top of page

Terms of Service

These Terms of Service (“TOS”) apply to the access and use of all of our web and mobile based applications (which are collectively referred to as “Platforms”) and use of our products and services provided through the Platforms (“Services”). The Platforms are owned, managed, and operated by HealthPlix Technologies Private Limited having its registered office at 2nd floor, Vajram Esteva, AWFIS, 57/4, Outer Ring Rd, Devarabisanahalli, Bellandur, Bengaluru, Karnataka 560103 (hereinafter referred as “us”/ “we”/ “HealthPlix”/ “Company”).

These TOS govern the use of the Platforms and Services by you, the registered medical practitioners, having valid credentials and having registered with the Medical Council of India or any successor organisation as may be notified in the future (“Doctors”), your staff (“Staff”), and the patients and end users who are using the Platforms (“Patients”). Patients, Staff and Doctors are jointly referred to as “Users” or “you”. By accessing or using the Platforms, registering for Services offered on the Platforms, or by accepting, uploading, submitting or downloading any information or content from or to the Platforms, you shall have agreed to these TOS.

IF YOU DO NOT AGREE TO BE BOUND BY ALL OF THESE TOS, we request you DO NOT USE THE PLATFORMS.

  1. Acceptance of Terms

Your use of the Platforms is subject to these TOS, which may be updated, amended, modified or revised by HealthPlix from time to time without any notice to you. It is important for you to refer to these TOS from time to time to make sure that you are aware of any additions, revisions, amendments or modifications that we may have made to these TOS. Your use of the Platforms and engagement with HealthPlix constitutes your acceptance of these TOS. Your use of the Services herein is under a limited, non-transferable, non-licensable, non-assignable licence to use the Services granted by HealthPlix only for the purposes mentioned herein.

  1. Use of Services

The Platforms and Services are designed to assist the Doctors to store, obtain and review health information of  the Patients who visit their clinics or hospitals. The Doctor can review the health information such as the Patient’s vitals, medical reports, medical records, medical images, etc. (“Data”) and provide feedback, advice and suggestion or any other information that may be relevant to the Patient. The Platforms and Services are designed to allow the Doctors to seamlessly access their Patient Data via the Platforms and use the Data to provide healthcare services to the Patients. We endeavour to provide a functional and convenient Service through our Platforms, but we do not guarantee that your web browser, or mobile device will be compatible with the Platforms or the Services or that the Platforms and Services will be available uninterrupted or that any content will be error free. HealthPlix is not responsible for any interruption in Services or availability of Platforms due to, but not limited to, changes or updates in individual clinic’s practice, network failure, or any other technical incident. HealthPlix reserves the right, at its sole discretion, to modify or replace all or any part of the TOS (including, without limitation, pricing and payment terms), or change, suspend, or discontinue all or any part of the Services or Platforms at any time by posting a notice on the Platforms or by informing you through any other modes of communication. It is your responsibility to check the TOS periodically for changes. Your continued use of the Platforms or the Services following the posting of any changes to the TOS constitutes acceptance of those changes.

The Platforms may collect and store demographic, financial, health records and any other type of information that you may provide. This information is collected, stored and processed as per our privacy policy published on the Platforms.

The Doctors represent and warrant that they have taken the appropriate consent from Patients before storing, or sharing with any third parties, any of the Patients’ information including but not limited to personally identifiable information, health records, demographic information and financial information etc.

The Patients, by accessing the Platforms, consent and agree that the Platform may store their personal information including but not limited to contact information, demographic data, health records and medical history etc. The Platform may use this information for purposes as per our privacy policy published on the Platforms.

  1. Registration

As part of the registration process you will need to create an account, including a username and password. It is your responsibility to ensure that the information you provide is accurate, not misleading and secure. You shall be responsible for keeping your credentials in safe custody. HealthPlix will not be liable for any losses or claims arising out of misuse of Platforms or Services accessed with your credentials. You cannot create an account or username and password using the names and information of another person or using words that are the trademarks or the property of another party (including ours), or vulgar, obscene or in any other way inappropriate. We reserve the right with or without notice to suspend or terminate any account in breach. Doctors represent and warrant that they are licensed medical practitioners registered with the Medical Council of India (MCI) and there are no legal or regulatory impediments which prevent you from practising medicine in India.

