|
doh! Why the F don't they attach those USB caps with little tethers or something... LOL
Member 10707677 wrote: At $100 per year, it's quite a bargain.
Wow that actually is quite a bargain esp if it is a regular requirement down under... Thanks for the post
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I hold an errors and omissions / professional liability policy with Hiscox insurance, and it's quite reasonable (I'm in the USA). I purchased it so that I could handle systems maintenance for a company which is subject to HIPAA, due to the rather extreme penalties and processes involved in a HIPAA violation, as have been alluded to.
If the price is right, consider it a protection to have just in case. All it takes is one nut to sue you and now you've been dragged into the legal system and your fate (and assets) rests in another's hands.
So, if it's cheap and there's any question, I'd get it. Hiscox allows you to pay monthly, it's effective immediately, and you can get it all set up online.
That's my $0.02.
|
|
|
|
|
Fortunately I don't deal with HIPAA anymore, but I'm glad to see it is available.
I'm curious how likely they are to pay out should you need it or if they will fight it. The fact that it is a value based upon the level of negligence and then multiply that by the number of records access in the breach, it adds up in a hurry.
Edit: I'm glad to see they added an annual max penalty to the language. The draft language had none of that.
|
|
|
|
|
Thanks man, E and O was the first thing my firmware buddy told me about... I will indeed look into Hiscox... Appreciate your $0.02 luke
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I worked in the medical industry when the ACA Not So Affordable Care Act passed and added some extra rules and regulations to HIPAA, including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence.
Priceless, unless the fed's lose the data. Still looking for those emails....
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: including some language which allowed hospitals to go after individual developers instead of just the company they worked for if security breaches occur. That and the language involving jail time for high levels of negligence.
heheh gawd that's scary... Hopefully it won't come to that charleg; thanks for responding...
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I suspect everyone will jump on board the "call a lawyer" train. In my experience a lawyer is just going to send you on the path of least resistance - ie. "yes you should buy insurance". It's a liability for them to have a legal opinion that tells you not to buy insurance. Consider what happens if you get sued and you have a legal opinion from your lawyer saying that you didn't need insurance? You'd then be in a position to sue them. So you may want to just save on your legal expenses and apply it directly to the insurance.
I think the bigger question may be "what type of insurance do you need" and "how much". The problem with asking a lawyer about that is that (for most of them) 1) this isn't their area of expertise and 2) see paragraph number one (they'll likely recommend complete coverage at high amounts).
My advice - call around to multiple insurance providers to get their opinions on what you need. Yes, they're going to try to sell you on more insurance than you likely need, but if you call multiple providers you also have the opportunity to compare and contrast. Some will come in with a lower quote because they don't believe you need options that others are insisting on. Get the reasons for the recommendations and then proceed from there.
One final tip - if you are the sole developer this obviously puts you at more risk. However, this also likely means that there are bigger fish involved with this project. In the case of lawsuits most companies will go after the biggest fish (at least that's what our insurance provider told us) because they have the bigger policy. If the odds of you being targeted is lower because there is one or more bigger fish then your premiums should be less.
Best of luck. I'd personally be interested in a follow-up to see how you made out.
Cheers
|
|
|
|
|
Lawyers will never tell you what you can do, only what you should not; which often conflicts with the reality of running a business and making a living.
|
|
|
|
|
Wow thanks man that's a treasure trove right there... Just what I was looking for from this group...
The sad truth of this story is that these guys are kinda jerking me around a bit; looks like the CFO had this as a pet project but now he might not even be the CFO anymore and so now I'm talking to the CEO about what is actually going on over there...
I will update you on my progress with actually getting/not getting this contact and what the implications might be for a product that they basically handed me functional requirements for that, should I decide to do so, could actually be marketable...
Stay tuned and thanks for the good advice that is valuable for all of us in this business!
Cheers
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I've carried $1M (USD) general liability as a 1099 contractor for years -- not that expensive (<$50/month) and either required by contracts or some peace of mind. My policy required me to answer extensive questions about the type of development once I mentioned healthcare/patient data -- thankfully, I was able to answer no to every question related to "Will someone die if your software doesn't work?".
I think an E&O (Errors and Omissions) rider (again, IANAL) might help to limit your penalties/fines.
I use Harford; based on other replies, I'm looking into Hiscox.
HTH.
--G
|
|
|
|
|
I'm insured by Lloyd' of London through a Toronto broker. I have CAD 5,000,000 liability and 100,000 E&O. The liability also includes things like fire coverage for the building I rent. I think I pay about 1500 per year. 5M is a standard requirement for many government contracts. If I want 1M E&O it would as about $1000.
|
|
|
|
|
Thanks Yvan I appreciate the feedback
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
Thanks Glenn, I really appreciate your post and your advice... E & O seems to be a common denominator in the replies I've received... Cheers
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I think your biggest concern may be data. If you download/store any data on your computers that contains sensitive information and that data gets out, you are really in trouble. Best advice, don't download any live data.
I had a friend that stored a backup of a customers data on a USB drive, the same one with his music, and he lost it. THAT cost not only money, but the customer as well. We still don't know if that will surface in the future.
A good umbrella policy is always a good idea...
Don't mind me, I'm just watching
|
|
|
|
|
Wow OK ya, this particular project wouldn't particularly be storing any data about patients/providers so much as it would be meta-data about those who are handling it...
Good advice that I'm taking to heart, thanks so much
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I would (if you haven't already) form an LLC to protect you and your assets. It's cheap, really. And just acts as a pass through for your work.
Then have the LLC buy General Liability insurance, and possibly Professional Liability insurance. General covers things like spilling your coffee in the client's new laptop, professional liability would cover program errors etc.
I carry both. It sucks, but so does buying auto insurance and health insurance.
|
|
|
|
|
I was going to say the same thing, get an LLC, it will protect your personal assets. It cost me $110 to file in my state. Since you are just an indie and don't employ anyone, and your "company" doesn't own any significant assets (property, vehicles, stocks, etc), you might consider skipping the insurance altogether and simply file corporate bankruptcy and close up shop if you ever get sued. Since the chances of an indie developer getting sued are less than winning the lottery, personally I would just keep that insurance money in my pocket. And once you file bankruptcy the chances are very high that the lawsuit will just get dropped.
|
|
|
|
|
codefabricator wrote: Since you are just an indie and don't employ anyone, and your "company" doesn't own any significant assets (property, vehicles, stocks, etc), you might consider skipping the insurance altogether and simply file corporate bankruptcy and close up shop if you ever get sued.
Good point, but sounds a little too iffy for HIPAA stuff... Thanks for your post!
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
I also agree, form and LLC or incorporate yourself. Your company will be contracted to do the software development. Should something go wrong and a possible bug cause a problem where the employer or customer sues you, they can only sue the company and not you. By incorporating yourself, you will protect your personal assets and your company will suffer only. It would be wise to get insurance for your company and of course, you are new to this legal arena, consult a lawyer. If any of you CPers know a good attorney that you have a positive experience with, please reply for clientSurfer.
Second, find out what regulatory requirements the software must satisfy. Your employer should have most of this in place and give you an idea of what is expected. Since I have had to write software to satisfy CE/IVD and FDA regulations, I have had several documents to write up, mostly for corporate compliance. One of the worst (most painful) to deal with was risks outline and explanations document. What are the risks, from external and internal. If anything is going over the internet, then there are several pages of risks you can add. There are risks from the operating system that you interact with (even simple file reads and writes). How secure is the file system? How can the user/customer screw up your software? How good are the disk drives you store your data on? A good place to start is using the old data flow diagraming techniques. Start with a context diagram where your system is at the middle and everything else you interact with are surrounding it. All drawings and thoughts will be useful for these documents.
Finally, document everything. This includes all decisions you make and what the alternatives were (and their potential outcomes). You may think that the code is good enough documentation, but don't count on it. This documenting will also save your butt as well as provide your employer (or yourself) with copyright and patent protection. Also, can be used by your employer for copyright and patent litigation (if you feel that a patent is doable). Get a hardbound notebook where the pages cannot be removed with page #s. For each entry, give it a title (at the top), a date, your signature at the bottom of your entry and date and time signed.
Whew, that's a lot. You will work a lot of hours and most of what you do will not be coding, but architecting/designing and documenting. That will expand your resume. If you feel prepared for this job, having all this in mind will help you at the interview. Be sure to ask them about their regulatory requirements and expectations. And mention to them that you are prepared to do the necessary documenting and that you have a good comprehension of English (written and spoken).
Good luck with your endeavor.
|
|
|
|
|
Whew that is a lot and I sure do appreciate your post - that was a wealth of well-taken advice and just good practice reminders in general for all of us coders... Thanks so much
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
Unfortunately the LLC bit doesn't technically protect you in the case of a HIPAA violation. The ACA changed the rules so that hospitals could go after individual developers instead of the company they worked for in the event of a breach*. One of the reasons I got out of medical development.
Too often there was a breach costing the hospital huge sums of money and they would go after the software vendor who provided the software for said sum of money. The vendor found it cheaper to close shop and open up again. Same people, different name.
*At least in the initial language allowed it. As I mentioned in a previous post, they changed some rules for the better and I haven't kept up to date.
|
|
|
|
|
RJOberg wrote: One of the reasons I got out of medical development.
Wow man thanks again; sounds like you have indeed been in the trenches with ACA stuff so I sure do appreciate the "realism"...
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|
wapiti64 wrote: It sucks Only until the day you need to make a claim.
|
|
|
|
|
Yes, and then the fun starts as Insurance companies are in the business of collecting payments and denying claims... so you find out what you've been paying for in a contentious environment!
I subcontract through companies who have required both General and Professional liability insurance. And generally I have had to name those 'parent' companies as co-insured on my policy.
|
|
|
|
|
Richard MacCutchan wrote: Only until the day you need to make a claim.
Amen to that shite
"... having only that moment finished a vigorous game of Wiff-Waff and eaten a tartiflet." - Henry Minute
"Let's face it, after Monday and Tuesday, even the calendar says WTF!" - gavindon
Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. - gavindon
|
|
|
|
|