PRODUCT SPECIFIC TERMS
To the extent Net Health Systems, Inc., or one of its wholly owned subisidiaries (collectively, “Net Health”) has agreed to provide CUSTOMER with use and access to one of the specified products described below in conjunction with CUSTOMER’s use of certain software, the terms and conditions for such specified product or feature shall apply to CUSTOMER’s use thereof.
Net Health Billing Module
NET HEALTH BILLING MODULE
CPT END USER AGREEMENT
This CPT End User Agreement governs CUSTOMER’s rights to utilize the Current Procedural Terminology (“CPT”) codes, hereinafter referred to as “Editorial Content” or “CPT Editorial Content” contained within Net Health System, Inc.’s (“Net Health”) Billing Module. To the extent that CUSTOMER has access to Net Health’s Billing Module pursuant to an underlying agreement, this CPT End User Agreement applies. CPT is copyrighted by the American Medical Association (the “AMA”) and CPT is a registered trademark of the AMA.
- Grant of Rights, Restrictions and Obligations
1.1 CUSTOMER’s right to utilize the CPT Editorial Content is nontransferable, nonexclusive, and solely for CUSTOMER’s internal use within any of the following locations: Algeria, Argentina, Australia, Bahamas, Belgium, Bermuda, Brazil, British Virgin Islands, Canada, Cayman Islands, Chile, China, Colombia, Costa Rica, Denmark, Dominican Republic, Ecuador, El Salvador, Finland, France, Germany, Guatemala, Hong Kong, India, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Republic of Korea (South Korea), Lebanon, Mexico, New Zealand, Norway, Panama, Philippines, Portugal, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Thailand, Turkey, United Arab Emirates, United Kingdom, United States and its territories, and/or Venezuela.
1.2 Provision of updated CPT Editorial Content in the Billing Module is dependent on continuing contractual relationship between Net Health and the AMA.
1.3 CUSTOMER must ensure that anyone with authorized access to the Billing Module will comply with the provisions of this End User Agreement.
1.4 Users of CPT Editorial Content are defined as follows: “User” means an individual who:
(a) accesses, uses, or manipulates CPT Editorial Content contained in the Software; or
(b) accesses, uses, or manipulates the Software to produce or enable an output (data, reports, or the like) that could not have been created without the CPT Editorial Content embedded in the Software even though CPT Editorial Content may not be visible or directly accessible; or
(c) makes use of an output of the Software that relies on or could not have been created without the CPT Editorial Content embedded in the Software even though CPT Editorial Content may not be visible or directly accessible.
1.5 End User shall cooperate with Net Health to the extent necessary to calculate Users in order that Net Health may accurately report and pay royalties to the AMA.
U.S. Government Rights
2.1 This product includes CPT which is commercial technical data, which was developed exclusively at private expense by the American Medical Association (AMA), 330 North Wabash Avenue, Chicago, Illinois 60611. The AMA does not agree to license CPT to the Federal Government based on the license in FAR 52.227-14 (Data Rights – General) and DFARS 252.227-7015 (Technical Data – Commercial Items) or any other license provision. The AMA reserves all rights to approve any license with any Federal agency.
3.1 This CPT End User Agreement limits, to the extent possible under the applicable laws, the warranties and liability for Editorial Content as contained in the Billing Module. The CPT Editorial Content as contained in the Billing Module is provided “as is” without any liability to the AMA, including without limitation, no liability for consequential or special damages, or lost profits for sequence, accuracy, or completeness of data, or that it will meet CUSTOMER’s requirements. The AMA’s sole responsibility is to make available to Net Health replacement copies of the CPT Editorial Content if the data is not intact. The AMA disclaims any liability for any consequences due to use, misuse, or interpretation of information contained or not contained in the CPT Editorial Content.
3.2 This CPT End User Agreement will terminate in the event of default and failure to cure within the applicable cure period.
3.3 In the event that a court or regulatory body having proper authority and jurisdiction determines that a provision of this CPT End User Agreement violates any applicable law or is otherwise unenforceable, the remainder of this CPT End User Agreement will remain in full force and effect.
3.4 The AMA is a third-party beneficiary of this CPT End User Agreement(s).
3.5 CUSTOMER grants Net Health permission to provide the AMA with CUSTOMER’S name for the sole purpose of reporting CPT Editorial Content royalties.
TISSUE ANALYTICS APPLICATION
Please review the entire policy to learn the types of End User information Tissue Analytics gathers, how Tissue Analytics uses that End User information, what End User information is disclosed and to what third parties, and how Tissue Analytics safeguards your End User information.
I. Information Tissue Analytics Collects
A. Personal Information and Non-Identifying Information
We may ask you for personally identifiable information if, for example, you contact us requesting information or a demonstration of our services. This refers to information about you that can be used to contact or identify you (“Personal Information”). Personal Information includes, but is not limited to, your full name, email address, and any other information that could be used to personally identify you.
We also collect other information that you provide as part of registration and the administration and personalization of your account with us that does not identify you (“Non-Identifying Information”). Non-Identifying Information includes, but is not limited to, individual preferences. Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your gender only or your viewing preferences).
We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) mainly to provide the Software and attendant services, facilitate and complete transactions for you, and respond to correspondence from you. We may also use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or update your account information.
We may also combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve the quality and value of the Software, and to analyze and understand how the Software is used.
B. Usage Data
When you use the Software, our servers automatically record information referred to as “Usage Data.” This Usage Data may include information such as the manufacturer and model of your device; your Internet Service Provider (ISP); your device’s Internet Protocol (“IP”) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; Software access times and dates; information you search for in the Software; and other statistics.
We use this information for technical administration of the Software and attendant services, including to monitor and analyze use of the Software, to increase the functionality and user-friendliness of the Software, and to better tailor the Software to End Users’ needs.
Usage Data may be non-identifying or it may be associated with you. Whenever we associate Usage Data with Personal Information, we will treat it as Personal Information.
II. Collection of Information
We request certain information from you through the use of forms when you send us correspondence through the Software.
C. Usage Data
Usage Data are collected automatically by our servers. For example, because the Software automatically collects Usage Data for all End Users that use the Software, your use of the Software will be tracked. We may collect and use technical data and related information, including technical information about your device, system and application software, and peripherals, to maintain and support the Software generally.
Additionally, in some of our email messages, Tissue Analytics may use a “click-through URL” linked to content on the Software. When an End User clicks onto one of these URLs, the End User will pass through our server before arriving at the destination Web page. Tissue Analytics tracks this click-through data to help us determine End User interest in certain subject matter and measure the effectiveness of these End User communications. You can avoid being tracked in this way by not clicking text or graphic links in emails from Tissue Analytics.
Finally, we may use clear gifs or pixel tags, which are tiny graphic images, in order: (i) to advise us of what parts of the Software End Users interact with, (ii) to measure the effectiveness of any searches End Users perform, and (iii) to enable us to send emails in a format that End Users can read and tell us whether such emails have been opened in order to ensure us that we are sending messages that are of interest to End Users.
D. Public Communications
Please note that if you use any bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Software, or post any information available for viewing by other End Users, any of the information that you share will be visible to other End Users. The information that you make available can be read, used, and collected by other End Users to send you unsolicited messages. Tissue Analytics is not responsible for the manner in which the Personal Information that you decide to share will be used by other End Users.
III. HOW WE USE YOUR PERSONAL INFORMATION
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL INFORMATION
We will only use your Personal Information when the law permits such use. Most commonly, we will use your Personal Information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include:
- To provide you with information that you requested;
- To improve our services, to customize your experience, or to serve you specific content that is most relevant to you;
- To contact you with regard to your requests or use of any use of our services and, in our discretion, changes to any of our services and/or any of our policies;
- For internal business purposes such as complying with our internal policies;
- To protect our interests, including establishing, exercising and defending legal rights and claims.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your Personal Information other than in certain instances.
We may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your data.
We will get your express opt-in consent before we share your Personal Information with any company outside Tissue Analytics for marketing purposes.
CHANGE OF PURPOSE
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact Us at firstname.lastname@example.org.
We will not use your previously collected Personal Information in a manner materially different than represented at the time it was collected without your consent or explaining our legal basis for doing so.
Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
IV. DISCLOSURES OF YOUR PERSONAL INFORMATION
Tissue Analytics’ policy is not to share the End User information it collects with third parties other than as specified below, or where an End User expressly consents to our sharing of certain information with a third party. We may have to share your Personal Information for the purposes set out below. We require third parties to respect the security of your Personal Information and to treat it in accordance with the law. We may share End User information with third parties under the following circumstances:
A. Business Partners and Vendors
We may employ third party companies and individuals for any of the following: to facilitate operation of the Software and attendant services; to provide the Software and attendant services, or portions thereof, on our behalf; to perform related services, including without limitation, maintenance services, database management, fulfillment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how the Software is being used.
C. Business Transfers
D. Legal Process
Subject to applicable law, we may disclose information about you (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity.
E. Aggregate End User Information
We may release aggregate End User information (without revealing any Personal Information about you) to advertisers and other third parties in order to promote or describe use of the Software.
The above does not affect your legal rights under the relevant data protection legislation of your country.
V. International Transfer
Tissue Analytics controls and operates services related to the Software from its offices in the United States of America.
When you access the Software from outside the United States, your information may be transferred to and maintained on computers and servers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
VI. Changing or Deleting Your Information
All End Users who have created an account through the Software may review, update, correct or delete the Personal Information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated.
We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. For example, we use commercially reasonable security measures such as encryption, firewalls, and secure socket layers (SSL) to protect End User information.
We limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality.
Please note that no security system is impenetrable. Accordingly, we do not guarantee the security of our databases, nor that information you supply won't be intercepted while being transmitted to us over the Internet or other network. We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
VIII. DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL INFORMATION?
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
IX. YOUR EUROPEAN PRIVACY RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. You have the right to:
You have the right to request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
You also have the right to request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing
You may object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing
This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of Personal Information to you or a third party
We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you wish to exercise any of the rights set out above, please Contact Us at email@example.com.
No fee usually required
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
X. Changes To The Privacy Notice
XI. Children’s Privacy
We are committed to protecting the privacy of children. End Users must be at least thirteen (13) years of age to access and use the Software. Any access to or use of the Software by anyone under the age of thirteen (13) is unauthorized, unlicensed, and in violation of the Agreement. By using the Software, you represent and warrant that you are thirteen (13) years of age or older and that you agree to and agree to abide by all of the terms and conditions of the Agreement. If Tissue Analytics believes that you are under the age of thirteen (13) or that you are not old enough to consent to and be legally bound by the Agreement, Tissue Analytics may, at any time, in its sole discretion, and with or without notice: (i) terminate your access to or use of the Software (or any portion, aspect, or feature of them), or (ii) delete any content or information that you have posted through the Software.
XII. Contacting Us
We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any EEA member requests to exercise your applicable legal rights, please contact us using the details set out below.
Our full details are:
Full name of legal entity: Tissue Analytics, Inc.
Email address: firstname.lastname@example.org
Attention: Joshua Budman
3 S. Frederick St., Ste 800
Baltimore, MD 21202
If you are based in the EU, you have the right to make a complaint at any time to the relevant supervisory authority for your member state. The supervisory authority in the UK for data protection issues is the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us in the first instance.
THE SOFTWARE IS INTENDED TO BE USED IN THE CONTEXT OF CERTAIN HEALTHCARE SETTINGS. WHEN USED IN SUCH SETTINGS, CUSTOMER AND ITS AUTHORIZED PROVIDERS ARE ULTIMATELY RESPONSIBLE FOR FOLLOWING ALL APPLICABLE MEDICAL PROTOCOLS AND POLICIES AND FOR ANY MEDICAL CARE AND HEALTHCARE SERVICES RENDERED TO INDIVIDUALS. ANY GUIDANCE PROVIDED OR SUGGESTED BY NET HEALTH, THROUGH THE SOFTWARE OR OTHERWISE, THAT MAY BE INTERPRETED AS RELATING TO MEDICAL PROTOCOLS AND POLICIES OR THE MEDICAL CARE OR HEALTHCARE SERVICES RENDERED TO INDIVIDUALS IS PURELY ADVISORY IN NATURE AND SHOULD NOT BE SUBSTITUTED FOR A HEALTHCARE PROVIDER’S PROFESSIONAL JUDGMENT. NET HEALTH DOES NOT WARRANT THAT THE SOFTWARE CAN OR WILL DIAGNOSE ANY MEDICAL CONDITION, DETECT RISK FACTORS RELEVANT TO ANY MEDICAL CONDITION; OR PROVIDE ANY TREATMENT DECISIONS OR RECOMMENDATIONS RELATED TO A MEDICAL CONDITION. NET HEALTH DISCLAIMS, AND CUSTOMER RELEASES NET HEALTH FROM, ANY AND ALL LIABILITY RELATING TO PERSONAL INJURY, MEDICAL MALPRACTICE, OR OTHER CLAIMS RELATING TO ADHERENCE TO APPLICABLE MEDICAL PROTOCOLS AND POLICIES AND MEDICAL CARE AND HEALTHCARE SERVICES RENDERED TO INDIVIDUALS.
