Software Use Agreement.
By registering or using the Service, you agree to be bound by these Terms of Use without modification. Please make sure you read these Terms of Use thoroughly before registering.
Definition of Terms.
As used in these Terms of Use, "We", "Us" and "Our" refer collectively to clinicspectrum.com. "You" and "User" refer to You, the user of this Service. "Software" and "Hardware" includes all software/hardware that comprises the Service or is used to interact with the Service, and includes all software and hardware provided by Our Suppliers.
Changes to These Terms of Use.
We reserve the right to change these Terms of Use at any time. If the Terms of Use changes you will be notified upon Your next login, and Your use of the Services or access to the clinicspectrum.com Web Site constitutes Your agreement to the Terms of Use as they appear at the time You use the Services or access to the clinicspectrum.com Web Site.
Your Representations.
You represent and warrant that you are at least eighteen (18) years of age and that You have the legal right and ability to enter into these Terms of Use and to use the Service.
Password Confidentiality and Computer Security.
You are alone responsible for keeping Your password confidential and for the security of any computer You use to access the Service. You agree to notify clinicspectrum.com if You become aware that Your password has been compromised or that there is any other security problem with the Service.
Privacy Policy.
Your privacy is very important to us. Our Privacy Policy shall apply to Your access to the clinicspectrum.com Web Site and Your use of the Service and Software.
Your Obligation to Verify Information Sent to Your Healthcare Providers.
You or your healthcare provider are solely responsible for all information stored or communicated using the Service, Software or Hardware. You agree to verify the accuracy and completeness of all information communicated to Your physicians and other healthcare providers using the Service. You will notify Your physician or other healthcare provider and Us if You find any inaccuracy or incompleteness in the information received by the physician or other provider from the Service. You agree that We shall not be liable for any inaccuracy or incompleteness of any such information.
Links.
We may provide, or third parties may provide, links to other World Wide Web sites or resources. Because we have no control over such sites and resources, You acknowledge and agree that We are not responsible for the availability of such external sites or resources, and do not endorse and are not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. You further acknowledge and agree that We shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such site or resource.
Use of the Service, Software, and Hardware.
We hereby grant You a non-exclusive, non-transferable, revocable right, without the right of sublicense, to access and use the Service and Software, subject to these Terms of Use. You may use the Software and Service solely for Your own personal and non-commercial use.
No Unlawful or Prohibited Use.
You agree that You will not use the Service, Software or Hardware for any purpose that is unlawful or prohibited by these Terms of Use. You may not use the clinicspectrum.com Web Site in any manner that could damage, disable, overburden or impair the clinicspectrum.com Web Site or interfere with any other party's use and enjoyment of the clinicspectrum.com Web Site.
Restrictions on Use.
You acknowledge and agree that the Service and the Software contain proprietary and confidential information that is protected by applicable intellectual property and other laws. Except for information You provide, all content on the Service is copyrighted by Us and/or one or more of Our Suppliers. You may download and/or print a copy of information provided on this Service for Your personal use only, provided You keep all copyright and trademark notices intact. All Software is owned by clinicspectrum.com and/or its Suppliers and is protected by copyright laws and international treaty provisions. You may not reproduce (except as specifically set forth herein), download, modify, create derivative works from, distribute, or attempt to reverse engineer, decompile, disassemble, or access the source code for the Software. . Any reproduction or redistribution of the Software is expressly prohibited by law and may result in severe civil and criminal penalties. You may not, copy, paraphrase, omit, display, store, timeshare, rent, lease, sublicense, publish, distribute, transmit, create derivative works from, transfer, assign, sell or commercially exploit in any manner whatsoever the Software or content on Our Web Site. All marks displayed on the Service or in the Software are Our or Our Supplier's trademarks or service marks (both registered and unregistered). No right license or interest in such marks is granted to You under this Agreement. You agree that You will not assert any such right, license or interest with respect to such marks.
Disclaimer of Warranty.
