September 23, 2018

Terms and Conditions



Terms and Conditions

Version 1.0

Service Agreement

About

Meddkit, LLC (“Meddkit”, “we”, “us” or “our”) is a Pennsylvania Limited Liability Corporation that provides marketing software and technology support services for healthcare providers (the “Service”). The Order Form (the “Order Form”) sets forth the Service being purchased by the client who signed the Order Form (“you”, “your” or “Client”), the costs for such Service, and any other relevant details.

These terms of service (the “Terms”) are incorporated by reference into and made a part of any Order Form and govern the relationship between you and Meddkit. All Order Forms are subject to acceptance by Meddkit, in its sole discretion. The Order Form, the Terms, and any documents or links referenced in such documents are together referred to as the “Agreement”.

If you are accepting these Terms on behalf of your employer or another entity, you represent and warrant that (i) you have full legal authority to bind your employer or such legal entity to these Terms, (ii) you have read and understand these Terms, and (iii) you agree, on behalf of the Client, to these Terms.

PLEASE READ THE FOLLOWING TERMS CAREFULLY. Except as otherwise provided in Section 13 (Dispute Resolution and Arbitration), these Terms provide that all disputes between you and Meddkit will be resolved by BINDING ARBITRATION AND YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend your rights. Except as otherwise provided in Section 13 (Dispute Resolution and Arbitration), your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury, and your claims cannot be brought as part of a class action. Please review Section 13 (Dispute Resolution and Arbitration) below for the details regarding your agreement to arbitrate disputes with Meddkit.

1. Elements of Service

The Service includes, but is not necessarily limited to, the development of a cloud-based provider website (“Provider Website”), and the provision of cloud-based tools and services, including but not limited to an online booking tool, call tracking, reputation management, profile syndication & management, analytics dashboard, and general online local marketing services (collectively, the “Marketing Software”)

1.1 Provider Website

Meddkit will develop a cloud-based Provider Website for Client. Such Provider Website will integrate elements of the Marketing Software, including but not limited to the Meddkit online booking tool. Client may, but is not required to, submit Content (as defined below) for inclusion on the Provider Website; any such Content submitted by Client and used by Meddkit is subject to Section 3 (Content) and Section 4 (Ownership) below.

1.2 Marketing Software

Meddkit will provide the Marketing Software indicated on the applicable Order Form. Where applicable, Meddkit will make the dashboard element of the Marketing Software (the “Dashboard”) available to Client in accordance with these Terms and any other Meddkit rules and policies then in effect. The Dashboard allows Client to set up an account and password to access the Dashboard. Client may authorize employees or subcontractors to use the Dashboard on behalf of Client (each, a “User”); such Users are subject to these Terms, and Client agrees to be responsible for the actions of all Users who receive authorization to use the Service, including but not limited to their access to the Dashboard.

1.3 Restrictions

Client will not, and will not permit or authorize third parties to: (a) rent, lease, resell or otherwise permit unauthorized third parties to access or use the Service; (b) reverse engineer, reverse assemble or otherwise attempt to discover the source code for any software made available as part of the Service; or (c) circumvent or disable any security or other technological features or measures of the Service.

2. Responsibilities of the Parties

As part of the Service, Meddkit may perform or assist in performing a function or activity on Client’s behalf that involves the use and disclosure of Protected Health Information (as defined in 45 C.F.R. 164.501 hereinafter, “PHI”). The parties hereto shall use or disclose such PHI as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) and the Standards for Security of Electronic Protected Health Information (the “Security Rule”) promulgated thereunder, and the Health Information Technology for Economic and Clinical Health Act (Division A, Title XIII and Division B, Title IV, of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5) (the “HITECH Act”). Capitalized terms used but not otherwise defined in this Section 2 shall have the same meaning given to such terms in HIPAA, the HITECH Act, or any implementing regulations promulgated thereunder, including but not limited to the Privacy Rule and the Security Rule. In connection with and by agreeing to these Terms, you and Meddkit agree to be bound by the terms of a Business Associate Agreement, the terms of which are referenced in the Order Form incorporated herein by reference. You (the “Covered Entity,” as referred to in the Business Associate Agreement) hereby agree that you have read and agree to be bound by the terms of the Business Associate Agreement. Meddkit (the “Business Associate,” as referred to in the Business Associate Agreement), agrees to be bound by the terms of the Business Associate Agreement. The parties hereto each agree to perform their respective obligations as enumerated therein.

