Tech Lawsuits, Insurance Costs EscalateAs Does Cost Of Doing Nothing
Medical malpractice is huge. Total national costs can run from $17 billion to $29 billion a year, according to one 1999 estimate from the Washington-based Institute of Medicine.
Technology malpracticeyes, there is such a thingis big, too. Although no one has tabulated the total costs, individual cases are running into the hundreds of millions of dollarsastronomically higher than any single case of medical malpractice.
What does technology malpractice look like? Consider these scenarios:
A company contracts a software consultant to develop an information technology system. The contract contains specific benchmarks for project completion dates and other requirements.
These benchmarks are not reached, causing the client a significant loss.
The consultant is sued for negligence and breach of contract.
Another corporate client purchases an essential piece of hardware, a digital telecommunications switch, from a specialized vendor. The contract calls for the vendor to connect the switch to the clients networked computer system and to provide maintenance.
Several months after installation, the switch fails, causing the client significant downtime.
The customer sues, alleging lost revenue and a damaged reputation.
While transferring a clients data from a legacy to a Web-based system, a software implementation specialist mistakenly compromises a vital database, resulting in loss of valuable corporate sales information.
The client sues for negligence.
Unlike medical errors, these situations dont usually result in disability or loss of life. However, they can be crippling or even deadly for the client company involved.
Just ask the car rental company whose reservation system crashed just before a major national holiday, preventing the company from taking booking for 30 hours.
Or the electrical parts manufacturer that blamed problems with a new Internet-based order management system for a 50 percent drop in profits one recent quarter.
Or any of the well-known companies whose operations, images andmost importantbottom lines have been severely impacted by large-scale information technology failures.
Or ask FoxMeyer Corp., once the fourth-largest drug distributor in the country. In 1995, the Houston-based company hired a consulting firm to implement a major piece of enterprise resource planning software. The project went so badly, alleges FoxMeyer, that one year later it was forced into bankruptcy and liquidation.
But to believe that the client alone will feel the pain in these scenarios is to ignore the litigious disposition of American society.
Software and hardware manufacturers, top IT consultancies, and others who provide the backbone infrastructure and driving manuals that enable e-commerce are increasingly at risk for technology malpractice liability suits based on loss or destruction of client data, software or system failure, non-performance of duties, or other allegations.
Large-scale, immensely complex projects, such as the replacement of a legacy system or the installation of a huge ERP software package, obviously carry the most riskbut not simply because the scope of things that can go wrong physically is so great.
Such undertakings tend to have enormous amounts of political and financial capital behind them, so their forward momentum is often hard to stop, even after its obvious something is wrong.
The resulting conflicts that lead to litigation can be as tangled and complicated as the original project itself.
The computer software and/or hardware sold by one party to another either fails to work as expected or never works at all. The client accuses the vendor of failing to meet the terms of the contract. The vendor claims the client expanded the original work requirements and had unreasonable expectations.
The situation can devolve into a series of “he said, she said” arguments, and ambiguity in the paperwork documenting the project only makes the matter worse.
What are a defendants chances once the gavel falls?
Its hard to say, since well-established legal precedents in the field of computer consulting and contracting are largely non-existent.
Unlike doctors and other professionals who have a wealth of tort or contract law from which to draw, computer professionals are often in legally uncharted territory. In many cases, in fact, courts are still defining just what a “computer professional” is and what the expectations are for services and contracts in the technology world.
This means a consultant or vendor could be liable tomorrow for actions that today are considered acceptable business practices.
For better or worse, some clarification may be on the way.
The bankruptcy trustee in the case of FoxMeyer Corp., the defunct drug company mentioned earlier, has filed lawsuits against both the consulting firm and the softwares manufacturer, seeking $500 million from each. The suits, filed in 1998, are scheduled to go to trial this year, and the ultimate finding could determine societys appetite for holding implementation firms accountable for massive IT failures.
A major victory by FoxMeyer could have a snowball effect on future cases that would be chilling for IT consultants and vendors.
Even when they are absolved of all blame by the courts, defendants in such cases often end up paying some damages in order to settle. If they dont avoid trial, the financial costs of going through prolonged litigation can be ruinous, win or lose.
