WHEREAS, Doctors, a registered trademark of DOCTORS’ CENTER HOSPITAL SAN JUAN, INC., is a mobile application and world wide web platform that facilitates access to wellness and medical services;
NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth, and other good and valuable consideration, the User and Doctors agree to the foregoing and as follows:
TERMS AND CONDITIONS
- Services. Doctors is a mobile application and world wide web platform that uses proprietary intellectual property to facilitate access to wellness and medical services by a limited set of providers participating in the network, as well as complementary uses and functionalities, as may be published from time to time (“Doctors Services”).
- Password. Doctors Services are password restricted to authorized Users only and can only be accessed with the login account and password the User decided to use when he or she created the account at Doctors. The User is responsible for keeping the password confidential. The User hereby takes responsibility for all actions taken—and instructions provided to Doctors—under the User’s account or any third-parties whether or not authorized.
- Delivery. Doctors Services are accessed by downloading the mobile application in the Android or Apple stores. When accessing Doctors Services, the User is solely responsible for the proper functioning of their internet connection. Doctors is not responsible for the latency of the internet connection of the User’s devices.
- Configuration. The basic configuration of all services shall be the sole responsibility of Doctors. The User is solely responsible for providing an environment corresponding to the services’ specifications, and otherwise suitable for the services configuration and operation. Without limiting the generality of the foregoing, the application for the Doctors Services selected by the User shall be suitable for the availability of electrical power, cabling, connectivity devices, Internet services, and Hardware. Software, such as operating systems, and supplies are not included with the services but are required for its configuration, operation, or use.
- User Requirements. The User registering to use Doctors must be of Minimum Age, as defined in this Section, or older. The User will only have one account, which must be in the User’s real name and subject to any prior restriction to use the Doctors Services. “Minimum Age” means twenty-one (21) years old for the United States and its Territories. However, if the law requires that the User must be older in order for Doctors to lawfully provide the Services to the User (including collection, storage, and use of the User information), the Minimum Age is such older age. Our services are not intended for, and we do not direct them to anyone under thirteen (13) years of age.
- Account. In order to access and use Doctors Services, an account must be created first. The User can apply for a Doctors account by creating or submitting the User’s basic information to Doctors, “Create an Account”. The User will create a password only known to them or an authorized third-party. It is the User’s responsibility to keep this information secret. If for any reason the password is lost, forgotten or if any unauthorized use of any password or account or any security violations occur, the User must contact Doctors immediately at 787-621-1777 to either (i) reset the password, (ii) deactivate the account, and prevent fraud and other illegal activity, or (iii) proceed with any reasonable efforts to detain any reproduction or distribution of the content.
- Authorization. User The User grants to Doctors the non-exclusive, worldwide, right to use, copy, store, transmit and display the User Data to the maximum extent permitted by applicable law. Doctors is not authorized to edit, modify, or remove information or data given by the User to effectively request a service unless an express written consent of the User is obtained. Doctors is only responsible for providing access to services but cannot guarantee a specific time frame for services to be received by the Users. Doctors works based on information entered by The Users and presumes it to be accurate, current, and legal. However, Doctors is not liable for any misinformation or lack thereof, nor is Doctors responsible for the acts the User performed when submitting the information and/or all illegal activities or intentions the User may have or had or have committed when submitting information in order to submit a claim.
- Your Use of Doctors. You acknowledge that you are agreeing to choose, coordinate and access your health or wellness services from the health and wellness services providers available through Doctors. The determination of the scope of health care or wellness services are deferred to the sole discretion of the provider contacted through Doctors (“Provider”), without this implying any guarantee of diagnosis, treatment or prescriptions. The Provider will determine through which setting the services may be rendered. You understand and agree that your interaction with Providers is not intended to limit your options in seeking health and wellness services. Do not ignore the medical advice of your primary care doctor or other health professional because of the information provided by a Provider through DOCTORS.
- Concierge. In order to provide expedited coordination of the services, you will be required to attend any visit on the date and time scheduled without delay. Failure to attend service on time, may result in the Provider granting such service slot to other persons or users.
- No Professional Advice. DOCTORS is a technology platform exclusively available through a mobile application. Hence, DOCTORS is not licensed to practice any profession, including but not limited to medicine, nor does it provide medical care, medical advice or provide advice on health or wellness. Neither DOCTORS, nor the licensees or providers will be responsible for the advice obtained through DOCTORS, if any. You agree DOCTORS is not a telemedicine platform pursuant to Law 168 of 2018 to Regulate Telemedicine in Puerto Rico. DOCTORS does not recommend or endorse any provider, nor does it test medications, products or specific procedures. All services or recommendations made by a Provider are based on their independent professional judgment.
