CVS Pharmacy, Inc. v. Press Am., Inc.

377 F. Supp. 3d 359

• Court: District Court, S.D. Illinois
• Decided: March 27, 2019
• Docket: 1:17-cv-190-GHW
• Status: Published

Opinion

GREGORY H. WOODS, District Judge:

Press America, Inc. ("Press America") contracted to print and mail letters for Plaintiffs CVS Pharmacy, Inc. and Caremark Rx, LLC. The letters were related to Plaintiffs' pharmaceutical benefits program, so the parties were aware that the contract involved some risk that letters containing individuals' private health care information would be misdirected. Press America indemnified Plaintiffs for any claims or liabilities arising from its negligence. What Press America did not know was that Plaintiffs had entered into a contract with International Business Machines Corporation ("IBM"), requiring that Plaintiffs pay IBM $ 45,000 for each piece of misdirected mail-a payment obligation that IBM and CVS transparently referred to as a "penalty." Press America learned that information the hard way. After Press America errantly mailed 41 letters to the wrong people, IBM sought $ 1.845 million ($ 45,000*41) from CVS. CVS paid without much fuss, then demanded that Press America reimburse it for that amount pursuant to its indemnity. Press America refused, leading to this lawsuit. Because Press America has established that CVS's payment was an unenforceable penalty, and therefore was not founded upon any legal liability to CVS, Press America need not reimburse CVS pursuant to its contractual indemnity. For that and the other reasons described below, the parties' cross motions for summary judgment are GRANTED IN PART and DENIED IN PART.

I. BACKGROUND AND FACTS¹

A. The Parties: Press America and CVS

CVS Pharmacy Inc. ("CVS Pharmacy") and Caremark Rx, L.L.C. ("Caremark", and collectively with CVS Pharmacy, *364"CVS"), are in the pharmacy business. Among other things, CVS administers prescription drug plans for clients as part of what are referred to as "pharmacy benefits management programs" ("PBMs"). Joint Statement ¶ 1. As part of its administrative obligations to its clients, CVS contacts its clients' employees, retirees, and dependents about their prescription medications, in particular, when it is time for them to renew their prescriptions. Id. ¶ 2-3. CVS mails notices to PBM members about such matters.

Aptly named, Press America, Inc. ("Press America") prints and distributes mass mailings for its customers. Press America had served as a vendor for CVS since approximately 1990. Id. ¶ 4. In 2010, CVS began talks with Press America for Press America to provide printing and mailing services to CVS in connection with CVS's PBM business. Those discussions ultimately yielded fruit in February 2012, when CVS and Press America entered into the series of agreements that are the subject of this litigation. Id. ¶ 7.

B. CVS's Relationship with IBM

One of CVS's PBM clients was International Business Machines Corporation ("IBM"). In early 2011, IBM issued a request for proposals, seeking bids from companies to administer a PBM plan for IBM's PBM members. Id. ¶ 96. One of the requirements of the request for proposals was that any potential bidder agree to provide a "performance guarantee" to protect members' personally identifiable information ("PII") and protected health information ("PHI"). Id. ¶ 98. In particular, IBM made clear that bidders would have to compensate IBM for each security incident, including inadvertent disclosures of members' PII or PHI. Id. ¶¶ 98-99. CVS submitted a bid in response to the request for proposals, and won. Id. ¶¶ 97, 100.

IBM and CVS set about negotiating a contract to govern their relationship. For purposes of this litigation, the most significant feature of their negotiations involved the "performance guarantee" that IBM had required as part of its request for proposals. IBM viewed their requested provision "as different, it was new...." Declaration of Adam Pence ("Pence Decl."), Dkt. No. 89, Ex. 29, Transcript of Deposition of IBM 30(b)(6) witness, Tobe Mizels ("Mizel Tr.") 129:3-4. CVS also believed that the performance guarantee request was "unique" in the industry. Joint Statement ¶ 34. (When Press America learned of the provision following the claim that led to this litigation, they too believed it to be a novel requirement for a contract of this sort; it was, in their view "way out of left field.") Id. ¶ 30. Not only did IBM want CVS to pay a penalty if it failed to meet its performance guarantee, it wanted the amount of its vendor's potential liability to be uncapped. Mizel Tr. at 129:3-4. The provision was a focus of the negotiations between CVS and IBM.

IBM and CVS entered into a Letter of Understanding (the "LOU") on December 29, 2011, to be effective January 1, 2012. Pence Decl. Ex. 30. The LOU was a binding contract, but it was understood by the parties as an interim step, bridging the way to a final agreement. In the LOU itself, the parties agreed to "further negotiate in good faith to execute the Pharmacy Benefits Management Services Agreement and [to] use best efforts to complete this work as soon as possible." LOU at 2. The LOU was structured so that it would automatically terminate when the final agreement was consummated. Id.

In the LOU, CVS agreed to "comply with the performance standards described in Exhibit C of this Letter of Understanding." Id. Exhibit C to the LOU, in turn, required CVS to meet an "Ongoing Performance Standard." The relevant performance standard at issue here is Number *36526:, Security Incidents, described as the following:

Security incidents, including inadvertent disclosures, involving Confidential Participant Information or Protected Health Information: a) must be reported to IBM as quickly as possible and no later than 24 hours after knowledge of security incident (including magnitude of data exposure); b) root cause analysis must be performed and communicated to IBM no later than 72 hours after knowledge of security incident; c) a full corrective plan of action must be provided to IBM no later than five business days after knowledge of security incident.

LOU at 25.

Failure by CVS to meet this performance standard had real consequences under the LOU-it triggered a "penalty." For each breach, the LOU provided that CVS would be on the hook for the "Fees at Risk per Period" (with, again, each "Period" defined as a single breach). Id. The amount at risk was defined as follows: "Penalty of 3% of total annual administrative fees at risk shall apply for each security incident, inadvertent disclosure or breach, as well as $ 25,000 for each failure to meet any of the standards for follow-up." Id. (emphasis added). While the penalties associated with breaches of other "performance guarantees" under the LOU were capped at $ 1,500,000 per year, breaches of the "Security Incidents" standards could result in an unlimited amount of penalty obligations. See LOU at 18 ("the maximum penalty that CVS Caremark shall have at risk for any Agreement Year is $ 1,500,000 for the performance guarantees listed in Table B, excluding PG # 26 Security Incidents."). Of course, it was this uncapped, "different," and "new" performance guarantee that led to this lawsuit.

In general, CVS treated all of its client contracts as confidential. Joint Statement ¶ 110. But the LOU did not contain a contractual provision requiring that it be maintained in confidence.

After CVS and IBM entered into the LOU, they continued to negotiate a final contract. Id. ¶ 112. Among the provisions that they negotiated was the nature of what would constitute a "Security Incident" under the performance guarantee. Id. ¶ 113. Eventually, IBM and CVS executed a final contract on March 28, 2013 (the "Final IBM Agreement"). Id. ¶ 118; Pence Decl. Ex. 31. That final contract states that it is "effective January 1, 2012," however, IBM and CVS agree that the LOU governed the parties' relationship prior to the date of its execution. Joint Statement ¶¶ 118-119. And, in particular, IBM's representative agreed that the "performance guarantee penalties" established in the LOU were the ones that applied until the final contract was signed. Id. ¶¶ 115-116.

Given that the LOU governed at the time of the incident that provoked this litigation, the terms of the Final IBM Agreement are not significant for purposes of the Court's resolution of this motion-it was not the governing agreement at the time.² But CVS argues that the Final IBM

*366Agreement "best represents the understanding of the parties, even during the time between the execution of the LOU and the final agreement." Plaintiff's Memorandum of Law in Support ("P's Aff. Mem."), Dkt. No. 86, at 8. Perhaps not coincidentally, in the Final IBM Agreement, concluded following the incident that instigated this suit, references to the consequences of a violation of a performance guarantee as "penalties" were scrubbed. Instead, they are described as "fee adjustments."

In particular, in Section 3.13 of the Final IBM Agreement, CVS agrees that if it

fails to satisfy the performance standards in Exhibit D, CVS Caremark's fees shall be adjusted as described in Exhibit D. Measurements related to the performance standards described in Exhibit D shall be reported to CVS Caremark quarterly within 60 calendar days after the end of each quarter. Performance for the purpose of fee adjustment shall be measured on a quarterly basis and CVS Caremark shall credit the Plan for any payments due within thirty (30) days after the issuance of the quarterly performance standard report.

Final IBM Agreement § 3.13 (emphasis added). The performance guarantee is triggered by a "Protection of Information Failure" as defined in Exhibit D to the Final IBM Agreement. Joint Statement ¶ 129. The consequences of a failure to meet that performance guarantee standard under the Final IBM Agreement are substantially the same as under the LOU-3% of the annual fees at risk apply for each Protection of Information Failure. Id. ¶ 130. As with the penalty provided for under the LOU, the amount of "fee adjustments" resulting from a violation of this performance guarantee was uncapped.

The LOU did not contain an express choice of law provision. However, the Final IBM Agreement states that it "and the legal relations between the parties hereto shall be determined in accordance with ERISA, and to the extent not preempted by ERISA, in accordance with the substantive laws of the State of New York...." Final IBM Agreement § 8.15.

C. Press America's Contracts with CVS

1.The Contract Negotiations

As described above, Press America had served as a vendor for CVS for over twenty years. Id. ¶ 4. In mid-June 2010, CVS issued an RfQ (request for quotation) for printing services in connection with its Adherence to Drug Therapy ("ADT") program. Pence Decl. Ex. 6. When Press America responded to the RfQ, as part of its pitch for the business, Press America's representative touted his company's ability to handle the project-and highlighted the risks associated with performance of the contract, lest CVS select a less capable vendor. In a June 17, 2010 e-mail responding to the RfQ, Press America principal Martin D'Amico wrote "[p]lease recognize the highly specialized nature of these mailings [for closed-faced envelopes] and that not all vendors can manage the data mapping properly. Errors in data mapping can result in huge compliance issues for CVS Caremark." Id. ; Joint Statement ¶ 17. Mr. D'Amico was referring to the possibility of disclosures of protected information, such as PHI and PII: Press America was aware of that risk even before it won the contract in connection with which the risk ultimately manifested itself. Id. ¶¶ 19-23.