A key survival tool in this precarious environment is errors and omissions, or professional liability, insurance.
E&O protects technology companies if they are faced with the two most common forms of liability risks:
“Malpractice” claims, in which companies are sued for failing to maintain accepted standards of care as technology professionals.
Breach of contract claims for failing to perform contracted services in a timely manner and within contractual terms.
By filling in gaps left by general liability insurancewhich generally covers claims of bodily injury and property damageE&O policies help an insured keep operating as the legal process moves along at its usual glacial pace.
Not only can E&O coverage be critical to a companys survival when client work devolves into contentious litigation, it can also be mandatory to doing business in the first place.
Many companies now require their vendors and consultantsnot just in IT, but other fields as wellto purchase a policy before beginning professional relationships with them. Many consultants and vendors, in turn, are requiring the same of their subcontractors.
Unfortunately, the same factors that are creating the need for E&O insurance are also fueling double-digit hikes in premiums and deductibles.
The insurance industry, motivated by the five-fold increase in technology E&O claims it has seen over the last three-to-five years, is raising premiums by an average of 20-to-40 percent, and casting a far more critical eye on the technology customers it underwrites.
A company that wants to be coveredat a rate thats not going to break the bankmust make itself a better risk.
While there will always be computer mishaps and human errors in judgment, there are steps IT executives can take to manage risk and strengthen the client relationship from a projects infancy. This approach will help prevent technology failings from becoming major legal fiascos and help technology companies maintain their insurance costs.
Stay within your comfort zone.
In a highly competitive atmosphere, where the mantra of “one-stop shopping” is irresistible to many businesses looking for a competitive edge, a number of consultants and vendors are adding new products and services to broaden their appeal.
This can backfire.
Once you get away from your core capabilities, you increase the chance that youll be making promises you cant keep–and aggravating customers who hired you based on your supposed expertise in a particular area.
Deploy appropriate resources.
Even if you are providing your core services to a client, you are playing with fire if you use senior people to secure the business and inexperienced junior consultants or systems engineers to do the actual implementation work.
A central contention in the FoxMeyer suit is that the consultant used the assignment as a guinea pig or test run for untrained consultants.
Use airtight controls.
Use standard business contracts that have been thoroughly scrutinized by legal counsel on both your side and the clients side.
Take great care with highly customized contracts. The fancier and more intricate the language, the more potential confusion down the road.
In the name of self-preservation, also make sure the contract includes a limitation on your companys liability, allows you to avoid penalties and liquidated damages, and provides for arbitration in the event of a dispute.
Follow sound protocols.
In addition to the legal contracts, agree upon a common, written set of definitions, specifications and timetables with regard to the project in question.
View these as “living” documents that should be reviewed with the clients as milestones are reached and amendedagain, in writingif deviations in the project are made along the way.
Finally, if the customer is satisfied at the projects end, confirm it in writing in case they allege otherwise in the weeks, months or years after youve wrapped up your work.
All controlling documentation should be reviewed up and down the chain of command in both organizations to make sure all relevant personnel understand what is promised and what is expected.
This all sounds like common sense, but it isnt always done.
Watch what you promise.
Its never a bad idea to review with your legal counsel all external-looking marketing materialsincluding brochures, media kits, annual reports, press releases and your Web siteto ensure they do not promise results youre incapable of delivering.
Support the customer.
A client will have a much harder time alleging negligence on your part if you have 24/7 customer support procedures in place to deal with concerns that arise over the course of a project.
Ensure dispute resolution.
When disputes arise, have a formal dispute resolution process in place to handle them. The largest area of disputes in IT cases is over payments. The American Arbitration Association can be a valuable resource in this area.
There are no guarantees in a society as litigious as ours that following the steps outlined above will help IT consultancies and vendors avoid lawsuits from justifiably and unjustifiably disgruntled clients. However, by following these preventive guidelines, organizations can effectively manage both their insurance costs and the risks of operating in an environment where innovation is a business imperative, not a lofty goal.
Timothy G. Ehrhart is an assistant vice president in Information & Network Technology Group for the Chubb Group of Insurance Companies in Warren, N.J.
Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, November 12, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.