ELECTRONIC PRESCRIPTION OF CONTROLLED SUBSTANCES
- EPCS Accounts.Subject to the terms and conditions set forth herein, the Agreement and the additional terms and conditions of DrFirst, as set forth on the DrFirst website, Net Health agrees to provide CUSTOMER with the number of electronic prescribing controlled substances account(s) (the “EPCS Account(s)”) as specified on the applicable Purchase Schedule, for purposes of CUSTOMER’s and its Prescribing Providers’ (as defined below) use and access of the EPCS Feature of the Software.
- Prescribing Providers.Each EPCS Account shall be assigned to a specific provider (the “Prescribing Provider(s)”, each of which is listed on the applicable Purchase Schedule). Each Prescribing Provider must properly register through the Software and the DrFirst website. As part of the two-factor authentication requirement for the EPCS Feature, Net Health will provide each Prescribing Provider with a complimentary Identity-Proof Hard Token (“IDP Hard Token”) and one complimentary replacement IDP Hard Token and confirmation letter in the event the IDP Hard Token is lost, damaged or inoperable. Thereafter, CUSTOMER shall pay Net Health’s then-current Fees for each additional IDP Hard Token and confirmation letter, as applicable. In the event a Prescribing Provider secures and elects to use an Identity-Proof Soft Token (“IDP Soft Token”), provided by a third-party, (e.g. Symantec mobile application, etc.), the IDP Soft Token must be downloaded/stored on a separate device from the computer or device on which the Prescribing Provider gains access to the EPCS Feature and transmits prescriptions. (The IDP Hard Token and IDP Soft Token are sometimes referred to generally as an “IDP Token”).
- CUSTOMER Responsibilities. CUSTOMER and each Prescribing Provider understand and agree: (a) to retain sole possession of the IDP Hard Token, and not to share the login passphrase with any other person; (b) that it shall not allow any other person to use an IDP Token or enter the login passphrase in order to sign controlled substance prescriptions; (c) that failure to secure the IDP Token, login passphrase, or any biometric information may provide a basis for revocation or suspension of the EPCS Account; (d) to notify Net Health within one business day of discovery if: (i) CUSTOMER or a Prescribing Provider is contacted by a pharmacy because one or more controlled substance prescriptions are displaying the incorrect United States Drug Enforcement Administration (the “DEA”) number; (ii) if CUSTOMER or a Prescribing Provider discover that one or more controlled substance prescriptions issued using a Prescribing Provider DEA number were not consistent with the prescriptions actually signed, or were not signed at all; (iii) if a Prescribing Provider’s IDP Token has been lost, stolen, or the authentication protocol has been compromised in any way; (e) that the Prescribing Provider is responsible for any controlled substance prescriptions written using its two-factor authentication credential; (f) that Prescribing Providers have the same responsibilities when issuing electronic prescriptions for controlled substances as when issuing paper or oral prescriptions; (g) to prescribe controlled substances only for legitimate medical purposes; (h) to review security logs on a daily basis for any security incidents; and (i) to report to the DEA any security incident and provide Net Health with a copy of such report. CUSTOMER agrees to keep all security incident reports on file for a period of two (2) years.
- EPCS Account Fees.In consideration of CUSTOMER’s use of the EPCS Account(s), CUSTOMER shall pay to Net Health the Fees set forth in the applicable Purchase Schedule. Payment of Fees is due in accordance with the terms set forth in the Purchase Schedule. Fees are subject to increase no more than once per year.
- Patient Confidentiality; Compliance with Laws.All patient information exchanged through the EPCS Feature is strictly confidential and subject to the protections of the Health Insurance Portability and Accountability Act of 1996, as amended by Title XIII, Subtitle D of the American Recovery and Reinvestment Act of 2009 (collectively, “HIPAA”) and the privacy, security and breach notification regulations promulgated pursuant to HIPAA, including, but not limited to, 45 C.F.R. Parts 160 and 164, as may be amended from time to time, and all applicable state laws and regulations that govern the confidentiality, privacy and security of patient information. By using the EPCS Feature, CUSTOMER, and each Prescribing Provider, agrees to comply with all applicable Federal and state laws and regulations. Specifically, CUSTOMER is solely responsible for knowing and complying with all applicable federal and state laws and regulations with respect to electronic prescriptions for controlled substances. CUSTOMER and each Prescribing Provider expressly acknowledge that the DEA explicitly prohibits Prescribing Providers from using a computer, or device to transmit a prescription if the applicable Prescribing Provider’s IDP Token is on the same computer, or device. CUSTOMER and each of its Prescribing Providers expressly agree to abide by this prohibition. CUSTOMER is required to obtain from a patient any consents or authorizations required by applicable law before sending such patient’s information through the EPCS Feature. CUSTOMER is required to retain any information about the patient information that it discloses through the EPCS Feature that applicable laws require, including, but not limited to, the accounting of disclosures under HIPAA. CUSTOMER will immediately report to Net Health any attempted or successful unauthorized use, disclosure, modification, or destruction of patient information through the EPCS Feature.
- Third Party Product.CUSTOMER acknowledges that the EPCS Feature is a third party component used in conjunction with the Software (“Third Party Product”). CUSTOMER acknowledges that continued usage of such Third Party Product(s) is contingent on Net Health’s continued relationship with such Third Party Product vendor. Net Health makes no representation or warranty with respect to such Third Party Products sold or licensed to CUSTOMER. Net Health shall not be liable for any damages, costs, or expenses, direct or indirect, arising out of the performance or failure to perform of the Third Party Products. Furthermore, when using the EPCS Feature of the Software, information will be transmitted over a medium that may be beyond the control and jurisdiction of Net Health and its Third Party Product suppliers and licensors. Net Health assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other information transmitted in connection with use of the EPCS Feature of the Software.
SES DIRECT ACCOUNT
- SES Direct Account. Net Health will provide CUSTOMER with the requested number of SES Direct Account(s) (the “Account(s)”) specified on an applicable Purchase Schedule for purposes of sending direct messages related to patient care to other SES Direct Account users. The Fees and terms of payment are as specified in the applicable Purchase Schedule.
- User ID and Password. Access to the Account(s) is protected by user name and password (collectively an “ID”). CUSTOMER IDs are personal to each user and must not be shared with other users. CUSTOMER agrees to keep IDs confidential and not to share or permit use of an ID by anyone other than the specified Account user. CUSTOMER agrees to immediately notify Net Health if it becomes aware of any unauthorized use of an ID.
- Use of Direct Email. CUSTOMER may only use SES Direct Account to send and receive Protected Health Information or other information related to the provision of health care to the extent permissible under all applicable laws. CUSTOMER expressly agrees not use SES Direct Account to send or receive any information that: (1) is defamatory, libelous, abusive, or obscene, including, without limitation, material which encourages conduct that would constitute a criminal offense, give rise to civil liability or otherwise violate any applicable local, state, federal, or international law or regulation; (2) knowingly infringes on the copyright or any other proprietary right of a third party; (3) would invade the privacy of any other person; (4) is intended to advertise to or solicit others without our express written authorization; (5) constitutes charity solicitations, chain letters or pyramid schemes; or (6) contains a virus, worm, unauthorized cookies, trojans, malicious software, “malware,” time bomb, or any other harmful program, routine, subroutine or component.