Press America won CVS's business. CVS and Press America began to work on the contract in earnest in the Fall of 2011. Id. ¶ 26. "The contract was assembled by Philip Morin of CVS, using preapproved language provided by CVS's legal department. Mr. Morin had never seen the IBM Agreement nor was he aware of its existence when he was negotiating Press *367America's agreement with CVS. Mr. Morin did not advise Press America of the existence of any performance guarantees contained in the IBM-CVS agreement and could not have as he did not know whether any such provisions existed." Id. at ¶¶ 27-29 (internal citations omitted).

As part of the contract negotiation process, CVS proposed that Press America obtain a $ 15 million insurance policy to cover privacy liability in the event of the disclosure of members' private health information. Id. ¶ 42. That level of insurance coverage was expensive. So Press America pushed back, asking if $ 5 million in coverage would be sufficient on two separate occasions. Id. ¶¶ 46, 65. CVS was concerned about the volume of letters that Press America would be handling that would contain PHI and PII-approximately 500,000 to 800,000 letters a month-so CVS held firm. Id. ¶¶ 51-59, 70.

CVS's representatives expected that the insurance would cover instances of credit monitoring for affected individuals, "identity theft, access to people's medical information, and then any sort of claim that would be generated from that type of disclosure." Id. ¶ 57. CVS did not, however, calculate the insurance coverage with reference to the penalty payments then due under the LOU's performance guarantee provisions. Id. ¶¶ 43, 58. After all, its negotiator did not know about the IBM Agreement. Id. ¶ 58. Nor did Press America have an inkling of the potential impact of the IBM Agreement when it negotiated insurance with CVS. Id. ¶¶ 85-87. But Press America did not find the high insurance amount to be particularly odd because CVS " 'tend[ed] to do things big' and because HIPAA fines or credit counseling costs could justify such a requirement, given the volume of material Press America would be mailing." Id. ¶ 66 (quoting D'Amico Tr. 82:19-83:7).

As a result of their negotiations, CVS and Press America entered into the principal agreements that are the subject of this dispute-the Business Associate Agreement and the Master Services Agreement.

2.The Business Associate Agreement

The first agreement that CVS and Press America entered into was the Business Associate Agreement, dated as of November 2, 2011 (the "Business Associate Agreement"). Pence Decl. Ex. 3. The parties entered into the Business Associate Agreement while still negotiating the final terms of the service agreement that would govern their relationship. However, with the expectation that the companies would enter into a future agreement involving the distribution of personal privacy information, they entered into the Business Associate Agreement in order to "comply with the HIPAA Rules and other applicable Privacy Laws." Business Associate Agreement at 1.

To achieve that end, Press America (defined as the "Vendor" in the agreement) agreed to do a number of things. They agreed not to use or disclose PHI other than as permitted under Press America's service agreements with CVS, and also not to use or disclose "Private Information" other than as permitted or required by the agreement, or as required by law. Id. § 2.0.a. "Private Information" was defined in the Business Associate Agreement as follows:

(1) Protected Health Information ("PHI"), as defined by the HIPAA Rules, created or received on behalf of, or received from Company, (2) Nonpublic Personal Financial Information and, as applicable, Nonpublic Personal Health Information, as defined by the Gramm Leach Bliley Act, and (3) any data or information that (i) relates to an individual and (ii) identifies or there is a reasonable basis to believe it can be *368used to identify the individual (such as, but not limited to, an individual's name, postal address, email address, telephone number, date of birth, Social Security number, driver's license number, financial account number, or any other unique identifier).

Business Associate Agreement § 1.c.

Most significantly for this case, the Business Associate Agreement required that Press America indemnify CVS in the event of violations of the agreement or improper disclosures of "Private Information." Section 6.0 of the Business Associate Agreement contained the relevant indemnification provision and read as follows:

Vendor will indemnify and hold harmless CVS and any of its officers, directors, employees, or agents from and against any claim, cause of action, liability, damage, cost, or expense, including reasonable attorneys' fees and court or proceeding costs, arising out of or in connection with any breach of the terms of this Agreement, any Breach³ of Private Information under the control of Vendor or its agents or subcontractors that requires notification under the HIPAA Rules or state law, or any failure to perform its obligations with respect to Private Information by Vendor, it [sic] officers, employees, agents, or any person or entity under Vendor's direction or control.

Business Associate Agreement § 6.0.

The Business Associate Agreement did not contain an express choice of law provision.

3.The Master Services Agreement

On or around February 6, 2012, CVS Pharmacy, "on its own behalf and on behalf of its Subsidiaries and Affiliates including without limitation Caremark Rx, L.L.C." (which were also collectively defined as "CVS"), and Press America entered into the Master Service Agreement (the "MSA"). Pence Decl. Ex. 2. The MSA was stated to be effective retroactive to October 1, 2011. Joint Statement ¶ 74. Pursuant to the MSA, Press America agreed to service CVS's ADT Program.

Shortly thereafter, on or around February 14, 2012, CVS Pharmacy, "on its own behalf and on behalf of its Subsidiaries and Affiliates, including Caremark Rx, L.L.C." and Press America entered into a Statement of Work, effective October 1, 2011 (the "2011 SOW"), which outlined the core tasks, responsibilities and costs of Press America's ADT printing and mailing services. Pence Decl. Ex. 2, 2011 SOW2; Pence Decl. Ex. 7. And then, just a few months later, the same entities entered into another Statement of Work, effective May 1, 2012 (the "2012 SOW"), which again outlined the core tasks, responsibilities, and costs of Press America's ADT printing and mailing services. Id. The 2011 SOW and 2012 SOW were incorporated by reference into the MSA and became an "integral part" of the MSA. MSA § 1 (Overview of Agreement).

In some ways, the MSA was a flexible agreement-it put in place broad architecture for the relationship between CVS and Press America. Pursuant to the terms of the MSA, the specific tasks to be performed by Press America would be set forth in separately agreed statements of work. In the MSA, Press America (referred to as "Vendor" in the contract) agrees "to perform such Services (the 'Services') as set forth in a Statement of Work (each an 'SOW') that CVS elects to purchase and which meet or exceed CVS specifications described in the applicable SOW

*369pursuant to the terms and conditions set forth [in the MSA]." MSA § 1 (Overview of Agreement). "Inability of Vendor to provide Services or the receipt of non-conforming Services may be considered a breach of contract on the part of Vendor by CVS." Id. § 2 (Services Provided).

The MSA required Press America to indemnify CVS for any breach of the agreement, as well as for negligence and other misconduct. Section 8.1 of the MSA, titled "Indemnification," read in pertinent part as follows:

Vendor agrees (i) to indemnify and hold harmless CVS from and against any claims, liabilities, and damages to the extent same are due to Vendor's negligence, willful misconduct, or breach of this Agreement or Vendor's failure to comply with or abide by any applicable law (other than by reason of an act or omission of CVS), and (ii) to defend promptly and diligently, at Vendor's sole expense, with attorneys reasonably acceptable to CVS, any claim, action, or proceeding brought against CVS or CVS and Vendor jointly or severally, arising out of or connected with any of the foregoing, and to indemnify and hold CVS harmless from any judgment, loss, or settlement on account thereof. Vendor's duty to defend CVS under this Section shall apply to any complaint or claim that makes allegations that, if proved, place the alleged breach of duty, whether in tort or contract, potentially within the purviews of the duties, responsibilities, and obligations undertaken by Vendor pursuant to this Agreement.

MSA § 8.1.

The parties' discussion of insurance requirements ripened into a contractual obligation in the MSA. Pursuant to Section 8.2 of the MSA, CVS agreed to procure at its own expense privacy liability coverage with a limit not less than $ 15,000,000 per claim. MSA § 8.2. The requirements for that coverage were broad and were to include "breach of privacy and the failure to protect and disclosure of personally identifiable information, ... and health information; violation of any federal, state or local law or regulation in connection with the protection of information including fines and penalties to the extent allowed by applicable law; notification and crisis management costs, identity theft monitoring and regulatory defense; disclosure of any third party's proprietary information including, without limitation, trade secrets, and; liability for interruption of CVS's or any third party's business including, without limitation, claims for loss of use and loss of profits...." Id.

The MSA contained an express choice of law provision, pursuant to which the agreement "shall be governed by and construed in accordance with the laws of the State of New York...." MSA § 13.8.

None of the contracts required CVS to provide Press America with the specific terms of any agreements with CVS's PBM clients. Joint Statement ¶ 95. And there is no evidence before the Court that Press America ever inquired about the terms of those contracts as part of their negotiation process or deal diligence.

So, threatened by a blanket indemnity provision, yet armored with a $ 15 million insurance policy, Press America went about the business of printing mailings in support of CVS's PBM business on behalf of CVS's many clients, including IBM. The risks associated with improper disclosures of privacy information and the associated liability were things that Press America knew about from the time that it first bid for the contract. But Press America did not know about CVS's "unique," "new," and "different" negotiated penalty provision with IBM. They would shortly.

*370D. 41 Mislabeled Envelopes: That Will Be $ 1.845 Million Dollars, Please

Something went wrong when Press America mailed a series of letters on behalf of CVS's PBM customers on August 2, 2012. Press America placed letters for 2,668 individuals in envelopes with the wrong addresses. Joint Statement ¶ 195. The letters were mailed. Of those 2,668 letters, 41 letters containing PHI for IBM employees were incorrectly mailed to the wrong recipients. Id. ¶ 196. Those 41 letters involved 39 IBM employees-two employees were to receive two letters each. Id. ¶ 196.

