END-USER SOFTWARE SUBSCRIPTION & HIPAA Business Associate AGREEMENT

 

This Master Solution Services Agreement (“Agreement”), effective as of the date of online acceptance of this Agreement (“Effective Date”) entered into between PracticeSuite.com [PRACTICESUITE, Inc, a Delaware Corporation DBA as "PracticeSuite.COM" herein referred to as "PracticeSuite" and the User accepting this Agreement on behalf of this online Registered Practice herein referred to as “CLIENT”. This Agreement sets forth the terms and conditions whereby PracticeSuite shall provide its proprietary Solution (as defined below) and related services to CLIENT on the terms set forth below. Now, therefore, in consideration of the mutual covenants contained in this Agreement and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

1.  Definitions.

(a)   “Solution” means the turnkey healthcare computing solution that includes: (i) the hosted PracticeSuite and third party software applications and (ii) CLIENT care, support, maintenance and other services as further described in Section 2 and Section 6 and 7 hereto (“Services”). The parties may amend this Agreement to include additional Hardware, Software or Services from time to time by attaching mutually agreed upon addendums.

(b)   For purposes of this Agreement, an “Authorized User” is an employee or consultant of CLIENT and, with respect to the practice portal component of the Solution only, a patient of CLIENT that has accepted the terms relating to the use of the Solution.

(c)   Updates. For purposes of this Agreement, an “update” means a release or version of the Software containing minor functional enhancements, error corrections or fixes that is indicated by a change in the numeric identifier for the Software in the digit to the right of the decimal. PracticeSuite shall change, update, modify, or upgrade Solution on a frequent basis to include new features, to meet legal and compliance requirements and to correct anomalies.

(d)   Software subscription shall mean hosted programs provided by PracticeSuite.

2.  Software Subscription and Services.

(a) General: Subject to the terms of this Agreement, PracticeSuite hereby grants CLIENT a non exclusive, non transferable FREE subscription to use the Solution as provided by PracticeSuite solely to be used for purpose for CLIENT’s internal business operations of the CLIENT, including use by CLIENT’s Authorized Users (as defined above).

(b) Hosted Services: PracticeSuite will provide CLIENT with access to the online hosted software subscription, data storage and data access for software and services of CLIENT's patient, financial and clinical data and its secured electronic communication with third parties.

(c) Opt-in Third Party and Add-on services: PracticeSuite shall provide upgrade editions or other additional Opt-in Third Party and Add-on services that CLIENT can subscribe to at will, and Opt out of at any time.

3.  CLIENT Care (Customer Support Services).

(a)   Support. During the term of this Agreement, PracticeSuite will use commercially reasonable effort to provide support services; such support shall be remote support only, (UNLESS EXPLICITLY STATED OTHERWISE) from the PracticeSuite’s Service facilities and could be in the form of phone, email or online chat or such support services can provided by PracticeSuite's LOCAL SERVICE PROVIDER. The terms and conditions of such LOCAL SERVICE PROVIDER based support services, if any, is beyond the scope of this Agreement. In the case of such LOCAL SERVICE PROVIDER based relationship PracticeSuite has no contractual obligations to provide direct support services to the CLIENT under this Agreement. In the event, if the Third Party Software is incapable of functioning to the satisfaction of CLIENT, PracticeSuite shall be responsible to provide replacement Third Party Software and its failure to do so shall constitute a basis for the CLIENT to terminate this Agreement without ANY liability to PracticeSuite.

4.  Third Party Software. PracticeSuite program uses third party software and agrees to use reasonable efforts to document and escalate Software errors to the Software manufacturer for resolution; provided, however, PracticeSuite is not responsible for correcting any errors in the third party Software.

5.  CLIENT Responsibilities.

(a)   General. CLIENT shall be responsible for: (i) providing sufficient information regarding errors or nonconformities in the Solution to PracticeSuite; (ii) providing all reasonable cooperation to PracticeSuite with respect to the Software; (iii) assuming all risk related to use or misuse by CLIENT’s Authorized Users, contractors, agents or other third parties; including unauthorized use or misuse of access passwords; (iv)CLIENT agrees to maintain UserID and password as private and confidential information and shall not allow sharing of password; (v) CLIENT agrees to immediately deactivate accounts of employees, restrict remote access, limit daily access hours or any other authorized users, that do not or need not have access to the system or notify PRACTICESSUITE OR ITS LOCAL PracticeSuite SERVICE PROVIDER for assistance; (vi) PracticeSuite strongly recommends CLIENT should secure a backup internet connection from a different service provider to be able to connect to PracticeSuite in the event of the failure of the primary internet connection.

(b)   CLIENT is responsible for necessary internet connection, compatible operating system software and hardware that meets the minimum system and security requirements as published in the PracticeSuite website under FAQs.

(c)   CLIENT understands and agrees that each CLIENT is allowed 5 GB of total data storage per practice. PRACTICESUITE can be configured to connect to the CLIENT’s local server or machine for the purpose of document storage only. As an option available at no additional cost to CLIENT, PRACTICESUITE shall provide configuration assistance to CLIENT to set up storage on a local machine within the CLIENT’s office to store scanned paper charts. The security and safety and HIPAA and HITECH compliance of such storage on client’s local machine is beyond the scope of the services provided by PRACTICESUITE and therefore is beyond the scope of this Agreement. CLIENT understand and agrees to maintain such storage as required by Law. Storage use over 5GB shall be charged at $10 per month per additional 1 GB overage.