You further expressly agree that you will not: (a) after receiving warning, continue to send or receive material which we have advised you not to send or receive; (b) create a false identity or forged messaging or e-mail address or header, or otherwise attempt to mislead others as to the identity of the sender or the origin of the message; (c) post, generate or disseminate so-called "spam" or mass-mailings; (d) harvest or otherwise collect information about others without their written consent; (e) interfere with or disrupt networks connected to CVDM; (f) attempt to gain unauthorized access to restricted areas of CVDM, other accounts, computer systems or networks connected to CVDM through password mining or any other means; or (g) interfere with another user's use of CVDM.
- Patient Confidentiality; Compliance with Laws. All patient information exchanged through SES Direct Account is strictly confidential and subject to the protections of the Health Insurance Portability and Accountability Act of 1996, as amended by Title XIII, Subtitle D of the American Recovery and Reinvestment Act of 2009 (collectively, “HIPAA”) and the privacy, security and breach notification regulations promulgated pursuant to HIPAA, including, but not limited to, 45 C.F.R. Parts 160 and 164, as may be amended from time to time, and all applicable state laws and regulations that govern the confidentiality, privacy and security of patient information. By using SES Direct Account, CUSTOMER agrees to comply with all applicable Federal and state laws and regulations. CUSTOMER is required to obtain from a patient any consents or authorizations required by applicable law before sending such patient’s information through SES Direct Account. CUSTOMER is required to retain any information about the patient information that it discloses through SES Direct Account that applicable laws including, but not limited to, the accounting of disclosures under HIPAA, require that you keep. CUSTOMER will immediately report to Net Health any attempted or successful unauthorized use, disclosure, modification, or destruction of patient information through SES Direct Account. If CUSTOMER inadvertently receives patient information through SES Direct Account, CUSTOMER will immediately notify the sender of the information that it has inadvertently received such information and will immediately delete such message.
- Secure Messages. SES Direct Account provides a means for CUSTOMER to communicate electronically with other users of SES Direct Account. Please note that the subject lines of messages sent through SES Direct Account are not encrypted. Therefore, CUSTOMER agrees to refrain from including any Protected Health Information in the message subject line. CUSTOMER agrees to take all additional steps necessary to ensure that the text of messages and all attachments comply with the terms and conditions set forth herein.
CUSTOMER is solely responsible for all of the content of all messages that CUSTOMER sends through SES Direct Account including, but not limited to, properly addressing the message to the intended recipient. NET HEALTH IS NOT LIABLE OR RESPONSIBLE FOR THE DELIVERY OR THE FAILURE TO DELIVER ANY IMPROPERLY OR INCORRECTLY ADDRESSED MESSAGE.
- Healthcare Organizations.
- Access to Data. From time to time certain third-party payer or provider entities (which may include health plans, managed care organizations, hospitals, accountable care organizations, medical groups, physicians or similar entities) (each a “Healthcare Organization”) with whom CUSTOMER is working may request data from PointRight related to the Healthcare Organization’s members or patients or related to an Authorized Site’s quality and performance measures. CUSTOMER hereby grants PointRight permission to share such data with the Healthcare Organizations for the purpose of improving quality of care for such members or patients.
- Payment of Fees. Certain Healthcare Organizations may require that its providers utilize the Software. Accordingly, a Healthcare Organization may pay all or part of the CUSTOMER’s Fees for a defined period of time in order to facilitate the Healthcare Organization’s ongoing efforts to improve the quality of care for its members or patients, as stated in the Healthcare Organization Network Participation Program (“Program”) Terms attached to this Agreement as Addendum 4. If at any time during the Initial or any Renewal Term the Client ceases to be a Program participant, then Client will promptly notify PointRight.
- Additional Disclaimers.
CUSTOMER ACKNOWLEDGES AND AGREES THAT THE SOFTWARE IS INTENDED TO SUPPORT CUSTOMER’S QUALITY ASSURANCE AND PERFORMANCE IMPROVEMENT EFFORTS. ACCORDINGLY, CUSTOMER WILL USE THE SOFTWARE WITH THE DIRECTION AND OVERSIGHT OF CUSTOMER’S QUALITY ASSURANCE COMMITTEE ESTABLISHED PURSUANT TO C.F.R.§ 483.75(O) AND QUALITY ASSURANCE AND PERFORMANCE IMPROVEMENT PRACTICES (“QAPI”) REQUIRED BY § 6201(C) OF THE PATIENT PROTECTION AND AFFORDABLE CARE ACT (“ACA”). POINTRIGHT IS ONLY PROVIDING DATA ANALYTICS CONSULTING SERVICES, AND NOT ASSUMING A FORMAL CLINICAL OR REGULATORY ROLE FOR CUSTOMER.