The parties' Joint Statement contains a lengthy description of just what went wrong that led to the mislabeled envelopes, an event that the parties term grandiloquently the "Incident." Id. ¶¶ 132-193. Suffice it to say that the Incident appears to have been Press America's fault: a "human error" by a Press America employee was not captured by Press America's quality control procedures and resulted in a somewhat scrambled list of addresses on envelopes that did not correspond with the letters to be mailed in them. See generally, id. ; see also id. ¶¶ 183, 201, 217-221, 232, 236.

CVS notified Press America of the error after certain of their PBM members contacted CVS about receiving another individual's letter. Id. ¶ 199. Press America launched an investigation of the root causes of the Incident, and sent a number of emails to CVS with their findings on August 7 and 8, 2012. Id. ¶¶ 202-12. The parties were concerned early on that the mislabeled letters contained the private healthcare information of CVS's PBM members. On August 9, 2012, Press America's principal reached out to CVS's representatives to apologize for the trouble caused by the Incident. Id. ¶ 232.

On August 9, 2012, a representative of CVS notified IBM that "41 letters for IBM members associated with our Adherence to Drug Therapy program were mailed to the incorrect individual. Envelopes were addressed to one member while the letter enclosed was to another. Information in the letter included the member name, address and drug information." Pence Decl. Ex. 32. CVS and IBM quickly agreed that each of the 41 mis-mailed letters involving IBM employees constituted a separate "security incident" for purposes of the MSA's performance guarantee. Joint Statement ¶¶ 244-246, 248. For a period, IBM took the position that each breach also triggered an additional $ 25,000 penalty, but CVS successfully argued that $ 45,000 alone was the proper standard. Defendant's Counterstatement ("Defs. Counterstatement"), Dkt. No. 101, ¶¶ 202-212.

At $ 45,000 per security incident, IBM and CVS calculated the cost of the breach of the security incident performance guarantee to be $ 1.845 million ($ 45,000*41). On December 12, 2012 at 10:12 a.m., IBM sent CVS a spreadsheet that "show[ed] how the penalty was calculated." Pence Decl. Ex. 33. CVS responded just over two hours later with its comments on IBM's spreadsheet. Id. IBM responded quickly to CVS's missive with a response that read, in part, "IBM will accept your revised penalty number to bring this to closure.... Please confirm that you will be able to pay these penalties ... before year end as well as providing a date/time frame for when they will be paid." Id. On December 31, 2012, CVS credited IBM for the $ 1.845 million penalty. Joint Statement ¶ 252. There is no evidence that CVS ever reached out to Press America before agreeing to make, or making, the payment of IBM's calculated penalty amount.

By all accounts, Press America was surprised when they learned of the payment.

*371Mr. Cappeletti, who worked on print vendor relationships for CVS, broke the news to Press America's representative. Pence Decl. Ex. 1 62:10-64:7. (Q: Did he [Mr. D'Amico from Press America] express [surprise] to you. A: Yes. Q: What do you remember him saying? A: He may have grimaced a bit, sighed maybe a little bit, as anyone would. Q: Sure. Any particular words that you remember him saying after he was informed of the existence of the penalty. A: I don't recall exactly. May have been "God. Oh God," you know, that type of thing.)

Press America tendered to its insurers for payment of the amount claimed by CVS. Joint Statement ¶¶ 254-255. In addition to the $ 1.845 million payment, Press America submitted to its insurers information provided by CVS about additional damages that it allegedly suffered as a result of the errant mailing. Id. ¶ 255. CVS calculated that it lost revenues of at least $ 70,035 because of the disruptive effect of the Incident on CVS's PBM business. Pls. Counterstatement ¶ 335.⁴

E. The Aftermath

For reasons that have not been presented to the Court, Press America's insurers have not paid the claim. Press America has not done so either.

On March 1, 2014, CVS notified Press America that it was not going to renew certain of its services beyond the contracted expiration date of March 31, 2014. Joint Statement ¶ 257. Shortly thereafter, on April 4, 2014, Press America demanded that CVS pay it $ 560,354.97 for open invoices. Id. ¶ 257. On April 15, 2014, CVS's counsel responded to Press America's demand for payment, explaining:

CVS has received no response to its Demand Letter, nor has it received any payment toward the $ 1,845,000 Press America owes to CVS. Any amounts Press America may claim to be owed by CVS are more than offset by Press America's indebtedness to CVS, and CVS will make no further payments to Press America until the $ 1,845,000 obligation is satisfied.

Pence Decl. Ex. 4.

As of today, CVS has refused to pay the bills submitted by Press America. The parties have not provided the Court with any justification for CVS's failure to do so, other than its belief that the amount that it owes should be set off against the $ 1.845 million penalty payment, as described in its counsel's correspondence.

CVS seeks reimbursement of the $ 1.845 million penalty payment pursuant to the indemnity provisions of the MSA and the Business Associate Agreement, damages to compensate it for the other losses that it allegedly incurred as a result of the Incident, and also legal fees associated with the litigation of the resolution of the issue, including litigation costs associated with this matter. Press America, in turn, seeks a ruling by the Court that the $ 1.845 million penalty is unenforceable, and that, as a result, CVS must tender payment for the $ 560,354.97 in open invoices.

II. PROCEDURAL HISTORY

CVS commenced this litigation on January 10, 2017. Dkt. No. 1. The initial complaint brought claims for breach of contract, based on Press America's alleged failure to satisfy its indemnification obligations under the MSA and the Business Associate Agreement. The complaint also included claims for common law indemnification and negligence. Press America filed counterclaims against CVS on March 22, *3722017. Dkt. No. 20. In the counterclaims, Press America asserted that CVS had breached its contractual obligations to pay invoices that it had submitted under the MSA.

On April 7, 2017, with the consent of the Court, CVS filed an amended complaint ("Am. Compl."). Dkt. No. 28. The amended complaint asserted a more general breach of contract claim-that Press America had failed to comply with the standard of service, and therefore harmed CVS-as well as a direct claim for a breach of the indemnification provisions of the parties' agreements. Like the original complaint, the amended complaint also asserted claims for common law indemnity and negligence. In its April 12, 2017 answer to Press America's counterclaims, CVS asserted, among other things, that because of Press America's breach of the MSA, it was not entitled to payment.

Press America moved to dismiss CVS's amended complaint. Dkt. No. 45. After briefing, the Court denied the motion in full on January 4, 2018. This set of cross motions followed several months thereafter. Each party filed a separate motion for summary judgment: CVS moving for summary judgment with respect to its breach of contract and indemnity claims, Dkt. No. 85, and Press America for summary judgment on substantially the same issues, in addition to claiming recovery of the amount of the invoices due to it. Dkt. No. 81. While a number of issues are disputed in the motions, both sides understandably focus on the question of whether Press America must reimburse CVS for the $ 1.845 million payment that it made to IBM. It is to that question that the Court now turns.

III. DISCUSSION

A. Legal Standard

The plaintiffs in this case are entitled to summary judgment on their claims if they can show that "there is no genuine dispute as to any material fact and that [plaintiff is] entitled to judgment as a matter of law." Celotex Corp. v. Catrett , 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986) (citing Fed. R. Civ. P. 56(c) ). A dispute is genuine if "the evidence is such that a reasonable jury could return a verdict for the nonmoving party," while a fact is material if it "might affect the outcome of the suit under governing law." Anderson v. Liberty Lobby, Inc. , 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986).

To defeat a motion for summary judgment, the defendant "must come forward with 'specific facts showing that there is a genuine issue for trial.' " Matsushita Elec. Indus. Co., Ltd. v. Zenith Radio Corp. , 475 U.S. 574, 587, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986) (quoting Fed. R. Civ. P. 56(e) ). "[M]ere speculation or conjecture as to the true nature of the facts" will not suffice. Hicks v. Baines , 593 F.3d 159, 166 (2d Cir. 2010) (citations and internal quotations omitted). Nor will wholly implausible alleged facts or bald assertions that are unsupported by evidence. See Carey v. Crescenzi , 923 F.2d 18, 21 (2d Cir. 1991) ; Argus Inc. v. Eastman Kodak Co. , 801 F.2d 38, 45 (2d Cir. 1986) (citing Matsushita , 475 U.S. at 585-86, 106 S.Ct. 1348 ). The issue of fact must be genuine-the plaintiffs "must do more than simply show that there is some metaphysical doubt as to the material facts." Matsushita , 475 U.S. at 586, 106 S.Ct. 1348.

In determining whether there exists a genuine dispute as to a material fact, the Court is "required to resolve all ambiguities and draw all permissible factual inferences in favor of the party against whom summary judgment is sought." Johnson v. Killian , 680 F.3d 234, 236 (2d Cir. 2012) (quoting Terry v. Ashcroft , 336 F.3d 128, 137 (2d Cir. 2003) ). The Court's job is not to "weigh the evidence or resolve issues of *373fact." Lucente v. Int'l Bus. Machines Corp. , 310 F.3d 243, 254 (2d Cir. 2002). Rather, the Court must decide "whether a rational juror could find in favor of the non-moving party." Id. (citing Anderson , 477 U.S. at 249, 106 S.Ct. 2505 ). "Summary judgment is generally proper in a contract dispute only if the language of the contract is wholly unambiguous." Compagnie Financiere de CIC et de L'Union Europeenne v. Merrill Lynch, Pierce, Fenner & Smith Inc. , 232 F.3d 153, 157 (2d Cir. 2000).