(d)   In connection with EHR, PracticeSuite shall provide general clinical contents (encounter sheets, canned sheets, flow-sheets, progress monitor and others), configurations and related data as it pertains to the CLIENT specialty. CLIENT agrees to review this data, make changes as need to suit CLIENT's needs.

(e)   PracticeSuite shall create connectivity with CLIENT's external entities such as labs, radiology center, hospitals pharmacies and others, CLIENT shall be responsible for the privacy and related HIPAA and HITECH Regulations requirements with these entities.

(f)    PracticeSuite provides an optional online secured Online Practice Portal module that provides patient messaging. All patient messages within the Portal are HIPAA compliant. For messages directly sent to the patient's email address and patient's cell phone (SMS messaging or text messaging) without the use of the Portal, CLIENT shall be responsible to maintain HIPAA compliance of these messages such that these messages shall not include any PHI, private and confidential information of the patients. CLIENT shall also be responsible for managing the access of the patient to the portal.

6.  PracticeSuite Responsibilities.

(a)   To insure that PracticeSuite and PracticeSuite’s employees abide by all applicable federal and state statutes, regulations, and rules relating to all applicable services hereunder, and (ii) maintaining the privacy and confidentiality of patient medical information in its possession as set forth in Section 16 and Section 17.

(b)   PracticeSuite understands and agrees that CLIENT is the OWNER of all CLIENT data and that PRACTICSUITE is storing the data on behalf of the CLIENT.

(c)   During the term of this Agreement, at the sole discretion of the CLIENT, in writing, PracticeSuite may send CLIENT’s records in an encrypted electronic format (CD, zip file) to the CLIENT in a readable format with necessary documentation on the interpretation of the file. Upon termination or expiration of this Agreement, PracticeSuite will not be responsible for these records after delivery to the CLIENT. Additional reasonable usual an customary charges may be applied at PracticeSuite’s discretion for this service upon termination of this Agreement.

(d)   Maintenance And Upgrade: PracticeSuite agrees not to perform maintenance or upgrades that would materially and adversely affect the Services except (i) when maintenance or upgrades are performed during the hours of 10:00 p.m. to 7:00 a.m., Eastern Time (the "Routine Window"), (ii) when the deferral of such maintenance or upgrades to a routine window would materially and adversely affect the security or performance of PracticeSuite’s data centers. PracticeSuite shall perform maintenance or upgrades in such a manner as to utilize the redundancy of any Services, to minimize the adverse impact on the Services and notify CLIENT as far in advance as practicable of any maintenance, downtimes or upgrades.

(e)   External Connectivity: PracticeSuite provides connectivity services to external lab, radiology, hospital and other medical devices as part of its hosted software subscription to enable CLIENT to share data between these systems and PracticeSuite. THE monthly software subscription paid under this agreement shall include the connectivity interface. Additional development and support work is involved for the development of the connectivity and maintenance of the connectivity services. PracticeSuite will work with the external entities to develop such interfaces by directly charging the external entities and there will be NO COST to the CLIENT. Such external connectivity availability is dependent upon the approval of the project and related cost from the external entities.

7.  Proprietary Rights. All right, title, and interest in CLIENT’s data will remain the property of CLIENT. PracticeSuite and its licensors shall respectively retain sole and exclusive ownership of all right, title and interest in and to the Solution, and any updates, upgrades or modifications thereof, or in any ideas, know-how, changes, improvements, enhancements, development and additions or modification to programs and data (encounter sheets, canned sheets, lookup values and other data) and programs during the course of this Agreement.

8.  Confidential Information. CLIENT agrees that any information regarding the Solution that is marked “confidential” or “proprietary,” or which by its nature would be confidential, is proprietary to PracticeSuite and disclosure or use of such nonpublic information would cause substantial detriment to PracticeSuite. Neither CLIENT nor any of its employees or any Authorized Users will use for their own account or for the account of any third party or disclose to any third party any nonpublic information regarding the Solution. Further, CLIENT agrees that PracticeSuite does not wish to receive any information that may be considered confidential to CLIENT. Notwithstanding the foregoing, all CLIENT data accessible to PracticeSuite shall be treated confidentially in accordance with this Section.

 

9.  Term and Termination.

(a)   Term. This Agreement shall commence on the Effective Date and can be terminated as set forth below. Either party may terminate this Agreement or the use of FREE version any time for no cause or breach.

 

(b)   Effect of Termination. Upon any expiration or termination:

(i) PracticeSuite shall provide to CLIENT all of CLIENT’s data in a commercially reasonable format. Patient demographics shall be provided at no cost. For transactional data, PracticeSuite shall be entitled to usual and customary data extraction charges. For the purpose of EHR, transactional data shall mean data that is not part of the patient encounter notes and for the purposes of scheduling and billing module, transactional data shall mean everything excluding patient demographics data.

(iii) PracticeSuite shall maintain a copy of the DATA in accordance with and for the period of time as required and applicable by law.

10.          Warranty, Disclaimer and Remedies.

(a)   Warranty. PracticeSuite warrants to CLIENT that it has the right and authority to grant the rights described in this Agreement and it will perform its obligations hereunder in a professional and workman like manner.

