OptiMantra Inc. User Agreement


THIS IS A LEGALLY BINDING AGREEMENT between OptiMantra, Inc., a Delaware corporation ("we" or "us") and you (“you”), as a user of our on-line health record system.   BY CLICKING "SIGN UP" OR “I AGREE” OR THROUGH THE CONTINUED USE OF THE SYSTEM, YOU ARE UNDERTAKING LEGAL OBLIGATIONS AND CONFERRING LEGAL RIGHTS.  Please read this agreement as well as Attachment A (Business Associate Agreement) and Attachment B (Minimum System Requirements) carefully, and do not click "Sign up" or “I agree” or continue use of the System unless you agree fully with its terms.  You and we are collectively referred to as the "Parties."

 

Agreement

1. Definitions

For the purposes of this Agreement, the terms set forth in this section have the meanings assigned to them below. Terms not defined below (whether or not capitalized) have the definitions given them in HIPAA, unless the context requires otherwise:

"Authorized Workforce" means those members of your Workforce who are individually authorized by you and us to have access to the System to assist you in providing treatment and obtaining payment for treatment, and to whom we have assigned a unique identifier for access to the System.

"Confidential Information" means any information concerning our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. Confidential Information shall not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of the terms of this Agreement by you. Confidential Information does not include individuals' health information.

"HIPAA" means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule.

"HITECH Act" means the Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

“Membership Agreement” shall mean that agreement entered into between You and Us, specifying the terms upon which the terms of membership are memorialized. The Membership Agreement shall dictate terms such as price, term, and renewal option, among others, that manage the terms of granting access to the System and Services.

"Personal Information" means information that identifies you personally as a user of the System, and all information concerning you and your use of the System that is not Protected Health Information.

"Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.

"Protected Health Information" has the meaning given it in the Privacy Rule, and includes all individually identifiable health information concerning your patients that you provide to the System.

"Security Rule" means the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 160 and part 164, subparts A and C.

"Services" means the services of the System to which you have been granted access, which may include the Electronic Medical Records service, the Patient Appointment service, the Reference service, the Symptoms Questionnaire and Toolset service, and other services.

"System" means the electronic communication network from time to time operated by us, including all software used or provided by us, and all such software installed at or accessed from your site, and all documentation provided by us in connection with the System, paper or electronic.

"Term" means the initial term and all renewal terms of this Agreement as provided in Section 15.

"User" means you and any other user of the System.

"User ID" means a unique user identification assigned to an individual User pursuant to Section 3.7.

"Workforce" means employees, agents and independent contractors.

"Your Health Information" means Protected Health Information that you or your Workforce enter into the System.

"Your Site" means the location you provided us upon registration, and such other location or locations you may use from time to time.

2. Grant of Right to Use Services

     2.1     We grant to you and you accept a non-exclusive, personal, nontransferable, limited right to have access to and to use the System, and a non-exclusive, personal, nontransferable, limited license to use any computer software furnished by us for access to or use of the System, for the purpose of obtaining the Services during the Term, subject to your full compliance with the terms and conditions set forth in this Agreement. You will not: (a) use the System for time-sharing, rental or service bureau purposes; (b) make the System, in whole or in part, available to any other person, entity or business except for the Authorized Workforce; (c) copy, reverse engineer, decompile or disassemble the System, in whole or in part, or otherwise attempt to discover the source code to the software used in the System; or (d) modify the Services or the System or associated software or combine the Services or the System with any other software or services not provided or approved by us. You will obtain no rights to the System except for the limited rights to use the System expressly granted by this Agreement.

     2.2     The System may include certain third-party software and services, which may require that you enter into separate subscription or licensing agreements with third-party vendors. We may also make available optional services provided by third parties, such as data and clinical laboratory reporting services. You agree to comply with, and upon request to execute, such agreements as may be required for the use of such software or services, and to comply with the terms of any license or other agreement relating to third-party products included in the System or made accessible to you through the System. Your use of the System or of such third-party products or services will constitute your agreement to be bound by the terms of all licensing, subscription and similar agreements relating to such use.