B. Applicable Law

The MSA and the Final IBM Agreement are both expressly governed by New York law. As described above, the MSA states that the "legal relations" between IBM and CVS "shall be determined in accordance with ERISA, and to the extent not preempted by ERISA, in accordance with the substantive laws of the State of New York...." Final IBM Agreement § 8.15. The Court understands that this provision sweeps within its coverage the previously executed LOU. The Business Associate Agreement, entered into between two companies that, unlike IBM, are located outside of New York, does not contain an express choice of law provision. However, the parties have pervasively pointed to New York law as the appropriate governing law with respect to all of the contractual issues in this case. Where "the parties' briefs assume that New York substantive law governs the issues ... such implied consent is ... sufficient to establish the applicable choice of law." Arch Ins. Co. v. Precision Stone, Inc. , 584 F.3d 33, 39 (2d Cir. 2009) (quoting Golden Pac. Bancorp v. FDIC , 273 F.3d 509, 514 n.4 (2d Cir. 2001) ). As a result, the Court applies New York law to the construction and interpretation of all four of the principal contracts at issue in this case.

C. New York Breach of Contract Claims Generally

Under New York law, the "fundamental, neutral precept of contract interpretation is that agreements are construed in accord with the parties' intent." Greenfield v. Philles Records, Inc. , 98 N.Y.2d 562, 569, 750 N.Y.S.2d 565, 780 N.E.2d 166 (2002). "The best evidence of what parties to a written agreement intend is what they say in their writing." Id. (internal quotation marks omitted). "Thus, a written agreement that is complete, clear and unambiguous on its face must be [interpreted] according to the plain meaning of its terms." Id. ; see also South Rd. Assocs., LLC v. IBM , 4 N.Y.3d 272, 277, 793 N.Y.S.2d 835, 826 N.E.2d 806 (2005) ("In cases of contract interpretation, it is well settled that when parties set down their agreement in a clear, complete document, their writing should ... be enforced according to its terms." (internal quotation marks omitted) ).

"In a dispute over the meaning of a contract, the threshold question is whether the contract is ambiguous." Lockheed Martin Corp. v. Retail Holdings, N.V. , 639 F.3d 63, 69 (2d Cir. 2011) (quoting Krumme v. WestPoint Stevens Inc. , 238 F.3d 133, 138 (2d Cir. 2000) ). The question of "[w]hether or not a writing is ambiguous is a question of law to be resolved by the courts." W.W.W. Assocs., Inc. v. Giancontieri , 77 N.Y.2d 157, 162, 565 N.Y.S.2d 440, 566 N.E.2d 639 (1990) (citation omitted). "It is well settled that a contract is unambiguous if the language it uses has a definite and precise meaning, as to which there is no reasonable basis for a difference of opinion. Conversely, ... the language of a contract is ambiguous if it is capable of more than one meaning when viewed objectively by a reasonably intelligent person who has examined the context of the entire integrated agreement."

*374Lockheed Martin Corp. , 639 F.3d at 69 (citations omitted).

" 'Ambiguity is determined by looking within the four corners of the document, not to outside sources.' " JA Apparel Corp. v. Abboud , 568 F.3d 390, 396 (2d Cir. 2009) (quoting Kass v. Kass , 91 N.Y.2d 554, 566, 673 N.Y.S.2d 350, 696 N.E.2d 174 (1998) ). " 'It is well settled that extrinsic and parol evidence is not admissible to create an ambiguity in a written agreement which is complete and clear and unambiguous upon its face.' " W.W.W. Assoc. , 77 N.Y.2d at 163, 565 N.Y.S.2d 440, 566 N.E.2d 639 (quoting Intercontinental Planning v. Daystrom, Inc. , 24 N.Y.2d 372, 379, 300 N.Y.S.2d 817, 248 N.E.2d 576 (1969) ). "An analysis that begins with consideration of extrinsic evidence of what the parties meant, instead of looking first to what they said and reaching extrinsic evidence only when required to do so because of some identified ambiguity, unnecessarily denigrates the contract and unsettles the law." Id. "[B]efore looking to evidence of what was in the parties' minds, a court must give due weight to what was in their contract." Id. at 162, 565 N.Y.S.2d 440, 566 N.E.2d 639. "Parol evidence-evidence outside the four corners of the document-is admissible only if a court finds an ambiguity in the contract. As a general rule, extrinsic evidence is inadmissible to alter or add a provision to a written agreement." Schron v. Troutman Sanders LLP , 20 N.Y.3d 430, 436, 963 N.Y.S.2d 613, 986 N.E.2d 430 (2013).

Under New York law, the elements of a breach of contract claim are (1) the existence of a contract, (2) performance by the party seeking recovery, (3) breach by the other party, and (4) damages suffered as a result of the breach. See Johnson v. Nextel Commc'ns, Inc. , 660 F.3d 131, 142 (2d Cir. 2011). "Under New York law, damages for breach of contract should put the plaintiff in the same economic position he would have occupied had the breaching party performed the contract." Oscar Gruss & Son, Inc. v. Hollander , 337 F.3d 186, 196 (2d Cir. 2003).

D. The LOU's "Penalty" Is An Unenforceable Penalty

The $ 45,000 per letter "penalty" for violations of the so-called "performance guarantees" contained in CVS's LOU with IBM is an unenforceable penalty. The Court addresses this point at the beginning of the analysis because it is the elephant in the room. As the Court will explain later, the fact that the LOU's $ 1.845 million "penalty" is just that-an unenforceable penalty-informs the analysis of the indemnification provisions at issue here, and drives the ultimate conclusion that Press America need not reimburse CVS's payment to IBM pursuant to its contractual indemnification obligations.

"Although freedom of contract is at the core of contract law, 'the freedom to contract does not embrace the freedom to punish, even by contract.' " Rattigan v. Commodore Int'l Ltd. , 739 F.Supp. 167, 169-70 (S.D.N.Y. 1990) (quoting Garrity v. Lyle Stuart, Inc. , 40 N.Y.2d 354, 360, 386 N.Y.S.2d 831, 353 N.E.2d 793 (1976) ). Under New York law, parties to a contract have the right to specify the damages to be paid in the event of a breach, so long as such a clause is neither unconscionable nor contrary to public policy. Truck Rent-A-Ctr., Inc. v. Puritan Farms 2nd, Inc. , 41 N.Y.2d 420, 424, 393 N.Y.S.2d 365, 361 N.E.2d 1015 (1977) ; Mosler Safe Co. v. Maiden Lane Safe Deposit Co. , 199 N.Y. 479, 485, 93 N.E. 81 (1910). "Provisions for liquidated damage have value in those situations where it would be difficult, if not actually impossible, to calculate the amount of actual damage. In such cases, the contracting parties may agree between *375themselves as to the amount of damages to be paid upon breach rather than leaving that amount to the calculation of a court or jury. On the other hand, liquidated damage provisions will not be enforced if it is against public policy to do so and public policy is firmly set against the imposition of penalties or forfeitures for which there is no statutory authority." Truck Rent-A-Ctr., Inc. , 41 N.Y.2d at 424, 393 N.Y.S.2d 365, 361 N.E.2d 1015 (internal citations omitted).

The question whether the LOU's "penalty" represents an unenforceable penalty or an enforceable liquidation of damages "is a question of law, giving due consideration to the nature of the contract and the circumstances." JMD Holding Corp. v. Cong. Fin. Corp. , 4 N.Y.3d 373, 380, 795 N.Y.S.2d 502, 828 N.E.2d 604 (2005). The burden is on the party seeking to avoid payment under a liquidated damages provision to show that the stated liquidated damages are, in fact, a penalty. Id. The New York Court of Appeals has described "the distinction between liquidated damages and a penalty [as] 'well established': 'A contractual provision fixing damages in the event of breach will be sustained if the amount liquidated bears a reasonable proportion to the probable loss and the amount of actual loss is incapable or difficult of precise estimation. If, however, the amount fixed is plainly or grossly disproportionate to the probable loss, the provision calls for a penalty and will not be enforced.' " Id. (quoting Truck Rent-A-Center, Inc. , 41 N.Y.2d at 425, 393 N.Y.S.2d 365, 361 N.E.2d 1015 ); see also Seidlitz v. Auerbach , 230 N.Y. 167, 173-74, 129 N.E. 461 (1920) ("Whether a sum is to be treated as liquidated damages or as a penalty depends upon the intent of the parties to a contract as disclosed by the situation and by the terms of the instrument. Generally whenever the damages flowing from a breach of a contract can be easily established or where the damages fixed are plainly disproportionate to the injury the stipulated sum will be treated as a penalty." (internal citations omitted) ).

A damages provision that establishes a payment obligation that is disproportionate to the probable loss does not represent fair compensation, but, rather, secures "performance by the compulsion of the very disproportion. A promisor would be compelled, out of fear of economic devastation, to continue performance and his promisee, in the event of default, would reap a windfall well above actual harm sustained." Truck Rent-A-Ctr., Inc. , 41 N.Y.2d at 424, 393 N.Y.S.2d 365, 361 N.E.2d 1015.

"Because liquidated damages are 'in effect, an estimate, made by the parties at the time they enter into their agreement, of the extent of the injury that would be sustained as a result of a breach of the agreement,' the reasonableness of the provision must be evaluated as of that time." GFI Brokers, LLC v. Santana , No. 06 CIV. 3988 (GEL), 2009 WL 2482130, at *2 (S.D.N.Y. Aug. 13, 2009) (quoting JMD Holding Corp. , 4 N.Y.3d at 380, 795 N.Y.S.2d 502, 828 N.E.2d 604 ) (internal citations omitted). In analyzing whether a damages provision is a penalty, "it is not material [what] the parties themselves have chosen to call the provision"-courts look to "substance" and not to "form" to determine whether the provision is a valid liquidated damages clause or an unenforceable penalty. Truck Rent-A-Ctr. , 41 N.Y.2d at 425, 393 N.Y.S.2d 365, 361 N.E.2d 1015.

