David (and all):
First of all, thank you for all your great replies. This is a great list.
I think David's suggestion (quoted below) is a good one. The language
in my current boilerplate contract that I think will need to be modified
is thus:
"Provider will work with Client to jointly ensure that all Services are
performed in accordance with the Health Insurance Portability and
Accountability Act of 1996, as amended, any applicable regulations
(proposed or final) promulgated thereunder, and any other applicable
laws and regulations."
I'm thinking that a better clause would be one that specifically
mentions that we will take all reasonable measures to insure that the
app will not be vulnerable to known attacks as of <date>. Then again,
part of me wonders whether such language should be in my boilerplate at
all. After all, if the client is lax about enforcing security
compliance, why should I shoulder the burden for them? (Other than it's
the right thing to do -- but I'm thinking about contractual liability here).
Thanks,
Matt
>Looking into the future, I think that you can rest assured the if you do due
>security diligence now you should be safe. Clauses such as "warrantied
>against volnerablities and exploits that are know as of <data>" would most
>likely cover you for most issues. This way the customer does not get the idea
>that you are warrantying against what is unknown.
>
>
Received on Jan 16 2004
Intro
