A Healthcare Giant's Journey to Evaluate Risk, Strengthen Data Use Licensing Agreements with Third-Party Vendors

Test

Solution Collaboration

Protiviti’s legal consulting and technology consulting experts – working on parallel tracks – partnered with the client to develop a two-pronged approach. Under tight deadlines, we:  

• Conducted a comprehensive contract review: Our legal consulting team conducted employee and stakeholder interviews and reviewed the Contracts between the parties and related documents.  The objective was to develop a deep understanding of the relevant contract terms, and how those terms were being effectuated within the licensee's operational environment. The legal team identified areas of potential risk of non-compliance within the operational environment, while also identifying areas where contract terms might be enhanced or further clarified. The team also learned how the third party was executing agreement terms, comprising usage patterns compared to licensed allowances, and identified areas of potential non-compliance or potential risks.
• Conducted a technology deep dive: Concurrently, our technology consulting group did an in-depth review of relevant systems, data protection controls, and overall data governance strategy and efficacy. This evaluation included a review of controls pertaining to data extraction from the client’s systems, how data was being stored (if it was being stored) within existing systems, and how data was being transferred to other downstream third parties.  
• Provided recommendations: Based on observations and analyses, the Protiviti team recommended enhancements to contact language around data sharing, Data use licensee audit rights, and downstream third-party use of data. Protiviti also provided insights and specific recommendations to both the client and the licensee regarding specific gaps in the data governance infrastructure, which both parties rely on to ensure compliance with the license agreement.

What changed

As a result of our findings, the client launched several key initiatives:

• Clearer licensing framework: Redefined licensing terms that precisely delineated rights for both parties, reducing ambiguity and reducing the risk of non-compliance.
• Enhanced compliance mechanisms: Implemented robust data governance and monitoring systems and clarified audit clause language to regularly assess compliance with license terms among primary licensees and third-party users.
• Training programs: Instituted comprehensive training sessions for stakeholders involved in managing or operating under these licenses to ensure everyone understood their roles and responsibilities.

Why this matters in every industry

Third party contract management and related audit clauses exist within the majority of corporate environments as they rely on third parties for a vast array of essential operational initiatives, whether it be, for example, sales channel partners, manufacturing partners, Intellectual property integration partner and many others.  These third-party contracts dictate the terms of use of identified assets between the parties.  The audit clause provides the primary asset owner with a vehicle to monitor the contractual relationship and use an independent party to periodically evaluate the proper use of assets and provide the parties with recommendations to enhance the efficacy of their mutual contractual relationship.