3. Access to the System

     3.1     Verification. You agree that your use of the System is subject to verification by us of your identity and credentials as a health practitioner and to your ongoing qualification as such. You agree that we may use and disclose your Personal Information for such purposes, including (without limitation) making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. You agree that we may terminate your access to or use of the System at any time if we are unable at any time to determine or verify your qualifications or credentials.

     3.2     Permitted Uses. Subject to the terms of this Agreement, you may use Your Health Information for any purpose expressly permitted by applicable law. You agree that you will not access the System or use the Services for any other purposes. In particular:

          3.2.1.1     You will not reproduce, publish, or distribute content in connection with the System that infringes any third party's trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;

          3.2.1.2     You will comply with all applicable laws, including laws relating to maintenance of privacy, security, and confidentiality of patient and other health information and the prohibition on the use of telecommunications facilities to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;

          3.2.1.3     You will not: (a) abuse or misuse the System or the Services, including gaining or attempting to gain unauthorized access to the System, or altering or destroying information in the System except in accordance with “HIPAA regulations; (b) using the System or Services in a manner that interferes with other Users' use of the System; or (d) or use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the System or the Service, in the event this is implemented at some point.

     3.3     Clinical Support Information. We may provide information to assist you in clinical decision-making. This may include information and reminders concerning drug interactions, allergies, dosages, as well as general wellness and health-care related information and resources. We may also provide forums for our users to exchange information. The information and materials available through this site are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed on our Internet site by us and by third parties beyond our control. We are not responsible for the accuracy or completeness of information available from or through our site. You assume full risk and responsibility for the use of information you obtain from or through this site, and you agree that OptiMantra, Inc. and its respective agents and employees are not responsible or liable for any claim, loss, or liability arising from the use of the information. We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them. You agree to review the definitions, functionality, and limitations of the System, and to make an independent determination of their suitability for your use. We and our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the System for any purpose.  You waive all claims against OptiMantra, Inc. and its respective agents and employees for any such damage or injury described in this Section.

     3.4     Safeguards.

          3.4.1     You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the System from access, use or alteration from Your Site or using a User ID assigned to you or a member of your Workforce. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the System.

          3.4.2     You will immediately notify us of any breach or suspected breach of the security of the System of which you become aware, or any unauthorized use or disclosure of information within or obtained from the System, and you will take such action to mitigate the breach or suspected breach as we may direct, and will cooperate with us in investigating and mitigating the breach.

     3.5     Location of Access. You and your Authorized Workforce are authorized to access the System solely from Your Site and agree to always take the utmost precautions to protect and guard against unauthorized access to the System.

     3.6     Compliance. You will comply with the terms of this Agreement and all applicable laws and regulations. You will be solely responsible for the use of the System by you and your Workforce, and shall indemnify us and hold us harmless from any claim, cost or liability arising from such use, including reasonable attorneys' fees.

     3.7     User Identification. We authorize you and your Authorized Workforce to use the User IDs assigned to you by us. You acquire no ownership rights in any User ID, and User IDs may be revoked or changed at any time in our sole discretion. You will adopt and maintain reasonable and appropriate security precautions for User IDs to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce shall have and use a unique identifier. You will use your best efforts to ensure that no member of your Workforce uses a User ID assigned to another person.

     3.8     No Third-Party Access. Except as required by law, you will not permit any third party (other than your Authorized Workforce) to have access to the System or to use the Services without our prior written agreement. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the System. You will cooperate fully with us in connection with any such demand.

     3.9     Your Workforce.

          3.9.1     You may permit your Authorized Workforce to use the System and the Services on your behalf, subject to the terms of this Agreement. You will

                    3.9.1.1     obtain a unique User ID from us for each member of your Authorized Workforce.;

                    3.9.1.2     train all members of your Authorized Workforce in the requirements of this Agreement relating to their access to and use of the System and the Services, and ensure that they comply with such requirements;

                    3.9.1.3     take appropriate disciplinary action against any member of your workforce who violates the terms of this Agreement;

                    3.9.1.4     ensure that only you and your Authorized Workforce access the System from Your Site, including taking measures to ensure that each member of your Authorized Workforce creates a secure password for the System and does not share such password with any other member of the Workforce;

                    3.9.1.5     immediately notify us of the termination of employment of any member of your Authorized Workforce who has a unique user ID and access to the System and the Services, or of your withdrawal of authorization for any such person to access the System.

