The current commercial health information technology (HIT) arena encompasses a number of competing firms that provide electronic health applications to hospitals, clinical practices, and other healthcare-related entities. Such applications collect, store, and analyze patient information. Some vendors incorporate contract language whereby purchasers of HIT systems, such as hospitals and clinics, must indemnify vendors for malpractice or personal injury claims, even if those events are not caused or fostered by the purchasers. Some vendors require contract clauses that force HIT system purchasers to adopt vendor-defined policies that prevent the disclosure of errors, bugs, design flaws, and other HIT-software-related hazards. To address this issue, the AMIA Board of Directors appointed a Task Force to provide an analysis and insights. Task Force findings and recommendations include: patient safety should trump all other values; corporate concerns about liability and intellectual property ownership may be valid but should not over-ride all other considerations; transparency and a commitment to patient safety should govern vendor contracts; institutions are duty-bound to provide ethics education to purchasers and users, and should commit publicly to standards of corporate conduct; and vendors, system purchasers, and users should encourage and assist in each others' efforts to adopt best practices. Finally, the HIT community should re-examine whether and how regulation of electronic health applications could foster improved care, public health, and patient safety.