4. Data Confidentiality

a) Responsibility of Doctors and Staff

Through your use of the Platforms, you shall have access to sensitive and valuable Data of the Users which may include medical records, medical information, personal information or any other information as may be required. Additionally, Doctors and their Staff agree to treat as confidential all Data that they have been provided access to, and that they shall make their best efforts to maintain the confidentiality of such Data. Doctors and their Staff should be aware of the Patient confidentiality requirements and observe all caution and the applicable duty of care in provision of services under these TOS. The Data, provided by the Patient or entered by the Doctor or the Staff. The Platforms present the Patient Data to the Doctors in an As-Is manner and the Platforms do not make any warranties, representations, etc. on the accuracy and correctness of the Data.

b)Restrictions on Use of Platforms.  Doctors and Staff agrees that they shall not:

i. and shall not permit anyone to: (i) copy or republish the Platforms, except as may be provided herein; (ii) make the Platforms available to any person other than its authorized personnel, (iii) remove, modify or obscure any copyright, trademark or other proprietary notices contained in the Platforms, (iv) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of Platforms or (vii) access the Platforms in order to build a similar or competitive product. Doctors and Staff shall not access (or attempt to access) the Platforms and the materials or services by any means other than through the interface that is provided by Company.

ii. use any deep-link, robot, spider or other automatic device, program, algorithm or methodology, or any similar or equivalent manual process, to access, acquire, copy or monitor any portion of the Platforms or content, or in any way reproduce or circumvent the navigational structure or presentation of the Platforms, materials or any content, to obtain or attempt to obtain any materials, documents or information through any means not specifically made available through the Platforms.

iii. attempt to gain unauthorized access to any portion or feature of the Platforms, any other systems or networks connected to the Platforms, to any Company server, or to any of the services offered on or through the Platforms, by hacking, password mining or any other illegitimate means.

iv.  probe, scan or test the vulnerability of the Platforms or any network connected to the Platforms, nor breach the security or authentication measures on the Platforms or any network connected to the Platforms. Doctors and Staff may not reverse look-up, trace or seek to trace any information on any other user, of or visitor to, the Platforms, or any other customer of Company, including any Company account not owned by Doctors, to its source, or exploit the Platforms or Services or information made available or offered by or through the Platforms, in any way whether or not the purpose is to reveal any information, including but not limited to personal identification information, other than Doctors’ own information, as provided for by the Platforms;

v. disrupt or interfere with the security of, or otherwise cause harm to, the Platforms, systems resources, accounts, passwords, servers or networks connected to or accessible through the Platforms or any affiliated or linked sites.

In case of breach of this provision, all parties including but not limited to Users shall be liable to pay Company a pre-agreed liquidated damages amount to INR 1,00,00,000 (One crore only).

b) Non-Disclosure by HealthPlix

The Company shall not share the Data with other doctors or clinics or hospitals. In other words, the Company shall not engage in any activity that can be construed as “poaching of patients”. HealthPlix will store the Data on a secure cloud infrastructure and/or third-party servers chosen by HealthPlix or built by HealthPlix. HealthPlix is committed to protecting the identity of the Users. The following security procedures have been put in place by us to protect Data:

a) Access to the Services is only after the user keys in his username and password. The username and password have to be successfully authenticated post which the access to the Platforms and Services is granted. Users are fully and solely responsible for any or all use of the Platforms or the Services while accessing these using the username and password (upon successful authentication).

b) To prevent impersonation, your password is never stored in plain text format on any of our servers.

c) The communication between your device and our servers will be through a secure HTTPS connection.