                   3.9.1.6     ensure that all members who have access to our system work in accordance with the HIPAA privacy rules

     3.10     Patient Access. We may offer you the ability to make health information available to your patients through our Patient Access offering. You are solely responsible for the information that you make available through the patient offering, for granting access rights to your patients, and for revoking access rights. You agree that you will not use the Patient Access offering to make available the health information of any person under the age of 18 years.

     3.11     Forums. We may offer forums for the exchange of information among our users. You agree to comply with all applicable forum rules. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of such forums. You acknowledge that any information you post in a forum or discussion group is available to the public, and may result in your receiving communications from others outside our site. You are responsible for safeguarding the privacy of your and your patients' personal information when you participate in forums, discussion groups and the like. You agree not to disclose Protected Health Information through such forums.

     3.12     Compliance with Law. Subject to the provisions of section 16, you are solely responsible for ensuring that your use of the System and the Services (including making health information available through the System) complies with applicable law. You will not undertake or permit any unlawful use of the System, or take any action that would render the operation or use of the System by us or any other User unlawful. We offer no assurance that your use of the System and the Services under the terms of this Agreement will not violate any law or regulation applicable to you.

     3.13     Professional Responsibility. You will be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information in the System, or concerning the qualifications or competence of individuals who placed it there. We have no liability for the consequences to you or your patients of your use of the System or the Services.

     3.14     Cooperation. You will cooperate with us in the administration of the System, including providing reasonable assistance in evaluating the System and collecting and reporting data requested by us for purposes of administering the System.

     3.15     Indemnification. You agree to indemnify, defend, and hold harmless us and other Users, and our and their affiliates, officers, directors, and agents, from and against any claim, cost or liability, including reasonable attorneys' fees, arising out of: (a) the use of the System by you or your Workforce; (b) any breach by you or your Workforce of any representations, warranties or agreements contained in this Agreement; (c) the actions of any person gaining access to the System under a User ID assigned to you or a member of your Workforce; (d) the actions of anyone using a User ID, password or other unique identifier assigned to you or any member of your Workforce that adversely affects the System or any information accessed through the System; (e) the use of any provider of health care or health-related products, items and services arising out of you and/or your Workforce’s use of the System; and (f) your negligent or willful misconduct, or that of any member of your Workforce.

4. Use of Information

     4.1     Purpose of System. The purpose of the System is to (i) store Your Health Information and to make it available to you and your Authorized Workforce, to facilitate the sharing of individuals' health information among certain Users, and to make health information (Health Information is herein defined as any information that the practice enters into the system for a patient, including demographics, past and present illness, and medication history) available to your patients through the Patient Access offering; (ii) to provide reference material on herbs, health conditions, and commercial brand name products; (iii) to schedule patient appointments; (iv) to provide a symptoms questionnaire and toolset for the Practitioner, (iv) to provide Payment Information for Online payments from Patients to practitioners using the payment gateways and other platforms to receive payments (Payment Information is herein defined as any information that the practice enters into the system for a patient in terms of conditions treated (ICD9 codes) and associated fees, payment amount, balance, insurance, and flexible health care savings info, (vi) and other added functionalities that may be added from time to time. You authorize us, as your business associate, to use and disclose Your Health Information as follows, subject to the recipient's agreement to comply with our Policies and Procedures and with applicable laws and regulations relating to the use and disclosure of health information, and subject also to the provisions of section 8:

          4.1.1     We will permit unrestricted access to Your Health Information to you and your Authorized Workforce. You may choose to provide selective access to certain areas of the application on an as needed basis.

          4.1.2     We may permit access to Your Health Information to your patients to whom you have agreed to grant access through our Patient Access offering.

          4.1.3     We may use Your Health Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the System makes available, in order to render these reports to You. Such reporting will be done in a manner that does not make any disclosure of Protected Health Information that you would not be permitted to make, except as set forth in the Privacy Rule.

