Can you ensure a commercially and legally robust contract for your organisation, and the health and care sector

This guide does not provide a comprehensive treatment of commercial contracting, but these are key questions to consider:

• are you clear about exactly what you are procuring
• is it a lifetime product
• is it a licence
• what is the accompanying support package

You should set out a service level agreement as part of your contracting process. You should also ensure that the financial arrangements you’re establishing are sustainable in the long-term. 

In principle, your contracting should be as open as possible. Whilst confidentiality clauses are often invoked to prevent disclosure of commercially sensitive information, this can be detrimental to public trust.

Your contracts should recognise and safeguard the value of the data that you are sharing, and the resources which are generated as a result.

Where your organisation sends back data to the vendor - whether for the purpose of auditing the product, re-training the model, or potentially developing a new product you may be contributing to the creation of intellectual property. You should take advice early to address this appropriately. NHS England's Centre for Improving Data Collaboration can offer tailored guidance. 

Liability issues should not be a barrier to adoption of effective technology. However, it’s important to be clear on who has responsibility should anything go wrong. Product liability and indemnity is therefore an important issue to address at the contracting stage.

In the case of data protection, your organisation as a data controller is primarily responsible for its own compliance but also for ensuring the compliance of its data processors. A controller is expected to have measures in place to reduce the likelihood of a data breach, and will be held accountable if they have not done this.