(b)   Disclaimer. Except for the limited warranty set forth in Section 12(a) above, the Solution services and all other services provided as set forth in Sections 6 and 7 are provided to CLIENT on an “AS IS” basis and without any additional warranty of any kind. NEITHER PracticeSuite NOR ITS LICENSORS MAKE ANY OTHER WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE Solution, ANY DELAY OR FAILURE OF THE INTERNET, AND PracticeSuite EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Further, CLIENT expressly recognizes that PracticeSuite does not warrant that the Software will meet all of CLIENT’s requirements, that the use of the Software will be uninterrupted or error-free, that patches, updates, or workarounds will be provided, or that errors will be corrected in Software updates, according to this schedule, or in every case. PracticeSuite shall use commercially reasonable efforts to ensure that the Solution services are available to CLIENT at all times (excluding during scheduled & emergency maintenance downtime). CLIENT agrees that access to the Internet cannot be guaranteed and is outside the direct control of PracticeSuite and that CLIENT’s inability to access the Internet, though no fault of PracticeSuite, shall in no event relieve CLIENT of its payment obligations hereunder. CLIENT agrees that its sole remedy with respect to any claims in connection with CLIENT’s or its Authorized Users’ use of the Solution, including use of the Hardware and Software, shall be with PracticeSuite and not its licensors. CLIENT further agrees that unless expressly agreed in writing, there are no intended third party beneficiaries to this Agreement.

(c)   Clinical and Non-Clinical Contents: Clinical and Non Clinical information contained on PracticeSuite’s web-based solutions and website are general in nature and MUST NOT BE substituted for, or be used instead of, the independent judgment of a licensed health care professional and is ONLY designed to support, not replace, the relationship that exists between a patient and his/her health care practitioner, and any and all information does not constitute the practice of medicine or any other health care profession. Nothing in the PracticeSuite’s web based solutions and website is intended as a recommendation or endorsement of any specific tests, drugs, products, procedures, health care providers, opinions, or other information that may be mentioned therein. Any reliance on any information appearing on PracticeSuite’s web-based solutions and website or provided by PracticeSuite’s personnel, others appearing on the site at the invitation of the “Website,” and/or other visitors to the site or any third-party link from the site is solely at CLIENT’s own risk.

 

(d)   Intellectual Property: PracticeSuite will indemnify and hold END-USER harmless from and against any claim by third parties pertaining to the infringement of U.S. copyrights, trademarks or patents arising out of END-USER’s use of any of the PracticeSuite’s Products as authorized hereunder, provided that the Products have not been altered, revised or modified by END-USER in a manner that causes the alleged infringement, and further provided that:

 

(i)  END-USER promptly notifies PracticeSuite in writing of such claim;

(ii)       PracticeSuite will have sole control of the defense of any action on such claim and of all negotiations for its settlement or compromise;

(iii)      END-USER agrees to cooperate with PracticeSuite in every reasonable way to facilitate the settlement or defense of such claim; and

(iv)      should such PracticeSuite’s Products become or, in PracticeSuite’s opinion, be likely to become, the subject of an infringement claim, END-USER will permit PracticeSuite, at PracticeSuite’s expense, to:

1.     procure for END-USER the right to continue using such PracticeSuite’s Products, or

2.     replace or modify the same to become functionally equivalent yet non-infringing, or

3.     upon the failure of (1) and (2) above, terminate, without penalty, END-USER’s use of the affected PracticeSuite’s Products, in which event PracticeSuite will refund to END-USER on a pro-rata basis any prepaid amounts related thereto.

(e)   Data Conversion: AS AN OPTIONAL SERVICE, PracticeSuite PROVIDE DATA EXTRACTION SERVICE TO CONVERT DATA FROM END-USER LEGACY SYSTEM INTO PracticeSuite. DATA EXTRACTION FROM OTHER SYSTEM OFTEN TIMES IS VERY DIFFUCLT AND IS ERROR PRONE. PracticeSuite AGREES TO MAKE BUSINESS LIKE ATTEMPT TO EXTRACT AND CONVERT THE DATA INTO PracticeSuite. PracticeSuite DOES NOT MAKE ANY OTHER WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE COMPLETENESS AND ACCURACY OF THIS DATA EXTRACTION AND CONVERSION. PracticeSuite EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT PracticeSuite BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES OF ANY KIND, INCLUDING LOSS OF PROFITS, LOST BUSINESS AND LOSS OF DATA OR COMINGLING OR CORRUPTION OF DATA OR LOSS OR GOODWILL ARISING OUT OF OR RELATED TO THIS DATA EXTRACTION CONVERSION.

CLIENT AGREES TO PERFORM RECONCILATION OF THE DATA CONVERSION FOR ACCURACY AND COMPLETENESS AND PracticeSuite AGREES TO CORRECT ANY CONVERSION RELATED ISSUES REPORTED WITHIN 30 DAYS OF THE CONVERSION.

(f)    Other Disclaimers: CLIENT understands & CLIENT expressly recognizes that:

                                                    (i)        Electronic claims, Electronic Remittance Advice and Eligibility Verification are processed by third parties- Emdeon or other Clearing houses; PracticeSuite may represent CLIENT with such third parties as part of the Electronic Claim services. PracticeSuite relies on these third parties for applicable compliance requirements, accuracy and completeness of the services provided by these third parties.

                                                   (ii)        PracticeSuite provides drug database, interaction and formularies and bidirectional connectivity to pharmacies through partnership with NewCrop LLC. NewCrop LLC requires CLIENT to accept online agreement for their portion of the service in accordance with the Newcrop Subscription Agreement. The usage of NewCrop service is subject to CLIENT acceptance of Newcrop eRx Subscription Agreement.