- Information Regarding Health and Wellness Providers. When you choose to use DOCTORS, you will be provided with a list of health service providers according to your selection criteria and the availability of the providers. The information we make available to you about any particular health service provider is the information provided by that provider and we rely on their representations. We perform a validation of the Providers’ credentials. However, we do not credential Providers and therefore cannot guarantee its accuracy. The Providers are authorized by the applicable state licensing boards. For more information about health service provider’s license, you can contact the licensing board in your state. Ultimately, you are solely responsible for choosing the Provider. All physicians illustrated in the DOCTORS list of health service providers are licensed to practice medicine in Puerto Rico, as well as the corresponding telemedicine certifications issued by the Puerto Rico Medical Licensing Board.
- Your Communications. You are responsible for your own communications through DOCTORS. You cannot transmit material that is obscene, defamatory, threatening, harassing, abusive, hateful, or embarrassing to another person or entity; transmit a sexually explicit image; transmit chain messages or pyramid schemes; pretend to be someone else; violate the Children’s Online Privacy Protection Act; transmit copyrighted material, without the permission of the copyright owner; transmit material that reveals business secrets, unless you have permission from the owner; transmit material that infringes any other intellectual property rights of third parties or on the privacy or advertising rights of others.
- Cancellation. DOCTORS may cancel your use of this site at any time. DOCTORS reserves the right to block, eliminate or stop the loading of materials and communications that, in its sole discretion, it considers unacceptable for any reason. If your use of this site is canceled, you should not reuse DOCTORS or any information obtained from the site. If you find out that your use has been canceled, you can contact DOCTORS Customer Service at 787-621-1777 or more information.
- Appropriate Content. DOCTORS should not be used independently by children under 13. Children under 13 must be registered on the site as dependent on the account of their father, mother or legal guardian. Parents or legal guardians are solely responsible for being present with their minor children when using the DOCTORS
- We are only responsible for the security of the computer systems we own and operate. DOCTORS is not responsible for the information that you stored or recorded on any computer or mobile device or on any public or private network that you may use to enter DOCTORS.
- Acceptable use. DOCTORS offers the DOCTORS mobile application for the sole purpose of facilitating communication between health and wellness services providers and consumers who chose to use the online service. You agree not to enter or use DOCTORS for an illegal or illegitimate purpose. You will not attempt to interrupt the operation of the services or the DOCTORS You will not attempt to gain unauthorized access to user accounts or to computer systems or networks.
- Record retention and operations. DOCTORS reserves the complete and unique discretion with respect to the operation of DOCTORS. DOCTORS may withdraw, suspend or interrupt any functionality or feature of the services. DOCTORS reserves the right to maintain, delete or destroy all communications and materials published or uploaded to the DOCTORS system in compliance with its retention policies and / or destruction of internal records. User Rights. In using the DOCTORS Services, User:
- May access and use the DOCTORS platform only on a one-access basis at a time.
- May use DOCTORS platform licensed hereunder only for User the User’s own internal and personal purposes.
- For optimal use of DOCTORS, the User should not opt-out of email communications since it is the method where DOCTORS and the User can communicate.
- User Limitations. The DOCTORS Services are subject to the following limitations:
- User shall not use DOCTORS Services platform to perform any data or information processing services for any third party in return for a fee or other pecuniary benefit of any kind.
- User shall not copy DOCTORS Services for any reason or commercially exploit DOCTORS Services or create Internet “links” to the service or “frame” any content contained in, or accessible from, the services on any other server, wireless or Internet-based device.
- User shall not re-license, sublicense, sell, resell, assign, give access, make available or otherwise transfer or distribute to any other Person all or any part of any DOCTORS, or any right, title, or interest therein of any kind.
- User agrees not to modify, reverse engineer, disassemble, decompile, make derivative works, or access DOCTORS to build a competitive service or build a product using or copying similar ideas, features, functions, or graphics based on DOCTORS or any portion thereof.
- User acknowledges that it obtains no right, title, or interest in or any DOCTORS copyright, trademark, patent, or other proprietary right relating to DOCTORS, and agrees not to assign, loan, sublicense, alter, modify, adapt, reproduce, duplicate, copy, sell, trade, resell or exploit for commercial purposes, all or any portion of the DOCTORS Services. User shall not remove, alter, cover or obscure any copyright, patent, trademark, or other proprietary rights notice on DOCTORS or any portion thereof.
- User is solely responsible for the precision, quality, integrity, legality, reliability, and adequacy of the content supplied. The User is responsible for any and all activities that occur under the User’s account and shall abide by all applicable local, state, national and foreign laws, treaties, and regulations in connection with the use of the DOCTORS platform. The User shall assure that use of the DOCTORS Services shall at all times comply with all applicable local, state, federal, and international laws, regulations, and conventions, including without limitation to those related to data privacy, international communications, and Protected Health Information (PHI).
- THE USER IS IN THE OBLIGATION NOT PRETEND TO BE OR TAKE THE IDENTITY OF ANOTHER USER OR CUSTOMER OF DOCTORS OR PROVIDE INFORMATION OF THE FALSE IDENTITY TO GAIN ACCESS TO THE SERVICES.
