A P P L I C A T I O N T E R M S O F S E R V I C E
These Application Terms of Service (“TOS”) are incorporated by reference into one or more agreements (“Agreement(s)”) between TotalMD, Inc. an Arizona limited liability company (“Company”) with its principal place of business at 4115 East Valley Auto Drive, Mesa, Arizona 85206 and the Client named on one or more Order Forms or Subscription and Services Agreements between Client and Company. For purposes of this Agreement, Company and Client may be referred to individually as a “Party” and jointly as the “Parties.”
The Order Form(s) and/or Subscription and Services Agreements together with the TOS constitute the Agreement between the Parties and apply to each Hosted Program and to all Services provided by Company under the Agreement. When executed by the Parties, an Order Form shall evidence the Hosted Program Subscription Rights Granted and the Services to be provided. In addition, each service provider and staff person with access to information protected by HIPAA through the use of the Company’s Hosted Programs will be required to sign a separate HIPAA/Associate agreement.
1.1. “Activation Date” shall be the date on which the Client is provided with a login name and password from Company to use the Hosted Programs.
1.2. “Client Data” means information entered into the Hosted Programs by Client in the course of its authorized use of the Hosted Programs and stored on the Host Server for access by the Hosted Programs and retrieval by the Client.
1.3. “Host Server” shall mean the server provided by Company or its agent through which Client accesses the Hosted Programs, identified by a URL and one or more accounts and passwords to be established by Client.
1.4. “Hosted Programs” shall mean the computer software known as “TotalMD” in object code
form owned or provided by Company for which Client has subscription rights granted pursuant to the Agreement, updates and upgrades to the Hosted Programs, and online documentation.
1.5. “Order Form(s)” shall mean the document(s) by which Client orders Hosted Program subscriptions and Services, and which are agreed to by the Parties.
1.6. ”Concurrent User” shall mean each employee, contractor or agent of Client that provides billable patient care or services on behalf of Client.
1.7. “Services” shall mean access to the Hosted Programs or other services specifically identified in an Order Form.
2. USE OF HOSTED PROGRAMS
2.1. Subscription Rights Granted.
A. In consideration of monthly subscription fees set forth in any valid Order Form(s), Company grants to Client a nonexclusive, non-transferable right (“Subscription”) for the number of Concurrent Users defined in the Order Forms(s). Client shall be entitled to use the Hosted Programs as follows: (i) to assign access rights to the Hosted Programs on the Host Server solely for Client’s own internal business operations; and (ii) to use the Documentation provided with the Hosted Programs (online or otherwise) in support of Client’s authorized use of the Hosted Programs. Except as specifically authorized in the Order Form(s) or Subscription and Services Agreement in conjunction with Exhibit B below, Client may not allow third parties to access the Hosted Programs, or use the Hosted Programs for third-party training, commercial
time-sharing, rental or service bureau use.
B. Client agrees not to download the Hosted Programs or cause or permit the reverse engineering, disassembly or decompilation of the Hosted Programs.
C. Company retains all title, copyright, and other proprietary rights in the Hosted Programs. Client does not acquire any rights, express or implied, in the Hosted Programs, other than those specified in the Agreement.
2.2. Verification. Company shall have the right to monitor use of the Hosted Programs by Client: (i) electronically at any time; or (ii) by on-site audit of Client’s use of the Hosted Programs not more than once per year upon reasonable notice to Client) and to charge for additional Concurrent Users as appropriate under the Agreement.
3.1. Hosting Services. Company will provide Client with access to the online Hosted Programs selected in the Order Form(s) and will provide for the storage and retrieval of Client Data in connection with use of the Hosted Programs. Client is responsible for obtaining access to the Internet using software and hardware that meet the minimum requirements, including security requirements, set forth in Company’s published System Requirements document available at www.totalmd.com.
3.2 Access. Client may designate user account names and passwords for the number of Concurrent Users stated in the Order Form(s). Client is responsible for the confidentiality and use of account names and passwords. Company will deem any communication, data transfer, or use of the Hosted Programs received under Client’s account names and passwords to be for Client’s benefit and use. Client agrees to notify Company if account names or passwords are lost, stolen, or being used in an unauthorized manner.
3.3 Representations. Client represents and warrants that it has the rights to all Client Data, including the right to upload Client Data to the Host Server in connection with its authorized use of the Hosted Programs. Client agrees that the Client Data and its use do not infringe the rights of any third party and agrees to indemnify and holds Company harmless from any third-party claims of infringement under the same terms and conditions set forth below for Company’s infringement indemnity.
