Today's Veterinary Business

APR 2018

Today’s Veterinary Business provides information and resources designed to help veterinarians and office management improve the financial performance of their practices, allowing them to increase the level of patient care and client service.

Issue link:

Contents of this Issue


Page 32 of 67

leverage of the parties involved. Regardless, a formal incident re- sponse plan is needed between the customer and the vendor. Limitation of Liability Many contracts will limit the ven- dors' liability to a certain number of months of fees and will specif- ically exclude any consequential damages. Often, this does not come close to covering the cus- tomer's actual loss even when the breach was the vendor's fault. Contract language should clearly spell out how costs relating to the data breach will be allocated. Reasonable Security Federal and state laws often require certain controls, such as encryption, firewalls and access limits, to be in place to safeguard customer data. These also can be included in the contract. 3 Protect & Defend columnist Dr. Ed Branam is veterinary and animal services program manager for Safehold Special Risk Inc., a division of USI Insurance. He serves on the American Veterinary Medical Association's Legislative Advisory Committee. At the very least, a "reason- able security" standard should be included, as what is "reasonable" from a data security standpoint can change from day to day. The ven- dor should be expected to employ current security standards. Assessment and Audit Rights If a breach occurs, the customer will want to be involved in the investigation. The right to assess and audit should be included in the contract. Indemnification or Reimbursement Such a clause allows the custom- er to be fully covered for costs related to a breach, whether they be upfront response costs or later judgments, fines or penalties as- sociated with regulatory actions. The legal liability falls into the data owner's lap, not the ven- dor's, so the customer must have contractual protection for these costs when the vendor is respon- sible for a breach. The costs can be significant and may include, but are not limited to, attorney's fees, forensic investigation ex- penses, credit- or identity-moni- toring services, consumer notifi- cation costs, call center services, public relations expenses, and fines or penalties. Insurance The contract should contain a clause requiring the vendor to purchase cyber insurance to cover a breach, and the customer should be named as an additional insured party whenever possible. While outsourced IT services provide a multitude of benefits for any business, especially at small to midsize businesses where resourc- es and IT budgets are limited, allowing your data to be under the care, custody and control of a third party brings significant risk. Implementing simple vendor man- agement procedures and having strong contracts in place with any outsourced provider is essential to properly managing such risk and to ultimately protecting your balance sheet and reputation. 4 2 5 6

Articles in this issue

Archives of this issue

view archives of Today's Veterinary Business - APR 2018