HB Ad Slot
HB Mobile Ad Slot
FTC Encourages Vendor Contracts to Address Privacy and Security Risks
Wednesday, April 11, 2018

Speaking at the National HIPAA Summit in Arlington, VA this past week (April 3, 2018), the Federal Trade Commission (FTC) highlighted the importance of healthcare providers having information security agreements in place with vendors.  “Companies need to have contracts in place to specifically address privacy and security”, said Molly Crawford, the Chief of Staff for the FTC’s privacy and identification division. 

Crawford further provided that new solutions for handling data are not governed by longstanding federal rules and statutes for healthcare privacy and security, including HIPAA.  While noting that the FTC works closely with the Department of Health and Human Services, “the FTC is the primary consumer protection agency” Crawford said and reinforced the role the FTC will play in protecting consumer data. 

It is estimated that almost 2/3rds of data breaches are tied to or directly caused by third-party vendors. This is at a time when companies are increasingly engaging third-party vendors to provide services.  It is a fact.  More third party vendors mean a higher risk of a data breach.

While a third party vendor management program is critical for managing vendor relationships, these programs must go beyond surveys and assessments.  Companies need to hold vendors contractually liable for the actions and inactions with regard to their security.  An effective way to do this is through a separate information security agreement (ISA) as an exhibit to the underlying procurement, master services or licensing agreement.  The ISA should address technical issues (e.g. auditing, employee management, encryption), but also address legal issues associated with security, including provisions related to indemnification, liability, breach response and insurance.

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins