Skip to content
Avinya Plus logoAvinya Plus

Who owns your clinic data? Avoiding vendor lock-in

Avinya Plus Team · · 5 min read

Key takeaways

  • Your clinic owns its patient data, not the software vendor.
  • Lock-in hides in proprietary formats, missing exports, and exit-time fees.
  • Before signing, confirm a full export in a standard, machine-readable format.
  • Under the DPDP Act your clinic is the data fiduciary, so the duty stays with you.
On this page

Your clinic owns its patient data. The company whose software you run does not. That one sentence settles most arguments about clinic software, and yet it is the question owner-doctors ask the least before they sign up. Then a few years in, they want to switch, and discover the data is harder to get out than it ever was to put in.

This guide is about that trap. What data ownership actually means, how vendor lock-in happens, a quick test for whether your data is portable, and what to put in the contract so leaving is never a hostage situation.

Ownership versus possession

Here is the distinction that matters. The vendor holds your data on their servers. That is possession. It does not make the data theirs.

Think of it like a tax consultant who keeps your books. They hold the files, they do useful work on them, but the books are yours. You can ask for them back any time. Software should work the same way. The vendor processes patient records on your behalf, and the records belong to your practice and to the patients they describe.

A good vendor states this plainly. If a contract is vague about ownership, or worse, claims the vendor owns or controls the data you entered, that is not a detail to negotiate later. That is a reason to walk.

How lock-in actually happens

Lock-in is rarely announced. No one sells you software by saying you will never get your data back. It builds quietly, in three ways.

Proprietary formats. Your records get stored in a shape only that one product can read. Even if you extract the files, nothing else opens them in a useful way. The data is technically yours and practically useless.

No real export. There is no button to pull your full dataset out. Maybe you can print one patient at a time, or screenshot a report. That is not an export. An export hands you the structured data, all of it, in a form another system can read.

Hostage data. The export exists, but only as a paid service, quoted when you are already on your way out. The leverage is brutal. You need your data to leave, and the only person who can give it to you is the vendor you are leaving.

The pattern is the same each time. The cost of switching is loaded onto the exit, so you keep paying rather than face it. The way out is to check the exit before you walk in.

The "is my data portable?" test

You do not need a technical background to run this. Ask the vendor four questions and watch how fast and how plainly they answer.

  1. Can I export everything myself, today? Patients, appointments, clinical notes, invoices, documents. Not a sample. The whole dataset. A confident vendor shows you the button.

  2. What format do I get? You want non-proprietary and machine-readable. CSV or Excel for tabular data like patient lists and invoices. The original files for documents like scans and lab reports. If the answer is "a PDF," ask whether the data inside it is still structured, because a PDF of a screen is a picture of your data, not your data.

  3. Does it cost anything to export, ever? Export should be a standard feature, not a billable event triggered by your notice to leave. A fee on the way out is a lock-in fee wearing a different name.

  4. What happens to my copy after I leave? A serious vendor deletes your data within a stated window and tells you in writing when it is done.

If the answers come quickly and in plain language, that tells you something good. If they get vague, or route you to sales, you have learned what you needed to know before signing anything.

This is not only about convenience when you switch. Under India's Digital Personal Data Protection Act, 2023, your clinic is the data fiduciary for the patient data you hold. That means you are the one responsible for protecting it and for honouring patient rights over it, including the right to have their data corrected or erased.

You cannot honour those duties if you cannot reach your own data. If a patient asks you to correct or delete their record and your software has it locked in a format you cannot control, the law does not accept "the vendor would not let me" as an answer. The duty is non-delegable. It sits with the clinic, no matter what any service agreement says.

So portability is not a nice-to-have. It is part of being able to do your job as the custodian of patient data. To be precise about a point we never blur: software alone does not make a clinic DPDP compliant. Compliance depends on your processes as much as your tools. What good software does is give you the controls that make compliance possible instead of fighting you. For the fuller picture, see our DPDP Act primer for clinics.

What to put in the contract

Before you sign, get four things in writing.

