When you sign a contract - whether it’s for software, equipment, services, or even a simple service agreement - you’re not just agreeing to pay or deliver something. You’re also agreeing to take on risk. And that risk? It’s often handled through two legal tools: liability and indemnification. Most people don’t read these parts of the contract. That’s a mistake. These clauses can cost you thousands - or even ruin your business - if they’re not clear.
What Liability Means in a Contract
Most contracts don’t say “we’re fully responsible for everything.” That’s not realistic. Instead, they define limits. For example, a software vendor might say: “We’re liable only for direct damages up to the amount you paid for the license.” That’s a cap. It protects the vendor from being sued for millions because their app crashed during a client’s big sales day.
But here’s the catch: liability doesn’t cover everything. Courts and contracts often exclude indirect damages - things like lost profits, reputational harm, or business interruption. These are called consequential damages. They’re real, but they’re harder to predict. So most contracts say: “We’re not responsible for those.”
Indemnification: The Safety Net You Didn’t Know You Needed
Indemnification is where things get serious. It’s not just about paying for damage - it’s about paying for someone else’s legal trouble.
Let’s say you buy a piece of medical equipment from a supplier. Later, a patient sues your clinic, claiming the device caused harm. The lawsuit isn’t because you used it wrong - it’s because the supplier’s design was flawed. If the contract has an indemnification clause, the supplier must step in. They pay your legal fees. They cover any settlement or judgment. They even handle the defense.
This isn’t optional in many industries. In healthcare tech, software licensing, or equipment sales, indemnification is standard. According to legal experts, it’s one of the most negotiated parts of any commercial contract. Why? Because it shifts the financial burden of lawsuits from one party to another - before the problem even happens.
The Three Words That Matter: Indemnify, Defend, Hold Harmless
Many contracts use all three terms together: “indemnify, defend, and hold harmless.” But they mean different things - and mixing them up can cost you.
- Indemnify means: “You pay me for losses I suffer.” This is about reimbursement - after the fact.
- Defend means: “You hire lawyers and fight the lawsuit for me.” This is proactive. It means you don’t just pay after a verdict - you take charge of the legal battle.
- Hold harmless means: “You can’t sue me back.” If you’re protected under this clause, the other party can’t turn around and claim you caused their problem.
California courts have clarified this in cases like Crawford v. Weather Shield Mfg. (2008). They ruled that “indemnify” doesn’t automatically mean “defend.” If your contract says “indemnify” but doesn’t say “defend,” you might still have to pay for losses - but you’re on your own in court.
What Triggers Indemnification?
Not every problem triggers a duty to indemnify. The contract has to say exactly what does. Common triggers include:
- Breach of warranty - like promising a device is FDA-cleared when it isn’t.
- Intellectual property infringement - say, your software uses code that belongs to someone else.
- Negligence or misconduct - if the vendor failed to follow safety standards.
- Violation of laws - like HIPAA breaches in health data handling.
For example: A clinic uses a patient scheduling app that stores data insecurely. A hacker steals 10,000 records. The clinic gets fined by regulators. If the app vendor promised “HIPAA-compliant security” in writing - and didn’t deliver - the vendor owes the clinic for the fine, notification costs, and legal fees. That’s indemnification in action.
Survival Periods: How Long Does Protection Last?
Indemnification doesn’t vanish when the contract ends. But how long does it last? That’s called the survival period.
Some claims - like fraud or tax liability - can surface years later. So for “fundamental” promises - things like “we own this IP,” “we’re legally allowed to sell this,” or “we have no hidden debts” - survival periods are often 3 to 5 years, sometimes longer.
For less critical stuff - like “we’ll update the software monthly” - survival might be only 12 to 18 months. If you wait too long to file a claim, you lose your right to indemnification. It’s not just about the event - it’s about timing.
Caps, Deductibles, and Exclusions: The Fine Print That Saves (or Screws) You
Even with indemnification, there are limits. Three big ones:
- Cap on liability - The maximum amount the indemnifying party will pay. Often tied to the contract value. If you paid $50,000 for a system, your indemnification cap might be $50,000 - no more, even if losses hit $200,000.
- Deductible (or basket) - You have to absorb the first $10,000 of losses before indemnification kicks in. This stops small claims from triggering big payouts.
- Exclusions - Certain damages are never covered. Most contracts exclude punitive damages, lost profits, or indirect harm. Some even exclude claims caused by your own negligence.
These aren’t just legal jargon. They’re financial gates. A $10,000 deductible means you pay the first $10K out of pocket. A $250,000 cap means you’re on the hook for anything above that. If you’re buying a $100,000 system and the cap is $100,000, you’re fully exposed if things go wrong.
Insurance: Is the Other Side Even Capable of Paying?
Indemnification is only as good as the person promising to pay. What if the vendor goes bankrupt? Or disappears? That’s why smart contracts require insurance.
A typical clause says: “The vendor must maintain general liability insurance of at least $2 million, naming the buyer as an additional insured.” That way, if a claim comes in, the insurer pays - not the vendor’s bank account.
Always check the insurance requirements. Ask for proof. A $1 million policy sounds good - until you find out it doesn’t cover cyber incidents. In healthcare tech, cyber liability coverage is non-negotiable. If the contract doesn’t mention it, assume they don’t have it.
Mutual vs. One-Sided Indemnification
Is it fair? That depends on who’s doing what.
One-sided indemnification is common. The vendor indemnifies the buyer - but the buyer doesn’t do the same. This happens when one party has more control or risk. For example, a software company indemnifies a hospital for IP infringement - because the hospital didn’t write the code.
Mutual indemnification is rarer. Both parties protect each other. This is typical in joint ventures, construction contracts, or partnerships where both sides could cause harm. For example, a clinic and a lab might agree: “If your staff mishandles my samples, you pay. If my staff messes up your reports, I pay.”
Don’t assume mutual is better. It can backfire. If both parties are weak on insurance, you end up with two people promising to pay - but neither can.
What Happens If You Don’t Have a Clause?
If your contract doesn’t have indemnification? You’re relying on the law - and the law is slow, expensive, and unpredictable.
Without a clause, you’d have to sue for negligence or breach of contract. That means proving fault, gathering evidence, and going to court. It could take years. And even if you win, the other side might not have the money to pay.
Indemnification clauses exist to avoid that mess. They’re a shortcut to financial protection - if they’re written right.
How to Protect Yourself
Here’s what to do before signing any contract:
- Read the indemnification section - Don’t skip it. Highlight every trigger, cap, and exclusion.
- Ask for a definition of “losses” - Does it include legal fees? Regulatory fines? Lost revenue?
- Check the survival period - Is it long enough for your industry? In healthcare, 3+ years is standard.
- Verify insurance - Ask for a certificate of insurance. Don’t take their word.
- Push back on caps - If the cap is too low, negotiate based on risk. A $100K system with a $10K cap is a red flag.
- Require defense - Don’t settle for “indemnify” alone. Demand “defend and indemnify.”
And if you’re the one being asked to indemnify? Don’t agree to everything. Narrow the scope. Exclude consequential damages. Set a cap. Make sure your insurance covers it.
Bottom Line
Liability and indemnification aren’t just legal boilerplate. They’re your financial safety net. In generic transactions - whether you’re buying a $500 app or a $2 million diagnostic system - these clauses determine who pays when things go wrong.
Most people sign without understanding them. That’s not ignorance - it’s gambling. The right clause can save you from ruin. The wrong one can bury you.
Don’t let your next contract be a surprise. Read it. Question it. Negotiate it. Because in business, the real cost isn’t what you pay upfront - it’s what you’re on the hook for later.