          4.1.4     We may use Your Health Information for the proper management and administration of the System and our business, and to carry out our legal responsibilities. We may also disclose Your Health Information for such purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached.

          4.1.5     We may use Your Health Information to contact your patients on your behalf for any purpose for which you would be permitted to contact them, including, without limitation:

               (a)     For treatment, including sending appointment reminders;

               (b)     To request authorization on your behalf from your patients to use or disclose their health information for any purpose for which use or disclosure may be made with an appropriate authorization; and

               (c)     To provide information about health-related products or services that you provide, or that we provide on your behalf as your business associate.

          4.1.6     We may use or disclose Your Health Information for other purposes, data aggregation purposes; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate.

          4.1.7     We agree that we may (1) receive from or on behalf of You or Your Patients, or (2) have access to, payment card records (credit card account numbers, card code numbers, expiration dates, customer names, addresses, phone numbers, and email addresses), or record systems containing transaction information (collectively, the "Cardholder Data"). We shall comply with the Payment Card Industry Data Security Standard ("PCIDSS") requirements for Cardholder Data that are prescribed as they may be amended from time to time (collectively, the "PCIDSS Requirements"). The credit card account numbers, code number, expiration dates and transaction information will be stored securely on a database behind firewalls where access will be restricted to authorized users of the system on a data center (AWS) that is Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).  The details on customer identity (names, addresses, phone numbers, email addresses) will also be stored on a secure database behind the firewall where access will be restricted to authorized users of the system. We communicate all such information over SSL communication layer providing the necessary encryption and data privacy that PCI compliance requires.

We also acknowledge and agree that Cardholder Data may only be used for assisting in completing a card transaction or for fraud control services, for purposes of this Agreement or as required by applicable law. All authorized users of the system are provided with unique logins and our application provides the ability to provide audit reports with user activities in the system.

 

     4.2     Responsibility for Misuse by Other Users. You acknowledge that in granting access to the System for the purposes set forth in section 4.1, we will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the System, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the System will contain certain technical safeguards against misuse of the System, it will rely to a substantial extent on the representations and undertakings of Users. You agree that we will not be responsible for any unlawful access to or use of Your Health Information by any User resulting from the User's misrepresentation to us, or breach of the User's user agreement, and you agree to indemnify, defend, and hold harmless us and other Users, and our and their affiliates, officers, directors, and agents, from and against any claim, cost or liability, including reasonable attorneys' fees, arising out of such misrepresentation and/or breach.

     4.3     Specially Protected Information. We apply the standards of the Privacy Rule in permitting access to the System. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in section 4.1, subject only to the restrictions of the Privacy Rule. In particular, you will:

          4.3.1     not make available through the System any information subject to any restriction on use or disclosure (whether arising from your agreement with the individual or under law), other than the general restrictions contained in the Privacy Rule;

          4.3.2    obtain any necessary consents, authorizations or releases from individuals required for making their health information available through the System for the purposes set forth in section 4.1. Patients will be able to submit electronic consent forms through the Optimantra platform.  The fully-customizable consent forms belong to you and Optimantra is not responsible for the default template or any content in the consent forms. You have a choice to either rely on adding patient consent forms onto the system or obtain consent forms from patients directly from the patients.  This preference may vary. You are able to upload patient consent forms and Optimantra can make these forms available during the patient consult submission process. You are able to update/upload new consent forms or replace existing ones if needed.  Optimantrawill not be liable for the content in the patient (services) consent form;

4.3.3     include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the System;

          4.3.4     not place in the System any information that you know or have reason to believe is false or materially inaccurate.

5. Product and Service Notifications. At some point in time, we may place advertisements concerning the products and services of third parties on the System, so that you see them when you use the System. We may receive remuneration from the suppliers of these products and services for placing their advertisements. We may use computerized processes to tailor the advertisements to you or to your use of the system. However, except as expressly permitted by this Agreement or by our Policies and Procedures, unless we obtain your consent, we will not disclose to any third party any information that identifies you to enable the third party to market products or services to you directly.

6. Intellectual Property Rights

     6.1     Individually Identifiable Health Information. You retain all rights with regard to your Protected Health Information.