  • Ownership. The data is yours. The vendor processes it on your behalf and claims no ownership over it.
  • Export on demand. You can export the complete dataset, yourself, in a standard machine-readable format, at any time and without a fee.
  • No exit penalty on data. Giving notice does not trigger a charge to retrieve what is already yours.
  • Deletion after exit. The vendor deletes its copy within a defined window after you leave and confirms it.

These are not aggressive demands. They are the baseline a clinic should expect. A vendor that pushes back on any of them is telling you how the relationship ends before it begins.

How we think about this at Avinya Plus

We built Avinya Plus on the assumption that the clinic's data is the clinic's. Patient records are stored in a structured, exportable form, so you are never holding a pile of files no other system can read. Each clinic and branch is isolated at the database level using PostgreSQL Row Level Security, and access is role-based with an audit trail, so you can see who viewed or changed a record and when. If you can run the four-question test above against any vendor and get clean answers, that is the bar we hold ourselves to.

Portability is not a feature we tacked on to win a deal. It is what it looks like when a vendor genuinely believes your data belongs to you.

Where to go next

Data ownership is one piece of buying or switching well. If you are weighing a move, the migration guide covers how to get records across cleanly. Before you talk to any vendor, the questions to ask list will save you from the vague answers that hide lock-in. For the big picture, start with our pillar guide on choosing clinic software in India.

If security and isolation are top of mind, our clinic data security overview explains how role-based access, audit trails, and per-branch isolation fit together, and the multi-tenancy and RLS explainer goes a layer deeper into how one clinic's data stays separated from another's.

Frequently asked questions

Who owns the patient data in my clinic software?
Your clinic does. The patient record belongs to your practice and the patient it describes, not the company whose software you happen to run. The vendor processes that data on your behalf. A contract that claims the vendor owns or controls your data should be a deal-breaker.
What is vendor lock-in for clinic software?
Lock-in is when leaving a software vendor is so painful that you stay even when you want to go. It usually happens through proprietary file formats you cannot read elsewhere, no real export feature, or export that is offered only as a paid favour at the worst possible moment. The fix is to confirm you can get your data out, in a usable format, before you sign.
In what format should I be able to export my clinic data?
A non-proprietary, machine-readable format that another system can actually read. CSV or Excel for tabular records like patients, appointments, and invoices, plus the original files for documents like scans and reports. A PDF dump of one screen at a time is not a real export, because the data is no longer structured.
Does good clinic software make my clinic DPDP compliant?
No. Software alone does not make a clinic compliant. Under India's DPDP Act your clinic is the data fiduciary, so the duty to protect patient data and honour patient rights sits with you. Software that keeps data structured, access controlled, and exportable helps you meet that duty, but the responsibility stays with the clinic. Treat this as general guidance, not legal advice.
What should a contract say about my data if I leave?
It should confirm that you own the data, that you can export the full dataset in a standard format on demand, that there is no fee gate or notice trick blocking the export, and that the vendor deletes your copy within a stated window after you leave and confirms it in writing.

Sources

#buying-switching#data-ownership#clinic-software#lock-in

Avinya Plus Team · Clinic software, billing & compliance

The team building Avinya Plus: We're here to help clinics run with less stress.

Try Avinya Plus

Run your clinic on Avinya Plus.

Patient records, GST billing, and scheduling in one system your team will actually use.

Keep reading

Guides

What clinic software costs in India: a pricing guide

Clinic software in India is priced per-user, per-doctor, or per-branch, monthly or annually. Here's how to read a quote and budget for the real total cost.

· 4 min read

Guides

Cloud vs desktop clinic software: which should you pick?

For most new Indian clinics, cloud wins: access anywhere, auto updates, off-site backups. Desktop still suits a single weak-internet site. The honest trade-off.

· 5 min read

Guides

Questions to ask before you buy clinic software

A neutral buyer's checklist of questions to ask any clinic software vendor on a demo: data ownership, GST billing, roles, security, support, pricing.

· 4 min read