3.3. Data Security. Client agrees to access the Hosted Programs and to store and retrieve data using the remote terminal services as specified by Company. Company agrees to maintain the security of Client Data using
industry-standard data security protocols, and other methods reasonably deemed to be adequate for secure business data and to notify Client in the event of a breach of security involving Client Data. Company agrees to retain Client data on one or more secure servers and to maintain data recovery and data backup facilities in accordance with accepted industry practices.
3.4. Ownership of Data and Subscription. Client shall retain ownership of all Client Data stored or retrieved in connection with use of the Hosted Programs, which data shall be subject to the confidentiality provisions set forth below. Client agrees that storage or caching of Client Data is not an infringement of any intellectual property rights of Client. Client agrees that it will not store data on the Host Server that is subject to the rights of any third parties without first obtaining all required authorizations and rights in writing from such third parties. Provided that Company implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b), Client acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that Company may use such de-identified information for any lawful purpose.
3.5. Support Services. Company will provide Support Services for the Hosted Programs as described in the applicable Order Form(s) and in accordance with the Support Policy for available at
www.totalmd.com, in effect on the date Support is provided, so long as Client is appropriately licensed to use the Hosted Programs and Services.
3.6. Electronic Services. In connection with use of the Hosted Programs, Company may provide certain Electronic Services to Client, as set forth in the applicable Order Form(s), in conjunction with one or more third-party partners, and Client hereby waives any and all liability and claims which Client may have against Company or the partner in connection with the provision of Electronic Services except to the extent directly caused by the willful misconduct or gross negligence of Company or the partner. Such Electronic Services are subject to availability via Company clearinghouse partners. Independently levied submission charges from payors are not included in the pricing and will be charged separately. Approval for electronic submission to and remittance from most non- commercial payers can take 4-8 weeks from the date Client returns completed forms to Company.
3.7. Data Import Limitations. Should Company agree to perform any data importation services for Client, Client is responsible to provide data exactly in the format specified by Company documentation. The Company database resulting from import of Client’s data will be a reflection of the quality of data provided by the Client. Company is not responsible for inability to perform services due to improperly formatted or corrupt files, viruses on media provided, or incompatible backup media or software. Client acknowledges that transferring data is subject to the
possibility of human and machine errors, omissions, and losses, including inadvertent loss of data or damage to media that may give rise to loss or damage. Company shall not be liable for any such errors, omissions, or losses. Client is responsible to adopt reasonable measures to limit the impact of such problems, including backup of original data. Client is also responsible for complying with all local, state, and federal laws pertaining to the use and disclosure of any data.
3.8. Data Import Acceptance. Following any requested data import for which Client has paid Company (e.g., importation from Medisoft and/or Lytec), Company warrants the integrity of the supplied production database for a period of 5 business days from the delivery date, or until the database is altered in any way by the Client, whichever comes first. During the warranty period, Client may report any discrepancies or errors, and upon verification of the error, Company may at its option correct the database or refund the amount paid for the data import service. Any data importation not performed by Company or performed at no charge by Company will not be warranted by Company.
3.9. Onsite Training. Onsite training is not offered by Company but may be available from one or more dealers.
3.10. Deadlines. Company’s ability to deliver the requested Services, at the scope and scale described, depend on Client meeting the indicated Approval Deadline as well as interim Client Deliverable dates that may apply to specific Services. Should approval be withheld past the Approval Deadline, or should Client Deliverable dates not be met in the course of delivering the Services, target delivery dates may require rescheduling by Company staff based on availability.
3.11. Consulting Limitations. Company warrants that all consulting services offered by Company shall be performed by qualified personnel. However, Company does not guarantee any specific results from training or other consulting services offered by third parties, including any dealers who offer access to the Hosted Programs.
3.12. Company Connect Interfaces. Company does not currently support any connection interface that makes available to Client Company’s standard data interface functions (“APIs”) for the purpose of enabling Client to share specific data between Company’s Hosted Programs and other software and/or data sources owned or licensed by Client unrelated to Company (the “External System”).
3.13. Restriction. Access to or use of Hosted Programs by External Systems is strictly prohibited.
3.14. Limitation of Liability. Notwithstanding any other provision of this Agreement, Company has no liability under any agreement, this Order Form or the Existing Agreement, including the HIPAA Business Associate Addendum, for any disclosure of Protected Health Information (“PHI”) made by means of access to the Hosted Programs and related data by or on behalf of Client, or by means of access by any third party to the extent such third party obtained access to the Hosted Programs and related data as a result of intentional disclosure by Client or any breach of this Order Form or the Existing Agreement or any negligence by Client, its personnel, agents or third- party contractors. In addition, Company has no liability under this Agreement for any modification of Client’s hosted application data, or for any consequences that may arise from such modifications (including, but not limited to, incorrectly modified or lost data) made by means of access to the Hosted Programs by or on behalf of Client, or by means of access by any third party to the extent such third party obtained access to the Hosted Programs as a result of intentional disclosure by Client or any breach of this Agreement or any negligence by Client, its personnel, agents or third-party contractors.