7. Individuals' Rights. You shall be solely responsible for informing individuals of their rights with respect to Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the System other than Your Health Information.

8. Business Associate Provisions. In maintaining, using and affording access to Your Health Information in accordance with this Agreement, we will:

     8.1     Not use or further disclose the information except as permitted or required by this Agreement or as required by law;

     8.2     Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information;

     8.3     Report to you any use or disclosure of the information not provided for by this Agreement of which we become aware, or any security incident as a result of which we determine that unauthorized access has been obtained to Your Health Information;

     8.4     Ensure that any of our agents or subcontractors to whom we provide Your Health Information for purposes of assisting us in providing the System or the Services, agree to the same restrictions and conditions that apply to us with respect to such information, including the obligation to implement reasonable and appropriate safeguards to protect it (it being understood that other Users of the System are not our agents or subcontractors);

     8.5     Make available Protected Health Information in accordance with § 164.524 of the Privacy Rule;

     8.6     Make available Protected Health Information for amendment and incorporate any amendments to protected health information in accordance with §164.526 of the Privacy Rule;

     8.7     Make available the information required to provide an accounting of disclosures in accordance with § 164.528 of the Privacy Rule;

     8.8     Make our internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by us on your behalf, available to the Secretary of the United States Department of Health and Human Services for purposes of determining your compliance with the Privacy Rule; and

     8.9     At termination of this Agreement we will provide you with a copy of Your Health Information in an electronic form that is accessible through commercially available hardware and software. You may have to purchase such hardware and software from third parties in order to access your data, and you may have to configure your systems in order to use your data in your practice. Upon termination we will, if feasible, return or destroy all Protected Health Information received from you, or created or received by us on your behalf that we still maintain in any form, and retain no copies of such information; or, if such return or destruction is not feasible, extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible.    

     8.10     HITECH Act. As required by the HITECH Act:

          (a)     We will comply with the provisions of the HIPAA Security Rule that are made applicable to business associates by section 13401(a) of the HITECH Act, with the additional provisions of the HITECH Act relating to security that are made applicable to business associates and incorporated into business associate contracts by section 13401(a) of the HITECH Act, and with the additional provisions of the HITECH Act relating to privacy that are made applicable to business associates and incorporated into business associate contracts by section 13404(a) of the HITECH Act. A sample Business Associates Agreement is attached hereto as Attachment A.

          (b)     We will report to you the discovery of any breach of unsecured Protected Health Information that we access, maintain, retain, modify, record, store destroy or otherwise hold, use or disclose on your behalf, in compliance with the requirements of Section 13402 of the HITECH Act and the regulations promulgated thereunder (45 CFR Parts 160 and 164, Subpart D), and we will cooperate reasonably with you to investigate and mitigate any such breach, and to provide you with information you need to make any legally required notification to individuals.

9. Computer Systems

     9.1     Your Systems. You will acquire, install, configure and maintain all hardware, software and communications systems necessary to access the System (your "Implementation"). Your Implementation will comply with the specifications from time to time established by us. You will ensure that your Implementation is compatible with the System and Services. If we notify you that your Implementation is incompatible with the System, you will eliminate the incompatibility, and we may suspend Services to you until you do so.

     9.2     Assistance. Upon request, we may provide goods or services in connection with your Implementation. You will pay our then standard charges for such assistance, and our out-of-pocket costs in accordance with Section 6.e.i of the Membership Agreement.

10. Third-Party Sites and Service Providers.

     10.1     Third-Party Sites. The System may contain hyperlinks (including hyperlinked advertisements) to Internet web sites operated by third parties, or to materials or information made available by third parties. Such third parties may offer goods or services for sale to you. Such links do not constitute or imply our endorsement of such third parties, or of the content of their sites, the quality or efficacy of their goods or services, or their information privacy or security practices, and we have no responsibility for information, goods or services offered or provided by such third parties, or for the manner in which they conduct their operations. Your use of third-party sites and the materials, goods and services offered by them is entirely at your own risk, and is subject to the terms of use of the third parties operating or providing them. You should assume that any Internet page or other material that does not bear the OptiMantra Inc. logo is provided by a third party.

11. Fees and Charges

     11.1     Other Charges. You are responsible for any charges you incur to use the System, such as telephone and equipment charges, and fees charged by third-party vendors of products and services.

12. Confidential Information

     12.1     You may not disclose our Confidential Information to any other person, and you may not use any Confidential Information except as expressly set forth in this Agreement, the Business Associates Agreement, or the Membership Agreement. Except as otherwise provided in any of these three Agreements, you may not, without our prior written consent, at any time, during or after the Term of this Agreement, directly or indirectly, divulge or disclose Confidential Information for any purpose or use Confidential Information for its own benefit or for the purposes or benefit of any other person. You agree to hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You will disclose Confidential Information only to members of your Workforce who have a need to use it for the purposes of this Agreement. You will inform all such recipients of the confidential nature of Confidential Information and will instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You will promptly advise us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to your attention.

     12.2     You agree that we will suffer irreparable harm if you fail to comply with its obligations set forth in this Section 12, and you further agree that monetary damages will be inadequate to compensate us for any such breach. Accordingly, you agree that we will, in addition to any other remedies available to us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.

     12.3     This Section 12 will survive the termination or expiration of this Agreement for any reason.

13. Disclaimer, Exclusion of Warranties, and Limitation of Liability.

     13.1     Carrier Lines. YOU ACKNOWLEDGE THAT ACCESS TO THE SYSTEM WILL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION WILL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, "CARRIER LINES") OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR OR RELATING TO THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.

     13.2     Other Users. YOU ACKNOWLEDGE THAT OTHER USERS HAVE ACCESS TO THE SYSTEM AND ARE RECEIVING OUR SERVICES. SUCH OTHER USERS HAVE COMMITTED TO COMPLY WITH OUR POLICIES AND PROCEDURES CONCERNING USE OF THE SYSTEM; HOWEVER, THE ACTIONS OF SUCH OTHER USERS ARE BEYOND OUR CONTROL. ACCORDINGLY, WE DO NOT ASSUME ANY LIABILITY FOR OR RELATING TO ANY IMPAIRMENT OF THE PRIVACY, SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, OR RESTRICTED USE OF ANY INFORMATION ON THE SYSTEM RESULTING FROM ANY USER'S ACTIONS OR FAILURES TO ACT.

     13.3     Unauthorized Access; Lost or Corrupt Data. WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY INDIVIDUALS OR ENTITIES USING THE SYSTEM OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SYSTEM, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES, INCLUDING ROUTINE BACKUP PROCEDURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM PROGRAMMING ERROR, OPERATOR ERROR, EQUIPMENT OR SOFTWARE MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE CONTENT OF ANY INFORMATION TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THE SERVICES.

14. Insurance. You will obtain and maintain such policies of general liability, errors and omissions, and professional liability insurance with reputable insurance companies as is usually carried by persons engaged in your business covering the Term of this Agreement.

15. Term; Modification; Suspension; Termination

     15.1     Term. The initial term of this Agreement shall commence on the Effective Date of the Membership Agreement and continue for as long as the Membership Agreement is in effect.

16. Applicable Law. The interpretation of this Agreement and the resolution of any disputes arising under this Agreement shall be governed by the laws of the District of Columbia. If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in the District of Columbia.

17. ARBITRATION. ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS NOTICE OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, OR TO YOUR USE OF THIS SITE OR THE SYSTEMS OR INFORMATION TO WHICH IT GIVES ACCESS, SHALL BE DETERMINED BY ARBITRATION IN THE DISTRICT OF COLUMBIA, BEFORE A SINGLE ARBITRATOR. THE ARBITRATION SHALL BE ADMINISTERED PURSUANT TO ITS COMPREHENSIVE ARBITRATION RULES AND PROCEDURES. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE PARTIES FROM SEEKING PROVISIONAL REMEDIES IN AID OF ARBITRATION FROM A COURT OF APPROPRIATE JURISDICTION.