                                                  (iii)        PracticeSuite encourages CLIENT to configure email account to download emails & electronic fax onto a secure machine and delete it from the email server. PracticeSuite discourages use of FREE email services such as yahoo, google, msn or hotmail or any other email services that scans through email contents for targeted marketing purposes which could potentially expose patient's PHI, private and confidential information.

                                                  (iv)        As part of providing services to the CLIENT, PracticeSuite may be required to login to the CLIENT’s account for the sole purpose of CLIENT service. PracticeSuite as set forth in Section 18 uses reasonable efforts to ensure patient privacy and confidentiality.

                                                   (v)        The optional electronic fax service & email services and other services are provided by third party service providers.

                                                  (vi)        PracticeSuite partners with reputed class data centers to host and places reliance on their internal controls for the security of data communication and data storage.

Exclusive Remedies: For any breach of the warranties contained in Section 12, Client's exclusive remedy, and PracticeSuite entire liability, shall be the correction of the cause of the breach of such warranty. Any error not reported to PRACTICSUITE by Client within 30 days of its discovery will be deemed waived and accepted by the Client.

11.          Limitation of Liability. IN NO EVENT WILL PracticeSuite OR ITS LICENSORS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES OF ANY KIND, INCLUDING LOSS OF PROFITS, LOST BUSINESS AND LOSS OF DATA OR COMINGLING OR CORRUPTION OF DATA OR LOSS OF GOODWILL ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE USE OF THE Solution, or ACCOMPANYING MATERIALS AND/OR SERVICES, ACCESS TO OR FAILURE TO ACCESS THE INTERNET OR OTHER INTERRUPTIONS OR OTHER PROGRAM RELATED ANAMOLY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN ACTION, IN CONTRACT OR TORT. THIS LIMITATION WILL APPLY EVEN IF PracticeSuite OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. FURTHER, IN NO EVENT WILL PracticeSuite’S OR ITS LICENSORS’ LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE SUM OF FEES PAID BY THE CLIENT FOR THE Solution GIVING RISE TO THE LIABILITY DURING THE 3-MONTH PERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION AROSE. UNDER THE PRICING AND OTHER TERMS AND CONDITIONS, THE PARTIES AGREE THAT THIS LIMITATION OF LIABILITY SPECIFIED HEREIN SECTION 13 REPRESENTS A REASONABLE ALLOCATION OF RISK.

12.          Limitation of Liability of Interface Connectivity with Third Parties. Notwithstanding any other provisions of this Agreement, PracticeSuite has no liability under this Agreement including the Business Associate Agreement for any disclosure of Protected Health Information ("PHI") made by means of access through PracticeSuite interfaces by or on behalf of the CLIENT or by means of access by any third party to the extend such third party obtained access to the interface as a result of intentional disclosure by the CLIENT. All interface requests made by the CLIENT or by a third party on behalf of the CLIENT shall be considered intentional disclosure.

13.          Limitation of Liability on Online Portal and Patient Messaging: PracticeSuite provides an online secured online portal module that provides patient messaging. All patient messages within the portal are HIPAA compliant. Notwithstanding any other provisions of this Agreement, PracticeSuite has no liability under this Agreement including the Business Associate Agreement for any disclosure of Protected Health Information ("PHI") made by means of access or transmission of PHI information patient's email address and phone.

14.          Force Majuro. Either party shall not be liable for, and is excused from, any failure to perform or delay in the performance of its obligations under this Agreement due to causes beyond its control, including without limitation, interruptions of power or telecommunications services, failure or its suppliers or subcontractors, acts of nature, governmental actions, fire, flood, natural & other disaster or labor dispute.

15.          Indemnity. CLIENT shall indemnify, defend and hold PracticeSuite, its officers, directors, employees, and licensees harmless from and against any and all liability, damage, loss, or expense, including reasonable attorneys’ fees arising from any third party claim, demand, action or proceeding based upon CLIENT’s or an Authorized User’s use of the Solution in a manner not expressly authorized by this Agreement or in a manner contrary to applicable laws, or incurred in the settlement or avoidance of any such claim; provided, however, that PracticeSuite shall give prompt written notice to CLIENT of the assertion of any such claims and provided further that CLIENT shall have the right to select counsel and control the defense thereof, subject to the right of PracticeSuite to participate therein.

16.          COMPLIANCE WITH APPLICABLE LAW. “CLIENT” agrees to comply with all such applicable international, federal, state and local laws, and to indemnify and hold PracticeSuite and its officers, directors, shareholders, supervisors, employees, affiliates, agents, and attorneys: including, without limitation, all persons acting by, through, under or in concert with any of them, harmless from any and all claims, losses, liabilities, damages, fines, penalties, costs and expenses (including attorneys’ fees) arising from or relating to any acts or omissions of “CLIENT” which breach such laws.
PracticeSuite agrees to comply with all such applicable international, federal, state and local laws, and to indemnify and hold Client and its officers, directors, shareholders, supervisors, employees, affiliates, agents, and attorneys: including, without limitation, all persons acting by, through, under or in concert with any of them, harmless from any and all claims, losses, liabilities, damages, fines, penalties, costs and expenses (including attorneys’ fees) arising from or relating to any acts or omissions of PracticeSuite which breach such laws.