4. TERM AND TERMINATION
4.1. Term. Client’s rights to use the Hosted Programs and Services shall remain in effect for the Initial Term set forth in the Order Form(s) or Subscription and Services Agreement. Thereafter, the term shall automatically renew for additional terms as set forth in the Agreement at then-current prices unless either Party gives ten (10) days advance written notice prior to the end of the then-current term of its intention to terminate the Agreement, or until otherwise terminated as provided herein.
4.2. Termination for Cause. Either Party may terminate the Agreement at any time upon thirty (30) days prior written notice if the other Party commits a material breach that remains uncured after thirty (30) days written notice specifying the nature of the breach and identifying the measures required to correct the breach. Notwithstanding the foregoing, Company may terminate the Agreement and access to the Hosted Programs for non-payment of fees upon ten (10) days prior notice, at which time fees for the current term shall be due and payable in full.
4.3. Effect of Termination. Termination of the Agreement shall not limit either Party from pursuing other remedies available to it, including injunctive relief, nor shall such termination relieve Client’s obligation to pay all fees that have accrued or are otherwise owed by Client under any Order Form or under the Agreement. Upon termination of the Agreement, access to the Hosted Programs and all Services shall be terminated. Upon termination, other than for breach on the part of Company under Section 4.2 above, all unpaid fees related to the initial term or any renewal term shall be due and payable in full immediately.
5. INDEMNITY, WARRANTIES, REMEDIES
5.1. Infringement Indemnity. Company will defend and indemnify Client against a claim that the Hosted Programs infringe a copyright or patent, provided that: (a) Client notifies Company in writing within 30 days of the claim;
(b) Company has sole control of the defense and all related settlement negotiations; and (c) Client provides Company with the assistance, information and authority necessary to perform Company’s obligations under this Section. Reasonable out-of-pocket expenses incurred by Client in providing such assistance will be reimbursed by Company.
In the event the Hosted Programs are held or are believed by Company to infringe, Company shall have the option, at its expense, to (a) modify the Hosted Programs to be non-infringing; (b) obtain for Client a subscription to continue using the Hosted Programs; or (c) terminate the subscription for the infringing Hosted Programs. This Section 5.1 states Company’s entire liability and Client’s exclusive remedy for infringement.
5.2. Warranties and Disclaimers
A. Hosted Program Warranty. Company warrants that the Hosted Programs will materially perform in accordance with the documentation so long as (i) the Client has a current, paid-up right to use the Hosted Programs; and (ii) Client’s access to the Host Server will meet the minimum criteria set forth in Company’s System Requirements document available at www.totalmd.com.
B. Services Warranty. Company warrants that its Hosted Program Services, Support Services, Electronic Services, and other Services described in an applicable Order Form will be performed consistent with generally accepted industry standards.
C. Disclaimers. THE WARRANTIES ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Company does not warrant that the Hosted Programs will operate in the combinations that Client may select for use, that the operation of the Hosted Programs will be uninterrupted or error-free, or that all Hosted Program errors will be corrected.
5.3. Exclusive Remedies. For any breach of the warranties contained in Section 5.2, Client’s exclusive remedy, and Company’s entire liability, shall be:
A. For Hosted Program Services and Electronic Services: The correction of Hosted Program errors that cause breach of the warranty. Any error not reported to Company by Client within thirty (30) days of its discovery will be deemed waived and accepted by Client.
B. For all other Services: The re-performance of the Services, provided that Client notifies Company in writing of any defects in the Services within thirty (30) days of their performance.
6. PAYMENT PROVISIONS
6.1. Invoicing and Payment. Invoices for payment of Monthly Application Subscription and all Service Fees shall be in accordance with the applicable Order Form(s). In the absence of specific provisions in the applicable Order Form(s), fees for one-time Services are due upon acceptance of any Order Form and prior to delivery of the Service. Fees that are fixed, such as Monthly Application Subscription Fees, shall be payable monthly in advance and due in full upon the first day of each month; all other Services that are variable and dependent on actual usage are billed in arrears and due upon receipt. An administrative late charge of $35.00 per invoice per month will be charged for any invoice not paid by the due date and which remains unpaid each 30 days thereafter, including any electronic transaction that is declined and any returned checks. Additionally, any amounts payable by Client
hereunder which remain unpaid after the due date shall be subject to a finance charge equal to the lesser of 1.5% per month or the maximum amount permitted under applicable law, from the due date until such amount is paid.