3. Content

  1. Client may provide content to Meddkit for use in Meddkit’s provision of the Service, including but not limited to photos, images, data, text, and other types of works (“Content”). Client retains copyright and any other proprietary rights that Client may hold in the Content that Client provides to Meddkit. By providing Content, Client hereby grants Meddkit a worldwide, non-exclusive, royalty-free right and license (with the right to sublicense) to host, store, transfer, display, perform, reproduce, modify for the purpose of formatting for display, and distribute Client’s Content, in whole or in part, in any media formats and through any media channels (now known or hereafter developed).
  2. Client is solely responsible for any Content that Client provides, and for the consequences of posting or publishing such Content. By providing Content, Client affirms, represents, and warrants that:
  3. Client is the creator and owner of, or has the necessary licenses, rights, consents, and permissions, to use and to authorize Meddkit to use and distribute Client’s Content as necessary to exercise the licenses granted by Client in this Section 3 and in the manner contemplated by Meddkit, the Service, and these Terms; and
  4. Client’s Content, and the use of Client’s Content as contemplated by these Terms, does not and will not: (i) infringe, violate, or misappropriate any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (ii) slander, defame, libel, or invade the right of privacy, publicity or other property rights of any other person; or (iii) cause Meddkit to violate any law or regulation.

4. Ownership

4.1 Client

Client will retain exclusive ownership of all rights, title and interest in and to all Content which Client provides to Meddkit for the provision of the Services, subject to the rights granted to Meddkit herein. Upon termination or expiration of the Agreement, Client will own solely the domain name of the Provider Website; if the domain name was purchased and registered by Meddkit, Meddkit will take reasonable measures to assign the domain name to Client upon termination or expiration of this Agreement. If the domain name was purchased and registered by Client, Client will retain such ownership of the domain name. For clarity, all other elements of the Provider Website, apart from any Content provided by Client, will be owned solely by Meddkit, and will not be retained by Client upon expiration or termination of this Agreement.

4.2 Meddkit

Meddkit will retain exclusive ownership of all rights, title and interest in the Marketing Software (including, without limitation, any modifications, updates and developments provided hereunder), as well as any Content supplied by Meddkit in the provision of the Service, and any visual interfaces, graphics, design, compilation, information, data, computer code (including source code or object code), products, software, services, and any other elements of the Service, subject to the licenses granted herein.

5. Fees

In connection with Client’s use of the Service and pursuant to Meddkit’s acceptance of the Order Form, Client will pay to Meddkit the applicable fees set forth in the Order Form. Meddkit reserves the right to change any of the fees at any time, provided that such changes will not take effect until a new Order Form has been executed and delivered to Meddkit by you. All payments required by these Terms exclude all sales, value-added, use, or other taxes, all of which Client will pay in full, except for taxes based on Meddkit’s net income.

5.1 Implementation Fees

Each party will provide the other with reasonable cooperation, assistance, information and access as may be necessary to initiate Client’s use of the Service. Meddkit will provide non-refundable implementation services to Customer to the extent set forth in the Order Form.

5.2 Billing Subscriptions

There are two options regarding billing subscriptions:

  • Monthly Billing Subscription: A twelve-month term in which you are billed a portion (1/12) of the annual contract value on a monthly basis.
  • Yearly Billing Subscription: A twelve-month term in which you are required to pay the full annual contract value.

The applicable billing subscription option will be indicated on the Order Form. Renewal of the subscription is subject to the terms of Section 6 (Term and Termination) below.