 

17.          COMPLIANCE WITH APPLICABLE PRIVACY AND SECURITY RULES.  PracticeSuite (“PracticeSuite”) uses reasonable efforts to enable its technology & SERVICES to meet all applicable privacy and security HIPAA AND HITECh ACT REQUIREMENTS. accordingLY, PracticeSuite WILL ENTER INTO a business associate agreemenT AS A SUPPLMENT TO THIS AGREEMENT.

18.          General. PracticeSuite may issue a press release announcing the relationship contemplated by this Agreement. PracticeSuite may include quotes from CLIENT in PracticeSuite press releases upon CLIENT’s prior approval of such quotes, such approval not to be unreasonably withheld or delayed. Further, PracticeSuite may use CLIENT’s name and logo in press releases, marketing materials, financial reports and prospectuses indicating that CLIENT is a CLIENT of PracticeSuite. The terms, provisions or conditions of any purchase order or other business form or written authorization used by CLIENT will have no effect on the rights, duties or obligations of the parties under, or otherwise modify, this Agreement, regardless of any failure of PracticeSuite to object to those terms, provisions or conditions.

19.          Waiver. The waiver of a breach of any term hereof shall in no way be construed as a waiver of any other term or breach hereof. No failure of either party to pursue any remedy resulting from a breach in this agreement by the other party shall be construed as a waiver of that breach, nor as a waiver of any subsequent or other breach unless such waiver is signed and in writing.

20.          Severability: If any provision of this Agreement shall be held by a court of competent jurisdiction to be unenforceable or invalid, the remaining provisions of this Agreement shall remain in full force and effect. This Agreement shall inure to the benefit of and be binding upon each party’s successors and assigns. Both parties agree to notify the other party of any assignment or delegation of this Agreement. Any attempted assignment in violation of this Section 20 shall be null and void.

21.          Governing Laws. The Agreement, and all matters arising out of or relating to the Agreement shall be governed by the laws of the state of California, without giving effect to the principles regarding conflicts of laws.

22.          Dispute Resolution. It is the intention of all parties that no dispute under this Agreement or with respect to relationship between parties will be the subject of any court action or litigation in the local, state, or federal judicial system. Any controversy, claim or dispute arising out of or relating to the performance, construction, interpretation or enforcement of this Agreement, including disputes as to the scope of this section shall, if not resolved through good faith negotiations between the parties will be subject to mediation and arbitration.

The parties recognize that the problem resolution processes of mediation and arbitration are appropriate and preferable to resolve issues between the parties. If any party hereto wishes to resolve an issue under or relating to this Agreement, then such party must give notice of a request for mediation to the other parties, which notice shall set forth the names of not less than three (3) mediators from the panel of the American Arbitration Association or other mutually agreed upon alternative dispute resolution service. The place of such mediation shall be in the Alameda County, California or in the county of the primary business address of PracticeSuite. The party receiving such notice shall agree upon one or more such mediators with ten (10) days of receipt of such notice and a mediation will be scheduled as soon as feasible between the parties and their respective advisors, and the parties and their advisors will cooperate fully with respect to sharing of information and attendance at meetings in order to seek resolution. If resolution of the matters between the parties cannot be resolved in mediation within twenty (20) days of the selection of a mediator by the party receiving such notice, then the matter shall be presented to formal arbitration pursuant to the rules utilized by the alternative dispute resolution service selected by an arbitrator from such service’s panel agreed upon by the parties or, if the parties are unable to agree upon an arbitrator within ten (10) days of the completion of mediation, by a panel of three (3) arbitrators from such panel selected by such service’s administrator. Arbitration shall take place in the venue in which the mediation shall have occurred as soon as possible and the decision of the arbitrator panel shall be binding upon the parties for all purposes. Each party shall bear for all their expenses in connection with the arbitration and mediation. It is the intention of the parties that this Agreement shall be construed and interpreted in a fair and equitable manner based upon the facts and circumstances of the parties taking into account the present intention of the parties to have a fair and equitable agreement under the terms and conditions set forth in this Agreement.

23.          No Construction Against Drafter. This Agreement is not to be construed against the drafting party.

24.          Notices. Any notice required or permitted to be given shall be delivered by hand, email, by overnight courier, by fax with confirming letter mailed under the conditions described herein, or by registered or certified mail, postage prepaid, return receipt requested, to the address of the other party first set forth above. Notice so given shall be deemed effective when received, or if not received by reason of fault of addressee, when delivered.

25.          Nothing contained herein shall constitute a partnership between or joint venture by CLIENT and PracticeSuite, or constitute CLIENT or PracticeSuite the agent of the other.

26.          The parties agree that this Agree­ment constitutes the complete and exclusive understanding and agreement of the parties relating to the subject matter hereof and supersedes all prior understandings, proposals, agreements, negotiations, and discussions between the parties, whether written or oral.

 

By clicking on "Accept" button CLIENT acknowledges its acceptance and agreement with the terms contained in this Agreement, including all exhibits attached hereto which exhibits are made a part hereof and incorporated by reference.

 


 

Exhibit A

Business Associate Agreement

Whereas, Client referred herein as "Covered Entity" and PRACTICESUITE, INC (dba PracticeSuite.com), together with their designees, employees, associates, affiliates, successors, and assigns "Business Associate", intend to protect the privacy and provide for the security of certain Protected Health Information (PHI) to which Business Associate may have access in order to provide goods or services to or on behalf of Covered Entity under the "Underlying Agreement".