- YOU AGREE WE ARE NOT RESPONSIBLE FOR CELLULAR OR WIFI SIGNAL OR COVERAGE NOR NETWORKS USED TO ENTER YOUR ACCOUNT.
Fees & Payment Fees
User shall pay DOCTORS for the use of the services at the following specified rates depending on the type of User. DOCTORS will charge:
- Rates. Other than your mobile phone charges, downloading DOCTORS from the mobile application stores is free. You The applicable rate selected by the User from the available alternatives published at DOCTORS from time to time. Once downloaded, you may opt to select a particular service which is subject to charges. In selecting the service of your choosing in DOCTORS, you agree to pay the corresponding charge as displayed therein. You may be relieved from paying use charges if you are subscribed to sponsored program (“Sponsored Program”)/ Subscribers of Sponsored Programs may be required to type a promotional code for continued service free-of-charge.
- Provider Fees. You will be informed of the fee to be charged when selecting a health service provider. Fees may vary from one provider to another. You will be responsible for all charges related to your Services you select that are not covered by your insurance. You authorize DOCTORS to charge your credit card any part of the Provider fees that is not covered by your insurance. You will be asked to provide your credit card information, which will be verified before your providing the Services. You will not be able to use DOCTORS to contact a health service provider if the credit card information you provide is incorrect or if your credit card is declined.
- Insurance Benefits. You can, at your sole discretion, choose whether you furnish Providers with your health insurance information. You must provide your insurance information to determine if you have a health benefit for this type of service. This information is used to verify electronically your eligibility and file a claim on your behalf. Your copayment and/or deductible are estimated according to your health plan’s response at the time of the consultation by the Provider and may be charged to your credit card.
- Payment Method. You authorize us to charge your credit card pursuant to the selections and usage of DOCTORS. In order to process the payment for your online consultation, we will share your credit card information and personal information related to the payment gateway of the designated credit card. This information is shared for the sole purpose of charging the fee. These payments are to be charged automatically through the User’s preferred credit card, using third-party payment processors or gateways. The User can choose to save this credit card information for recurring billing, or the User can re-enter the information in the future by not saving it.
- Payment Authorization. User gives DOCTORS, and its representatives express authorization to charge their credit card for the purpose detailed above. The User understands that this form constitutes a legally binding contract. By affixing its consent to the Agreement, the User will be held responsible for all charges and any and all collection and legal fees. The authorization given hereby is for the sole purpose of this Agreement.
- Taxes. The User is responsible for all tax payments to be done for processing, submittal, collection, payment, and final reimbursement.
- Cancellations and Refunds. The User may cancel its account at any time by emailing us at email@example.com. DOCTORS will suspend the User Account, and fees will not continue to accrue. You agree and acknowledge that upon cancellation you will not receive any refunds of fees already paid. Only in limited circumstances, users with an active account may receive refunds or credits at the discretion of Doctors’ Center Hospital San Juan, Inc.
- Additional Provisions
- Confidentiality. Each party acknowledges that during the Term of this Agreement, the other may require, be exposed to, and have access to, the other party’s material, data, and information that is confidential, proprietary, and/or a trade secret (the “Confidential Information”). Confidential Information shall include, but not limited to, information of Users or any confidential or proprietary information disclosed by or on behalf of either party in written or oral form and any such information discovered by either party pursuant to its provision of DOCTORS Services under this Agreement. The Parties hereby agree that they will not disclose the Confidential Information, except as required in the course of performing their obligations under this Agreement, to any person, firm, or corporation, or use the Confidential Information for any purpose except to perform their respective obligations pursuant to this Agreement except as required by law. The User’s confidentiality obligations hereunder do not apply to any information which (i) was lawfully and rightfully in the User’s possession at the time of disclosure and was not acquired directly or indirectly from DOCTORS, (ii) was lawfully and rightfully acquired by the User from others who acquired it by proper means and had no confidentiality obligation to DOCTORS with respect to same, or (iii) is now, or hereafter becomes, through no fault of the User, part of the public domain by publication or otherwise. Intellectual Property. Except as provided in this Section, information exchanged between the Parties shall be considered confidential unless both Parties agree otherwise in writing. Each Party shall keep confidential all terms, conditions, or other provisions of this Agreement. User acknowledges and agrees as follow:
- The owner of each item of Intellectual Property embodied in any DOCTORS Services component shall possess and retain title in and to each Product and its component parts, including without limitation all Intellectual Property embodied in (i) all programing codes and documentation, (ii) all manuals or User information, (iii) the design and format of the input and output screens, graphical User interface, and printable forms, reports and other hard copy output incorporated in or generated by the Services, and (iv) all additions, enhancements, revisions, updates, customizations or other modifications to the DOCTORS Services or any part thereof, regardless of any fee or charge paid by User to DOCTORS in respect of the Services or the design, creation or use thereof. The User shall not cause or permit removal or alteration in any way of any Notice, legend, or symbol denoting any copyright, trademark, patent, or other proprietary right or interest of the Intellectual Property owner appearing on any input or output screen or hard copy output incorporated in or generated by the Services, or any documentation, manuals, brochures, or other written or printed materials of any kind related to the Products.