5.3 Discounts

Meddkit may from time to time, in its sole discretion, provide special promotions or discounts. If Meddkit offers any special promotions or discounts that provide you with credits or other incentives in connection with the Service (“Promotional Credits”), and you cancel the Service prior to completion of the Initial Term (as defined below) (other than for cause, as set forth below in Section 6 vi.), you will be required to repay to Meddkit the full amount of any corresponding discounts.

5.4 Manner of Payment

You will pay for all amounts payable under this Agreement either by credit card (the “Client Card”), by electronic debit from your bank account (“ACH”), or such other form of payment as Meddkit may, in its sole discretion and with prior approval, permit (included but not limited to payment by check). You will be required to agree to the applicable payment authorization form(s), which also permit Meddkit to recover any Promotional Credits (as set forth above) in the authorized manner. In the case of payment through ACH, no amounts owing are considered paid until the electronic debit has been received by Meddkit’s bank.

5.5 Timing of Payment

Fees, as identified on the Order Form, are due as indicated on the Order Form and in accordance with Client’s billing subscription plan. Meddkit will have the right to charge the Client Card or debit from your account through ACH for fees in accordance with these Terms. You understand and acknowledge that all amounts owed must be paid in advance and that if timely payment is not received, in addition to being in breach of your contractual obligations, the Service may be paused or terminated. Any amounts not paid by you when due will bear interest at the rate of 2% per month (or the highest rate permitted by law). You agree to pay all costs of collection, including attorney’s fees and costs and all other legal and collection expenses incurred by Meddkit in connection with its enforcement of its rights under these Terms.

6. Term and Termination

6.1 Term

This Agreement will continue for the period indicated on the applicable Order Form (the “Initial Term”).

6.2 Auto-Renewal

Provided that Client has paid all fees due under this Agreement, this Agreement will automatically renew for successive one (1) year or one (1) month periods (“Renewal Term(s)”) in accordance with the billing schedule agreed to on the applicable Order Form unless either party provides notice of non-renewal in accordance with subsection iii. below. The Initial Term and any subsequent Renewal Term(s) may be collectively referred to as the “Term”.

6.3 Notice of Non-Renewal

To prevent renewal of a subscription, you or we must give written notice of non-renewal and this written notice must be received no more than ninety (90) days but no less than thirty (30) days in advance of the end of the subscription then in effect. If you decide not to renew, you must send the notice of non-renewal by email to support@meddkit.com. Any notice received with less than 30 days’ notice will result in auto-renewal of your subscription for an additional Renewal Term.

6.4 No Early Termination; No Refunds

Unless otherwise indicated in e-mail or elsewhere in this agreement, the subscription term in effect will end on the expiration date and you cannot cancel it before its expiration. We do not provide refunds if you decide to stop using the subscription during your subscription term.

6.5 Suspension for Non-Payment

We will provide you with notice of non-payment of any amount due. Unless the full amount has been paid, we may suspend your access to any portion or all of the Service ten (10) days after such notice. We will not suspend the Service while you are disputing the applicable charges reasonably and in good faith and are cooperating diligently to resolve the dispute. If your Service is suspended for non-payment, we may charge a re-activation fee to reinstate the Service.

6.6 Termination for Cause

Either party will have the right to terminate this Agreement if the other party breaches any material term or condition of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of the same, except in the case of Client’s failure to pay fees, which must be cured within ten (10) days after receipt of written notice from Meddkit. Pursuant to the payment policies outlined in Section 5 (Fees), you understand and agree that you will not be entitled to any refunds of amounts already paid to Meddkit unless you properly terminate the Agreement for cause per the terms of this Section.

6.7 Effect of Termination

Upon the expiration or termination of this Agreement, Client’s rights to access and use the Service will terminate, provided that: (i) any and all payment obligations of Client under this Agreement outstanding as of the effective date of expiration or termination will survive; (ii) Meddkit shall return or destroy all PHI received from you, or created or received by us on your behalf (including any PHI in the possession of Meddkit’s subcontractors or agents), and otherwise comply with the termination provisions of the Business Associate Agreement attached hereto as Exhibit A; (iii) where returning or destroying the PHI is infeasible, Meddkit will provide notification to you of the conditions that make return or destruction infeasible, and upon mutual written agreement regarding such infeasibility, the protections of this Agreement and the Business Associate Agreement will continue to apply to such PHI to limit further uses and disclosures of such PHI for so long as the PHI must be maintained; and (iv) the following provisions will survive: Sections 2, 3, 4, 5, 6 vii., and 8-14.

