Software Developer Insurance/Bonding?
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
Seems to me that asking a lawyer that deals with those kinds of legal issues would be better.
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
-
Seems to me that asking a lawyer that deals with those kinds of legal issues would be better.
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
Quote:
Seems to me that asking a lawyer that deals with those kinds of legal issues would be better.
Seems to me that you are correct sir, as I already am waiting on a call-back from the best one I know.... However being that in the past 8 years of being a CPer I have shared and read many good professional stories and experiences in this usually quite helpful Lounge community, none of which would I have been enough of an idiot to take as board-certified legally-binding truths carved out of the same tree that the Declaration of Independence was milled from... So at the risk of sounding like Captain Obvious, thanks for at least replying, Captain Obvious! Cheers ;P
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
I think the "find a lawyer" advice is the best you will get. That is if the rules have been finalized and anyone can understand them. I worked in the medical industry when the ACA passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. I've never heard of insurance or bonding for software development. I would consider starting a company that does so, but given my experience as a developer and working with developers, there will always be a bug that could potentially lead to data breaches. If giant companies like Google, Microsoft, and Apple can't get it right what chance do you have?
-
I think the "find a lawyer" advice is the best you will get. That is if the rules have been finalized and anyone can understand them. I worked in the medical industry when the ACA passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. I've never heard of insurance or bonding for software development. I would consider starting a company that does so, but given my experience as a developer and working with developers, there will always be a bug that could potentially lead to data breaches. If giant companies like Google, Microsoft, and Apple can't get it right what chance do you have?
Wow well said and points well taken; find a lawyer it is then... Unless I just make sure to not include any bugs :laugh: :laugh: :laugh: :laugh: Thanks so much for your reply!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
-
Wow well said and points well taken; find a lawyer it is then... Unless I just make sure to not include any bugs :laugh: :laugh: :laugh: :laugh: Thanks so much for your reply!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
clientSurfer wrote:
Unless I just make sure to not include any bugs
Write it into your contract that if any bugs are found, you get paid double for each one you wrote. See if they catch it.
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
-
I think the "find a lawyer" advice is the best you will get. That is if the rules have been finalized and anyone can understand them. I worked in the medical industry when the ACA passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. I've never heard of insurance or bonding for software development. I would consider starting a company that does so, but given my experience as a developer and working with developers, there will always be a bug that could potentially lead to data breaches. If giant companies like Google, Microsoft, and Apple can't get it right what chance do you have?
Insurance is a regular requirement down here in NZ. I carry a $1million general cover that includes protection against damage to client's property as well as covering accidental disclosure of corporate secrets or privacy data. At $100 per year, it's quite a bargain. (I had to pay to replace a client's laptop after I broke ths screen -- my cost, $100 deductable -- must remember to place USB cap in pocket next time.)
The difficult may take time, the impossible a little longer.
-
I think the "find a lawyer" advice is the best you will get. That is if the rules have been finalized and anyone can understand them. I worked in the medical industry when the ACA passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. I've never heard of insurance or bonding for software development. I would consider starting a company that does so, but given my experience as a developer and working with developers, there will always be a bug that could potentially lead to data breaches. If giant companies like Google, Microsoft, and Apple can't get it right what chance do you have?
I hold an errors and omissions / professional liability policy with Hiscox insurance, and it's quite reasonable (I'm in the USA). I purchased it so that I could handle systems maintenance for a company which is subject to HIPAA, due to the rather extreme penalties and processes involved in a HIPAA violation, as have been alluded to. If the price is right, consider it a protection to have just in case. All it takes is one nut to sue you and now you've been dragged into the legal system and your fate (and assets) rests in another's hands. So, if it's cheap and there's any question, I'd get it. Hiscox allows you to pay monthly, it's effective immediately, and you can get it all set up online. That's my $0.02.