- Each item of Intellectual Property embodied in a Product or any component thereof constitutes valuable proprietary information and trade secrets of the owner of such Intellectual Property. The User shall not disclose (nor permit any User employee, independent contractor, agent, or another person under its authority or control, to disclose) to any Person, or allow any person access to, any such proprietary information or trade secrets in whole or in part. User shall not cause or permit any Services to be reverse engineered, decompiled, or disassembled in whole or in part. User shall not cause or permit the Products and/ or Services, documentation, or other information related to the Products to be copied or reproduced in any form or medium, in whole or in part. User shall take such actions to preserve and protect DOCTORS proprietary rights and interest of confidentiality in and with respect to the Products which are, at a minimum, commensurate with those actions taken by User to preserve and protect its most valuable trade secrets or other proprietary or confidential information.
Other Terms and Conditions
- Without limiting the foregoing, copying or reproducing the DOCTORS Services to any other server or location for further reproduction is expressly prohibited. The DOCTORS Services is warranted, if at all, only in accordance with the terms of the License Agreement. EXCEPT AS WARRANTED IN THE APPLICABLE LICENSE AGREEMENT FOR THAT SOFTWARE, DOCTORS’ CENTER HOSPITAL SAN JUAN, INC., HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. The User acknowledges that any DOCTORS Services available or provided to you may contain technology that is subject to strict controls by various agencies of the United States Government pursuant to the United States export control laws and regulations. User hereby agrees that they will not transfer or export such software from the United States or re-export such services outside the United States in violation of the United States export laws and regulations. DOCTORS’ CENTER HOSPITAL SAN JUAN, INC., does not authorize the downloading or exportation of any software or technical data from the DOCTORS Services to any jurisdiction prohibited by the United States export control laws and regulations.
- LIMITATION OF REMEDIES. NOTWITHSTANDING ANY OTHER PROVISIONS OF THIS AGREEMENT, THE USER’S EXCLUSIVE REMEDY IN RESPECT OF OR RELATED, DIRECTLY OR INDIRECTLY, IN ANY WAY TO THE DOCTORS SERVICES, INCLUDING WITHOUT LIMITATION THE DESIGN, USE, SUITABILITY, PERFORMANCE, FEATURES, CHARACTERISTICS OR OTHER ASPECTS THEREOF, WHETHER OR NOT COVERED BY ANY WARRANTY, SHALL BE FOR DOCTORS, AT ITS OPTION, TO EITHER: (1) REPAIR OR CORRECT THE NON-CONFORMITY WITHIN A REASONABLE TIME; (2) REPLACE THE SERVICES IN QUESTION WITH AN IDENTICAL BUT OPERATIONAL SERVICES; (3) REPLACE THE SERVICES IN QUESTION WITH A DIFFERENT SERVICES WHOSE FUNCTIONALITY IS SUBSTANTIALLY THE SAME AS THE SERVICES BEING REPLACED; (4) REFUND TO THE USER ALL CHARGES IN RESPECT OF THE SERVICES PREVIOUSLY PAID BY THE USER TO DOCTORS.
- Limitation of Actions. Except as set forth in this Agreement, neither Party shall bring any action or institute any proceeding related, directly or indirectly, to this Agreement more than two years after the Party initiating the action or proceeding knew or reasonably should have known, of the essential facts giving rise to the underlying cause of action.
- Release. The User releases Doctors’ Center Hospital San Juan, Inc., and its parent, affiliates, officers, directors, agents, subsidiaries, and employees from claims, demands, and damages, actual and consequential, of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with such disputes.
- NO LIABILITY. IN NO EVENT WILL DOCTORS OR ITS AFFILIATES BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE WEBSITE, OR ANY OTHER HYPER-LINKED WEBSITE OR SOFTWARE APPLICATION (INCLUDING MOBILE APPLICATIONS), INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR DATA ON THE USER’S EQUIPMENT, OR OTHERWISE, EVEN IF DOCTORS IS EXPRESSLY ADVISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES SHALL DOCTORS OR ITS AFFILIATES HAVE ANY LIABILITY FOR CONSEQUENTIAL DAMAGES, INCLUDING, BUT WITHOUT LIMITATION TO PUNITIVE DAMAGES, EXEMPLARY DAMAGES, OR OTHER SPECIAL DAMAGES OF ANY KIND.
