Protecting Your Organization When Your Outsourcing Company OutsourcesAug 25th, 2011 | By admin | Category: 2011 Current Issue Feature, CIO Management, Health IT, Recent Articles
While outsourcing may seem like a panacea to staffing and cost issues, hospitals need to understand the legal issues surrounding outsourcing agreements.
“For any provider that wants to use a third party for any kind service, the way to protect yourself is to clearly define the nature of the relationship and, among other things, what kind of subcontracting is permissible,” advises Helen Oscislawski, an attorney with Fox Rothschild, Trenton, NJ. “Outsourcing is something that is becoming more and more en vogue for financially-strapped hospitals. The risks need to be addressed.”
One of the most important things providers need to do to ensure their security is to specify the amount of potential damages in any contract, according to Barry Herrin, an attorney with Smith Moore Leatherwood of Atlanta. Most IT contracts specify liability as a set percentage of the purchase price and service fees.
Because of the those liabilities, providers need to reexamine their IT contracts to ensure they are at least able to “pass through any fines, civil penalties, and other assessments imposed on the provider specifically for failures of the vendor’s systems to provide the promised level of privacy and security.”
Vendors will likely resist changes to contracts that involve damages, but Herrin says it is critical to address the issue and negotiate. That’s why it is important to get legal counsel involved in these situations.
“You have to use a coordinated approach when dealing with these kinds of agreements so you can make sure you have that have that pot of gold if something goes wrong,” Herrin says. “IT people are not lawyers. Legal counsel is necessary to make sure you’re protecting yourself.”
In addition, mechanisms may not be in place to ensure that employees adhere to policies and procedures. The key, says Herrin, is to put a clause in every contract that clearly states that third party associates cannot outsource to any entity without prior consent. That means a complete embargo on subcontracting without approval, which will allow providers to do their risk management upfront instead of later.
Copyright 2011 Algonquin Professional Publishing, LLC