18. Non-Assignability. This Agreement may not be assigned or transferred by you without our prior written consent.

19. Supervening Circumstances. No Party to this Agreement shall be deemed in violation of this Agreement if it is prevented from performing any of the obligations under this Agreement by reason of: (a) severe weather and storms; (b) earthquakes or other natural occurrences; (c) strikes or other labor unrest; (d) power failures; (e) nuclear or other civil or military emergencies; (f) acts of legislative, judicial, executive, or administrative authorities; or (g) any other circumstances that are not within its reasonable control.

20. Severability. Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of this Agreement, and such other provisions shall remain in full force and effect.

21. Waiver. No term of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.

22. No Third-Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall confer, upon any person or entity other than the parties and their respective successors or assigns any rights, remedies, obligations, or liabilities whatsoever.

23. Advice of Counsel. Each Party acknowledges: (a) having fully read this Agreement in its entirety; (b) having had full opportunity to study and review this Agreement; (c) having been advised that counsel for us has acted solely on our behalf in connection with the negotiation, preparation, and execution of this Agreement; (d) having been advised that all parties have the right to consult and should consult independent counsel respecting their rights and duties under this Agreement; and (e) having had access to all such information as has been requested.

24. Authority. The individuals entering into this Agreement represent and warrant that they are competent and capable of entering into a binding contract, and that they are authorized to enter into this Agreement on behalf of the Parties. 

Attachment A

Business Associate Agreement

BY CLICKING "SIGN UP" OR “I AGREE” OR THROUGH THE CONTINUED USE OF THE SYSTEM, YOU ARE UNDERTAKING LEGAL OBLIGATIONS AND CONFERRING LEGAL RIGHTS.  Please read this Attachment A (Business Associate Agreement) carefully, and do not click "Sign up" or “I agree” or continue use of the System unless you agree fully with its terms. 

Definitions (Catch-all definition):

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule.

Examples of specific definitions:

a.     Business Associate. "Business Associate" shall mean OptiMantra, Inc.

b.    Covered Entity. "Covered Entity" shall mean Practitioner’s business name.

c.     De-Identifying. “De-Identifying” shall mean the process by which Protected Health Information is converted into De-Identified Health Information.  As stated in the HIPAA Privacy Rule, De-Identified Health Information is “Health Information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.” Sections 164.514(b) and (c) of the HIPAA Privacy Rule provide the implementation specifications or requirements for de-identification of Protected Health Information.  The implementation specifications set forth the two acceptable methods of de-identification of Protected Health Information: (1) Expert Determination, and (2) Safe Harbor.

d.    Designated Record Set. “Designated Record Set” shall mean the information being provided by Covered Entity to Business Associate, including, but not limited to, medical records, financial billing information, claims adjudication records and other information concerning other third party service providers.

e.     Individual. "Individual" shall have the same meaning as the term "individual" in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g).

f.     Membership Agreement. “Membership Agreement” shall mean that agreement entered into between Covered Entity and Business Associate, specifying the terms upon which the terms of membership are memorialized.  This Membership Agreement shall dictate terms such as price, term, renewal option, among others.

g.    Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.

h.     Protected Health Information. "Protected Health Information" shall have the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

i.      Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR 164.103.

j.      Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his designee.

k.     User Agreement. “User Agreement” shall mean that agreement entered into between Covered Entity and Business Associate, specifying the terms upon which Covered Entity may interact and use that certain online health record system created by and maintained by Business Associate for Covered Entity’s use and enjoyment.

Obligations and Activities of Business Associate

  1. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required By Law.

  2. Business Associate agrees to use appropriate administrative safeguards such as, but not limited to: ensuring all business associates of OptiMantra are HIPAA certified and will comply with the regulations promulgated by HIPAA; providing safe physical working conditions to comply with HIPAA regulations; and technical safeguards such as detail audit tracking and enforcing hardware and software security, in order to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement.

  3. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware.

  4. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, created or received by Business Associate on behalf of Covered Entity adheres to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such Protected Health Information.

  5. Business Associate agrees to provide access, at the request of Covered Entity, and in a time and manner agreed to by both the Covered Entity and the Business Associate, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR 164.524. 

  6. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an Individual, and in the time and manner agreed to by both the Covered Entity and the Business Associate.

  7. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, created or received by Business Associate on behalf of, Covered Entity available to the Secretary, in a time and manner designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule.

  8. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.

  9. Business Associate agrees to provide to Covered Entity or an Individual, in time and manner agreed to by both the Covered Entity or Individual, and the Business Associate, information collected in accordance with the terms of the User Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.

Permitted Uses and Disclosures by Business Associate

  1. General Use and Disclosure Provisions Refer to underlying user agreement:

Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the User Agreement, provided that such use or disclosure would not violate (i) the Privacy Rule if done by Covered Entity or (ii) the minimum necessary policies and procedures of the Covered Entity.

Specific Use and Disclosure Provisions

  1. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.

  2. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person or entity to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person agrees to notify the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
  3. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation services to Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B).

Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 164.502(j)(1).

Obligations of Covered Entity

  1. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of Protected Health Information.
  2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate's use or disclosure of Protected Health Information.

Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of Protected Health Information.

Permissible Requests by Covered Entity

Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.

Term and Termination

  1. Term. The Term of this Agreement shall be effective as of the Effective Date and continue for as long as the Membership Agreement is in effect.

  2. Termination for Cause. Upon Covered Entity's knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall either:
    1. Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement if Business Associate does not cure the breach or end the violation within thirty (30) days following Covered Entity’s notice;
    2. Immediately terminate this Agreement if Business Associate has breached a material term of this Agreement and cure is not possible; or
    3. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary.
  3. Effect of Termination.

    1. Upon termination of this Agreement, the Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information. This Section C of the “Term and Termination” Section and Section 8.9 of the OptiMantra User Agreement shall provide the processes to follow for handling Protected Health Information upon termination of the Membership Agreement.

    2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon agreement by both the Covered Entity and the Business Associate that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.

    3. Business Associate shall have the right to De-Identify and retain the De-Identified Protected Health Information.  In retaining such information, the Business Associate shall act in compliance with both the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E, and the Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

Liability and Indemnification

a.       Business Associate and its respective agents and employees (a) shall not be liable in any manner to Covered Entity, its agents and employees for any injury or damage to Tenant, Tenant's agents or employees caused by the criminal or intentional misconduct of third parties or of Covered Entity, its agents and employees; and (b) assume no liability or responsibility whatsoever with respect to the conduct and operation of Covered Entity’s business, and shall not be liable for any accident or injury to any person or persons or property which are caused by the conduct and operation of said business. Business Associate and its respective agents and employees shall have no liability for any loss, cost, damage or expense arising out of or due to any interruption of business (regardless of the cause therefore), increased or additional cost of operation of business or other costs or expenses, which could be insured against by Covered Entity.  Covered Entity waives all claims against Business Associate and its respective agents and employees for any such damage or injury described in this Section. 

b.      Covered Entity shall defend, indemnify and hold harmless Business Associate from and against any loss, damage, expense or claim, including reasonable attorney’s fees and expenses: (i) arising from or out of any breach of Covered Entity’s representations, warranties or obligations under this Agreement, and/or (ii) arising from or out of any negligence or willful misconduct of Covered Entity or any agent or employee of Covered Entity.  This indemnity shall survive the expiration or early termination of this Lease.

 

Miscellaneous

  1. Regulatory References. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or as amended.

  2. Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191.

  3. Survival. The respective rights and obligations of Business Associate under “Term and Termination” Section of this Agreement shall survive the termination of this Agreement.

  4. Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy Rule.

  5. Construction. Whenever possible, each provision of this Agreement shall be interpreted in such manner as to be effective or valid under applicable law, but if any provision of this Agreement shall be prohibited by or invalid under applicable law, such provision shall be ineffective only to the extent of such prohibition or invalidity without invalidating the remainder of such provision or the remaining provisions of this Agreement.

Attachment B

 

Minimum System Requirements

 

 

Platform

Operating Systems

Browser

Windows

XP, Vista 2, Windows 7, Windows 8 Desktop

Internet Explorer 9, Firefox 14+, Chrome

Mac

OSX 10.6 or above

Firefox 14+, Chrome, Safari

Hardware

Minimum Requirements

Processor

2GHz

Screen resolution

1024x768

RAM

1GB

Internet Speed

Cable or DSL, 1mb/s