The provision of the LOU at issue here could not be a better black-letter example of a penalty. It is so clearly a penalty that the parties to the contract expressly called it one. While the Court must look to the substance of the provision, not its form, the Court need not ignore the fact that the parties referred to the payment obligation *376in the LOU as a "penalty." See, e.g. , LOU at 18 ("The maximum penalty that CVS shall have at risk for any Agreement year is...."). The Final IBM Agreement, perhaps subject to more careful legal review than the LOU, omitted references to the word "penalty." Compare LOU at 25 ("Fees at Risk: Penalty of 3% of total annual administrative fees....") (emphasis added) with Final IBM Agreement at D8 ("Fees at Risk per Period ...: 3% of annual fees at risk...."). But that does not matter. The LOU governed the payment obligation at the time of the Incident. And that CVS and IBM ultimately clothed the payment obligation with a title other than their initial word choice-"penalty"-does not change the nature of the obligation. If anything, it suggests a desire to obscure its nature. A representative of IBM involved in the negotiation of the contract testified that he viewed the $ 45,000 and other express penalties provided for in the LOU, as just that, a penalty. See Mizel. Tr. at 117:1-5 ("I obviously thought that we should assess a penalty for not providing, whatever, the reporting or the root cause analysis within the appropriate time frame."); 117:1-5. The express language of the LOU reveals the parties' intention.

The Court's conclusion that this payment obligation is a penalty is reinforced by the context in which the penalty applied. Under the LOU (and the Final IBM Agreement), the penalty was to be paid in the event that CVS failed to achieve a "performance guarantee." The trigger for the payment under a performance guarantee was not merely a breach of the contract, but failure by CVS to meet identified contractual goals.⁵ The penalty was intended to spark compliance with those goals. That reveals the punitive nature of the payment obligation, which, because it served as a mere "added spur to performance," should not be enforced. Priebe & Sons v. United States , 332 U.S. 407, 413, 68 S.Ct. 123, 92 L.Ed. 32 (1947) ; accord Truck Rent-A-Ctr. , 41 N.Y.2d at 425, 393 N.Y.S.2d 365, 361 N.E.2d 1015.

Ultimately, this payment obligation is a penalty because it bears no rational relation to the damages that IBM might suffer as a result of a violation of the performance guarantee. No evidence has been presented that suggests that the amount correlates with IBM's anticipated actual damages. The penalty for each misdirected letter was $ 45,000-a very high amount. As Press America points out in its briefing, had all of the mislabeled pieces of mail that Press America sent on that ill-fated day been subject to a penalty provision similar to the one developed by IBM, it would have been on the hook for $ 120,060,000 ($ 45,000*2,668). Privacy of individuals' health information is valuable, but there is nothing in the record that suggests that this extraordinary, "new," "unique" payment obligation was tethered to IBM's anticipated damages.

To the contrary, the evidence supports the contrary conclusion. The language of the LOU itself is the most important data point. In addition to the provisions that the Court has already noted, the penalty payment under the LOU is automatically escalated *377in the event of repeated non-compliance. LOU at 18 ("In the event a quarterly performance standard is not met in any subsequent quarter, the penalty shall be doubled up to an annual maximum of 50% of the annual penalty limit....")(emphasis added). These increases in the penalty amount are the kind of in terrorem spurs to performance that are emblematic of a penalty; they bear no relation to IBM's damages. Moreover, a representative of IBM involved in the negotiation of the deal testified that the purpose of the penalty was partly symbolic. Mizels Tr. 127:17-25. ("I think that we expect that CVS Caremark would protect the data to the utmost. Regardless of whether or not the penalty was there or not, the penalty was there to demonstrate IBM's commitment to protecting employees, IBM's employees' data.").⁶ The relevant provisions of the LOU (and the Final IBM Agreement) require the payment of a sum of money that is grossly disproportionate to the amount of IBM's anticipated actual damages. It is, therefore, a penalty and is unenforceable.

As the Court held in the motion to dismiss, Press America has no standing to impeach the contractual obligation between IBM and CVS. CVS agreed to an unenforceable penalty provision. CVS chose to honor that payment obligation to its important customer.⁷ The Court's ruling will not directly result in CVS getting its money back from IBM. CVS's payment to IBM is not at issue here: The question is whether CVS can now claim reimbursement of that amount through Press America's indemnification without having first given Press America-its surety-the opportunity to weigh in. For the reasons that follow, the answer to that question is no.

E. The Language of the MSA's Indemnification Provision Captures This Payment

The language of the MSA's indemnification provision is very broad and captures the payment at issue here. The Court's determination that Press America need not reimburse CVS does not rely on a construction of the indemnification provision at issue, or Press America's argument that the $ 1.845 million liability did not fall within the "reasonable intendment" of the parties at the time that they entered into the contract. Press America's argument that extrinsic evidence regarding its ignorance of the existence of the payment obligation under the LOU alone excuses its performance is not viable under New York law and is not supported by the cases that it cites.

New York law requires that contractual indemnification provisions be strictly construed. As the New York Court of Appeals held in Hooper Assocs., Ltd. v. AGS Computers, Inc. :

Words in a contract are to be construed to achieve the apparent purpose of the parties. Although the words might "seem to admit of a larger sense, yet they should be restrained to the particular occasion and to the particular object which the parties had in view" is particularly true with indemnity contracts. When a party is under no legal duty to *378indemnify, a contract assuming that obligation must be strictly construed to avoid reading into it a duty which the parties did not intend to be assumed. The promise should not be found unless it can be clearly implied from the language and purpose of the entire agreement and the surrounding facts and circumstances.

74 N.Y.2d 487, 491-92, 549 N.Y.S.2d 365, 548 N.E.2d 903 (1989) (internal citations omitted) (quoting Robertson v. Ongley Elec. Co. , 146 N.Y. 20, 23, 40 N.E. 390 (1895) ).

Before enforcing an indemnification provision, New York courts scrutinize the contractual language to ensure that it expresses an "unmistakable intention" to indemnify. See Haynes v. Kleinewefers & Lembo Corp. , 921 F.2d 453, 456 (2d Cir. 1990) ("The unmistakable intent standard, introduced in Kurek [v. Port Chester Housing Authority , 18 N.Y.2d 450, 276 N.Y.S.2d 612, 223 N.E.2d 25 (1966) ] was recently reiterated in Heimbach v. Metropolitan Transp. Auth. , 75 N.Y.2d 387, 553 N.E.2d 242, 553 N.Y.S.2d 653 (1990), where the New York Court of Appeals noted that in an indemnity agreement 'the contractual language would have to ... evince[ ] an unmistakable intention to indemnify before a court would enforce such an obligation.' ") (quoting Heimbach , 75 N.Y.2d at 392, 553 N.Y.S.2d 653, 553 N.E.2d 242 ); Goldwasser v. Geller , 279 A.D.2d 297, 297, 718 N.Y.S.2d 349 (1st Dept. 2001).

In Niagara Frontier Transp. Auth. v. Tri-Delta Const. Corp. , 107 A.D.2d 450, 453, 487 N.Y.S.2d 428, aff'd , 65 N.Y.2d 1038, 494 N.Y.S.2d 695, 484 N.E.2d 1047 (4th Dept. 1985), the Fourth Department described one of the principles of New York law governing construction of an indemnity provision as follows: "The language of an indemnity provision should be construed so as to encompass only that loss and damage which reasonably appear to have been within the intent of the parties. It should not be extended to include damages which are neither expressly within its terms nor of such character that it is reasonable to infer that they were intended to be covered under the contract." Id. (emphasis added) (citing, inter alia, Sutro Bros. & Co. v. Indem. Ins. Co. of N. Am. , 264 F.Supp. 273, 290 (S.D.N.Y. 1967), aff'd , 386 F.2d 798 (2d Cir. 1967) ).⁸ This decision *379was affirmed by the Court of Appeals, and has been cited favorably by the Court of Appeals subsequently, including in the Hooper decision quoted above. As highlighted above, the quoted language from Niagara uses a "neither/nor" formulation, suggesting that if damages are expressly within the terms of a contract, but are not of such character that it is reasonable to infer that they were intended to be covered, the contractual indemnity should not be enforced.

From this statement of the law, Press America derives an argument that-regardless of the language of its contractual indemnity-it is excused from its indemnification obligations because it did not know of the specific penalty provision contained in CVS's agreements with IBM, and because it did not have a reason to expect the existence of such a provision. Press America relies heavily on the First Department's decision in Tokyo Tanker Co. v. Etra Shipping Corp. , 142 A.D.2d 377, 536 N.Y.S.2d 75 (1st Dept. 1989). But Press America misreads the case. The Court has identified no New York cases that excuse a party's obligation to pay under a clear contractual indemnification agreement because, as a matter of fact, the party was unaware of the specific potential obligation at the time that it entered into the indemnity.

Tokyo Tanker Co. is factually similar to this case in several ways. Tokyo Tanker entered into an agreement to act as an agent to sell two vessels. As part of its contract with the owner of the vessels, Tokyo Tanker agreed to indemnify the owner of the vessel for "any and all ... claims ... that any [owner] shall sustain or become liable or answerable for, or shall pay, in any way resulting from, caused by or as a consequence of a Sale or contemplated Sale of a Vessel. " Tokyo Tanker Co. , 142 A.D.2d at 378, 536 N.Y.S.2d 75 (emphasis in original). Unbeknownst to Tokyo Tanker, before entering into the agency agreement with Tokyo Tanker, the owner of the vessels had entered into a separate agreement with its banker (the "Morgan Agreement"), in which the owner agreed to pay its banker a commission upon the sale of the vessels. Id.

After one of the vessels was sold for $ 7,052,049, the owner turned to Tokyo Tanker and claimed that Tokyo Tanker's contractual indemnity made it liable for "$ 1,312,000 paid by the [owner] to the bank as a fee under the Morgan Agreement, $ 69,287 for the legal fees incurred in connection with the negotiation and preparation of the Morgan Agreement, and $ 7,568 for expenses, including travel to Tokyo, incurred in said legal work." Id. at 379, 536 N.Y.S.2d 75. Tokyo Tanker did *380not believe that it was obligated to pay those amounts pursuant to its contractual indemnity.