WHEREAS, both parties are subject to Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (HIPAA), the HIPAA Privacy rule (Privacy rule), 45 CFR Parts 160 and 164, and the HIPAA Security Rule (Security Rule), 45 CFR Parts 160, 162 and 164 issued by the U.S. Department of Health and Human Services, as either have been amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111–5).

WHEREAS, both parties desire to comply with HIPAA and HITECH Act requirements relating to the obligations of each in connection with the privacy and security of individually identifiable health information that is subject to protection under HIPAA; and desire to comply with HIPAA standards for the privacy of PHI of patients of Covered Entity.

WHEREAS, Business Associate may receive PHI from Covered Entity, or may create or obtain PHI from other parties for use on behalf of Covered Entity, that is in electronic form, which PHI must be handled in accordance with this Agreement and the standards established by HIPAA and Security Rule upon the effective date of the Underlying Agreement.

WHEREAS, Business Associate may receive PHI from Covered Entity, or may create or obtain PHI from other parties for use on behalf of Covered Entity, which PHI can be used or disclosed only in accordance with this Agreement and the standards established by HIPAA and the Privacy rule.

NOW, THEREFORE, Covered Entity and Business Associate agree as follows:

1. Definitions.

A.    "Underlying Agreement" shall include Channel Partner Agreement or Value Added Reseller Agreement and/or End-User Agreement and/or Non-Disclosure Agreement entered between Business Associate and Covered Entity and/or clients of Covered Entity.

B.    "Business Associate" shall have the meaning given to such term under the Privacy and Security Rules, including but not limited to, 45 CFR §160.103.

C.    "Covered Entity" shall have the meaning given to such term under the Privacy and Security Rules, including, but not limited to, 45 CFR §160.103.

D.    "HIPAA" shall mean the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.

E.     "Privacy rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Parts 160 and 164, Subparts A and E, as amended by the HITECH Act and as may otherwise be amended from time to time.

F.     “Individual” shall have the same meaning as the term “individual” in 45 CFR §164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).

G.    "Protected Health Information" or "PHI" means any information, transmitted or recorded in any form or medium; (i) that relates to the past, present or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present or future for the provision of health care to an individual, and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and shall have the meaning given to such term under HIPAA and the HIPAA Regulations at 45 CFR Parts 160, 162 and 164, including, but not limited to 45 CFR §164.501.

H.    "Security Rule" shall mean the Security Standards at 45 CFR Parts 160, 162 and 164.

I.     Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in 45 CFR Parts 160, 162 and 164.

J.     “Required By Law” shall have the same meaning as the term “required by law” in 45 CFR §164.501.

K.    “Unsecured Protected Health Information” or “Unsecured PHI” shall mean PHI that is not secured through the use of a technology or methodology that renders protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as specified in guidance issued by the Secretary.

L.     “Breach” shall have the same meaning as the term “breach” in §13400 of the HITECH Act and shall include the unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of such information.

2. Stated Purposes For Which Business Associate May Use or Disclose PHI. The Parties hereby agree that Business Associate shall be permitted to use and/or disclose PHI provided by or obtained on behalf of Covered Entity for the purpose of installation, setup, implementation, support, electronic claims management, follow-up with Insurance companies and patients and day-to-day operational purpose for data maintenance and support.

Stated Purposes For Which Business Associate May Use Or Disclose PHI. Except as otherwise limited in this Agreement, Business Associate shall be permitted to use or disclose PHI provided by or obtained on behalf of Covered Entity to perform those functions, activities, or services for, or on behalf of, Covered Entity that are specified in the underlying Agreement, provided that such use or disclosure would not violate the Privacy rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.

3. Additional Purposes For Which Business Associate May Use Or Disclose Information. In addition to the Stated Purposes, Business Associate may use or disclose PHI provided by, created or obtained on behalf of Covered Entity for the following additional purposes(s) (optional section):

A.    Use of Information For Management, Administration And Legal Responsibilities. Business Associate is permitted to use PHI if necessary for the proper management and administration of Business Associate or to carry out legal responsibilities of the Business Associate, except as otherwise limited in this Agreement.

B.    Disclosure of Information For Management, Administration And Legal Responsibilities. Business Associate is permitted to disclose PHI provided by, or created or obtained on behalf of Covered Entity for the proper management and administration of Business Associate or to carry out legal responsibilities of Business Associate, except as otherwise limited in this Agreement, provided:

1.     The disclosure is required by law: or

2.     The Business Associate obtains reasonable assurances in writing from any third party to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to the third party, the third party will use appropriate safeguards to prevent other use or disclosure of the information, and the third party agrees to immediately notify the Business Associate of any instance of which it is aware in which the confidentiality of the information has been breached.

C.    Data Aggregation Services. Business Associate may also be permitted to use or disclose PHI to provide data aggregation services, as that term is defined by 45 CFR §164.501, if specific authorization is received from the Covered Entity.

4. BUSINESS ASSOCIATE OBLIGATIONS:

A.    Limits on Use and Further Disclosure Established By This Agreement Or Required By Law. Business Associate hereby agrees that the PHI provided by, or created or obtained on behalf of Covered Entity shall not be further used or disclosed other than as permitted or required by this Agreement or as required by law.

B.    Appropriate Safeguards. Beginning as soon as practicable but in no event later than the effective date of the Security Rule, Business Associate shall establish and maintain appropriate safeguards to prevent any use or disclosure of PHI other than as provided for by this Agreement. Appropriate safeguards shall include implementing administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PHI that is created, received, maintained, or transmitted on behalf of the Covered Entity.