THE clinicspectrum.com WEB SITE AND THE SERVICE AND SOFTWARE ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING BUT NOT LIMITED TO WARRANTIES OF SUITABILITY, RELIABILITY, AVAILABILITY, TIMELINESS OR ACCURACY OF THE INFORMATION, SERVICE, SOFTWARE OR RELATED GRAPHICS CONTAINED ON OR PROVIDED THROUGH THE clinicspectrum.com WEB SITE FOR ANY PURPOSE. clinicspectrum.com AND ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES WITH REGARD TO THIS INFORMATION, SOFTWARE, SERVICE AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. YOU MAY USE CERTAIN THIRD-PARTY SOFTWARE (INCLUDING WEB BROWSERS) OR HARDWARE IN CONNECTION WITH ACCESSING THE SERVICE AND SOFTWARE. WE MAKE NO WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, AS TO THE QUALITY, CAPABILITIES, OPERATIONS, PERFORMANCE OR SUITABILITY OF SUCH THIRD-PARTY SOFTWARE OR HARDWARE. THE QUALITY, CAPABILITIES, OPERATIONS, PERFORMANCE AND SUITABILITY OF SUCH THIRD-PARTY SOFTWARE OR HARWARE LIE SOLELY WITH YOU AND THE VENDOR OR SUPPLIER OR SUCH THIRD-PARTY SOFTWAREE OR EQUIPMENT, AS THE CASE MAY BE. THE INFORMATION, SOFTWARE AND SERVICE INCLUDED IN OR AVAILABLE THROUGH THE clinicspectrum.com WEB SITE MAY INCLUDE INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY MADE TO THE clinicspectrum.com WEB SITE AND THE INFORMATION, SOFTWARE AND SERVICE AVAILABLE ON THE SITE. YOU UNDERSTAND THAT WE AND OUR SUPPLIERS CANNOT AND DO NOT WARRANT THAT FILES AVAILABLE THROUGH THE SERVICE OR THE SOFTWARE WILL BE FREE OF INFECTION OR VIRUSES, WORMS, TROJAN HORSES OR OTHER CODE THAT MANIFESTS CONTAMINATING OR DESTRUCTIVE PROPERTIES. WE DO NOT ASSUME ANY RESPONSIBILITY FOR YOUR USE OF THE SERVICE AND THE SOFTWARE, AND YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOUR USE OF THE SERVICE AND THE SOFTWARE IS AT YOUR SOLE RISK.
Limitation of Liability.
Neither clinicspectrum.com, nor any of its officer, directors, employees, agents or Suppliers shall be liable for losses or damages arising from input errors or misuse of the Service, negligent handling or sharing of any password, leaving a computer unattended during an online session or failure to sign off at the end of Your session, compromise of any password or account privacy arising from security problems with any computer You use to access clinicspectrum.com, the Service or Software, or Your failure to report a known incident of unauthorized account access or incorrect information. IN NO EVENT SHALL clinicspectrum.com OR ANY OF ITS OFFICERS DIRECTORS, EMPLOYEES, AGENTS OR SUPPLIERS SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OR PERFORMANCE OF THE clinicspectrum.com WEB SITE OR THE SERVICE OR SOFTWARE, WITH THE DELAY OR INABILITY TO USE THE clinicspectrum.com WEB SITE OR THE SERVICE OR SOFTWARE, OR OTHERWISE ARISING OUT OF THE USE OR MISUSE OF THE clinicspectrum.com WEB SITE OR THE SERVICE OR SOFTWARE, EVEN IF WE OR OUR SUPPLIERS KNOW OF OR HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF LIMITATION OF LIABILITY" FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF THE clinicspectrum.com WEB SITE, OR THE SERVICE OR SOFTWARE, OR ANY OF THESE TERMS OF USE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE clinicspectrum.com WEB SITE, THE SERVICE AND THE SOFTWARE. As losses and damages, if any, arising from Your use of the Services and the Software and from Your access to this Web Site would be difficult, if not impossible to assess, You agree that THE TOTAL LIABILITY OF clinicspectrum.com, ITS OFFICERS DIRECTORS, EMPLOYEES, AGENTS AND SUPPLIERS, IF ANY, FOR ACTUAL LOSSES OR DAMAGES SHALL NOT EXCEED THE FEES PAID BY YOU FOR USE OF THE clinicspectrum.com WEB SITE, THE SERVICE AND OR SOFTWARE OR DURING THE TWELVE MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LOSSES OR DAMAGES, OR, IF NO AMOUNTS HAVE BEEN PAID BY YOU, ONE U.S. DOLLAR ($1.00 US).
Indemnification.