6.2. Taxes. The fees listed in the Agreement do not include taxes; if Company is required to pay sales, use, property, value-added, withholding, excise or other taxes, duties, or governmental charges based on the Subscription Rights Granted or Services provided under the Agreement or on Client’s use of Hosted Programs or Services, then such taxes, duties, or governmental charges shall be billed to and paid by Client. If Company is found to be responsible for the withholding and payment of taxes on behalf of Client, Client agrees to indemnify Company with respect to the full amount of taxes due together with applicable interest and penalties. If Client is required to withhold any tax from any payment, then the amount of the payment will be automatically increased to totally offset such tax so that the amount remitted to Company, net of all taxes, equals the amount invoiced or otherwise due. This Section shall not apply to taxes based on Company’s net income.
6.3. Variable Use Service Fees. Variable use service fees are subject to external costs (such as postage rates, paper, etc.) and therefore are subject to change with 30-day written notice to Client.
7. GENERAL TERMS
7.1. Nondisclosure. By virtue of the Agreement, the Parties may have access to information that is confidential to one another (“Confidential Information”). Confidential Information shall be limited to the Programs, the terms and pricing under the Agreement, and all information clearly identified as confidential.
A Party’s Confidential Information shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other Party; (b) was in the other Party’s lawful possession prior to the disclosure and had not been obtained by the other Party either directly or indirectly from the disclosing Party; (c) is lawfully disclosed to the other Party by a third party without restriction on disclosure; or (d) is independently developed by the other Party.
The Parties agree to hold each other’s Confidential Information in confidence during the term of the Agreement and for a period of two years after termination of the Agreement. In the event that either Party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the Party receiving such disclosure request will provide the other Party with immediate written notice of any such request or requirement so that such Party may seek an appropriate protective order or other relief.
7.2. Trademarks. Except for linking to Company web sites, Client may not use any Company logo or trademark, whether or not such mark(s) are registered, without prior written approval from Company. This includes use on printed materials of any kind as well as electronic mediums such as internet web pages or email. Furthermore, the use of the Company name (or any derivative thereof) in Client’s URL, Business Name, or the names of any add-on products or services Client may be offering independent of Company is strictly prohibited. Additionally, using the Company name in paid targeted keyword advertising campaigns on search engines is also prohibited.
7.3. Governing Law and Dispute Resolution. The Agreement, and all matters arising out of or relating to the Agreement, shall be governed by the laws of the State of Arizona, without giving effect to principles regarding conflicts of laws. Any controversy or claim arising out of or relating to the Agreement, or breach thereof, shall be submitted to the following procedure: (a) direct negotiation in a settlement conference to be scheduled as soon as possible after the dispute arises; (b) if no resolution is reached within sixty (60) days of the settlement conference, the Parties will submit the dispute to non-binding mediation in Phoenix, Arizona under the commercial mediation rules of the American Arbitration Association; (c) if no settlement is reached within sixty (60) days of the start of mediation, either Party may seek legal redress in a forum of competent jurisdiction.
7.4. Notice. Client agrees to notify Company of any changes to Client’s business address, business contact, and support contact within ten (10) days of any change thereto. All notices required or permitted hereunder shall be given in writing or as specifically set forth in the applicable section of the Agreement. To expedite order processing, Client agrees that Company may treat documents emailed or faxed by Client to Company as original documents; nevertheless, either Party may require the other to exchange original signed documents to evidence an order for Hosted Programs or for Services.
7.5. Limitation of Liability. In no event shall either Party be liable for any indirect, incidental, special or consequential damages, or damages for loss of profits, revenue, data or use, incurred by either Party or any third party, whether in an action in contract or tort, even if the other Party has been advised of the possibility of such damages. Company’s liability for damages hereunder shall in no event exceed the amount
of fees paid by Client under the Agreement for the most recent three (3) month period. The provisions of the Agreement allocate the risks between Company and Client. The Parties agree that Company’s pricing and other terms and conditions of the Agreement reflect the allocation of risk and the limitation of liability specified herein.
7.6. U.S. Government and HIPAA. The Hosted Programs and accompanying documentation are commercial computer software and documentation developed exclusively at private expense and in all respects are proprietary data belonging to Company. If the Hosted Programs and accompanying documentation are used under the terms of a DoD or civilian agency contract, use, reproduction and disclosure of such software and documentation by the Government is subject to the restrictions set forth in the Agreement in accordance with 48 C.F.R. 227.7202 or 48
C.F.R. 12.212, respectively. The HIPAA Business Associate Agreement attached hereto as Exhibit A is incorporated into the TOS by this reference.
