fbpx
Connect with us

Opinion

Technology and social care – it’s all in the contract

By Carl Selby, RWK Goodman

Published

on

Social care

The social care sector is seeing exciting growth in the use of new technology, in particular, software platforms that brings innovators and care providers together.

Increasingly these new technologies are cloud based, hosted by a platform provider.

Understandably, care providers focus on what functionality and features new technology can offer and how they can use the technology within their business.

What is sometimes forgotten is the contract that underpins the agreement between a platform provider and care provider.

Often, a platform providers standard terms are used without much thought from either party as to the nature of their relationship.

Here are three areas that platform providers and care providers will want to consider.

Functionality

The sales process for a platform will focus on what features and functionality that a platform can provide.

Yet, the contract for delivering a platform rarely includes contractual obligations on the platform provider to deliver all of the functions demonstrated in the way a care provider might expect.

For the platform provider, that might reduce their liability if the care provider alleges that the software is not delivering but it can leave care providers exposed.

Partly that is down to the nature of software, but dare I say it, it is sometimes down to a lack of attention to the contract.

Surely, if a platform provider has promised their platform will deliver certain functions, their customer will be able to recover their losses, right?

Well, not necessarily, it is not uncommon for platform providers to seek extensive limits on their liability which may not reflect the risk to care providers.

Care providers may want to re-balance the position and should think carefully about the consequences of a platform failing to perform.

Developments and integrations

In an emerging market, care providers may well want to tweak, modify or expand the platform to provide additional functionality to better suit its own circumstances.

Platform providers are often happy to oblige; it can be a great way to develop valuable improvements to their platform.

However, it is not uncommon for development work to go undocumented, with the parties simply relying on a standard contract for their platform, which could lead to difficult disputes in the future.

  • Who should own the intellectual property rights the developed software?
  • What will the developer deliver and when will they deliver it?
  • What should happen if the developer does not deliver or the developed software does not perform?

Any agreement for further development of a platform should deal with these questions.

If the development includes integration with another platform or the care provider’s own software it should also deal with the basis on which the parties will co-operate and how data will be transferred between the platforms.

Data protection

Data protection is not always at the forefront of design in software; yet in a care setting it is critical.

All health and medical data is considered a special category data for the purposes of data protection laws, with enhanced duties on the controller (typically the care provider) when processing that personal data. In particular, care providers should consider:

  • Doing enhanced due diligence on how a platform provider will process any special category data
  • Does all health and medical data which can be processed in the platform need to be processed in the platform?
  • Are additional technological and organisational measures necessary to protect special category data?
  • What sub-processors are platform providers using and what agreements does the platform provider have with their sub-processors?
  • What recourse they will have against the platform provider if the platform provider does not comply with its obligations under data protection laws or the agreement, in particular with regard to loss or corruption of data?

The Information Commissioner’s Office (ICO) is increasing not just looking at data breaches that arise from security incidents, but also the basis on which controllers are processing personal data.

They are likely to a keener interest on how special category data is managed, with fines increasing over time. Data protection cannot be an afterthought.

Platform providers are not entirely off the hook either. As data processors, they too hold responsible for that data and expectations of the level of protection customers expect is only likely to increase over time.

Contracts need more than a “standard” clause that states both parties will comply with GDPR regulations.

Typically, a contract should address confidentiality, the use of third-party sub-processors, what happens in the event of a data breach, and the ability for the data controller to undertake data audits.

Adopting new technology can bring efficiencies and new opportunities but can expose care providers to new risks.

Both platform providers and care providers should make sure their contracts allow the parties to flourish, not founder.

Carl Selby is a Partner in the Corporate team at the law firm RWK Goodman. Visit www.rwkgoodman.com

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending stories