7. Hosting, Updates, and Privacy

The Service will be hosted and operated by or on behalf of Meddkit. Meddkit may update the features, functionality and user interface of the Service from time to time at its sole discretion. Please read the Meddkit Privacy Policy carefully for information relating to our collection, use, storage and disclosure of information. The Meddkit Privacy Policy is incorporated by this reference into, and made a part of, these Terms.

8. Publicity

You agree that Meddkit may, during and after the Term of this Agreement, include your name (including any applicable trade name, trademark, service mark or logo) on Meddkit’s client list, and in its marketing materials, sales presentations and any online directories that Meddkit may, from time to time, publish.

9. Confidentiality

9.1 Confidential Information

Each party acknowledges that it will have access to certain confidential information of the other party concerning the other party’s business or practice, plans, technology, and products (“Confidential Information”). Each party will not use in any way, for its own account or the account of any third party, except as expressly permitted by this Agreement, nor disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary), any of the other party’s Confidential Information and will take reasonable precautions to protect the confidentiality of such information. Information will not be deemed Confidential Information if such information: (i) is known to the receiving party prior to receipt from the disclosing party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (ii) becomes known (independently of disclosure by the disclosing party) to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the receiving party; or (iv) is independently developed by the receiving party.

9.2 Confidentiality of Agreement

Each party agrees that the terms and conditions, but not the existence, of this Agreement will be treated as the other’s Confidential Information; provided, however, that each party may disclose the terms and conditions of this Agreement: (i) as required by any court or other governmental body; (ii) as otherwise required by law; (iii) to legal counsel of the parties; (iv) in connection with the requirements of a public offering or securities filing; (v) in confidence, to its employees and agents and to its professional advisors such as accountants, banks and financing sources; (vi) in confidence, in connection with the enforcement of this Agreement or rights under this Agreement; or (vii) in confidence, in connection with a merger or acquisition or proposed merger or acquisition, or the like.

10. Indemnities

10.1 Meddkit Indemnity

Meddkit will indemnify, defend and hold Client harmless from and against: (a) any third party claim brought against Client alleging that the Marketing Software or any Meddkit-provided Content infringes any third party intellectual property or proprietary right, including without limitation, patent, copyright or trademark; and (b) any liability, claim, action, loss, cost, damage or expense (including reasonable fees of attorneys and experts) incurred or suffered by Client, to the extent that such liability, claim, action, loss, cost, damage, expense or fees are attributable to or incurred as a result of an unauthorized use or disclosure of PHI by Meddkit or Meddkit’s breach of this Agreement; provided that (i) Client promptly notifies Meddkit in writing of such claim, (ii) provides assistance as reasonably requested by Meddkit to defend or settle such claim and (iii) gives Meddkit the exclusive authority to defend or settle such claim. Meddkit will not enter into any settlement that requires Client to admit liability or pay money without Client’s prior written approval, which will not be unreasonably withheld or delayed. Meddkit will have no liability or obligation under this Section 10 i. for any Content provided by Client.

10.2 Client Indemnity

Client will indemnify, defend and hold Meddkit and its officers, directors, employees, consultants, affiliates, subsidiaries and agents (together, the “Meddkit Indemnitees”) harmless from and against every claim, liability, damage, loss, and expense, including reasonable attorneys’ fees and costs, arising out of or in any way connected with: (a) your access to, use of, or alleged use of, the Service; (b) your violation of any portion of this Agreement or any applicable law or regulation; (c) your violation of any third-party right, including any intellectual property right or publicity, confidentiality, other property, or privacy right; or (d) any dispute or issue between you and any third party, including but not limited to any dispute arising from the sale, license, supply or provision of your goods or services. Client specifically agrees to indemnify the Meddkit Indemnitees as it relates to any claims against them related to the accessibility of the Provider Website to persons with disabilities, specifically those who are visually or hearing impaired. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of that claim.

11. Representations and Warranties; Disclaimer

11.1 Mutual Representations and Warranties

Each party represents and warrants to the other that: (i) this Agreement has been duly entered into and constitutes a valid and binding agreement enforceable against such party in accordance with its terms; (ii) no authorization or approval from any third party is required in connection with such party’s entering into or performance of this Agreement; and (iii) the entering into and performance of this Agreement does not and will not violate the laws of any jurisdiction or the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound.

11.2 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH ABOVE, MEDDKIT MAKES NO REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AND MEDDKIT EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. MEDDKIT DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE OR THAT OPERATION OF THE SERVICE WILL BE SECURE OR UNINTERRUPTED. FROM TIME TO TIME, CLIENT MAY REQUEST THE ADDITION OF CERTAIN CODE AND/OR FUNCTIONALITIES TO BE ADDED TO CLIENT’S WEBSITE OR OTHER PLATFORM. MEDDKIT SHALL NOT BE RESPONSIBLE FOR ENSURING THAT THE REQUESTED CODE AND/OR FUNCTIONALITIES COMPLY(IES) WITH ANY AND ALL APPLICABLE LAWS AND REGULATIONS PERTAINING TO CLIENT’S BUSINESS. CLIENT HEREBY ACKNOWLEDGES AND AGREES THAT CLIENT ALONE SHALL BE RESPONSIBLE FOR ENSURING THAT CLIENT’S WEBSITE AND SERVICE OFFERINGS, EVEN IF SUPPORTED BY MEDDKIT, COMPLY WITH APPLICABLE LAWS AND REGULATIONS.

12. Limitation of Liability

MEDDKIT WILL NOT BE LIABLE TO THE CLIENT FOR ANY LOST PROFITS, COST OF COVER, LOSS OF DATA, INTERRUPTION OF BUSINESS OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, EVEN IF CLIENT IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND (II) MEDDKIT'S TOTAL LIABILITY UNDER OR ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL BE LIMITED TO THE AMOUNTS PAID TO MEDDKIT BY CLIENT DURING THE 12-MONTH PERIOD IMMEDIATELY PRIOR TO THE INCIDENT GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE OR IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

13. Dispute Resolution and Arbitration

13.1 Generally

Except as provided in subsection ii. below, any and all disputes, controversies, or claims arising out of or relating to the Service, this Agreement or a breach thereof shall be submitted to and finally resolved by arbitration under the rules of the American Arbitration Association (“AAA”) then in effect. There shall be one arbitrator, and such arbitrator shall be chosen by mutual agreement of the parties in accordance with AAA rules. The arbitration shall take place in Philadelphia, Pennsylvania. The arbitrator shall apply the laws of the State of Pennsylvania to all issues in dispute. The findings of the arbitrator shall be final and binding on the parties, and may be entered in any court of competent jurisdiction for enforcement. Legal fees shall be awarded as provided by the arbitrator.

13.2 Exceptions

Despite the provisions of this Section 13, nothing in these Terms will be deemed to waive, preclude, or otherwise limit the right of either party to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through an applicable federal, state, or local agency if that action is available; (c) seek emergency injunctive relief in a court of law; or (d) file suit in a court of law to address an intellectual property infringement claim.

13.3 No Class Actions

EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and Meddkit agree otherwise, the arbitrator may not consolidate more than one person’s or entity’s claims, and may not otherwise preside over any form of a representative or class proceeding. If a decision is issued stating that applicable law precludes enforcement of any of this subsection’s limitations as to a given claim for relief, then that claim must be severed from the arbitration and brought in the State or Federal Courts located in Philadelphia County, Pennsylvania. All other claims shall be arbitrated in accordance with this Section 13.