d) A secure session is established with the help of a session token for providing access to the Patient Data after the Doctors or the Staff have successfully authenticated their username and password

e) Role based access to database depending on the roles assigned by the Doctor to his/her Staff

f) Within our server we use an Advanced Encryption Standard (AES) and multi-level security and authentication checks to protect the confidential Data. Personally identifiable patient information is always kept strictly confidential and is never disclosed with any third party except as provided under our privacy policy. We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our Users, or others. This includes exchanging information with other companies and organisations for fraud protection and risk reduction. The Company may also use the data in de-identified and aggregated form for the following purposes without violating the relevant data privacy and data security laws of India.

i. for the purpose of research and publications, statistical analysis, generating Real World Evidence (RWE) algorithmically,

ii. for communication purpose so as to provide the Doctor a better way of communicating with his/her patients by means of SMS/Emails,

iii. for debugging customer support related issues,

iv. for improving the algorithms of Company’s EMR to make it faster, efficient and reliable

v. for enhancing the Clinical Decision Support software developed by the Company

vi. for communicating about new Services and offerings by the Company or its partners with the Users

5. Communications

 You agree to receive communications through emails, telephone, mobile phone and/or SMS, from HealthPlix or its third-party vendors or business partners or third-party service providers regarding the services or services updates, transactional and/or promotional emails and/or any announcements. In this context and regard, you agree and provide your consent to receive all communications at the mobile number provided to HealthPlix, even if this mobile number is registered under DND/NCPR list under Telecom Regulatory Authority of India (TRAI) laws, rules and regulations. And for that purpose, you further authorise HealthPlix to share/disclose the information to any third-party service provider or any affiliates, group companies, their authorised agents or third-party service providers. You also agree that in accordance with the applicable TRAI laws, rules and regulations specifically The Telecom Commercial Communications Customer Regulations, 2014:

i. Each time you do visit/transact or login in your account on the Platforms, it shall be regarded as a verifiable request from you pertaining to receipt of our Services and activities;

ii. Each time you visit/login/transact on the Platforms, it will be deemed to be as a fresh request from you for continuing to receive communication from HealthPlix

iii. In case you do not wish to receive any communication from us or to provide your feedback about the services, you can mail us at support@healthplix.com

HealthPlix will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements entered into for providing Services and ancillary services.

6.Termination

 HealthPlix may terminate your access to all or any part of the Platforms or Services at any time if you fail to comply with these TOS. This may result in the forfeiture and destruction of all information associated with your membership and will immediately terminate your ability to provide services through the Platforms. All provisions of the TOS, which by their nature should survive termination, shall survive termination, including, without limitation, warranty disclaimers, indemnity and limitations of liability. In the event of discontinuation of services, HealthPlix, at its discretion,  will make reasonable efforts to help you take a backup of your Data in a suitable electronic format.

7.DISCLAIMER

 THE PLATFORMS (INCLUDING, WITHOUT LIMITATION, ANY CONTENT) ARE PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE OR USAGE OF TRADE, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. HEALTHPLIX AND ITS DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, SPONSORS AND PARTNERS DO NOT WARRANT THAT: (A) THE SERVICE WILL BE SECURE OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; (B) ANY DEFECTS OR ERRORS WILL BE CORRECTED; (C) ANY CONTENT OR SOFTWARE AVAILABLE AT OR THROUGH THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (D) THE RESULTS OF USING THE SERVICE WILL MEET YOUR REQUIREMENTS. YOUR USE OF THE SERVICE IS SOLELY AT YOUR OWN RISK.

8.Indemnification

 You shall defend, indemnify, and hold harmless HealthPlix, its affiliates/subsidiaries/JV partners and each of its, and its affiliates/subsidiaries/JV partners employees, contractors, directors, suppliers and representatives from all liabilities, losses, claims, and expenses, including reasonable attorneys’ fees, that arise from or relate to (i) your use or misuse of, or access to, the Platforms or Services, or (ii) your violation of the TOS or any applicable law, contract, policy, regulation or other obligation. HealthPlix reserves the right to assume the exclusive defence and control of any matter otherwise subject to indemnification by you, in which event you will assist and cooperate with HealthPlix in connection therewith.

