On 9/28/06, bobd <[log in to unmask]> wrote:
>
> I totally agree with Hugh but would add one additional thought. I'm not a
> lawyer, but if a company chooses to outsource the information to the care of
> an overseas company they didn't remove their ultimate responsibility for the
> loss of the information. I believe you would probably have a good case to
> sue the company for the loss of the information and the company would have
> to sue the company to whom they outsourced the work. I believe the company
> who outsource the records
> still has the responsibility to insure its security.
The only marginal protection a company can seek to avoid any direct
responsibility is to establish a "Business Associates Agreement" with the
third party, such as what is required under HIPAA.
http://www.hhs.gov/ocr/hipaa/contractprov.html
This doesn't reassign the liability, but essentially makes it a "shared
liability" with the third party.
Larry
--
Larry Medina
Danville, CA
RIM Professional since 1972
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance