Legal audit determines your Y2K liability exposure
Legal audit determines your Y2K liability exposure
Besides reviewing software, hardware, and other equipment for Y2K compliance, physician practices should do a legal audit of their Y2K exposure to related liability, warranty, and insurance concerns.
One problem is that many of those questions still have no answers. "The courts have not yet given guidance on the allocation of liability among health care providers, manufacturers, insurers, and others in the event of an injury or death caused by a Y2K failure of a biomedical device," notes Jerald J. Oppel, an attorney in Baltimore-based Ober, Kaler, Grimes & Shriver's health care practice.
A question that's easier to answer: Are your Y2K preparations sufficient to prevent your insurance company from using that as a legal argument for not paying your claim?
Oppel notes one of the major Y2K legal questions: Who is responsible for testing and certifying that biomedical equipment is Y2K-compliant?
Should you rely on manufacturer certification?
"Currently, there is no clear-cut answer as to whether a health care provider should rely on a manufacturer's certification of Y2K compliance, or whether the health care provider also should perform independent tests to confirm Y2K compliance," he answers.
According to the General Accounting Office, some major private equipment testing and certification organizations have decided to rely on manufacturers' Y2K certifications because they have stated that manipulating the embedded software may void the manufacturers' certification to the Food and Drug Administration that the equipment is safe for patient use.
"This action, in turn, could expose the certification organization that performed tests on the equipment to legal liability should the equipment later malfunction and harm a patient," says Oppel.
Other experts say each piece of equipment should be individually tested. The reason is, microchips in individual units of the same product may have been manufactured by different suppliers or made at different times.
Some factors to take into consideration when deciding whether to independently test an item of medical or office equipment:
- Does the manufacturer certify the item as Y2K-compliant?
- What is the scope of that certification?
- What are the terms of any contract, license or maintenance agreement with each manufacturer — particularly warranty, intellectual property, and confidentiality provisions?
- What is the potential threat of harm posed by failure of the device?
- What will the cost and feasibility of replacing the device be?
Before testing any of your equipment, from telephones to medical devices, providers would be wise to first have their lawyer read the contract and guarantee terms for the equipment to ensure that testing does not place the practice at risk, Oppel advises. For instance:
- Warranties. Tampering with a biomedical device to conduct Y2K testing can invalidate a manufacturer's warranty in some instances.
- Intellectual property. If a health care facility does not own the rights to a particular software product, tampering with it may infringe on the owner's proprietary rights or may constitute a breach of the license agreement.
- Confidentiality. Allowing a third party to access software may breach confidentiality obligations contained in the license agreement. It also may expose a provider to liability for misappropriation of trade secrets.
A sales or technical representative's statement to you that his company's equipment or service is Y2K-compliant does not always mean what you think it does.
"Even when a manufacturer certifies that its equipment is Y2K-compliant, there are varying levels of assurances — from the very general and not so reassuring, to the very specific and much more reassuring," Oppel points out. For instance, a certification may:
-refer only to general indications of Y2K compliance;
-refer to the general Y2K compliance of a manufacturer's entire product line;
- indicate that certain products have been tested and are compliant;
- indicate that a particular item has been tested in a certain way and is compliant.
There are also different definitions of the term "Y2K-compliant," notes Oppel.
The Food and Drug Administration, for example, defines Y2K compliance to mean: "With respect to medical devices and scientific laboratory equipment, the product accurately processes and stores date/time data (including, but not limited to, calculating, comparing, displaying, recording, and sequencing operations involving date/time data) during, from, into, and between the 20th and 21st centuries and the years 1999 and 2000, including correct processing of leap year data."
Products must function as intended or expected, regardless of the date, to be Y2K-compliant. However, each manufacturer is free to respond to a customer's Y2K compliance inquiry with any definition or interpretation of what it thinks Y2K compliance is. This lack of consistency should be taken into account when evaluating each certification.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.