14. Miscellaneous

Except for the obligation to pay money, neither party will be liable for any failure or delay in its performance under this Agreement due to any cause beyond its reasonable control, including acts of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or failure of the Internet, provided that the delayed party: (i) gives the other party prompt notice of such cause, and (ii) uses its reasonable commercial efforts to correct promptly such failure or delay in performance. This Agreement is made under and will be governed by and construed in accordance with the laws of the State of Pennsylvania (except that body of law controlling conflicts of law). Neither party may assign this Agreement without the prior written consent of the other party, except that Meddkit may freely assign this Agreement as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its business or assets without the prior consent of Client. Any attempted assignment or delegation in violation of the foregoing will be void. This Agreement will bind and inure to the benefit of each party’s successors and permitted assigns. Meddkit may, without your consent, subcontract to any party the performance of all or any of Meddkit’s obligations under this Agreement provided that Meddkit remains primarily liable for the performance of those obligations. Any notice or communication required or permitted to be given hereunder may be delivered by hand, deposited with an overnight courier, sent by confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid to the address for the applicable party as furnished in writing by either party hereto to the other. Meddkit’s e-mail address for notice is: support@meddkit.com, Attn: General Counsel. Such notice will be deemed to have been given as of the date it is delivered, mailed or sent, whichever is earlier. Meddkit and Client are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between Meddkit and Client. Neither Meddkit nor Client will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent, except as otherwise expressly provided herein. This Agreement, including all documents and terms incorporated herein by reference, constitutes the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes and replaces any and all prior or contemporaneous discussions, negotiations, understandings and agreements, written and oral, regarding such subject matter. The parties agree to take such action to amend this Agreement from time to time as is necessary for compliance with the requirements of the Privacy Rule, the Security Rule, HIPAA, and the HITECH Act. Notwithstanding the foregoing, if the parties have not amended this Agreement to address a law or final regulation that becomes effective after the date that the parties enter into this Agreement and that is applicable to this Agreement, then upon the effective date of such law or regulation (or any portion thereof) this Agreement shall be amended automatically and shall incorporate such new or revised provisions as are necessary for this Agreement to be consistent with such law or regulations, and for both parties to be and remain in compliance with all applicable laws and regulations. Except as expressly provided in this Section 14, this Agreement may be amended only in writing executed by both parties. The waiver of any breach or default of this Agreement will not constitute a waiver of any subsequent breach or default, and will not act to amend or negate the rights of the waiving party. Except as expressly provided in subsection 13(iii), if any provision of this Agreement or any word, phrase, clause, sentence, or other portion thereof should be held to be unenforceable or invalid for any reason, then such provision or portion thereof shall be modified or deleted in such manner as to render this Agreement as modified legal and enforceable to the maximum extent permitted under applicable laws. Any reference in this Agreement to a section of HIPAA, the Privacy Rule, the Security Rule, the HITECH Act, or any other regulations implementing HIPAA or the HITECH Act, shall mean such regulation or statute as in effect at the time of execution of this Agreement or, if and to the extent applicable, as subsequently updated, amended or revised.

Exhibit A

Business Associate Agreement

These Standard HIPAA Business Associate Agreement Terms and Conditions ("HIPAA Addendum") shall be incorporated into the Service Agreement for Customers that are Covered Entities (as defined below) and that provide Protected Health Information ("PHI")(as defined below) to Meddkit in connection with the services they have purchased. These terms supplement and are made part of the purchase agreement between Meddkit and Customers ("Underlying Agreement") in order to comply with the federal Standards for Privacy of Individually Identifiable Health Information, located at 45 C.F.R. Part 160 and Part 164, Subparts A through E ("Privacy Rule") and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the "HITECH Act".

WHEREAS, in order to ensure that Covered Entity and Business Associate remain in compliance with the HIPAA Rules and other applicable federal and state laws and regulations regarding the disclosure of PHI to Business Associate, the parties have agreed to enter into this Agreement.