YOU AGREE TO INDEMNIFY, DEFEND AND HOLD HARMLESS clinicspectrum.com, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS AND SUPPLIERS FROM AND AGAINST ALL CLAIMS, ACTIONS OR DEMANDS, LIABILITIES, AND SETTLEMENTS, INCLUDING BUT NOT LIMITED TO, REASONABLE LEGAL AND ACCOUNTING FEES RESULTING FROM, OR ALLEGED TO RESULT FROM, YOUR VIOLATION OF THESE TERMS OF USE OR ANY ACTIVITY RELATED TO YOUR ACCOUNT (INCLUDING BUT NOT LIMITED TO USE OF THE SERVICE AND SOFTWARE, INFRINGEMENT OF THIRD PARTIES' WORLDWIDE INTELLECTUAL PROPERTY RIGHTS OR NEGLIGENT OR WRONGFUL CONDUCT) BY YOU OR ANY OTHER PERSON ACCESSING THE SERVICE, SOFTWARE OR THIS WEB SITE USING YOUR ACCOUNT.
Term and Termination.
Either We or You may terminate Your right to use Our Web Site and the Service at any time, with or without cause, upon notice. We reserve the right to terminate or suspend Your right to use Our Web Site and the Service without prior notice, but We will confirm such termination or suspension by subsequent notice. In addition, we may withdraw, suspend or discontinue any functionality or feature of Our Web Site. The provisions of these Terms of Use concerning Disclaimer of Warranty, Limitation of Liability, Indemnification, Term and Termination and General Legal Provisions shall survive any termination of these Terms of Use.
General Legal Provisions.
Applicable Law and Jurisdiction. These Terms of Use will be governed by New Jersey law for all purposes, including Web site and services use and product purchases, without regard to or application of choice of law rules or principles. You hereby consent to the jurisdiction and venue of the courts of [New Jersey]. You should be aware that some jurisdictions do not allow for the exclusion of certain warranties or the limitation or exclusion for incidental or consequential damages that are contained in this Terms of Use. By agreeing to be bound by these Terms of Use, You may be waiving legal rights that could be available to you in another jurisdiction.
Severability.
If any provision of these Terms of Use or of any other legal notices posted by Us on this Web Site is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties' intentions as reflected in such provision, and the other provisions of the Terms of Use should remain in full force and effect.
Waiver.
Our failure to exercise or enforce any right or provision of these Terms of Use or other legal notices posted by Us on this Web Site shall not constitute a waiver of such right or provision. No waiver of any of these Terms of Use or of any other legal notices posted by Us on this Web site shall be deemed a further or continuing waiver of such term or condition or any other term or condition. No Modification by Course of Conduct or Trade Practice. Neither the course of conduct between the parties nor trade practice shall act to modify any provision of these Terms of Use or of any other legal notice posted by Us on this Web Site.
Assignment.
We may assign our rights and duties under these Terms of Use to any person at any time without notice to You or Your approval.
Notices.
If you have questions or comments regarding this Web Site, please contact Us at: support@clinicspectrum.com
Complete Agreement.
These Terms of Use and all other legal notices (including but not limited to these Terms of Use and the Privacy Policy) on this Web site constitute the complete agreement between You and Us with respect to the use of the clinicspectrum.com Web Site, the Service and the Software. Your use of the Services is also subject to the Our Privacy Policy. You also may be subject to additional terms and conditions that may apply when You use third-party content or third-party software.
Health Insurance Portability and Accountability Act (HIPAA)
Consumers are becoming increasingly aware of the need for privacy and security when storing personal information online. When it comes to healthcare, the situation is no different. At a national level, the healthcare industry is moving toward electronic storage of medical records. As this situation progresses, laws have been enacted to honor the privileged nature of information exchanged between patients and their doctors. HIPAA, the guiding rule of law on patient privacy, asserts that safeguards must be in place for "protected health information", defined by that same law as "individually identifiable information.." ( 45 CFR 160.103 )
When you visit a healthcare provider or pharmacy, you will receive a Notice of Privacy Practices that details your privacy rights under HIPAA; including how your information may be used and disclosed. The notice also explains who may have access to your information. The healthcare provider or pharmacy will require you to sign a statement affirming that you received this notice.