9. Limitation of Liability

 TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL HEALTHPLIX (NOR ITS DIRECTORS, EMPLOYEES, AGENTS, SPONSORS, PARTNERS, SUPPLIERS, CONTENT PROVIDERS, LICENSORS OR RESELLERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SERVICE (I) FOR ANY LOST PROFITS, DATA LOSS, LOSS OF GOODWILL OR OPPORTUNITY, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, OR SUBSTITUTE GOODS OR SERVICES, (II) FOR ANY DIRECT DAMAGES IN EXCESS (IN THE AGGREGATE) OF THE FEES PAID BY YOU FOR THE SERVICE IN THE THREE (3) MONTHS PRECEDING THE APPLICABLE CLAIM OR (IV) FOR ANY MATTER BEYOND ITS OR THEIR REASONABLE CONTROL, EVEN IF HEALTHPLIX HAS BEEN ADVISED OF THE POSSIBILITY OF ANY OF THE AFOREMENTIONED DAMAGES.

10. Governing Law

 This Agreement shall be governed by and construed in accordance with the laws of India without regard to the conflict of laws provisions thereof. All claims, differences and disputes arising under or in connection with or in relation hereto the Website, the Terms or any transactions entered into on or through the Website shall be subject to the exclusive jurisdiction of the courts at Bangalore, India and you hereby accede to and accept the jurisdiction of such courts.

11. Miscellaneous

 The TOS are the entire agreement between you and HealthPlix with respect to the use of Platforms or the Services, and supersede all prior or contemporaneous communications and proposals (whether oral, written or electronic) between you and HealthPlix with respect to the use of Platforms or the Services provided. If any provision of the TOS is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the TOS will otherwise remain in full force and effect and enforceable. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder. The TOS are personal to you, and are not assignable or transferable by you except with Company’s prior written consent. HealthPlix may assign, transfer or delegate any of its rights and obligations hereunder without consent. No agency, partnership, joint venture, or employment relationship is created as a result of the TOS and neither party has any authority of any kind to bind the other in any respect. All notices under the TOS will be in writing and will be deemed to have been duly given when received if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; or two days after it is sent, if sent for next day delivery by recognized overnight delivery service.

Business Associate Agreement

This Business Associate Agreement (“Agreement’) is entered into by and between 

 

_____________________________________________________________(Business Associate) and the following PRACTICE NAME entity (ies), subsidiary (ies) and/or affiliate(s), which shall be collectively referred to as “PRACTICE NAME”.


 

  1. HIPAA and HITECH Dominance. 

In the event of a conflict or inconsistency between the terms of any other agreement between the parties and this Agreement, this Agreement controls.  This Agreement is required by the Health Insurance Portability and Accountability Act of 1996,  the Health Information Technology for Economic and Clinical Health Act (found in Title XIII of the American Recovery and Reinvestment Act of 2009) , and their associated regulations ("HIPAA" and “HITECH”).  The parties acknowledge and agree that, beginning with the effective dates under HIPAA and HITECH, Business Associate will comply with its obligations under this Agreement and with all obligations of a business associate under HIPAA, HITECH and any implementing regulations, as they exist at the time this Agreement is executed and as they are amended from time to time, for so long as this Agreement is in place. All Capitalized Terms used in this Agreement shall have the same definition as defined by HIPA and HITECH.

 

  1. Business Associate.  

Business Associate is directly subject to and must independently comply with the business associate provisions of HIPAA and HITECH notwithstanding the provisions contained in this Agreement.  This Agreement applies to all services and relationships between PRACTICE NAME and Business Associate.

 

  1. Protected Health Information.  

Any Protected Health Information ("PHI") as defined by HIPAA that was collected, created or received from or on behalf of PRACTICE NAME is PHI.  For purposes of these obligations PHI means all PHI in Business Associate's possession or under its control (e.g., agents) and all PHI collected, created or received by Business Associate or its agents on or after the effective date of this Agreement.

 

 

  1. Employees, Subcontractors, Agents and Disciplinary Action.

  1. Acts / Omissions.  Business Associate will be responsible for all actions and/or omissions by its employees, Subcontractors and/or agents and is liable to third parties and PRACTICE NAME for any violation of patients' privacy or security by any person granted access or receive data through Business Associate.