- LIMITATION OF DAMAGES. IF, NOTWITHSTANDING THE PROVISIONS OF THIS AGREEMENT TO THE CONTRARY, A COURT OF COMPETENT JURISDICTION DETERMINES THAT THE USER IS ENTITLED TO DAMAGES IN RESPECT OF ANY CLAIM BY THE USER ARISING UNDER THIS AGREEMENT; THE TOTAL AMOUNT OF SUCH DAMAGES SHALL BE LIMITED TO AS FOLLOWS: (1) IF SUCH DAMAGES ARE IN RESPECT TO THE PERFORMANCE OR NONPERFORMANCE OF ANY SERVICES, THE AMOUNT OF SUCH DAMAGES SHALL NOT EXCEED THE AGGREGATE AMOUNT OF ALL CHARGES IN RESPECT OF SUCH SERVICES THAT (PRIOR TO THE DATE AS OF WHICH THE DAMAGES ARE DETERMINED) WERE PAID BY THE USER TO DOCTORS; OR (2) IF SUCH DAMAGES ARE IN RESPECT TO ANY OTHER BREACH TO THIS AGREEMENT BY DOCTORS OR ITS AFFILIATES (OTHER THAN A BREACH OF WARRANTY OF NON-INFRINGEMENT), THE AMOUNT OF SUCH DAMAGES SHALL NOT EXCEED THE AGGREGATE AMOUNT OF ALL CHARGES WHICH, PRIOR TO THE DATE AS OF WHICH SUCH DAMAGES ARE DETERMINED, WERE PAID BY USER TO DOCTORS OR ITS AFFILIATES IN RESPECT OF THIS AGREEMENT.
- Force Majeure. All periods of time specified for the performance of obligations (other than monetary payment obligations) by either Party hereunder shall be subject to an extension for a period equal to any delay caused by Force Majeure. Following the occurrence of any Force Majeure, the performance affected thereby shall be extended to a number of days equal to the period of such delay.
- Notices. All Notices, requests, demands, or other communications directed to a Party shall be in writing and shall be personally delivered or sent by certified mail return receipt requested or registered mail, postage prepaid, to such Party’s address specified below such Party’s signature hereon, or to such other address as such Party may hereafter specify in a Notice to the other Party.
- Severability. Information collected before changes are made will be secured according to the previous policies. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition shall be deemed severable and shall not affect the validity and enforceability of any condition.
- Choice of Law. This Agreement shall govern by and construed in accordance with the laws of the Commonwealth of Puerto Rico.
- Geographic Limitations. Currently, the DOCTORS Services are limited to the United States of America. Definitions:
- “Account” means any DOCTORS account created by the User on his behalf within the website to use the website services.
- “Affiliates” means a corporation that is related to another corporation by one owning shares of the other, by common ownership, or by other means of control.
- “Cardholder Data” means the full Primary Account Number along with cardholder name, expiration date, and service/security code.
- “Force Majeure” means any cause or circumstance beyond the Parties control (such as but not limited to, acts of God, changes in government regulations, acts of governmental bodies or their employees or agents, weather, strikes, lockouts, boycotts, and inability to secure labor or any material specified or reasonably necessary in connection with the property through ordinary business channels, fire, unusual delays, etc.)
- “Hardware” means computer-related tangible personal property such as computers, monitors, terminals, storage devices, connectivity devices, printers, etc.
- “Information” means any and all physical and digital material, including, but not limited to, documents, photography, digital photocopy, User Data, Software, etc.
- “Party” in plural “Parties” means either DOCTORS employees, managers, agents, affiliates, or User and Users.
- “Period” means the calendar period (monthly, quarterly, or annually) corresponding to the frequency of payments in respect of a recurring charge.
- “Person” means a natural person or a private or government entity of any kind.
- “Protected Health Information” or “PHI” means information such as, but not limited to, any patient information, including very basic information such as their name or address, that (1) relates to the past, present, or future physical or mental health or condition of an individual, the provisions of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and (2) either identifies the individual or could reasonably be used to identify the individual; the definition according to 45 CFR 160.103.
- “Services” or “DOCTORS Services” means any and all services, tools, software, content, including any application programming interface that accesses functionality, that is provided through DOCTORS by DOCTORS’ CENTER HOSPITAL SAN JUAN, INC.
- “Software” means the object code versions of any downloadable software provided by DOCTORS solely for the purpose to access the DOCTORS Services, including but not limited to an agent, together with the updates, new releases or versions, modifications or enhancements, owned and provided by DOCTORS to the User under this Agreement.
- “User” means an individual with authorized access to Services, Software, and Documentation, for whom the User has opened an account. There are different types of Users and roles, each subject to license and access limitations.
- “User Data” means data, files, or information accessed, used, communicated, stored, or submitted by the User related to the User’s use of the services or software.
- “Website” means a connected group of pages on the World Wide Web regarded as a single entity, usually maintained by one person or organization and devoted to a single topic or several closely related topics; DOCTORS.
BUSINESS ASSOCIATE AGREEMENT
WHEREAS, the Parties are entering into this Attachment A to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and other federal statutes.
NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which the Parties hereby acknowledge, in affirmation of the existing Agreement, and intending to be legally bound, the Parties hereto agree as follows:
For purposes of this Attachment A, capitalized terms defined herein shall supersede any definition ascribed to such terms in the Agreement. Capitalized terms used in this Attachment A shall have the meaning ascribed to them in HIPAA and HITECH, as applicable. If the meaning of any defined term used herein is changed by amendment to HIPAA or HITECH, then the meaning of such defined term automatically changes to correspond to the amended definition.
- “Administrative Safeguards” shall mean administrative actions and policies and procedures used to manage the selection, development, implementation, and maintenance of security measures to protect electronic Protected Health Information and to manage the conduct of the User in relation to the protection of that information, as more particularly set forth in 45 C.F.R. 164.308.
- “Agreement” shall mean the Business Associate Service Agreement by and between DOCTORS and User.
- “User” shall mean a person or entity that performs functions on behalf of the Covered Entity, which meets the definition of User Activities in 45 C.F.R. 160.103. In order for User to perform its obligations, Covered Entity must disclose certain Protected Health Information that is subject to protection under HIPAA Rules.
- “Breach” shall mean the unauthorized acquisition, access, use, or disclosure of Protected Health Information not permitted by the HIPAA Rules, which compromises the security or privacy of Protected Health Information as stated in 45 C.F.R. 164.402. Except where an authorized person to whom such information is disclosed would not reasonably have been able to retain such information. A Breach does not include: any unintentional acquisition, access, or use of PHI by an employee or individual acting under the authority of User if such acquisition, access, or use was made in good faith and within the course and scope of the employment or other professional relationship of such employee or individual with User; and such information is not further acquired, accessed, used, or disclosed by any person.
- “Data Aggregation” shall mean, with respect to the PHI created or received by User in its capacity as the User of DOCTORS, the combining of such PHI by User with the PHI received by User in its capacity as a User of another Covered Entity, to permit data analyses that relate to the Health Care Operations (defined below) of the respective Covered Entities, as specifically stated in 45 C.F.R. 164.501.
- “Designated Record Set” shall mean a group of records maintained by or for DOCTORS that is (i) the medical records and billing records about individuals maintained by or for DOCTORS, (ii) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a Covered Entity; or (iii) used, in whole or in part, by or for DOCTORS to make decisions about individuals, as specifically stated in 45 C.F.R. 164.501.
- “Electronic Media” shall mean (i) electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory media, such as magnetic
tape ordisk, optical disk, or digital memory card; or (ii) transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet (wide-open), extranet (using internet technology to link a business with information accessible only to collaborating Parties), leased lines, dial-up lines, private networks, and physical movement of removable/transportable electronic storage media. Certain transmissions, including paper, facsimile, and voice, via telephone, are not considered to be transmissions via electronic media since the information being exchanged did not exist in electronic form before transmission.
- “Electronic PHI” shall mean Protected Health Information that is transmitted by or maintained in Electronic Media.
- “Encryption” shall mean the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without the use of a confidential process or key, as specifically stated in 45 C.F.R. 164.304.
- “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996 and its implementing guidance and regulations, including the HIPAA Privacy Rules and the HIPAA Security Rule, all as may be amended from time to time.
- “HIPAA Privacy Rule” shall mean those regulations relating to the privacy of PHI at 45 C.F.R. parts 160 and 164, as may be amended from time to time.
- “HIPAA Security Rule” shall mean those regulations relating to the security of electronic PHI at 45 C.F.R. parts 160, 162, and 164, as may be amended from time to time.
- “HITECH” shall mean the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing guidance and regulations, all as may be amended from time to time.
- “Minimum Necessary Standard” shall apply upon use or disclosure of Protected Health Information or when requesting Protected Health Information from another Covered Entity or User.A User or Covered Entity must make reasonable efforts to limit Protected Health Information to the minimum necessary to accomplish the intended purpose of use, disclosure, or request, as specifically stated in 45 C.F.R. 164.502.
- “Password” shall mean confidential authentication information composed of a string of characters, as specifically stated in 45 C.F.R. 164.304.
- “Protected Health Information”or “PHI” shall mean Individually Identifiable Health Information, as that term is defined under HIPAA, transmitted or maintained in any form or medium that User creates or receives from or on behalf of DOCTORS in the course of fulfilling its obligations under this Attachment A or the applicable Business Associate Agreement(s). “Protected Health Information” shall not include (i) education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. §1232g, (ii) records described in 20 U.S.C. §1232g(a)(4)(B)(iv), and (iii) employment records held by DOCTORS in its role as employer.
- “Record” shall mean any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for DOCTORS.