The First Department agreed with Tokyo Tanker but, importantly, not merely because Tokyo Tanker was not aware of the existence of the Morgan Agreement at the time that it entered into its indemnity, as Press America argues. Instead, the court's decision in Tokyo Tanker relied upon a strict construction of the language of the contract. The court focused in particular on the language of the contract that required that indemnified claims and expenses "result from" or "arise out of" any "Sale" of a vessel.

The court concluded that the contractual indemnification provision could not be construed to encompass the payment of the fee to the vessel owner's banker under the Morgan Agreement. See id. at 380, 536 N.Y.S.2d 75 ("That [owner] agreed to pay the bank a fee upon the sale of vessels in return for the release of its $ 3 million collateral account does not bring these obligations within sections 3.1 (c) and (d) of the Tanker Agreement [providing for the contractual indemnity], for [i]n determining the rights and liabilities of the parties to a contract or bond of indemnity, the instrument must be read in the light of the circumstances surrounding its execution and the purpose which it was designed to accomplish." (emphasis added) ) (internal citations and quotations omitted); see also id. at 380-81, 536 N.Y.S.2d 75 ("In light of all of these circumstances, the words comprising sections 3.1 (c) and (d) of the Tanker Agreement 'may not reasonably be read to place upon [Tokyo Tanker] a burden which [it] did not expressly assume and which it is inconceivable [it] would have accepted'." (emphasis added) ). The Toyko Tanker court was informed by the surrounding circumstances when it construed the contract, but, ultimately, its decision relied on a close reading the language of the contract itself.

Press America makes too much of Tokyo Tanker when it argues that it need not make payment under the indemnity agreement because it was not aware of the relevant payment obligation. The case does not stand for that proposition, as a careful reading reveals. The quote from Tokyo Tanker that provides the most superficial support for Press America's argument is the first sentence of the opinion: "An indemnification agreement will not be read to impose obligations upon the indemnitor which are neither disclosed at the time of its execution nor reasonably within the scope of its terms and the over-all intendment of the parties at the time of its making." Id. at 378, 536 N.Y.S.2d 75 (emphasis added). This sentence cannot be read to support the conclusion that an obligation that is not disclosed at the time of the indemnity agreement's execution will not be enforced. Such a holding would be written differently to say that such obligations will not be imposed if they are either not disclosed or within the scope of its terms. The nature of the undisclosed payment obligation informed the Tokyo Tanker court's scrutiny of the contract's terms; it did not provide an independent basis for the court to find that Tokyo Tanker need not comply with the contract, as Press America incorrectly argues here.

In contrast to the contractual language at issue in Tokyo Tanker , the Court finds nothing in the language of Press America's indemnification obligation that can reasonably be construed to exclude the payment to CVS. The language of the indemnification provision in the MSA is very broad: Press America agrees "to indemnify and hold harmless CVS from and against any claims, liabilities, and damages to the extent same are due to Vendor's negligence, willful misconduct, or breach of this Agreement *381or Vendor's failure to comply with or abide by any applicable law (other than by reason of an act or omission of CVS)...." MSA § 8.01. The IBM payment is a liability due to Press America's negligence or breach of contract. The language is unambiguous. No express carve out applies. Evaluated in the context of the surrounding circumstances, there is no basis for the Court to find one.⁹

F. Surety Not Liable for Unenforceable Penalty Payment by Principal

Press America is entitled to challenge the validity of CVS's claim against it. "Generally, a default judgment entered against a principal is only prima facie evidence against the surety; the surety remains at liberty to contest its own liability by establishing affirmatively that the principal was not liable." 63 N.Y. Jur. 2d Guaranty and Suretyship § 384.

The rationale behind this rule, which applies in vigor here, was explained by the court in Feuer v. Menkes Feuer, Inc. , 8 A.D.2d 294, 187 N.Y.S.2d 116 (1st Dept. 1959). The court's decision is worthy of quotation at length:

Unless there is specific provision in the contract of indemnity, an indemnitee is not required to give notice of claims against him to the indemnitor. If he elects to defend, then he will be bound by the outcome on principles of res judicata. If, however, the indemnitor declines to defend the proceeding, and the indemnitee is therefore required to carry that burden, then the indemnitor is conclusively bound by any reasonable good faith settlement the indemnitee may make or any litigated judgment that may be rendered against him.

On the other hand, if the indemnitee fails to notify the indemnitor, or having notified him, refuses to accept proffered assistance, he proceeds at his own risk with regard to any judgment or settlement which may ultimately ensue. Then, in order to recover reimbursement, he must establish that he would have been liable and that there was no good defense to the liability. Moreover, he must establish that with respect to the amount paid it was a reasonable amount.

In this context it should be noted that the test of reasonableness applies not to the fact of liability but only to the amount that may be paid by way of settlement of such liability. Nor is good faith alone a sufficient test, as it might be in the earlier instance noted. Thus, in the Dunn case it was observed that the indemnitee "assumes the risk of being able to prove the actionable facts upon which his liability depends as well as the reasonableness of the amount which he pays" (emphasis supplied). This means, in effect, that the indemnitee must establish his case against the indemnitor in the same way that the claimant against him would have been obligated to establish its case, namely, by a preponderance of the evidence or other appropriate level of proof required to sustain recovery in favor of the claimant.

The explanation for the higher requirement that an indemnitee, who has *382not given notice, or who has rejected defense by the indemnitor, establish that he had been liable to the claimant stems from the fact that his action with regard to the claim is completely free of control by the indemnitor. Since, under such circumstances, the indemnitee knows or believes that any financial responsibility he undertakes is likely to fall ultimately on the indemnitor, he is not inhibited, except by the barest self-restraint. This is an insufficient protection for an indemnitor; and, as a consequence, the indemnitee acts at his own risk that later he will be able to establish that the payment he made was one he had to make. Needless to say, even this is not an absolute test. He meets his burden if he shows, by satisfying the finder of the facts by the preponderance of the evidence or other appropriate level of proof, that he would have been liable.

Feuer , 8 A.D.2d at 298-300, 187 N.Y.S.2d 116 (internal citations omitted). This rule addresses precisely the circumstances at issue here, by allocating risk to a principal who chooses to resolve an indemnified obligation without soliciting the input of its surety.

The basic legal principal described in Feuer -namely that a surety can challenge the validity of a claim directed against it-remains good law. However, the Second Circuit has observed that the rule as stated in Feuer "overstated the binding effect on an indemnitor of even the most reasonable good faith settlement entered into by an indemnitee." HS Equities, Inc. v. Hartford Acc. & Indem. Co. , 609 F.2d 669, 675 n.8 (2d Cir. 1979) (emphasis added). The Second Circuit instead held: "We believe that a more accurate statement of the law is contained in Conner v. Reeves , 103 N.Y. 527, 9 N.E. 439 (1886), a case dealing with the analogous issue of the binding effect on a surety of a consent judgment entered against its insured: '(T)he reasonable rule is that a judgment so obtained (I.e., by consent of the parties to the action rather than by a decision on the merits) is presumptive evidence only against the sureties, and that they are at liberty to show that it was not founded upon any legal liability to the plaintiff in the action, or exceed(s) such liability.' " Id. (quoting Conner , 103 N.Y. at 532, 9 N.E. 439 ).

"The general rule under New York law is that a surety is able to take on the burden of attempting to overcome the presumption by establishing that a settlement was not founded on an actual legal liability." In re Actrade Fin. Techs., Ltd. , No. 02-16212(ALG), 2009 WL 2929440, at *2-3 (Bankr. S.D.N.Y. Sept. 3, 2009) ; see also Hanover Ins. Co. v. Nw. Assocs., Inc. , 248 A.D.2d 672, 673-74, 670 N.Y.S.2d 577 (2d Dept. 1998). This rule rests on a long-standing and sound foundation-one that places the risk on an indemnitee in the event that they choose to settle an indemnified obligation without involving the surety. CVS took that risk here and settled its obligation to IBM without notice to, or the consent of, Press America. And as described above, the payment made by CVS was a penalty, and, hence, was not founded on legal liability. As a result, Press America need not reimburse it pursuant to its indemnity. CVS's motion for summary judgment for breach of contract with respect to the $ 1.845 million payment is denied; Press America's is granted.

G. CVS's Other Claimed Damages for Breach of Contract are Not Adequately Supported

CVS moved for summary judgment to establish Press America's breach of both the MSA and the Business Associate Agreement. Plaintiff's Memorandum of Law ("Pls. Mem."), Dkt. No. 86, at 15-16. In its opposition, Press America did not contest its liability for breach of contract *383as a result of the conduct that resulted in the Incident. Defendant's Opposition ("Defs. Mem."), Dkt. No. 100. Because it has not opposed this motion, the Court concludes that Press America has conceded liability for breach of contract under each of the MSA and Business Associate Agreement. See, e.g. , Scott v. JPMorgan Chase & Co. , No. 13 CIV. 646 KPF, 2014 WL 338753, at *10 (S.D.N.Y. Jan. 30, 2014) (collecting cases in support of the proposition that a party may be deemed to have conceded an argument by failing to address it in its briefing), aff'd , 603 F. App'x 33 (2d Cir. 2015). The evidence broadly supports that conclusion.

Rather than contest its liability, Press America instead focused its energies on contesting its liability for the penalty payment. As described above, that amount is not properly claimed under the indemnification provision of the MSA or the Business Associate Agreement. Nor can it be claimed as direct or consequential damages for a breach of the contract. As described above, the penalty amount is unmoored from CVS's actual damages-they are not the natural and probable consequences of the breach. Nor are they special damages. "Special" contract damages "are extraordinary in that they do not so directly flow from the breach. These extraordinary damages are recoverable only upon a showing that they were foreseeable and within the contemplation of the parties at the time the contract was made." Am. List Corp. v. U.S. News & World Report, Inc. , 75 N.Y.2d 38, 550 N.Y.S.2d 590, 549 N.E.2d 1161 (1989). The payment of the unique CVS penalty provision was not foreseeable or within the contemplation of both parties at the time that the MSA was entered into. As a result, that amount cannot be recovered as special damages.