In order to help you build a thorough and accurate health record for yourself using clinicspectrum.com, you may want to obtain copies of your medical records. We suggest you contact your healthcare providers to determine what information can be made available to you.
clinicspectrum.com was designed to support the privacy and security requirements of HIPAA while enabling you to use the service from any computer with Internet access. This service allows you to store, change, and direct your information to healthcare providers, as well as generate a report showing to whom you have sent your information. As it pertains to clinicspectrum.com, our responsibilities are to make the information you provide on our site available to you, and to administer the system to ensure that your privacy and security are protected.
clinicspectrum.com
The clinicspectrum.com Web site is referred to simply as clinicspectrum.com in this privacy statement.
Access to records
You have access to enter and update your clinicspectrum.com records or to send your clinicspectrum.com information from any Web-enabled personal computer to any recipient you choose, typically a physician. clinicspectrum.com provides one-way access between you and your healthcare providers. This means that your providers cannot access your clinicspectrum.com account; they can only receive the information you send them. clinicspectrum.com will not send your information to anyone without you directing it and/or consenting to it. You can direct your healthcare provider to send information into your clinicspectrum.com account by either Fax or by secure electronic message. Any messages sent into your account will appear in your mailbox and you are given the opportunity to accept or reject any information before being incorporated into your profile.
Access to records for read only access
You have the option to create an emergency access PIN for each member that can allow someone, typically an emergency responder, to see selected information from your clinicspectrum.com account in a view-only mode. They must know the PIN, name, and date of birth to see the read-only summary. When some uses the PIN, you will be notified by e-mail and a log message will be viewable from within clinicspectrum.com. If your PIN is compromised by someone, you may change it at any time.
Advertising
For free basic accounts, clinicspectrum.com does display advertising based on medications, allergies, conditions (illnesses), procedures, and zip code. At no time is individual identifiable information shared with advertisers, even if you click on the ads. You may opt out of advertising after upgrading your account to a Premium or Concierge level.
Your clinicspectrum.com password
Choosing a password is your responsibility. Your password helps you keep your clinicspectrum.com information private and secure. Here are some important things to remember about your password:
- Use a password that is difficult for someone to guess but easy for you to remember.
- Your password should be at least five characters long.
- Use a combination of letters and numbers.
- Don't use your birthday, a family name, a pet name, or other information that might be easy for someone to guess.
- Do not tell anyone your password, including anyone from clinicspectrum.com. clinicspectrum.com employees should NEVER ask for your password.
- Remember to log out when you leave any personal computer.
Administrative use of clinicspectrum.com
From time to time, we may collect and summarize non-personal information at clinicspectrum.com for internal use, in order to continuously improve the service for you. For example, we regularly perform integrity and security checks on the system to ensure that it is functioning properly. All employees and agents of clinicspectrum.com are bound by a confidentiality agreement which prohibits the access and use of data for any other purpose than to assist clinicspectrum.com members.
clinicspectrum.com does not sell patient data, even in aggregate form.
Changes to the privacy policy
When there any changes to this privacy statement, clinicspectrum.com will notify its members by posting a notice on the Web site.
Authority Consent
1. Definitions.
“Agreement” shall mean this Agreement and all exhibits and attachments thereto.
a. “Implementation Workplan” shall mean the written workplan mutually agreed upon by the parties which set forth the major milestones for implementation of the Software. The Implementation Workplan shall be developed and agreed upon by the parties prior to execution of this Agreement, and the Implementation Workplan may be amended from time to time by the mutual agreement of the parties.
b. “Maintenance Periods” shall mean all time periods during which CSI will provide Maintenance Services.
c. “Maintenance Services” shall mean the services described in the Maintenance Agreement attached as Exhibit B. “Software” shall mean the ONLINE AR Management software product set forth in Exhibit B hereto, which are licensed to Customer hereunder.
d. “Warranty Period” shall mean the (2) months period commencing on the Acceptance Date during which CSI will provide Maintenance Services.
2. Software License.
CSI hereby grants to Customer a perpetual, non-exclusive license to use the Software, subject to the terms and conditions hereinafter set forth. Customer’s Authorized Users may access and use the Software on behalf of Customer. “Authorized Users” means Customer and all: (i) employees, agents and contractors of Customer acting for the benefit of Customer, and (ii) all other third parties who, subject to compliance with the licenses granted herein, are authorized by Customer to receive and use the Software on its behalf.