- “Secretary” shall mean the Secretary of the Department of Health and Human Services.
- “Security or Security Measures” shall mean all of the administrative, physical, and technical safeguards in an information system.
- “Security Incident” shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system containing User’s PHI, pursuant to 45 C.F.R. 164.304.
- “Treatment, Payment and Health Care Operations” shall have the meaning given to those terms at 45 C.F.R. § 164.501, as may be amended from time to time.
- “Unsecured PHI” shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary, as stated in 45 C.F.R. 164.402.
OBLIGATIONS OF USER
- Use and Disclosure of Protected Health Information. Business Associate may use and disclose PHI only to carry out the obligations of Business Associate set forth in this Attachment A or the Agreement, or as otherwise permitted or as required by law, subject to the provisions set forth in this Attachment A. In using, requesting, and/or disclosing PHI, Business Associate shall comply with any and all applicable laws, including implementing guidance and regulations, in determining what constitutes “minimum necessary standard” as defined in this Attachment A.
- Safeguards Against Misuse of Information. Business Associate shall implement appropriate safeguards to prevent the use or disclosure of PHI in any manner other than pursuant to the terms and conditions of this Business Associate Agreement. On and after the effective date of their application to Business Associate, Non- End Business Associates shall comply with HIPAA requirements and the HITECH Act relating to User and governing its obligations to maintain the privacy and security of PHI, including any obligation to maintain a HIPAA-compliant security program. Business Associate shall be liable for all costs associated with the remediation, mitigation, and reporting of Breaches of Unsecured PHI caused by Business Associate, its employees, agents, and/or subcontractor. As may be required by the HIPAA Privacy and Security Rules as amended by the HITECH Act, Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic PHI that it creates, receives, maintains, or transmits to or on behalf of User.
- Reporting of Uses and Disclosures of Protected Health Information and Security Incidents.
Upon becoming aware of a use or disclosure of PHI, which could potentially violate or in fact is in violation of this Business Associate Agreement, including any Breach or suspected Breach of Unsecured PHI, Business Associate shall immediately report such use or disclosure to User. Business Associate shall immediately report to User any Security Incident of which it becomes aware.
In the event of a breach or suspected breach, Business Associate shall forward to User immediately a written notice, including identifying each individual whose Unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed during the Breach or suspected Breach. A Breach or suspected Breach shall be treated as discovered as of the first day on which it is known or should reasonably have been known, to Business Associate, including any person that is an employee, officer, or another agent of Business Associate.
Business Associate shall cooperate with User and shall provide such assistance as User may reasonably request so that User may comply with any obligations it may have to remediate, mitigate, report, and or otherwise notify third-parties of such breach.
Business Associate shall promptly report to User any Security Incident with respect to Electronic PHI of which it becomes aware and which has compromised the protections set forth in the HIPAA Security Rule.
In the event of a Security Incident, Business Associate shall report to User in writing (i) any actual, attempted or successful Security Incident immediately on the date on which Business Associate first becomes aware of such actual, attempted or successful Security Incident and (ii) any attempted, unsuccessful Security Incident of which Business Associate becomes aware within a reasonable time period.
- Agreements with Third-Parties. Upon request from you, Business Associate will notify any subcontracting subject to additional business associate agreements. Business Associate shall ensure that any agent or contractor of DOCTORS to whom it provides PHI that is received from Business Associate, or created or received by User on behalf of Business Associate, agrees to be bound by the same restrictions and conditions that apply to us pursuant to this Business Associate Agreement with respect to such PHI. Business Associate warrants and represents that in the event of a disclosure of PHI to any third party, the information disclosed shall be no more than the minimum necessary for the intended purpose. Business Associate shall ensure that any agent or subcontractor of DOCTORS to whom it provides Electronic PHI implements reasonable and appropriate safeguards to protect such information.
- Availability of Protected Health Information for Amendment. In the event Business Associate maintains PHI in a Designated Record Set, Business Associate shall, within five (5) business days of receipt of a request from User, provide to User PHI in Business Associate’ possession that is required for User to respond to an individual’s request to amend PHI made pursuant to 45 C.F.R. § 164.526 or other applicable law. If the request is approved, Business Associate shall incorporate any such amendments to the PHI as required by 45 C.F.R. §164.526 or other applicable law. In the event that the request for the amendment of PHI is made directly to the Business Associate, whether or not Business Associate is in possession of PHI, Business Associate may not approve or deny the requested amendment. Rather, Business Associate shall forward such request to User within two (2) business days.
- Accounting of Disclosures. Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for User to respond to a request by an individual to account for disclosures of PHI in accordance with 45 CFR § 164.528 or other applicable law. Business Associate shall, within ten (10) business days of receipt of a request from User, provide to User such information as is in Business Associate’ possession and is required for User to respond to a request for an accounting made in accordance with 45 C.F.R. 164.528 or other applicable law. In the event the request for an accounting is delivered directly to Business Associate, Business Associate shall, within two (2) business days, forward such request to User. It shall be the User’s responsibility to prepare and deliver any such accounting requested.