CVS claims additional damages as a result of Press America's breach of the contract. In particular, CVS claims that it lost $ 70,035 as a result of the Incident. Defs. Counterstatement ¶ 335. However, the amount of these losses is disputed. Id. CVS has not presented any documentation in support of that claimed amount-only a PowerPoint presentation that it presented to its insurer containing a reference to that amount. The Court cannot conclude on this record as a matter of law that CVS is entitled to judgment in that or any other amount for its remaining breach of contract claims. As a result, CVS's motion for summary judgment with respect to damages associated with that claim is denied. The existence and amount of any such damages will remain to be resolved at trial.

H. Press America Need Not Reimburse CVS's Attorneys' Fees for this Litigation Pursuant to Its Indemnity Obligations

The indemnification provision in the MSA does not permit CVS to recover attorneys' fees in connection with this litigation. The Second Circuit, applying New York law, has held that an indemnification clause does not extend to attorneys' fees in a suit between the contracting parties themselves unless the language of the contract is unmistakably clear that the parties intended that indemnification:

Under the general rule in New York, attorneys' fees are the ordinary incidents of litigation and may not be awarded to the prevailing party unless authorized by agreement between the parties, statute, or court rule. This policy "provides freer and more equal access to the courts ... [and] promotes democratic and libertarian principles." Accordingly, while parties may agree that attorneys' fees should be included as another form of damages, such contracts must be strictly construed to avoid inferring duties that the parties did not intend to create.

*384Promises by one party to indemnify the other for attorneys' fees run against the grain of the accepted policy that parties are responsible for their own attorneys' fees. Under New York law, "the court should not infer a party's intention" to provide counsel fees as damages for a breach of contract "unless the intention to do so is unmistakably clear" from the language of the contract.

Oscar Gruss & Son, Inc. , 337 F.3d at 199 (alterations in original) (internal citations omitted). Unless the contract "exclusively or unequivocally refer[s] to claims between the parties themselves," Hooper Assocs., Ltd. , 74 N.Y.2d at 493, 549 N.Y.S.2d 365, 548 N.E.2d 903, a New York court will presume that indemnification extends only to third-party disputes. Bank of New York Tr. Co. v. Franklin Advisers, Inc. , 726 F.3d 269, 283 (2d Cir. 2013)

While the MSA's indemnification provision is broad, it does not evince an unmistakable intention to reimburse CVS for the costs of litigation against Press America. The first clause of the indemnification provision, requiring Press America to hold CVS harmless for claims or liabilities, makes no express reference to attorneys' fees at all. The second clause of the indemnification provision refers to the payment of attorneys' fees, but only in the context of a requirement that Press America defend claims brought against CVS. This language is insufficiently clear to entitle CVS to reimbursement of its fees in connection with this affirmative litigation.

The language contained in the Business Associate Agreement also does not present an unequivocal reference to the reimbursement of litigation expenses with respect to litigated claims between the parties themselves. The Business Associate Agreement requires Press America to "indemnify and hold harmless CVS and any of its officers, directors, employees, or agents from and against any claim, cause of action, liability, damage, cost, or expense, including reasonable attorneys' fees and court or proceeding costs, arising out of or in connection with any breach of the terms of this Agreement...." Business Associate Agreement § 6.01. This language refers to the reimbursement of attorneys' fees. However, the language may easily be read as limited to attorneys' fees arising from third party actions against CVS by, for example, government agencies or the people whose confidential information was improperly disclosed. In the absence of an unequivocal statement, the reference to reimbursement of attorneys' fees must be construed to be limited to such third-party claims. See, e.g. , Bridgestone/Firestone, Inc. v. Recovery Credit Servs., Inc. , 98 F.3d 13, 21 (2d Cir. 1996).¹⁰ As a result, Press America is granted summary judgment with respect to CVS's claims for reimbursement of its attorneys' fees in connection with this litigation pursuant to the parties' indemnification agreements' and CVS's motion is denied.

I. CVS May Not Pursue Its Common Law Indemnity Claims

CVS cannot pursue its common law indemnity claim because CVS and Press America are parties to a valid contract. "Under New York law, common-law (or implied) indemnity 'is a restitution concept *385which results in a shifting of the loss because to fail to do so would result in the unjust enrichment of one party at the expense of the other.' " Amguard Ins. Co. v. Getty Realty Corp. , 147 F.Supp.3d 212, 220 (S.D.N.Y. 2015) (quoting Facilities Dev. Corp. v. Miletta , 180 A.D.2d 97, 584 N.Y.S.2d 491, 495 (3d Dept. 1992) (internal quotations omitted) ). "Common law or implied indemnification is a 'quasi-contract' doctrine rooted in principles of equity and fairness conceptually related to restitution." CSC Scientific Co., Inc. v. Manorcare Health Servs., Inc. , 867 F.Supp.2d 368, 377 (S.D.N.Y. 2011). "Subject to exceptions not applicable here, a valid and enforceable contract generally precludes recovery in quasi-contract for losses arising from the same subject matter." Id. at 377 ; see also Int'l Techs. Mktg., Inc. v. Verint Sys., Ltd. , 157 F.Supp.3d 352, 370 (S.D.N.Y. 2016) ("plaintiff may not recover under a quasi-contractual theory when the parties had a valid contract governing their relationship"). Because the Court has concluded that the parties were subject to a valid contract, CVS may not also pursue its common law claim for indemnification. Summary judgment is granted in favor of Press America with respect to this claim.

J. CVS May Not Pursue Its Common Law Negligence Claims

CVS's claims against Press America for common law negligence are not viable because Press America's duty to CVS arouse from a contract, and because the claim is barred by New York's economic loss rule. "Under New York law ... a plaintiff must establish three elements to prevail on a negligence claim: (1) the existence of a duty on defendant's part as to plaintiff; (2) a breach of this duty; and (3) injury to the plaintiff as a result thereof." Aegis Ins. Servs., Inc. v. 7 World Trade Co., L.P. , 737 F.3d 166, 177 (2d Cir. 2013) (quoting Alfaro v. Wal-Mart Stores, Inc. , 210 F.3d 111, 114 (2d Cir. 2000) ). "It is a well-established principle that a simple breach of contract is not to be considered a tort unless a legal duty independent of the contract itself has been violated." Clark-Fitzpatrick, Inc. v. Long Island R.R. Co. , 70 N.Y.2d 382, 389, 521 N.Y.S.2d 653, 516 N.E.2d 190 (1987). Therefore, to establish a tort claim, a plaintiff must demonstrate an independent duty that "spring[s] from circumstances extraneous to, and not constituting elements of, the contract." Id. ; see also BNP Paribas Mortg. Corp. v. Bank of America, N.A. , No. 10 Civ. 8630 (RWS), 2011 WL 3847376, at *6 n. 5 (S.D.N.Y. Aug. 30, 2011) ("It is well established that a tort claim cannot be predicated on a mere breach of contract, but may only succeed if the plaintiff alleges the violation of an independent duty."); JPMorgan Chase Bank v. Winnick , 350 F.Supp.2d 393, 401 (S.D.N.Y. 2004) ("If the only interest at stake is that of holding the defendant to a promise, the courts have said that the plaintiff may not transmogrify the contract into one for tort.").

CVS has failed to present evidence that would permit a reasonable jury to conclude that Press America had an independent duty to CVS that was extraneous to the companies' contractual arrangement. The source of that duty is clearly derived from the MSA and Business Associate Agreement, which, as CVS claims, Press America violated. As a result, CVS cannot establish the first element of its common law negligence claim.

In addition, CVS's negligence claim is barred by New York's economic loss doctrine. "Pursuant to the 'economic loss rule,' there can be no recovery in tort when the only damages alleged are for economic loss." 16 N.Y.Prac., New York Law of Torts § 21:13.10. "New York's economic loss doctrine is a jurisprudential principle that a plaintiff cannot recover in tort for purely economic losses caused by *386the defendant's negligence. Under this principle, the defendant is not liable to a plaintiff for the latter's economic loss unless there exists 'a special relationship that requires the defendant to protect against the risk of harm to plaintiff.' " Travelers Cas. & Sur. Co. v. Dormitory Auth.-State of New York , 734 F.Supp.2d 368, 378-79 (S.D.N.Y. 2010) (quoting 532 Madison Ave. Gourmet Foods, Inc. v. Finlandia Ctr., Inc. , 96 N.Y.2d 280, 289, 727 N.Y.S.2d 49, 750 N.E.2d 1097 (2001) ).

"When Plaintiffs, as is the case here, allege economic loss as an injury in a tort claim 'the usual means of redress is an action for breach of contract; a tort action for economic loss will not lie.' The purpose of this economic loss rule is to 'keep contract law from drowning in a sea of tort and with this goal in mind New York courts restrict plaintiffs who have suffered economic loss, but not personal or property injury, to an action for the benefits of their bargains.' " Negrete v. Citibank, N.A. , 187 F.Supp.3d 454, 471-72 (S.D.N.Y. 2016), aff'd , 759 Fed.Appx. 42 (2d Cir. 2019) (internal quotation marks and citations omitted).

CVS does not present evidence of personal or property injury as a result of Press America's conduct-only claims for economic loss. CVS's common law negligence claim fails for this additional reason. As a result, summary judgment is granted in favor of Press America with respect to this claim, and CVS's motion is denied.

K. CVS Must Pay Press America's Outstanding Invoices

Press America is entitled to summary judgment with respect to its counterclaim for payment of unpaid invoices. The evidence establishes that Press America performed its obligations under the contracts. Pls. Counterstatement ¶ 398.¹¹ CVS

*387has not disputed the fact of its liability or the amount claimed pursuant to the invoices submitted to it. The only argument that CVS has presented in opposition to Press America's claim is that "CVS is entitled to a setoff of any allegedly unpaid Press America invoices.... Even if CVS is not entitled to summary judgment on its own motion, Press America has certainly not met its burden of establishing that it does not owe CVS, at least, the amounts of these unpaid invoices...." Plaintiff's Memorandum of Law in Opposition, Dkt. No. 103, at 25. Because the Court has determined that Press America does not owe CVS the $ 1.845 million penalty payment, there is no continuing justification for CVS to withhold payment. As a result, summary judgment is granted in favor of Press America with respect to this issue.