3. Implementation.
a. Implementation Obligations/Implementation Workplan. Promptly after the delivery of the Software components to Customer, CSI shall implement the Software as per the agreed terms of payment for installation.
b. Training. CSI shall provide training to Customer’s staff and Authorized Users as set forth in the Implementation Workplan.
c. Interfaces. In accordance with the Implementation Workplan and as part of its implementation responsibilities, CSI shall develop and implement interface with customer’s practice management system as per the agreed terms of the interface charges.
4. Warranty Period/Maintenance Periods.
a. CSI shall maintain and support the Software, during the Warranty Period and all Maintenance Periods thereafter. CSI’s Maintenance Services (“Maintenance Services”) shall include each of the following: i. Preventative Maintenance. CSI shall provide preventative maintenance sufficient to maintain the Software in good operating condition. ii. New Releases, Updates, Etc. Refer to Exhibit B for service plan.
b. CSI shall provide Maintenance Services during the Warranty Period and all Maintenance Periods thereafter. As long as Customer agrees to pay the maintenance fees set forth in the Maintenance Agreement.
5. Fees/Payment Schedule. Software License Fee.
As consideration for the sale of the Software license, and CSI’s related services described herein (including its implementation responsibilities), Customer shall pay CSI the fees set forth on Exhibit B. Notwithstanding anything to the contrary herein, CSI represents, warrants and covenants that all of the Implementation Services set forth in the Implementation Workplan shall be provided by CSI for the fixed Implementation Fees set forth in Exhibit B which will be subject to change. Compliance with Law. i. CSI represents, warrants and covenants that throughout the term of this Agreement and all Maintenance Periods all of CSI’ services hereunder will be performed in a manner fully compliant with applicable Federal, state and local laws, rules and regulations. Upgrade and Installation ii. Throughout the term of this Agreement, CSI agrees to provide and install any Upgrades to the Software necessary to cause the Software to operate in accordance with scope of work specified in Exhibit C as long as customer agrees to pay fees set forth on Exhibit B for such upgrades and installations. All such Upgrades shall be discussed and finalized as a Project prior to commencement of development and implementation work on such upgrades.
6. Term and Termination.
a. Term and Termination. This Agreement shall remain in effect until it is terminated as provided herein. If one party breaches its obligations contained herein, the non-breaching party may terminate this Agreement on sixty (60) days prior written notice if the breaching party does not cure such breach within such sixty (60) day notice period.
b. Termination without Cause. Notwithstanding anything to the contrary in this Agreement, Customer may terminate this Agreement at any time, without cause or penalty, upon sixty (60) days prior written notice to CSI. & c. Effect of Termination. Upon the termination of this Agreement, the parties shall use reasonable efforts to effect an orderly transition to Customer of the services provided by CSI hereunder. Notwithstanding any termination of this Agreement, Customer shall retain its perpetual license to use the Software pursuant to the terms of this Agreement. CSI may charge an applicable fees for transfer of customer’s data in mutually agreed electronic format.
7. Confidentiality.
CSI agrees that it shall retain in strict confidence all information and data relating to Customer’ business, patients, medical records, employees, programs, trade secrets, Softwares, know-how and all other proprietary or confidential information. CSI shall not disclose such information to any third party without Customer’ prior written approval. CSI shall take all appropriate actions by instruction or agreement with its employees and agents to satisfy its confidentiality obligations hereunder. CSI acknowledges that a violation of its obligation hereunder with respect to Customer’ proprietary rights will immediately give rise to continuing irreparable injury to Customer, inadequately compensable in damages at law, and that, without limiting its other remedies, Customer is entitled to obtain immediate injunctive relief to restrain a breach hereunder.