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
I suspect everyone will jump on board the "call a lawyer" train. In my experience a lawyer is just going to send you on the path of least resistance - ie. "yes you should buy insurance". It's a liability for them to have a legal opinion that tells you not to buy insurance. Consider what happens if you get sued and you have a legal opinion from your lawyer saying that you didn't need insurance? You'd then be in a position to sue them. So you may want to just save on your legal expenses and apply it directly to the insurance. I think the bigger question may be "what type of insurance do you need" and "how much". The problem with asking a lawyer about that is that (for most of them) 1) this isn't their area of expertise and 2) see paragraph number one (they'll likely recommend complete coverage at high amounts). My advice - call around to multiple insurance providers to get their opinions on what you need. Yes, they're going to try to sell you on more insurance than you likely need, but if you call multiple providers you also have the opportunity to compare and contrast. Some will come in with a lower quote because they don't believe you need options that others are insisting on. Get the reasons for the recommendations and then proceed from there. One final tip - if you are the sole developer this obviously puts you at more risk. However, this also likely means that there are bigger fish involved with this project. In the case of lawsuits most companies will go after the biggest fish (at least that's what our insurance provider told us) because they have the bigger policy. If the odds of you being targeted is lower because there is one or more bigger fish then your premiums should be less. Best of luck. I'd personally be interested in a follow-up to see how you made out. Cheers
-
I think the "find a lawyer" advice is the best you will get. That is if the rules have been finalized and anyone can understand them. I worked in the medical industry when the ACA passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. I've never heard of insurance or bonding for software development. I would consider starting a company that does so, but given my experience as a developer and working with developers, there will always be a bug that could potentially lead to data breaches. If giant companies like Google, Microsoft, and Apple can't get it right what chance do you have?
I worked in the medical industry when the ACA Not So Affordable Care Act passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence. Priceless, unless the fed's lose the data. Still looking for those emails....
Charlie Gilley Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
-
I hold an errors and omissions / professional liability policy with Hiscox insurance, and it's quite reasonable (I'm in the USA). I purchased it so that I could handle systems maintenance for a company which is subject to HIPAA, due to the rather extreme penalties and processes involved in a HIPAA violation, as have been alluded to. If the price is right, consider it a protection to have just in case. All it takes is one nut to sue you and now you've been dragged into the legal system and your fate (and assets) rests in another's hands. So, if it's cheap and there's any question, I'd get it. Hiscox allows you to pay monthly, it's effective immediately, and you can get it all set up online. That's my $0.02.
Fortunately I don't deal with HIPAA anymore, but I'm glad to see it is available. I'm curious how likely they are to pay out should you need it or if they will fight it. The fact that it is a value based upon the level of negligence and then multiply that by the number of records access in the breach, it adds up in a hurry. Edit: I'm glad to see they added an annual max penalty to the language. The draft language had none of that.
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
I've carried $1M (USD) general liability as a 1099 contractor for years -- not that expensive (<$50/month) and either required by contracts or some peace of mind. My policy required me to answer extensive questions about the type of development once I mentioned healthcare/patient data -- thankfully, I was able to answer no to every question related to "Will someone die if your software doesn't work?". I think an E&O (Errors and Omissions) rider (again, IANAL) might help to limit your penalties/fines. I use Harford; based on other replies, I'm looking into Hiscox. HTH.
--G
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
I think your biggest concern may be data. If you download/store any data on your computers that contains sensitive information and that data gets out, you are really in trouble. Best advice, don't download any live data. I had a friend that stored a backup of a customers data on a USB drive, the same one with his music, and he lost it. THAT cost not only money, but the customer as well. We still don't know if that will surface in the future. A good umbrella policy is always a good idea...
Don't mind me, I'm just watching
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work. Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc. I carry both. It sucks, but so does buying auto insurance and health insurance.
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
Errors and Omissions insurance runs about $400-$500 per year for about $1MM. Been 1099 in banking application where some, not all, require E&O. A lawyer will tell you the to get E&O and charge you $500.
-
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work. Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc. I carry both. It sucks, but so does buying auto insurance and health insurance.
I was going to say the same thing, get an LLC, it will protect your personal assets. It cost me $110 to file in my state. Since you are just an indie and don't employ anyone, and your "company" doesn't own any significant assets (property, vehicles, stocks, etc), you might consider skipping the insurance altogether and simply file corporate bankruptcy and close up shop if you ever get sued. Since the chances of an indie developer getting sued are less than winning the lottery, personally I would just keep that insurance money in my pocket. And once you file bankruptcy the chances are very high that the lawsuit will just get dropped.
