

For a 50-bed hospital that has been using an HMS for three years, this could represent 50,000+ patient records, hundreds of thousands of clinical documents, and complete financial records. This is not just operational data — it is legally required medical documentation.

Under Indian law, hospitals are required to maintain medical records for a minimum of three years (Indian Medical Council Regulations). Some states require longer retention. If your HMS provider disappears and takes your data with them, you are in legal jeopardy.

How vendor lock-in actually works

Most HMS vendors do not explicitly say "we will hold your data hostage." The lock-in happens through several subtle mechanisms.

Proprietary data formats. Your data is stored in the vendor's proprietary format or database schema. Even if you can export it, the export may be in a format that no other system can import without significant manual processing. CSV files with cryptic column names and no documentation are technically an "export" but practically useless.

No export functionality. Some HMS products simply do not offer a data export feature. Your data lives in their cloud, accessible through their interface, and there is no way to get it out in bulk. You can view individual records, but you cannot download your entire patient database.

Export fees. Some vendors charge for data exports — sometimes nominal amounts, sometimes thousands of rupees. One hospital administrator told us their vendor quoted Rs 2 per patient record for a full export, which would have cost Rs 1.5 lakh for their 75,000 patient database.

API restrictions. Even when an API exists, it may have rate limits, restricted fields, or require a premium plan to access. The vendor gives you just enough access to feel comfortable but not enough to fully extract your data.

Contract terms that favour the vendor. Read the fine print on data ownership. Some contracts state that while you own your data, the vendor owns the "compiled database" or the "structured format." This distinction can make data extraction legally complicated.

What to ask before signing with any HMS vendor

Before you commit to any HMS — whether it is a startup or an established player — ask these questions in writing and get answers in writing.

"Can I export all my data at any time, in a standard format, at no additional cost?" The answer should be an unambiguous yes. Standard formats include CSV, JSON, HL7 FHIR, or PDF for clinical documents. If the vendor hesitates or qualifies this with conditions, that is a red flag.

"What format will the exported data be in? Is there documentation?" A data dump in the vendor's internal database format is not a useful export. Ask for sample export files. Review them. Can you open them in Excel? Can another HMS import them? Are the field names clear and documented?

"What happens to my data if you shut down or are acquired?" Look for specific commitments: 90-day notice period, data made available for download, data destroyed after a specified period. Vague statements like "we will work with you to transition" are not sufficient.

"Is my data stored in a way that complies with Indian data residency requirements?" Your patient data should be in Indian data centres. If the vendor uses overseas servers, data extraction after shutdown becomes even more complicated when cross-border data transfer regulations apply.

"Do you support HL7 FHIR for data exchange?" FHIR R4 is the standard adopted by ABDM for health data exchange in India. If your HMS supports FHIR, your data is inherently more portable — it can be read and imported by any FHIR-compliant system.

"Can I run my own backups?" Some vendors allow you to schedule automated backups to your own storage (AWS S3, Google Drive, or a local server). This is the gold standard — you always have a copy of your data that you control.

Red flags to watch for

No written data ownership clause in the contract. If the contract does not explicitly state that you own your data, assume the worst.

Export feature hidden behind the highest pricing tier. If data export is only available on the "Enterprise" plan, the vendor is using your data as leverage to prevent downgrades.

Vendor is a small team with no revenue transparency. This is not about company size — some of the best HMS products are built by small teams. But if the vendor has no visible revenue model, depends entirely on funding, and has not been around for more than two years, the shutdown risk is higher. Ask about their business model and sustainability.

No ABDM integration. In 2026, an HMS that has not integrated with ABDM is falling behind on Indian healthcare standards. ABDM integration also means your data is being generated in FHIR R4 format — which is inherently more portable.

Protecting yourself regardless of your vendor

Even if your current vendor checks all the boxes, build redundancy into your data management.

Export monthly. If your HMS offers data export, do it monthly. Store the exports securely — on a local encrypted drive and a cloud backup. Treat this like financial record backups.

Keep PDF copies of critical documents. Discharge summaries, lab reports, and prescriptions should be saved as PDFs outside the HMS. Many hospitals already do this for patient WhatsApp delivery — save a copy for yourself too.

Document your data schema. Keep a record of what data fields your HMS uses, what they mean, and how they map to your clinical workflows. If you ever need to migrate to a new system, this documentation is invaluable.

Review your contract annually. Vendors update their terms of service. Check that data ownership and export clauses have not changed.

Your patient data is the most valuable asset your hospital generates after clinical expertise. Treat it with the same care you would treat a physical medical records room — with backup copies, clear ownership, and a plan for disaster recovery.