C.    Reports of improper Use or Disclosure. Business Associate hereby agrees that it shall report to the Covered Entity within two (2) days of discovery any use or disclosure of PHI not provided for or allowed by this Agreement.

D.    Reports of Security Incidents. Beginning as soon as practicable but in no event later than the effective date of the Security Rule, Business Associate shall report to the Covered Entity within two (2) days of discovery any security incident of which it becomes aware.

E.     Subcontractors and Agents. Business Associate hereby agrees that any time PHI is provided or made available to any subcontractors or agents, Business Associate shall provide only the minimum necessary PHI for the purpose of the covered transaction and shall first enter into a subcontract or contract with the subcontractor or agent that contains the same terms, conditions and restrictions on the use and disclosure of PHI as contained in this Agreement.

F.     Right of Access to PHI. Business Associate hereby agrees to allow an individual who is the subject of PHI maintained in a designated record set, to have access to and copy that individual’s PHI within 10 business days of receiving a written request from the Covered Entity. Business Associate shall provide PHI in the format requested, unless it cannot readily be produced in such format, in which case it shall be provided in standard hard copy. If any individual requests from Business Associate or its agents or subcontractors access to PHI, Business Associate shall notify Covered Entity of same within 5 business days. Business Associate shall further conform with and meet all of the requirements of 45 CFR §164.524.

G.    Amendment and Incorporation of Amendments. Within 10 business days of receiving a request from Covered Entity for an amendment of PHI maintained in a designated record set, Business Associate shall make the PHI available and incorporate the amendment to enable Covered Entity to comply with 45 CFR §164.526. If any individual requests an amendment from Business Associate or its agents or subcontractors, Business Associate shall notify Covered Entity of same within 10 business days.

H.    Provide Accounting of Disclosures. Business Associate agrees to maintain a record of all disclosures of PHI in accordance with 45 CFR §164.528. Such records shall include, for each disclosure, the date of the disclosure, the name and address of the recipient of the PHI, a description of the PHI disclosed, the name of the individual who is the subject of the PHI disclosed, the purpose of the disclosure, and shall include disclosures made on or after the date which is 6 years prior to the request or April 14, 2003, whichever is later. Business Associate shall make such record available to the individual or the Covered Entity within 10 business days of a request for an accounting of disclosures.

I.     Access to Books and Records. Business Associate hereby agrees to make its internal practices, books, and records relating to the use or disclosure of PHI received from, or created or received by Business Associate on behalf of the Covered Entity, available to the Secretary of Health and Human Services or designee for purposes of determining compliance with the HIPAA Privacy Regulations.

J.     Return or Destruction of PHI. At termination of this Agreement, Business Associate hereby agrees to return or destroy all PHI provided by or obtained on behalf of Covered Entity. Business Associate agrees not to retain any copies of the PHI after termination of this Agreement. If return or destruction of the PHI is not feasible due to other Legal or other requirements or reasons, Business Associate agrees to extend the protections of this Agreement to limit any further use or disclosure until such time as the PHI may be returned or destroyed.

K.    Maintenance of PHI. Notwithstanding Section 4(j) of this Agreement, Business Associate and its subcontractors or agents shall retain all PHI throughout the term of the Agreement and shall continue to maintain the information required under §4(h) of this Agreement for a period of six (6) years after termination of the Agreement, unless Covered Entity and Business Associate agree otherwise.

L.     Mitigation Procedures. Business Associate agrees to establish and to provide to Covered Entity upon request, procedures for mitigating, to the maximum extent practicable, any harmful effect from the use or disclosure of PHI in a manner contrary to this Agreement or the Privacy Rule. 45 CFR §164.530(f). Business Associate further agrees to mitigate any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Agreement or the Privacy rule.

M.    Sanction Procedures. Business Associate agrees that it shall develop and implement a system of sanctions for any employee, subcontractor or agent who violates this Agreement or the Privacy rule.

N.    Termination by Covered Entity. Business Associate authorizes termination of this Agreement by the Covered Entity if the Covered Entity determines, in its sole discretion that the Business Associate has violated a material term of this Agreement.

O.    Failure to Perform Obligations. In the event Business Associate fails to perform its obligations under this Agreement, Covered Entity may immediately discontinue providing PHI to Business Associate. Covered Entity may also, at its option, require Business Associate to submit to a plan of compliance, including monitoring by Covered Entity and reporting by Business Associate, as Covered Entity in its sole discretion determines to be necessary to maintain compliance with this Agreement and applicable law.

P.     Permitted Disclosure. Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 42 CFR §164.502(j)(1).

 

5. OBLIGATIONS OF COVERED ENTITY:

A.    Provision of Notice of Privacy Practices. Covered Entity shall provide Business Associate with the notice of privacy practices that the Covered Entity produces in accordance with 45 CFR §164.520, as well as changes to such notice.

B.    Permissions. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by individual to use or disclose PHI of which Covered Entity is aware, if such changes affect Business Associate’s permitted or required uses and disclosures.

C.    Restrictions. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.

D.    Safeguards for Protection of PHI. Covered Entity shall: (a) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, privacy and security of PHI that it creates, receives, maintains, or transmits to Business Associate; (b) protect and safeguard from any oral or written disclosure all PHI, in accordance with applicable statutes and regulations, including, but not limited to, HIPAA and the HITECH Act; (c) implement and maintain appropriate policies and procedures to protect and safeguard PHI; (d) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted or Required by Law; and (e) otherwise comply with the standards and requirements of HIPAA and the HITECH Act. Covered Entity shall notify Business Associate of any material change to any aspect of its security safeguards.