- Availability of Books and Records. Business Associate hereby agrees to make its applicable internal practices, books and records, including policies and procedure, available to the Secretary for purposes of determining User and Business Associate compliance with the HIPAA Privacy and Security Rules and other applicable laws. The practices, books and records subject to this Section are those practices, books, and records that relate to the use and disclosure of PHI that is created by Business Associate on behalf of User, received and maintain by Business Associate from User, or received and maintained by Business Associate from a third-party on behalf of User.
Policies, Procedures, and Training
Business Associate shall develop and implement privacy policies and procedures as necessary and appropriate to meet its obligations under this Business Associate Agreement. Business Associate shall train their employees and ensure that their agents or subcontractor train their employees on such policies and procedures. Term and Termination
- Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Attachment A and the Agreement if Business Associate does not cure the breach or end the violation within the time specified by User; or
- Immediately terminate this Attachment A and the Agreement if User determines cure is not possible. Business Associate acknowledges and agrees that any breach of this Attachment A shall also constitute a breach of the Agreement.
- Effect of Termination. Except as provided in the paragraph below, upon the termination of this Attachment A for any reason, Business Associate shall return or destroy all PHI received from User or created or received by Business Associate on behalf of User, within five (5) calendar days or any other period required to User from clients. This provision shall also apply to PHI that is in the possession of subcontractor or agents of Business Associate. Business Associate shall retain no copies of the PHI.
The Parties hereto agree that it is not feasible for Business Associate to return or destroy PHI at termination of the Attachment A; therefore, the protections of this Attachment A for PHI shall survive termination of the Attachment A, and Business Associate shall limit any further uses and disclosures of such PHI to the purpose or purposes which make the return or destruction of such PHI infeasible.
- Limitation of Liability. No exculpation or limitation on Business Associate’ liability set forth in any of the Agreement shall apply to any liability of Business Associate as a result of Business Associate’ breach of this Attachment A.
- If either party is at fault for a breach of, or violation of the HIPAA Standards, then such Party in breach agrees to indemnify, defend, and hold harmless the other and its officers, directors, employees, agents, and Business Associate from any and all loss, liability, damage, cost, and expense, including without limitation civil monetary penalties, monetary settlements, fines, damages as a result of attorney general enforcement, and attorneys’ fees, including if such breach occurred in whole or in part due to the actions and omissions of the breaching Party’s, provided that Business Associate shall not indemnify User for any act or omission made on advice, request or direction of the non-breaching Party.
- Any ambiguity in this Attachment A (Business Associate Agreement) shall be resolved in favor of a meaning that permits User to comply with the HIPAA Standards.
- Regulatory References. A reference in this Attachment A to a section in the HIPAA Privacy and Security Rules or the HITECH Act shall mean the section as in effect or as amended.
- The terms of this Attachment A shall be construed in light of any interpretation or guidance on HIPAA and/or the HITECH Act issued by the United States Department of Health & Human Services from time to time. If any relevant provision of the HIPAA Privacy and Security Rules or the HITECH Act is materially amended in a manner that changes the obligations of Users or Covered Entities that are embodied in this Attachment A, or in the event that applicable law, or arbitration, or judicial interpretation of same, or any regulatory or enforcement action should explicitly or otherwise require that this Attachment A be changed, altered or modified, then User shall notify Business Associate and provide such required amendment, and User and Business Associate shall continue to perform their respective obligations under this Attachment A as modified.
- Prior Agreements. This Attachment A constitutes the entire Agreement between the Parties hereto with respect to the obligations set forth herein and supersedes and replaces any prior agreements between the Parties, including provisions that may be included in any the Agreement, relating to such obligations.
- The respective rights and obligations of Business Associate under Section 3.1.3 (Effect of Termination), Section 4.1 (Limitation of Liability), Section 4.2 (Indemnification), Section IV(D) (Regulatory References), and Section IV(G) (Survival) of this Attachment A shall survive the termination of this Attachment A.
- Governing Law. This Attachment A shall be interpreted, construed, and governed according to the laws of the Commonwealth of Puerto Rico. The Parties agree that venue shall lie in Federal and State courts in the State in which User maintains its principal place of business, without regard to its conflicts of law principles, regarding any and all disputes arising from this Attachment A.
- If any provision of this Attachment A shall be declared invalid or illegal for any reason whatsoever, then notwithstanding such invalidity or illegality, the terms and provisions of the Business Associate Agreement shall be severed in full force and effect.
- Effect of Agreement. To the extent that this Attachment A conflicts with the terms of the Agreement or any other agreement between User and Business Associate relating to PHI, the terms of this Attachment A shall take precedence.
Saltar al principio