8. Miscellaneous.
CSI Liaison. CSI shall designate in writing to Customer one individual, reasonably satisfactory to Customer, who shall be responsible for coordinating all of the services to be rendered by CSI hereunder and who shall be Customer’ normal point of contact with CSI on matters relating to such services. Such individual shall be replaced upon Customer’ written request. Non Recruit During the enforcement of this contract and for a period of three years thereafter, “Customer” will neither directly nor indirectly through any third party solicit to employ, cause to be solicited for the purpose of employment, or offer employment to any employee/s or subcontractor/s of the CSI, deputed under the provision of this contract. Ownership and use of proprietary property Customer expressly acknowledges and agrees that any and all proprietary materials created by CSI deployed professionals in the scope of providing service hereunder shall be created as “work made for upgrade (or) enhancements” and that “CSI” shall be the true and lawful owner of all copyrights and other proprietary rights in and to such items and shall be considered to be the sole and exclusive author of such materials. These items shall include, but shall not necessarily be limited to any and all deliverables resulting from the CSI service or contemplated by this Agreement, all tangible results and proceeds of the CSI service, work in progress, records, diagrams, notes, drawings, specifications, schematics, documents, designs, improvements, inventions, discoveries, developments, trademarks, trade secrets, databases, software, programs, middleware, applications, solutions, (Collectively referred to as “Proprietary Products”) conceived, made or discovered by CSI, solely or in collaboration with others, during the period of this Agreement. Indemnification Both parties shall defend, indemnify, hold harmless, and insure each other from any and all damages expenses or liability resulting from or arising out of, any negligence or misconduct on its own part, or from any breach or default of this Agreement which is caused or occasioned by the acts of either party. Both parties shall insure that its employees and affiliates take all actions necessary to comply with the terms and conditions set forth in this Agreement. Notice. All notices required or permitted to be given by one party to the other under this Agreement shall be sufficient if sent by certified mail, return receipt requested, to the parties at the respective addresses first written above or to such other address as the party to receive the notice has designated by notice to the other party. Relationship of Parties. It is expressly acknowledged by the parties that CSI and its employees and agents are “independent contractors” of Customer. Nothing in this Agreement is intended or shall be construed to create an employer/employee relationship or a joint venture relationship between the parties. Governing Law/Forum. This Agreement and performance hereunder shall be governed by and construed in accordance with the laws, exclusive of conflict of laws rules. Any and all proceedings related to the subject matter hereof shall be maintained in the state or federal courts with subject matter jurisdiction over this Agreement, which courts shall have exclusive jurisdiction for such purpose. Severability. If any provision of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no way be affected or impaired thereby. No Waiver. No waiver by any party of any provision of this Agreement in any instance shall be effective unless in writing, signed by the affected party, and no such waiver shall constitute a waiver as to any other provision of this Agreement in any other instance. Entire Agreement/Counterparts. This Agreement constitutes the entire understanding between the parties with respect to the subject matter contained herein. This Agreement may be amended or modified from time to time but only by an agreement in writing signed by both of the parties. This Agreement supersedes any prior agreements and understandings between the parties with respect to the subject matter contained herein. This Agreement may be executed in any number of counterparts, each of which shall be deemed to be an original, but all of which together shall constitute one and the same agreement. Assignment. This Agreement shall be binding upon and shall inure to the benefit of the parties and their respective successors. No party shall assign, transfer, convey, or otherwise dispose of this Agreement or its right, title, or interest therein to any third party without the prior written approval of the other party, provided, however, that Customer reserves the right to assign its rights under this Agreement, in whole or in part, to a buyer of the of substantially all of its assets upon notice to CSI. IN WITNESS WHEREOF the parties have executed this agreement on the date first set forth above
Business Associate Agreement
1. Definitions.
a. General. Terms used, but not otherwise defined, in this BA Agreement shall have the same meaning given to those terms by HIPAA, the HITECH Act and HIPAA Regulations as in effect or as amended from time to time.
b. Specific. i. Breach. “Breach” shall have the same meaning as the term “breach” in the HITECH Act, Section 13400(1). ii. Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term “electronic health record” in the HITECH Act, Section 13400(5). iii. Electronic Protected Health Information. “Electronic Protected Health Information” shall have the same meaning as the term “electronic protected health information” in 45 CFR § 160.103, limited to the information that Business Associate creates, receives, maintains, or transmits from or on behalf of Covered Entity. iv. Individual. “Individual” shall have the same meaning as the term “individual” in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g). v. Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164. vi. Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity. vii. Required By Law. “Required by Law” shall have the same meaning as the term “required by law” in 45 CFR § 160.103. viii. Secretary. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his designee. ix. Security Rule. “Security Rule” shall mean the Security Standards at 45 CFR Part 160 and Part 164. x. Services Agreement. “Services Agreement” shall mean any present or future agreements, either written or oral, between Covered Entity and Business Associate under which Business Associate provides services to Covered Entity which involve the use or disclosure of Protected Health Information. The Services Agreement is amended by and incorporates the terms of this BA Agreement. xi. Unsecured Protected Health Information. “Unsecured Protected Health Information” shall have the same meaning as the term “unsecured protected health information” in the HITECH Act, Section 13402(h)(1).
