Adding Cloud Solutions to Customer Contracts Robert J. Scott



Similar documents
How To Deal With Cloud Computing

HIPAA in the Cloud How to Effectively Collaborate with Cloud Providers

Overview of Topics Covered

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

Cloud Computing: Legal Risks and Best Practices

Understanding the Legal Risks of Cloud Computing. Navigating the Network Security and Data Privacy Issues Associated with Cloud Services

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Cloud Security and Managing Use Risks

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

Checklist for a Watertight Cloud Computing Contract

Big Data, Big Risk, Big Rewards. Hussein Syed

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Data Privacy, Security, and Risk Management in the Cloud

Regulatory Update with a Touch of HIPAA

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

CSR Breach Reporting Service Frequently Asked Questions

Social Marketing & Liability

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Evolving Technology Issues: Cloud Computing

Rogers Insurance Client Presentation

Healthcare Payment Processing: Managing Data Security and Privacy Risks

Cyber Exposure for Credit Unions

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Cloud Computing and HIPAA Privacy and Security

The Importance of Privacy & Data Security in a Changing World

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP

Understanding the Business Risk

What s the Path? Information Life-cycle part of Vendor Management

Shipman & Goodwin LLP All rights HARTFORD STAMFORD GREENWICH WASHINGTON, DC

Business Associate Agreement (BAA) Guidance

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

How to Lead the People in a Program Based Environment

Privacy & Data Security

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Cyber, Security and Privacy Questionnaire

IT Security & Compliance Risk Assessment Capabilities

Negotiating EHR Acquisition Contracts

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

HIPAA/HITECH Compliance Using VMware vcloud Air

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

Discussion on Network Security & Privacy Liability Exposures and Insurance

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Legal Corner: Successful Contracting in the Lodging Industry. Greg Duff

Am I a Business Associate?

Business Associate Agreement

Network Security & Privacy Landscape

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

University of Alaska. Cloud Computing Guidelines

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

Best Practices for DLP Implementation in Healthcare Organizations

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

Outsourcing Technology Services A Management Decision

Why Encryption is Essential to the Safety of Your Business

This form may not be modified without prior approval from the Department of Justice.

Evolving Issues for Healthcare IT Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting

Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

Cloud Computing in Healthcare: HIPAA and State Law Challenges Navigating Privacy and Security Risks

In the Cloud Risk Assessments in the Great Unknown

HIPAA BUSINESS ASSOCIATE AGREEMENT

Keeping watch over your best business interests.

1/23/2015. MSBO Technology Committee January 22, Examples of Online Educational Services

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

Creating Stable Security & Compliance Relationships

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

MEDIATECH APPLICATION

Datto Compliance 101 1

Data Breach and Senior Living Communities May 29, 2015

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

HIPAA Business Associate Contract. Definitions

Data Privacy & Security: Essential Questions Every Business Must Ask

Cloud Computing Questions to Ask

A s a covered entity or business associate, you have

Information security due diligence

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

5 Cornerstones of Compliance

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

HCCA Compliance Institute 2013 Privacy & Security

Software Licensing Basics: Key Elements of a Software License Agreement

Vulnerability Management Policy

VMware vcloud Air HIPAA Matrix

WHITEPAPER. Compliance: what it means for databases

HIPAA Compliance Guide

5/29/2015. Auditing IT Contracts From Afar. Disclaimer. Agenda

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Transcription:

Adding Cloud Solutions to Customer Contracts Robert J. Scott

MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services billed? Who is responsible for software licensing? What happens if there is a data breach? How does the legal risk differ?

Key Provisions in Cloud Contracts Intellectual property ownership Insurance and indemnity requirements especially for intellectual property infringement Regulatory compliance Subcontractor liability for third party services or software Effect of termination return of customer data Service failure corrective action plan

Risk Overview Business Continuity Risks Service Interruption Post termination Data Rights Regulatory Compliance Risks Data Privacy and Security Statutes Intellectual Property Risks Use and Disclosure of Information Ownership of Software IP Ownership at Termination Liability Risks Risk Balancing

Business Continuity Risks Service Interruption Define service levels, metrics, and remedies in the SLA Termination of the Agreement Ensure data is owned by and returned to customer in a usable format upon termination

Intellectual Property Risks Use and Disclosure of Information Ensure both parties understand the nature of the data stored in the cloud Specifically personally identifying information and trade secrets Intellectual Property Ownership Define ownership of any software customizations Exclusivity of customizations during term of engagement IP Ownership at Termination Work for hire or vendor owned code

Regulatory Compliance Risks Industry specific Regulation Gramm Leach Bliley Act Financial HIPAA & HITECH Healthcare PCI Compliance Payment Systems State Laws Data Privacy Safeguards

Common Regulatory Requirements Privacy and Security Policies Regular risk assessment Access and audit controls Enforcement of policies Encryption Data in transmission and in storage Does not address every regulatory requirement Breach Notification

Regulatory Compliance in Cloud Contracts Risk involved in reselling public cloud Cloud service providers attempt to offload regulatory and liability risk Click wrap contracts No opportunity to negotiate

Regulatory Compliance in Cloud Contracts Large scale, integrated services Negotiated contracts Storage of specific data types defined Regulatory requirements addressed Risks balanced with indemnity and insurance

Healthcare & Financial Services Create your own BAA for Healthcare Use GLBA attachment for Financial Services Clients Clearly define roles and responsibilities for affect of termination & data breach

Liability Risks Risk Balancing Vendors disclaim all liability this is unacceptable to the customer Insurance as a tool for risk balancing Indemnity as a tool for risk balancing Striking the Balance Specifically address liability issues specific to the type of data being stored in the cloud Risk should be commensurate with the value of the cloud service

Mitigating Risks in the Cloud Cloud Service Providers Understand industry/region regulatory requirements Use indemnity provisions Obtain cyber risk insurance Encrypt data in motion and in storage

Questions?

Contact Information Robert J. Scott Managing Partner Scott & Scott, LLP 1256 Main Street Suite 200 Southlake, TX 76092 rjscott@scottandscottllp.com 214.999.2902 ScottandScottllp.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information