IV. CONCLUSION

For the reasons described above:

• Press America is granted summary judgment against CVS in the amount of $ 560,354.97 in respect of its counterclaims. CVS's motion for summary judgment with respect to the counterclaims is denied.

• Press America is granted summary judgment dismissing CVS's common law indemnity and negligence claims; CVS's motions with respect to those claims are denied.

• Press America is granted summary judgment with respect to its asserted liability for reimbursement of the $ 1.845 million penalty payment to IBM either as a result of its contractual indemnification obligations, or as damages for breach of contract; CVS's motions with respect to those matters are denied.

• Press America is granted summary judgment with respect to CVS's claims for reimbursement of attorneys' fees in connection with this litigation; CVS's motions with respect to those claims are denied.

• CVS is granted summary judgment with respect to its claim that Press America breached the MSA and Business Associate Agreement. However, summary judgment is denied with respect to its claim for damages as a result of the breach. The amount of damages to which it is entitled will be determined at trial.

The Clerk of Court is directed to terminate the motions pending at Dkt. Nos. 81 and 85.

SO ORDERED.

1 The facts in this case are largely undisputed. The parties submitted a single joint 56.1 statement (the "Joint Statement"). Dkt. No. 87. Except as otherwise noted, the following facts are drawn from the Parties' Joint Statement.

2 CVS makes an errant argument that the Final IBM Agreement should be used to construe the LOU. Plaintiffs' Counterstatement of Facts ("Pls. Counterstatement"), Dkt. No. 104, ¶ 392. Plaintiffs use a selective quotation from the LOU to suggest that the LOU was to be interpreted pursuant to the LOU and the additional materials that were specifically incorporated by reference, including any draft contracts. They point to page 1 of the LOU which reads "The parties agree that the agreement shall be substantially in accordance with ... IBM's Request for Proposal, ... the subsequent correspondence, including contract drafts...." LOU at 1 (emphasis added). Read in context, the agreement that is referenced in this language is clearly the final agreement that the parties were to negotiate in the future, not the LOU.

3 "Breach" is defined under the Business Association Agreement as "any acquisition, access, use, or disclosure of Private Information in a manner not permitted by the HIPAA Rules [45 C.F.R. Parts 160-164]." Business Association Agreement § 1.0.a.

4 CVS has not presented the back up for this calculation; the basis for this sum is disputed by Press America. Pls. Counterstatement. ¶ 335. CVS cannot specifically identify any potential client that it lost as a result of the Incident. Joint Statement ¶ 261.

5 See LOU at 25 ("Performance Guarantee Description[:] Security incidents, including inadvertent disclosures, involving Confidential Participant Information or Protected Health Information: a) must be reported to IBM as quickly as possible and no later than 24 hours after knowledge of security incident ...; b) root cause analysis must be performed and communicated to IBM no later than 72 hours after knowledge of security incident; c) a full corrective plan of action must be provided to IBM no later than five business days after knowledge of security incident." Measurement Standard[:] No security incidents; Report any security incident with [sic] 24 hours and completion of follow-up activities....").

6 In the Final IBM Agreement, the equivalent payment obligations are described as "fee adjustments" and are expressly stated not to represent liquidated damages or to preclude IBM from seeking additional amounts as damages for a breach of the contract. Final IBM Agreement at 18 ("Performance standards and any related fee adjustments are not intended to operate as liquidated damages, a penalty, or as an exclusive remedy but rather to correspond with the level of service being provided.")

7 That CVS together with IBM worked to eliminate the word "penalty"-used so pervasively in the LOU-from the Final IBM Agreement, could be viewed to suggest some level of awareness at CVS regarding the potential issue.

8 As indicated by the Fourth Department's citation in Niagara , the federal district court's decision in Sutro seems to be the provenance for the formulation of its statement of the law. As such, Sutro appears to be the genesis of the neither/nor formulation of the test which led to some confusion in this case.

In Sutro , the district court held as follows: "A contract of indemnity should be construed so as to cover all losses, damages or liabilities to which it reasonably appears to have been the intention of the parties that it should apply, but not to extend to losses, damages, or liabilities which are neither expressly within its terms nor of such character that it can reasonably be inferred that they were intended to be within the contract." Sutro , 264 F.Supp. at 290. As support for this statement of law, the Sutro court cited to three sources-C.J.S. on Indemnity, and two cases. The first was the New York Court of Appeals decision in Nau v. Vulcan Rail & Constr. Co. , 286 N.Y. 188, 36 N.E.2d 106 (1941). There, the Court of Appeals emphasized a basic principle of New York law in construing the indemnification provision at issue in that case: "The words used in the contract have a precise, definite and well-understood meaning when used in connection with the subject-matter of the contract and the courts are not permitted to explore the actuality of the intent of the parties. Its plain terms indicate that there was no intent or purpose of the parties to give to the indemnity clauses a meaning and purpose other than the plain, unambiguous and well-understood words and expressions used import." Id. at 198-199, 36 N.E.2d 106 (emphasis added). The second case cited by the Sutro court for its statement of the law was a short 1928 decision by a federal court in the Eastern District of New York, Standard Oil Co., N.J. v. Robbins Dry Dock & Repair Co. , 25 F.2d 339 (E.D.N.Y. 1928), aff'd sub nom. Standard Oil Co. v. Robins Dry Dock & Repair Co. , 32 F.2d 182 (2d Cir. 1929). In that case, the court examined a contractual provision requiring a dry dock company to insure the owner of a vessel to protect against claims arising from its operations under the contract at issue. Examining the language at issue, Judge Bryant from the Eastern District held that "The contract cannot be construed to impose upon the contractor obligation to protect plaintiff against the negligence and carelessness of persons in its own employ and over whom the defendant had no authority or control. A reasonable construction seems to limit it to provide against loss or liability of plaintiff through the operations of defendant, or to loss or injury caused by physical conditions that were under the control of defendant and over which plaintiff had no control." Id. at 340. Significantly, however, the court did not need to look beyond the four corners of the contractual language in its analysis to reach that conclusion. The cases cited by the Sutro court in formulating the language later adopted by the Fourth Department in Niagara do not support the conclusion that extrinsic evidence of the parties' intentions can be applied to trump express contractual language.

9 The Business Associate Agreement also contains a broad indemnification agreement, triggered by a breach of that agreement or a "Breach," which, as noted above, is a defined term that means "any acquisition, access, use, or disclosure of Private Information in a manner not permitted by the HIPAA Rules [45 C.F.R. Parts 160-164]". It is not clear that the LOU payment obligation arises as a result of a breach of the Business Associate Agreement or a "Breach"-the parties have not briefed that issue fully. Regardless of whether or not the Business Associate Agreement's indemnification obligation applies here, Press America would be excused from reimbursing CVS for its penalty payment under the indemnification provision for the reasons described below.

10 In Bridgestone/Firestone, Inc. , the Second Circuit held that very similar language was insufficiently unequivocal to establish a claim to attorneys' fees other than for third party claims. Bridgestone/Firestone, Inc. , 98 F.3d at 21 (finding the following language insufficient to give rise to a claim for fees in connection with litigation between contract's parties: "[t]he Agency shall indemnify and save [BFI] harmless from any and all claims, demands or causes of action, any and all costs or expenses, including attorney fees, that may be asserted due or arising out of the Agency's collection activity or employee dishonesty deemed contrary to prevailing guidelines on accounts referred by [BFI]").

11 In its counterstatement in response to Press America's assertion that it correctly performed the work on the contract following the Incident, CVS writes that it "admits only that John Cappelletti provided the above testimony but further responds that the asserted fact is not material to either summary judgment motion and reserves the right to dispute the claim." Pls. Counterstatement ¶ 398. CVS claims on multiple occasions "the right to dispute" in the future an asserted fact in its adversary's 56.1 statement. But CVS may not reserve the right to present disputes of fact at some subsequent stage of the case. CVS had the right and opportunity to do so in connection with this Rule 56 motion. That it chose not to do so does not mean that it gets a do-over later, as CVS seems to assume; instead, it means that CVS has conceded the point. Local Rule 56.1 requires a party moving for summary judgment to submit "a separate, short and concise statement" setting forth material facts as to which there is no genuine issue to be tried. Local Rule 56.1(a). A party opposing summary judgment must respond with a statement of facts as to which a triable issue remains. See Local Rule 56.1(b). The facts set forth in a moving party's statement "will be deemed to be admitted unless controverted" by the opposing party's statement. Local Rule 56.1(c). Local Rule 56.1(d) further provides that "[e]ach statement of material fact by a movant or opponent must be followed by citation to evidence which would be admissible" as required by Fed. R. Civ. P. 56(e). "[D]istrict courts in the Southern and Eastern Districts of New York" with the approval of the Second Circuit, "have interpreted current Local Rule 56.1 to provide that where there are no citations or where the cited materials do not support the factual assertions in the Statements, the Court is free to disregard the assertion." Holtz v. Rockefeller & Co. , 258 F.3d 62, 73-74 (2d Cir. 2001). "A district court has broad discretion to determine whether to overlook a party's failure to comply with local court rules." Id. at 73. CVS chose not to present evidence controverting the fact asserted by Press America. The Court is not required to deem that fact to be admitted, but it is appropriate here. Honoring CVS's self-arrogated claim of a right to dispute a fact at a later stage of the case would undermine the benefits of summary judgment motions generally. By choosing not to present evidence controverting its adversary's statement of fact, CVS has admitted it.