2. Obligations and Activities of Business Associate.
a. Use and Disclosure. Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Services Agreement, this BA Agreement or as Required By Law. Business Associate shall comply with the provisions of this BA Agreement relating to privacy and security of Protected Health Information and all present and future provisions of HIPAA, the HITECH Act and HIPAA Regulations that relate to the privacy and security of Protected Health Information and that are applicable to Covered Entity and/or Business Associate.
b. Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of the Protected Health Information other than as provided for by this BA Agreement. Without limiting the generality of the foregoing sentence, Business Associate will: i. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information as required by the Security Rule; ii. Ensure that any agent, including a subcontractor, to whom Business Associate provides Electronic Protected Health Information agrees to implement reasonable and appropriate safeguards to protect Electronic Protected Health Information; and iii. Promptly report to Covered Entity any Security Incident of which Business Associate becomes aware. In addition, Business Associate agrees to promptly notify Covered Entity following the discovery of a Breach of Unsecured Protected Health Information. A Breach is considered “discovered” as of the first day on which the Breach is known, or reasonably should have been known, to Business Associate or any employee, officer or agent of Business Associate, other than the individual committing the Breach. Any notice of a Security Incident or Breach of Unsecured Protected Health Information shall include the identification of each Individual whose Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Security Incident or Breach as well as any other relevant information regarding the Security Incident or Breach.
c. Reporting. Business Associate agrees to promptly report to Covered Entity any use or disclosure of Protected Health Information not permitted by this BA Agreement of which Business Associate becomes aware.
d. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate or its employees, officers or agents in violation of the requirements of this BA Agreement (including, without limitation, any Security Incident or Breach of Unsecured Protected Health Information). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BA Agreement and/or any Security Incident or Breach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices to the Individual, a regulatory body or any third party required to be made under HIPAA, HIPAA Regulations, the HITECH Act, or any other Federal or State laws, rules or regulations, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.
e. Agents. Business Associate shall ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by, Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this BA Agreement to Business Associate with respect to such information.
f. Access to Designated Record Sets. To the extent that Business Associate possesses or maintains Protected Health Information in a Designated Record Set, Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under HIPAA Regulations. If an Individual makes a request for access to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within three (3) business days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual.
g. Amendments to Designated Record Sets. To the extent that Business Associate possesses or maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to HIPAA Regulations at the request of Covered Entity or an Individual, and in the time and manner designated by the Covered Entity. If an Individual makes a request for an amendment to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within three business (3) days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual.
h. Access to Books and Records. Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Covered Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
i. Accountings. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA, HIPAA Regulations and the HITECH Act.
j. Requests for Accountings. Business Associate agrees to provide to Covered Entity or an Individual, in the time and manner designated by the Covered Entity, information collected in accordance with Section 2(i) of this BA Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA, HIPAA Regulations and the HITECH Act. If an Individual makes a request for an accounting directly to Business Associate, Business Associate shall notify Covered Entity of the request within three business (3) days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual.
3. Permitted Uses and Disclosures by Business Associate.
a. Services Agreement. Except as otherwise limited in this BA Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such use or disclosure would not violate HIPAA, HIPAA Regulations or the HITECH Act if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
b. Use for Administration of Business Associate. Except as otherwise limited in this BA Agreement, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Disclosure for Administration of Business Associate. Except as otherwise limited in this BA Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that (i) disclosures are Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
4. Permissible Requests by Covered Entity.
Except as set forth in Section 3 of this BA Agreement, Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
5. Term and Termination.
a. Term. This BA Agreement shall be effective as of the date of this BA Agreement and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
b. Termination for Cause. Upon Covered Entity’s knowledge of a material breach by Business Associate of the terms of this BA Agreement, Covered Entity shall either: i. Provide an opportunity for Business Associate to cure the breach or end the violation. If Business Associate does not cure the breach or end the violation within the time specified by Covered Entity, Covered Entity shall terminate: (A) this BA Agreement; (B) all of the provisions of the Services Agreement that involve the use or disclosure of Protected Health Information; and (C) such other provisions, if any, of the Services Agreement as Covered Entity designates in its sole discretion; ii. If Business Associate has breached a material term of this BA Agreement and cure is not possible, immediately terminate: (A) this BA Agreement; (B) all of the provisions of the Services Agreement that involve the use or disclosure of Protected Health Information; and (C) such other provisions, if any, of the Services Agreement as Covered Entity designates in its sole discretion; or iii. If neither termination nor cure are feasible, Covered Entity shall report the violation to the Secretary.