THE SOFTWARE, INCLUDING WITHOUT LIMITATION, FEEDBACK ON DATA INTEGRITY OR QUALITY (CLINICAL OR OTHERWISE), ARE NOT INTENDED TO GIVE, AND SHALL NOT BE CONSTRUED AS, SPECIFIC RECOMMENDATIONS FOR THE DIAGNOSIS OR TREATMENT OF ANY MEDICAL CONDITION OR PLACEMENT OF A PATIENT IN ANY PARTICULAR CARE ENVIRONMENT. THE SOFTWARE IS INTENDED TO PROMOTE A MORE ACCURATE ASSESSMENT, INDICATING WHERE THERE MAY BE ERRORS OR OMISSIONS REQUIRING CORRECTION, AND PROMPTING MORE COMPLETE AND ACCURATE DOCUMENTATION OF ASSESSMENTS PERFORMED BY CUSTOMER AND ITS PERSONNEL. THE SOFTWARE DOES NOT INCLUDE ANY DIRECT ASSESSMENT OF ANY RESIDENT OR PATIENT, NOR THE RENDERING OF ANY OPINION REGARDING THE CLINICAL DIAGNOSIS OR TREATMENT OF ANY PATIENT. ALL PATIENT CARE AND ACTIVITIES RESULTING FROM DECISIONS OF CUSTOMER AND ITS PERSONNEL, ARE THE SOLE RESPONSIBILITY OF CUSTOMER. ALL MEDICAL PRACTICE MANAGEMENT, PATIENT CARE AND PLACEMENT DECISIONS MADE IN WHICH THE SOFTWARE MAY BE UTILIZED, AND THE CONSEQUENCES THEREOF, WILL BE THE EXCLUSIVE RESPONSIBILITY OF CUSTOMER AND ITS PERSONNEL.
- Infeasability of Return or Destruction of PHI. Because of the integration of CUSTOMER’s Protected Health Information (“PHI”) into Net Health’s data models, as part of its ongoing development, auditing and improving data quality and developing, auditing, validating, evaluating, improving, maintaining, and using Net Health’s data integrity tests, performance benchmarks, algorithms, metrics, scoring systems, predictive models, and decision support tools it is infeasible for Net Health to return CUSTOMER’s PHI to CUSTOMER upon termination of the service agreement and/or Business Associate Agreement between the parties. Notwithstanding anything to the contrary set forth in the services agreement and/or Business Associate Agreement, Net Health hereby notifies CUSTOMER that it will not return to CUSTOMER or destroy all PHI upon termination of the services agreement and or Business Associate Agreement. At all times thereafter, Net Health will extend all protections, limitations, and restrictions contained in the Business Associate Agreement to Net Health’s use or disclosure of any retained PHI, and to limit further uses and/or disclosures to the purposes that make the return or destruction of the PHI infeasible.
- Clinisign. The following applies only if CliniSign is included on a Purchase Schedule:
- By using CliniSign, CUSTOMER is giving Optima permission to send documents to physicians and other healthcare providers (collectively, “Healthcare Providers”) for electronic signature. The permission and access to records is initiated through the CliniSign enrollment process where a link is established with the individual Healthcare Provider. To revoke permission and access to records, CUSTOMER must remove the link for the Healthcare Provider. CUSTOMER agrees that the Healthcare Provider is entitled to transmit, receive, or exchange Protected Health Information as directed by CUSTOMER and in compliance with HIPAA.
- Prior to establishing a link for a specific Healthcare Provider, CUSTOMER agrees to inform the Healthcare Provider that they may receive automated communications by email, text, or both from CliniSign. By providing a Healthcare Provider’s cell phone number or email address, CUSTOMER agrees that the Healthcare Provider has given permission to CUSTOMER for CliniSign to send emails and automated text messages to the Healthcare Provider and has informed the Healthcare.