7.7. Other Terms. In the event any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in full force. The waiver by either Party of any default or breach of the Agreement shall not constitute a waiver of any other or subsequent default or breach. Except for actions for nonpayment or breach of Company’s proprietary rights in the Hosted Programs, no action, regardless of form, arising out of the Agreement may be brought by either Party more than one year after the cause of action has accrued. The Agreement constitutes the complete agreement between the Parties and supersedes all prior or contemporaneous agreements or representations, written or oral, concerning the subject matter of the Agreement. Client may not assign the Agreement or any rights or obligations hereunder without prior written consent of Company, which consent shall not be unreasonably withheld or delayed; any such assignment without prior consent shall be void. Company may modify the terms of the Agreement between the Parties, including these Terms of Service and any incorporated Order Form(s) or Subscription and Services Agreements upon written notice, e-mail or otherwise, to Client. Client may notify Company in writing within thirty (30) days of receipt of a modification notification that Client does not wish to accept the new terms. In the absence of such written non- acceptance notification with the thirty (30) day period, Client confirms acceptance of the new terms by continuing to use the Hosted Programs and/or Services. If Client does not accept the new terms by notifying Company within the thirty (30) day period, then Client may continue to use Company under Client’s existing terms until the end of Client’s then current term, at which time Client’s Agreement will not automatically renew, but will instead terminate. It is expressly agreed that the terms of the Agreement and any Order Form shall supersede the terms in any Client purchase order or other ordering document.
E X H I B I T A : H I P A A B U S I N E S S A S S O C I A T E A G R E E M E N T A D D E N D U M
This HIPAA BUSINESS ASSOCIATE AGREEMENT ADDENDUM (the “BAA Addendum”), by and between Company and the above-referenced Client, is hereby incorporated into the above Application Terms of Service and is effective as of the Effective Date of the Agreement.
A. Client and Company are Parties to one or more agreements (each such agreement, a “Covered Contract,” and collectively, the “Agreement”) pursuant to which Company provides certain services to Client, and, in connection with those services, Client discloses to Company certain health information (the “Protected Health Information” as defined in 45 CFR §164.504) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and certain regulations promulgated by the U.S. Department of Health and Human Services to implement certain provisions of HIPAA (herein “HIPAA Regulations” found at 45 CFR Parts 160-164).
B. Company, as a recipient of Protected Health Information from Client, is a “Business Associate” as that term is defined in the HIPAA Regulations.
C. Pursuant to the HIPAA Regulations, all Business Associates of entities such as Client must, as a condition of receiving Protected Health Information in the course of doing business with Client, agree in writing to certain mandatory provisions regarding, among other things, the use and disclosure of Protected Health Information.
D. The purpose of this Addendum is to satisfy the requirements of the HIPAA Regulations, including, but not limited to, 45 CFR §164.504(e), as the same may be amended from time to time.
OBLIGATIONS OF THE PARTIES
1. Scope of Use of Protected Health Information. Company may not: (a) use or disclose Protected Health Information it receives from Client for any purpose other than the purposes contemplated by the Agreement, as required or allowed under the HIPAA Regulations, or as otherwise required by law; or (b) use or disclose Protected Health Information in a manner that violates or would violate the HIPAA Regulations if such activity were engaged in by Client. Client hereby represents and warrants (i) that the execution and performance of this Addendum will not conflict with or violate any provision of any law having applicability to Client; (ii) that Client has the right to provide the Protected Health Information provided to Company under this Addendum; and (iii) that the use, provision of access and/or disclosure by Company of any Protected Health Information as authorized or contemplated by this Agreement will not conflict with or violate any provision of any law having applicability to either of the Parties, including, without limitation, HIPAA and the HIPAA Regulations, nor constitute a tort against any third party, nor constitute a breach of contractual obligations between any third party and Client.
2. Safeguards for the Protection of Protected Health Information. Company will use reasonable efforts to implement and maintain such business and technological safeguards as are necessary to ensure that the Protected Health Information disclosed between Client and Company is not used or disclosed by Company except as is provided in the Agreement.
3. Reporting of Unauthorized Use or Disclosure. Company shall promptly report to Client any use or disclosure of Protected Health Information of which Company becomes aware that is not provided for or permitted in the Agreement or the HIPAA Regulations. Company shall permit Client to investigate any such report in accordance with Section 8 of this Addendum.
4. Use of Subcontractors. To the extent that Company uses one or more subcontractors or agents to provide services under the Agreement, and such subcontractors or agents receive or have access to the Protected Health Information, Company shall either sign a Business Associate Agreement with such subcontractor or agent containing substantially the same restrictions and conditions related to the Protected Health Information as those that apply to Company under this addendum, or ensure that such subcontractor or agent agrees to implement reasonable and appropriate safeguards to protect such information consistent with the requirements of 45 CFR 164.314(a)(1)(i).
5. Data Transfer Security. Company will take reasonable measures to protect the security and integrity of the Protected Health Information when electronically transferring such information.