NOW THEREFORE, Covered Entity and Business Associate agree as follows:

1. DEFINITIONS

Capitalized terms used in this Agreement and not otherwise defined herein shall have that meaning given to them in the HIPAA Rules."Breach" when capitalized, shall have the meaning set forth in 45 CFR § 164.402 (including all of its subsections); with respect to all other uses of the word "breach" in this Agreement, the word shall have its ordinary contract meaning."Electronic Protected Health Information" or "EPHI" shall have the same meaning as the term "electronic protected health information" in 45 CFR § 160.103, limited to information that Business Associate creates, accesses or receives from or on behalf of Covered Entity."Individually Identifiable Health Information" means information that is a subset of health information, including demographic information collected from an individual, and; is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for provision of health care to an individual; and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

"Protected Health Information" or "PHI" shall have the meaning set forth in the Privacy Rule, limited to information that Business Associate creates, accesses or receives from or on behalf of Covered Entity. PHI includes EPHI.

"Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information, codified at 45 CFR parts 160 and 164, Subparts A, D and E, as currently in effect.

"Security Incident" shall have the same meaning as the term "security incident" at 45 CFR 164.304.

"Security Rule" means the Standards for Security for the Protection of Electronic Protected Health Information, codified at 45 CFR parts 160 and 164, Subpart C, as currently in effect.

"Unsecured Protected Health Information" or "Unsecured PHI" shall have the same meaning as the term "unsecured protected health information" in 45 CFR § 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATES

2.1 Business Associate Status

Business Associate acknowledges and agrees that it is a "Business Associate" as defined by the HIPAA Rules, and as such, Business Associate shall, in addition to complying with the other terms and conditions of the Terms of Service Agreement, comply with the HIPAA-required provisions set forth in this Agreement. In the event of a conflict between the terms of this Agreement and the Terms of Service Agreement with respect to the use or disclosure of PHI, the terms of this Agreement will govern. In all other circumstances, the terms of the Terms of Service Agreement will govern.

2.2 Performance of Services

Business Associate may use PHI only to perform the services and its other obligations pursuant to the Terms of Service Agreement or as Required by Law. Business Associate may disclose such PHI only within its organization and only to those of its employees who need to know such information in order to perform its obligations under the Terms of Service Agreement and, in such case, only the minimum amount of such PHI as is necessary for such performance. Business Associate shall not access, use or disclose PHI in any manner that would violate the HIPAA Rules if such access, use or disclosure was done by Business Associate or Covered Entity,

2.3 Privacy Rule Obligations

Business Associate shall comply with the Privacy Rule as it directly applies to business associates: To the extent Business Associate carries out one or more of Covered Entity’s obligations under the Privacy Rule, Business Associate shall comply with the requirements of HIPAA that apply to Business Associate or Covered Entity in the performance of such obligation(s).

2.4 Safeguards for Protection of PHI

Business Associate agrees that it will (a) protect and safeguard from any disclosure (whether oral, written or otherwise) all PHI with which it may come into contact with in accordance with the HIPAA Rules and more stringent state laws and regulations governing the handling of such information; and (b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted by the Terms of Service Agreement or this Agreement or as Required by Law.

2.5 Mitigation

Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement.

2.6 Notification

Without unreasonable delay, and in no case later than ten (10) days after Business Associate knew or should have known of the impermissible use or disclosure, Business Associate shall notify Covered Entity, in writing, of any use or disclosure of PHI outside the purpose of this Agreement or the Terms of Service Agreement. Without unreasonable delay, Business Associate r shall report to Covered Entity in writing of any Security Incident of which it becomes aware. In addition, upon Covered Entity’s request, Business Associate shall provide a report of any and all impermissible uses, disclosures, and/or Security Incidents.

2.7 Disclosure to Subcontractors

Business Associate agrees to ensure that any subcontractor that creates receives, maintains or transmits EPHI originating from the Covered Entity on behalf of the Business Associate, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information.

2.8 Right of Access

Business Associate agrees to provide access, at the request of Covered Entity, to PHI contained in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in in a time and manner that allows Covered Entity to meet the requirements under 45 CFR § 164.524.

2.9 Right to Amendment

Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity, in a time and manner that allows a Covered Entity to meet the requirements of 45 CFR 164.526. Business Associate shall notify Covered Entity immediately in writing upon receiving a request from an Individual to review, copy or amend his or her medical record information.