c. Effect of Termination. i. Except as provided in Section 5(c)(ii), upon termination of this BA Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. ii. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this BA Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.
6. Indemnity.
Business Associate agrees to indemnify, defend and hold harmless Covered Entity and its employees, directors/trustees, members, professional staff, representatives and agents (collectively, the “Indemnitees”) from and against any and all claims (whether in law or in equity), obligations, actions, causes of action, suits, debts, judgments, losses, fines, penalties, damages, expenses (including attorney’s fees), liabilities, lawsuits or costs incurred by the Indemnities which arise or result from a breach of the terms and conditions of this BA Agreement or a violation of HIPAA, the HITECH Act or HIPAA Regulations by Business Associate or its employees or agents. Business Associate’s indemnification obligations hereunder shall not be subject to any limitations of liability or remedies in the Service Agreement.
7. Compliance with HIPAA Transaction Standards.
When providing its services and/or products, Business Associate shall comply with all applicable HIPAA standards and requirements (including, without limitation, those specified in 45 CFR Part 162) with respect to the transmission of health information in electronic form in connection with any transaction for which the Secretary has adopted a standard under HIPAA (“Covered Transactions”). Business Associate will make its services and/or products compliant with HIPAA’s standards and requirements no less than thirty (30) days prior to the applicable compliance dates under HIPAA. Business Associate represents and warrants that it is aware of all current HIPAA standards and requirements regarding Covered Transactions, and Business Associate shall comply with any modifications to HIPAA standards and requirements which become effective from time to time. Business Associate agrees that such compliance shall be at its sole cost and expense, which expense shall not be passed on to Covered Entity in any form, including, but not limited to, increased fees. Business Associate shall require all of its agents and subcontractors (if any) who assist Business Associate in providing its services and/or products to comply with the terms of this Section 7.
8. Miscellaneous.
a. Regulatory References. A reference in this BA Agreement to a section in HIPAA, HIPAA Regulations, or the HITECH Act means the section as in effect or as amended or modified from time to time, including any corresponding provisions of subsequent superseding laws or regulations.
b. Amendment. The Parties agree to take such action as is necessary to amend the Services Agreement from time to time as is necessary for Covered Entity to comply with the requirements of HIPAA, the HIPAA Regulations and the HITECH Act.
c. Survival. The respective rights and obligations of Business Associate under Section 5(c) of this BA Agreement shall survive the termination of the Services Agreement or this BA Agreement.
d. Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with HIPAA, HIPAA Regulations and the HITECH Act.
e. Miscellaneous. The terms of this BA Agreement are hereby incorporated into the Services Agreement. Except as otherwise set forth in Section 8(d) of this BA Agreement, in the event of a conflict between the terms of this BA Agreement and the terms of the Services Agreement, the terms of this BA Agreement shall prevail. The terms of the Services Agreement which are not modified by this BA Agreement shall remain in full force and effect in accordance with the terms thereof. This BA Agreement shall be governed by, and construed in accordance with, the laws of the State of New York, exclusive of conflict of law rules. Each party to this BA Agreement hereby agrees and consents that any legal action or proceeding with respect to this BA Agreement shall only be brought in the courts of the state where the Covered Entity is located in the county where the Covered Entity is located. The Services Agreement together with this BA Agreement constitutes the entire agreement between the parties with respect to the subject matter contained herein, and this BA Agreement supersedes and replaces any former business associate agreement or addendum entered into by the parties. This BA Agreement may be executed in counterparts, each of which when taken together shall constitute one original. Any PDF or facsimile signatures to this BA Agreement shall be deemed original signatures to this BA Agreement. No amendments or modifications to the BA Agreement shall be effected unless executed by both parties in writing. IN WITNESS WHEREOF, the parties have executed this BA Agreement as of the date set forth above.