6. Access Security. Company will take reasonable security measures to protect the Protected Health Information from unauthorized access. Access to Company’s computer networks and systems and the Protected Health Information will be controlled via a user ID and password. COMPANY IS NOT RESPONSIBLE FOR ANY UNAUTHORIZED USE OR DISCLOSURE OF A USER ID OR PASSWORD, OR FOR ANY BREACH OF THIS ADDENDUM ARISING AS A RESULT OF ANY SUCH UNAUTHORIZED USE OR DISCLOSURE BY OR ON BEHALF OF CLIENT.
7. Authorized Access to and Alteration of Protected Health Information. In order to help ensure the accuracy of the Protected Health Information, Company, on an ongoing basis, will provide Client access for inspection to any such Protected Health Information then retained in Company’s possession. If any of the Protected Health Information is found to be inaccurate or incomplete, Client may submit amendments or corrections to the Protected Health Information and Company shall promptly incorporate all such amendments or corrections. Company shall cooperate promptly with Client in responding to any request made by any subject of such information to Client to inspect and/or copy such information. Company may not deny Client access to any Protected Health Information if such information is requested by the subject seeking access to it.
8. De-identified Information. Provided that Company implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b), Client acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that Company may use such de-identified information for any lawful purpose.
9. Accounting, Audits, and Inspection.
a. Company will keep an accounting of all disclosures, outside its normal course of business, of the Protected Health Information (the “Disclosure Accounting”) on an ongoing basis and maintain the Disclosure Accounting for a period of at least six (6) years. At a minimum, the Disclosure Accounting will contain (i) the date of the disclosure; (ii) the name of the entity or person who received the Protected Health Information and, if known, the address of such entity or person; (iii) a brief description of the Protected Health Information disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure; or in lieu of such statement a copy of the subject’s written authorization or request for disclosure pursuant to the HIPAA Regulations. Company will provide the Disclosure Accounting to Client or a subject individual within sixty (60) days of receiving a written request from Client or such subject individual.
b. Subject to compliance with Company’s security requirements, the Secretary of Health and Human Services and/or Client, or their respective authorized agents or contractors, may, at their expense, examine Company’s facilities, systems, procedures and records related to the Protected Health Information, as may be required to determine that Company is in compliance with the HIPAA Regulations, the Agreement or this Addendum. If it is determined that Company is in violation of the HIPAA Regulations, the Agreement or this Addendum, Company shall promptly remedy any such violation and shall certify the same in writing. The fact that Client inspects, or fails to inspect, or has the right to inspect, Company’s facilities, systems and procedures does not relieve Company of its responsibility to comply with this Addendum, nor does Client’s failure to detect, or to detect but fail to call Company’s attention to or require remediation of any unsatisfactory practice, constitute acceptance of such practice or a waiver of Client’s enforcement rights.
10. Right of Termination. In the event that Company breaches a material term of this Addendum and fails to cure such breach within thirty (30) days after receipt of written notice thereof, Client will have the right to terminate the relevant Covered Contract under which Client disclosed the Protected Health Information that is the subject of the relevant breach.
11. Effect of Termination. Upon the termination or expiration of a Covered Contract for any reason, Company, at its option, will either (i) return, delete, purge or destroy, all Protected Health Information received from Client under such Covered Contract that Company maintains in any form, or (ii) if Company determines that such return or destruction is not feasible, Company will continue to restrict such Protected Health Information in compliance with this Addendum.
12. Incorporation; Effect on Agreement. This Addendum is incorporated into and made part of each Covered Contract and in each case is subject to the terms and conditions set forth therein, provided that, in the event that a conflict arises between this Addendum and any Covered Contract (exclusive of this Addendum), the terms and conditions of this Addendum shall govern. Except as specifically required to implement the purposes of this Addendum, and otherwise except to the extent inconsistent with this Addendum, all other terms of the Agreement shall remain in
full force and effect, and the Parties hereby ratify and affirm the Agreement except as superseded or modified by this Addendum.
13. Construction. This Addendum shall be construed as broadly as necessary to implement and comply with the HIPAA Regulations. The Parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with the HIPAA Regulations.
