The Hidden Risks of Vendor Contracts

The Hidden Risks of Vendor Contracts

A HIPAA data breach case between CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) and their business associate Press America, Inc highlights the risks of contracting vendors to store or distribute sensitive information.

In the case of CVS Pharmacy, Inc. v. Press America, Inc., a vendor error became a costly financial liability. CVS, serving as the pharmacy benefits manager for an IBM group health plan, hired Press America to print and mail paperwork to beneficiaries that included protected health information (PHI). Press America made an error in a batch of mailings, resulting in the accidental disclosure of PHI for 41 IBM beneficiaries.

The agreement between CVS and IBM required that CVS comply with “performance standards,” including payment of a “fee adjustment” in the event of a “Protection of Information Failure,” which includes PHI disclosures. For Press America’s error, CVS credited IBM $1,845,000, or $45,000 per disclosure. CVS then turned to their vendor, Press America, for reimbursement, but their request was denied, arguing that the fee was not directly associated with the data breach and related costs. CVS followed up by suing Press America to recoup their loss, and the case continues. In this case, the argument is not about who is at fault for the data breach, but rather who is responsible for the damages.

When it comes down to it, every business in the healthcare sector handles sensitive data as part of their daily operations. When vendors are brought into the equation, the risks increase. Clients often require vendors to acquire cyber liability coverage when handling sensitive data or PHI, but with the rising cost of a data breach, cyber coverage alone is not always enough protection. When Press America refused to reimburse CVS for the free adjustments paid to IBM, they cited that the fee was not directly associated with the data breach and related costs.

Industry-specific coverage options can help address the unique exposures that providers face. Features such as business interruption, coverage for HIPAA corrective action plans, post-breach remediation and no exclusion for contractual liability can help providers avoid costly litigation in a dispute with a vendor.

Before entering into a contract with a vendor, partner with a trusted expert in the unique professional and cyber liability needs of healthcare providers. Knowledgeable agents can provide helpful contract suggestions as well as help to market, structure and negotiate insurance to meet the liability needs of both the policyholder and the vendor.


About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (847) 832-9100.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
nursing home insurance
Safe Haven: Best Practices for Exceptional Care and Risk Mitigation in Nursing Homes
Providing quality care and protecting vulnerable residents should be the top priority for any nursing...
cyber insurance
Code Blue for Cyber Threats: Securing Patient Safety in the Digital Age
The healthcare industry increasingly relies on digital technology and interconnected systems to provide...
healthcare staffing agencies
Risk Management in Healthcare Staffing: The Importance of Excess Liability Coverage
Specialized healthcare staffing agencies play a crucial role in the healthcare industry by deploying...