6. TERM AND TERMINATION:

 

A.    Term and Termination. This Agreement shall become effective on the Effective Date and remain in effect for the entire term of the Underlying Agreement, or until otherwise terminated as set forth herein.

B.    Termination for Cause. Upon the occurrence of a material breach of this Agreement by one of the parties (the “Breaching Party”), the other party shall: (a) provide an opportunity for the Breaching Party to cure the breach or end the violation and, if the Breaching Party does not cure the breach or end the violation within the time specified, terminate this Agreement; (b) immediately terminate this Agreement if the Breaching Party has breached a material term of this Agreement and cure is not possible; or (c) if neither termination nor cure is feasible, report the violation to the Secretary.

C.    No Feasible Return/Destruction of PHI. Due to the nature of the services provided by Business Associate to or on behalf of COVERED ENTITY and/or COVERED ENTITY’s Client pursuant to the Underlying Agreement, Business Associate may be required to retain copies of information used by Business Associate on behalf of COVERED ENTITY and/or COVERED ENTITY’s Clients. Consequently, if the return or destruction of PHI held or received by Business Associate is not feasible; Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI. Business Associate shall remain bound by the provisions of this Agreement, even after termination of this Agreement and/or the Underlying Agreement, until such time as all PHI has been returned or otherwise destroyed as provided in this section.

D.    Effect of Termination. All rights, duties and obligations established in this Agreement shall survive termination of this Agreement.

7. INDEMNIFICATION:

A.    Indemnification. Each party shall indemnify, hold harmless and defend the other party to this Agreement from and against any and all claims, losses, liabilities, costs and other expenses incurred as a result of, or arising directly or indirectly out of or in connection with: (i) any misrepresentation, breach of warranty or non-fulfillment of any undertaking on the part of the breaching party under this Agreement; and (ii) any claims, demands, awards, judgments, actions and proceedings made by any person or organization arising out of or in any way connected with the breaching party’s performance or non-performance, as applicable, of its obligations under this Agreement.

8. OTHER PROVISIONS:

 

A.    Construction. This Agreement shall be construed as broadly as necessary to implement and comply with HIPAA and the HIPAA regulations. The parties agree that any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with HIPAA and the HIPAA regulations.

B.    Notice. All notices and other communications required or permitted pursuant to this Agreement shall be in writing, addressed to the party at the address set forth in the Underlying Agreement, or to such other address as either party may designate from time to time. All notices and other communications shall be mailed by registered or certified mail, return receipt requested, postage pre‑paid, or transmitted by hand delivery or telegram. All notices shall be effective as of the date of delivery of personal notice or on the date of receipt, whichever is applicable.

C.    Amendment. This Agreement may only be amended through a writing signed by the parties and, thus, no oral modification hereof shall be permitted. The parties agree to take such action as is necessary to amend this Agreement from time to time to ensure consistency with amendments to and changes in applicable federal and state laws and regulations, including, but not limited to, HIPAA. This Agreement constitutes the entire agreement between the parties. No oral statement or prior written material not specifically mentioned herein shall be of any force or effect and no change in or addition to this Agreement shall be recognized unless evidenced by a writing executed by PracticeSuite and Business Associate, such amendment(s) to become effective on the date stipulated therein.

D.    Assignment. BUSINESS ASSOCIATE has entered into this Agreement in specific reliance on the expertise and qualifications of PracticeSuite. Consequently, Business Associate’s interest under this Agreement is entitled to terminate this Agreement if the Business Associate is not satisfied with the transferred or assigned or assumed entity.

E.     Governing Law and Venue. This Agreement has been executed and delivered in, and shall be interpreted, construed, and enforced pursuant to and in accordance with the laws of the State of California, without giving effect to the application of conflicts of laws. To the fullest extent permitted by law, the parties hereto hereby (i) submit to the jurisdiction of the California and United States courts of the California judicial circuit and the federal district, respectively, wherein lies Alameda County, California for the purposes of any legal action or proceeding brought under or involving this Agreement; (ii) agree that exclusive venue for any such action or proceeding shall be in Alameda County, California or the County of PracticeSuite primary business address; and (iii) waive any claim that the same is an inconvenient forum.

F.     Headings. Headings contained in this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement.

G.    Binding Effect. This Agreement shall be binding upon, and shall inure to the benefit of, the parties hereto and their respective permitted successors and assigns.

H.    Counterparts. This Agreement may be executed in multiple counterparts, each of which shall constitute an original and all of which shall constitute but one Agreement.

I.     Gender and Number. The use of the masculine, feminine or neuter genders, and the use of the singular and plural, shall not be given an effect of any exclusion or limitation herein. The use of the word “person” or “party” shall mean and include any individual, trust, corporation, partnership or other entity.

J.     Priority of Agreement. If any portion of this Agreement is inconsistent with the terms of the Underlying Agreement, the terms of this Agreement shall prevail. Except as set forth above, the remaining provisions of the Underlying Agreement are to be ratified in their entirety.

K.    No Construction Against Drafter. This Agreement is not to be construed against the drafting party.

L.     Authority to Contract. Each party represents and warrants that said party is authorized to enter into this Agreement and to be bound by the terms of it.

I have Read and Accept this End-User Software Subscription & HIPAA Business Associate Agreement.