DEALER INFORMATION (for dealer sales only)
E X H I B I T B : S E R V I C E B U R E A U A D D E N D U M
This SERVICE BUREAU ADDENDUM, by and between Company and the above-referenced Client, is hereby incorporated into the above Application Terms of Service and is effective as of the Effective Date of the Agreement. This Service Bureau Addendum shall only apply when explicitly incorporated by reference on an Order Form or Subscription and Services Agreement. When so incorporated, this Service Bureau Addendum modifies and amends the terms and conditions of the Agreement as set forth below:
1. Service Bureau Use. In further consideration of the fees set forth in the applicable Order Form(s), Company grants to Client the right to offer access to the Hosted Programs to third-party end users as follows:
a. Permitted End Users. Client may allow access to the Hosted Programs to such entities to whom Client has a contract with to provide significant management and/or financial processing services (“Service Bureau Services”) over and above the Hosted Programs in either a third party billing service environment or as a managed service organization so long as every Concurrent User of a Permitted End User Entity accessing the Hosted Programs has a valid Subscription as defined above. Client may not allow access to the Hosted Programs under Client’s Agreement where the primary services provided to a Permitted End User are training and/or support of the Hosted Programs.
b. Training. Client may provide training services to Permitted End Users for partial use of the Hosted Programs as long as Client’s Service Bureau Services include management of substantial functional areas of the Hosted Programs (such as patient and insurance billing). Client may not provide substantially complete Hosted Program training (including patient and insurance billing) without first receiving proper training from Company and only after payment of appropriate training materials fees to Company.
c. Support. Permitted End Users must contact Client for all support issues. Client may contact Company for support on behalf of Permitted End Users under Client’s support contract with Company.
c. Termination. Company may terminate access through the Client for any Permitted End User with respect to which Client has ceased to provide Service Bureau Services. Upon termination of any Permitted End User’s access either by Company, as set forth in this paragraph, or by Client, upon termination of Client’s relationship with the Permitted End User(s), such End User(s) shall no longer have the right to access the Hosted Programs or to receive support for the Hosted Programs.
2. Required End-User Subscription Provisions. Client agrees that agreement between Client and the Permitted End Users (“End-User Agreement”) shall contain the following provisions, in substantially the form set forth in this Section 2 before a Permitted End User is authorized to access the Hosted Programs.
a. Use of Hosted Programs. In consideration of the fees set forth in this End-User Agreement, Client grants to End User a nonexclusive, non-transferable right (“Subscription”) for the number of Concurrent Users authorized to use the Hosted Programs as follows: (i) to assign access rights to the Hosted Programs on the Host Server solely for End User’s own internal business operations; and (ii) to use the Documentation provided with the Hosted Programs (online or otherwise) in support of End User’s authorized use of the Hosted Programs. CLIENT AND COMPANY MAKE NO WARRANTY OF ANY KIND WITH REGARD TO THE HOSTED PROGRAMS OR SERVICES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NEITHER PARTY WILL BE LIABLE FOR ANY LOSS, INCLUDING LOSS OR INACCURACY OF DATA, LOST PROFITS OR REVENUE OR ANY OTHER INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER OR NOT FORESEEABLE.
b. Ownership of Hosted Programs. End User acknowledges that Company retains all title, copyright, and other proprietary rights in the Hosted Programs. End User does not acquire any rights, express or implied, in the Hosted Programs, other than those specified in this Agreement. End User agrees not to download the Hosted Programs or cause or permit the reverse engineering, disassembly or decompilation of the Hosted Programs.
c. Ownership of Data. Unless otherwise agreed to in writing between Client and End User, or as required by mandatory provisions of applicable laws and regulations, Client shall retain ownership of all data stored or retrieved in connection with use of the Hosted Programs, which data shall be subject to the confidentiality provisions set in this Agreement. End User agrees that storage or caching of data is not an infringement of any intellectual property rights of End User. End User agrees that it will not store data on the Host Server that is
subject to the rights of any third parties without first obtaining all required authorizations and rights in writing from such third parties. Provided that Client and Company implement appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R.
§164.514(b), End User acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that Client and Company may use such de-identified information for any lawful purpose.
d. Limitation of Liability. In no event shall Client or Company be liable for any indirect, incidental, special or consequential damages, or damages for loss of profits, revenue, data or use, incurred by End User or any third party, whether in an action in contract or tort, even if the other Party has been advised of the possibility of such damages. Liability of Client and Company for damages hereunder shall in no event exceed the amount of fees paid by End User under this Agreement for the most recent three (3) month period.
e. U.S. Government and HIPAA. The Hosted Programs and accompanying documentation are commercial computer software and documentation developed exclusively at private expense and in all respects are proprietary data belonging to Company. If the Hosted Programs and accompanying documentation are used under the terms of a DoD or civilian agency contract, use, reproduction and disclosure of such software and documentation by the Government is subject to the restrictions set forth in this Agreement in accordance with 48 C.F.R. 227.7202 or 48
C.F.R. 12.212, respectively. The HIPAA Business Associate Agreement attached hereto is incorporated herein by this reference.
f. Confidentiality and Non-Disclosure. By virtue of this Agreement, the Parties may have access to information that is confidential to one another (“Confidential Information”). Confidential Information shall be limited to the Hosted Programs, the terms and pricing under this Agreement, and all information clearly identified as confidential. A Party’s Confidential Information shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other Party; (b) was in the other Party’s lawful possession prior to the disclosure and had not been obtained by the other Party either directly or indirectly from the disclosing Party;
(c) is lawfully disclosed to the other Party by a third party without restriction on disclosure; or (d) is independently developed by the other Party. The parties agree to hold each other’s Confidential Information in confidence during the term of this Agreement and for a period of two years after termination of this Agreement. In the event that either Party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the Party receiving such disclosure request will provide the other Party with immediate written notice of any such request or requirement so that such Party may seek an appropriate protective order or other relief.
g. Client and End User acknowledge and agree that Company is a third-party beneficiary under this Agreement and is entitled to directly enforce its rights hereunder.