-
Hey CPers, I have a possible upcoming contract doing some medical billing development which is obviously going to involve some pretty serious HIPAA regulation territory. I've been a 1099 independent contractor before but never in an area which is so legally sensitive and security-centric. Does anyone have any experience to share as to whether or not, as the sole developer on this project, I need to worry about purchasing some kind of insurance or bonding just for CYA purposes, or does the legal wording that I put in the agreement in regards to no warranty implied on my part, not responsible for anything whatsoever from someone using my software, etc., suffice as far as protection from litigation from God knows who all - from the feds at HIPAA on down to the end client? Thanks Everyone!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute "Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
Get a lawyer. I'm not a lawyer. But... It depends very much on what state you live in. Some states make you more strictly liable than others, so totally get a lawyer. Probably you want to incorporate yourself as an LLC, and have the contract made out to the LLC. Being an LLC limits your liability to company assets. They can't take your home and your retirement funds. Probably. But they can still sue you, and you still have to pay for a lawyer, even if your defense is successful. Insurers offer a general liability coverage that pays for lawyers and damage awards. You probably have some liability coverage as part of your homeowners insurance right now, but it probably isn't enough for a professional who is a sole proprietor. This insurance is quite inexpensive because despite what you hear, not all that many individuals get sued. Individuals are not big enough targets to pay for million-dollar legal fights. Call your homeowners insurer or auto insurer. After you talk to the lawyer. Beware of a "doughnut hole", a range of costs below which you are covered, and above which you are covered, but inbetween which you are responsible. Insurers like to put the doughnut hole right in the most likely range of liability awards. They have 50 actuaries working tirelessly to find this point. Get a policy with no doughnut hole. Don't worry too much. It has historically been hard to tag software engineers with liability for coding bugs because it is well understood that all software contains bugs, and the standard of competent practice does not deliver bug-free code. Your liability would be greater if you left a back-door in the code, deliberately did not heed warnings from competent and well-informed people, or actually threw paper copies of medical records into the municipal waste stream.
-
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work. Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc. I carry both. It sucks, but so does buying auto insurance and health insurance.
I also agree, form and LLC or incorporate yourself. Your company will be contracted to do the software development. Should something go wrong and a possible bug cause a problem where the employer or customer sues you, they can only sue the company and not you. By incorporating yourself, you will protect your personal assets and your company will suffer only. It would be wise to get insurance for your company and of course, you are new to this legal arena, consult a lawyer. If any of you CPers know a good attorney that you have a positive experience with, please reply for clientSurfer. Second, find out what regulatory requirements the software must satisfy. Your employer should have most of this in place and give you an idea of what is expected. Since I have had to write software to satisfy CE/IVD and FDA regulations, I have had several documents to write up, mostly for corporate compliance. One of the worst (most painful) to deal with was risks outline and explanations document. What are the risks, from external and internal. If anything is going over the internet, then there are several pages of risks you can add. There are risks from the operating system that you interact with (even simple file reads and writes). How secure is the file system? How can the user/customer screw up your software? How good are the disk drives you store your data on? A good place to start is using the old data flow diagraming techniques. Start with a context diagram where your system is at the middle and everything else you interact with are surrounding it. All drawings and thoughts will be useful for these documents. Finally, document everything. This includes all decisions you make and what the alternatives were (and their potential outcomes). You may think that the code is good enough documentation, but don't count on it. This documenting will also save your butt as well as provide your employer (or yourself) with copyright and patent protection. Also, can be used by your employer for copyright and patent litigation (if you feel that a patent is doable). Get a hardbound notebook where the pages cannot be removed with page #s. For each entry, give it a title (at the top), a date, your signature at the bottom of your entry and date and time signed. Whew, that's a lot. You will work a lot of hours and most of what you do will not be coding, but architecting/designing and documenting. That will expand your resume. If you feel prepared for this job, having all this in mind will help you at the interview.
-
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work. Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc. I carry both. It sucks, but so does buying auto insurance and health insurance.
Unfortunately the LLC bit doesn't technically protect you in the case of a HIPAA violation. The ACA changed the rules so that hospitals could go after individual developers instead of the company they worked for in the event of a breach*. One of the reasons I got out of medical development. Too often there was a breach costing the hospital huge sums of money and they would go after the software vendor who provided the software for said sum of money. The vendor found it cheaper to close shop and open up again. Same people, different name. *At least in the initial language allowed it. As I mentioned in a previous post, they changed some rules for the better and I haven't kept up to date.
-
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work. Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc. I carry both. It sucks, but so does buying auto insurance and health insurance.