Hi James - Limitation of liability is a function of warehouseman's law. (See UCC 7-204). Even though records centers don't conduct the same types of general warehousing as other types of warehouse operations, that is the area of law that covers the industry. As such, a warehouseman is entitled to create a limitation of liability by "item, article or unit of weight". This is subject to other conditions regarding information that is typically captured in the storage agreement and work/delivery documentation and receipts. The client can make a declaration of excess valuation per conditions contained in the same section of the UCC. This generally increases the cost of storage. Vital papers and records coverage that is already a part of the client's insurance package can be applied to items held at a third-party information management facility. Just make sure you have adequate limits and talk to your agent if information in your policy, and what it covers, is in any way unclear.
As you point out, certain record types carry inherently greater risk regarding data breach. Re: PHI, in their comments related to the Onmibus Rule, HHS clarified a point raised by PRISM International members in 2010, "Is there any requirement under HIPAA to require a covered entity to be indemnified by a business associate". Their answer, "There is no such requirement." This is a negotiating point like many others. If you have some degree of control over the outsourcing process, or at least a seat at the table, make sure your concerns are heard and that you try to work with your vendor(s) to address these concerns using more tools than contract terms and language, alone. Reviews of SOPs, client-site procedures, verifications, real-time data uploads, CCTV and other robust security measures, supplemental training and service level agreements are just a few of the additional tools that can be used to mitigate risk and help to establish a very positive long-term relationship with vendors. Understand also that economics dictate that the assumption of additional risk presumes additional payment for the assumption of such risk. As I have heard many industry operators say, "Nobody can store the Mona Lisa for a few cents per month." A great many vendors are very adaptable to client requests and special requirements - even so far as building purpose-built buildings in Canada and the United States for special collections with specific preservation requirements. These projects were cost-justifiable by the clients involved, an generated a reasonable profit for the vendors involved, or they would not have been undertaken.
I am sure a member of NAID on this list would be pleased to address the shredding issues.
Hope this helps,
Jim
Jim Booth
Records & Information Management Practice Leader
Brightstone Insurance Services, LLC
Direct - 919.323.3266
Direct Fax - 914.636.0802
Main - 877.862.4755 x 3266
[log in to unmask]
www.brightstoneins.com
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|