2.10 Patient Right to Request Accounting

Upon Covered Entity’s request, Business Associate shall document and make available to Covered Entity information relating to such Individual as is necessary for Covered Entity to respond to a request for an accounting of disclosures in accordance with §164.528 of the Privacy Rule.

2.11 Access to Books and Records

Until the expiration of four years after the furnishing of services pursuant to the Terms of Service Agreement, Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary, for purposes of the Secretary determining compliance with the Privacy Rule.

2.12 Breach Notification

If Business Associate has knowledge or a reasonable belief that a Breach of Unsecured PHI has occurred or may have occurred, Business Associate shall notify Covered Entity in accordance with the requirements of 45 CFR § 164.410. For avoidance of doubt, Business Associate shall notify Covered Entity if it has knowledge of a potential Breach so that Covered Entity may determine and confirm whether a Breach has occurred. Such notification shall include, to the extent possible, the identification of each Individual whose PHI has been or is reasonably believed to have been accessed, acquired, used or disclosed during the Breach, along with any other information that Covered Entity will be required to include in its notification to the Individual, the media and/or the Secretary, as applicable, including, without limitation, a description of the Breach, the date of the Breach and its discovery, the types of Unsecured PHI involved and a description of the Business Associate’s investigation, mitigation and prevention efforts.

2.13 Security Incidents

Business Associate shall track and monitor all Security Incidents. Business Associate shall report a successful Security Incident in accordance with Section xii above and shall report unsuccessful Security Incidents upon request by Covered Entity.

2.14 Minimum Necessary

When using, disclosing or requesting PHI Business Associate agrees to use, disclose or request the minimal amount of information necessary for the stated purpose, unless an exception to the minimum necessary rule applies, as set forth in 45 CFR §164.502(b)(2).

3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE

Business Associate shall be permitted to use and disclose PHI as follows: Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity as permitted under 45 CFR § 164.504(e)(2)(i)(B). Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with § 164.502(j)(1).

4. PERMITTED OBLIGATIONS OF COVERED ENTITY

Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.

5. TERMINATION

5.1 Term

Business Associate acknowledges and agrees that it is a "Business Associate" as defined by the HIPAA Rules, and as such, Business Associate shall, in addition to complying with the other terms and conditions of the Terms of Service Agreement, comply with the HIPAA-required provisions set forth in this Agreement. In the event of a conflict between the terms of this Agreement and the Terms of Service Agreement with respect to the use or disclosure of PHI, the terms of this Agreement will govern. In all other circumstances, the terms of the Terms of Service Agreement will govern.

5.2 Effect of Termination; Return of Covered Entity’s PHI

Upon termination of the Terms of Service Agreement for any reason, Business Associate will return or destroy all PHI within thirty (30) days of the date of termination. Business Associate will not retain any records or copies of any such records. To the extent the return or destruction of such PHI is not feasible, Business Associate will remain bound by the provisions of this Agreement even after termination of the Terms of Service Agreement, until such time as all PHI has been returned or is destroyed.

5.3 Survival

The obligations of Business Associate under this Section 5 shall survive the termination of this Agreement and remain in force as long as Business Associate stores or maintains PHI in any form or format.

6. MISCELLANEOUS

6.1 Amendments

This Agreement may not be modified in any respect other than by a written instrument signed by both parties.

6.2 Severability

In the event any part or parts of this Agreement are held to be unenforceable, the remainder of this Agreement will continue in effect.

6.3 Governing Law

To the extent not preempted by Federal law, this Agreement shall be governed and construed in accordance with the state laws governing the Terms of Service Agreement, without regard to conflicts of law provisions.

6.4 Interpretation

Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules.

6.5 No Third Party Beneficiaries

Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

Get 20 free scripts for bad patient reviews

  • This field is for validation purposes and should be left unchanged.

Subscribe for tips to get more appointments, boost ratings, fix common IT issues and optimize your medical practice website.

  • This field is for validation purposes and should be left unchanged.