3. Business Associate Agreements. Client agrees to enter into a legally enforceable Business Associate Agreement with the all Permitted End Users in compliance with the requirements of HIPAA and all other pertinent laws and regulations applicable to the relationship between Client and the Permitted End Users.
4. Trademark Usage Guidelines. Client agrees that any use or display of Company or of any trademarks, trade names, or trade dress of Company shall be in accordance with Company’s then current Trademark Usage Guidelines, which may be provided online, in writing, or orally. Client, acknowledges and agrees that Company is the exclusive owner of all trademarks, trade names, and trade dress associated with the Company products and services and agrees that it will not in any way disparage or denigrate such names or marks. Client agrees that it will not seek legal protection or ownership of any trademark, trade name, or trade dress (by statute, under common law, or otherwise) that is confusingly similar to any trademark, trade name, or trade dress of Company.
5. Other Terms and Conditions. Except as specifically modified by the additional terms herein, all other terms and conditions remain in full force and effect.
E X H I B I T C : E L E C T R O N I C C O D E S A D D E N D U M
This ELECTRONIC CODES ADDENDUM (the “Addendum”), by and between Company and the above-referenced Client, is hereby incorporated into the above Application Terms of Service and is effective as of the Effective Date of the Agreement.
This CPT Addendum applies only to use of any Hosted Programs that include access to the master database of American Medical Association (AMA) CPT Codes in electronic form (“CPT”) and is required by the AMA or to use of any Hosted Programs that include access to the master database of American Dental Association (ADA) CDT Codes in electronic form (“CDT”) and is required by the ADA, or to use of any Hosted Programs that include access to the International Statistical Classification of Diseases and Related Health Problems (ICD) as published by the World Health Organization or Healthcare or to use of any Hosted Programs that include access to Common Procedure Coding System used in conjunction with Medicare and Medicaid (collectively the “Codes”).
Client hereby acknowledges that:
1. Company’s provision of updated versions of the Codes is dependent upon Company’s continuing contractual relations with the respective organizations that control, publish and maintain the Codes (each a “Controlling Agency”);
2. Client’s use of the Codes is nontransferable, nonexclusive, and for the sole purpose of internal use in the territory and language as designated in Client’s Agreement with Company;
3. Client is prohibited from using the Codes or information contained therein in any public computer based information system or public electronic bulletin board (including the Internet and World Wide Web) unless subject to the provisions of this Addendum);
4. Client is prohibited from publishing, translating, or transferring possession of the Codes or a copy or portion of them except as authorized herein or as may be authorized by the Controlling Agency for the Codes;
5. Client is prohibited from creating derivative works based on the Codes and selling, leasing or licensing it or otherwise making the Codes or any portion thereof available to any unauthorized party;
6. Client should ensure that anyone who has authorized access to the Hosted Programs complies with the provisions of this Agreement;
7. In the case Client’s Agreement includes service bureau provisions, Client represents that it has authority to bind any legal entity that is to receive the Codes;
8. This product includes the Codes which is commercial technical data and/or computer databases and/or commercial computer software and/or commercial computer software documentation, as applicable, which were developed exclusively at private expense by their respective Controlling Agency;
9. The Codes are provided “as is” without any liability to Company or any Controlling Agency, including, without limitation, no liability for consequential or special damages or lost profits for sequence, accuracy or completeness of data, or that it will meet Client’s requirements, and that Company’s and the Controlling Agency’s sole responsibility is to use reasonable efforts for Client to correct defects or replace the Codes; the Controlling Agencies disclaim any liability for any consequences due to use, misuse or interpretation of information contained or not contained in the Codes;
10. The authorization for use of Encoder Pro (“EPAX”), as well as the ICD9, CPT and HCPCS Codes, is provided to Client under a third party license between Company and Ingenix, Inc. and is strictly limited to Client’s use of the Hosted Programs and the Codes as set forth in the Agreement;
11. This Addendum shall terminate in the event of default by Client under this Addendum; and
12. In the event that a provision of this Addendum is determined to violate any law or is unenforceable, the remainder of the Addendum shall remain in full force and effect.