  2. Employees.  Business Associate agrees to instruct its employees and temporary agency employees regarding the confidentiality, privacy and security of PHI. Business Associate shall not disclose to its employees or permit them to access, view, obtain copy, review or use any PHI that is not necessary to their services to PRACTICE NAME.  Business Associate agrees to maintain strict performance standards, including disciplinary actions, with respect to wrongful access to, copying, viewing, misuse or disclosure of PHI.

  3. Agents and Subcontractors. If applicable, Business Associate shall ensure that any of its agent(s) and Subcontractor(s) (if agents or Subcontractors are permitted) that create, receive, maintain, or transmit PHI agree in writing to the same restrictions, conditions and requirements that apply to Business Associate with respect to such PHI, and in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2). Business Associate agrees to make a list of such agents and Subcontractors available to PRACTICE NAME upon request.

  4. Administrative and Disciplinary Action.  Business Associate will take appropriate administrative and disciplinary action with respect to the applicable employees, Subcontractors or agents if a privacy and/or security violation is substantiated.

  5. Notification of Changes.  Business Associate must promptly notify the PRACTICE NAME Security Officer, or other specified department, if any of its employees or agents who have access to PRACTICE NAME Information Systems, a PRACTICE NAME’s Network connection, or applications and no longer need or are eligible for access and/or connection due to leaving the Contractor, changing their job duties or for any other reason.

  6. Monitoring.  Business Associate will monitor the appropriateness of its employees and agents activities within PRACTICE NAME Information Systems and/or the PRACTICE NAME Network by methods including any reports or tools provided by PRACTICE NAME. 

 

  1. Permissible Uses and Disclosures of PHI. 

  1. Using and Disclosing PHI.  Business Associate may use or disclose PHI only as permitted by this Agreement or as required by law. Business Associate may use PHI only to directly perform services pursuant to any underlying agreement(s) for products or services with PRACTICE NAME.

  2. Business Associate's Internal Management Uses of PHI. Business Associate may use PHI for internal management and administration of Contractor, but only in connection with the direct performance by Business Associate through its employees of services for PRACTICE NAME pursuant to this Agreement.

  3. Minimum Necessary.  Business Associate is permitted to access and use only the minimum necessary PHI to the extent required to perform its duties under this Agreement.  Business Associate agrees not to use or store PHI or identifying information (e.g., name, date of birth, etc.) if the information can be removed and is not essential to the services to be provided.

  4. Handling PHI.  Business Associate further agrees to return or destroy any PHI that is erroneously shared or delivered to Business Associate.

  5. Data Aggregation.  Business Associate is permitted to use PHI for data aggregation for the health care operations of PRACTICE NAME, upon written request of PRACTICE NAME.

  6. De-Identified – Business Associate Use for Own Purposes.  Business Associate agrees not to use data that identifies PRACTICE NAME or PHI for its own purposes or for the benefit of its other customers, including de-identified PHI (as defined by HIPAA) without PRACTICE NAME’s prior written consent.

 

  1. Additional Obligations of Business Associate.

  1. Designated Record Set.  Business Associate shall make available PHI in a designated record set to PRACTICE NAME within 5 calendar days of any such request as necessary to satisfy PRACTICE NAME’s obligations under 45 CFR 164.524.

  2. Safeguards.  Business Associate agrees to implement appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of all PHI.  Business Associate agrees to implement appropriate electronic security practices for PRACTICE NAME PHI, which is transmitted, stored, received, or used in electronic form, in compliance with Subpart C of 45 CFR Part 164, to prevent use or disclosure of PHI other than as permitted by this Agreement.

  3. Business Associate will report to PRACTICE NAME any Use or Disclosure, or suspected Use or Disclosure, of PHI not provided for by this Agreement within 24 hours of becoming aware of same, including Breaches of Unsecured PHI, and any Security Incident of which it becomes aware.  The content of said reports shall comply with 45 CFR 164.410(c).

  4. Notice of Legal Contact.  Business Associate shall  notify PRACTICE NAME in writing within 5 calendar days of a disclosure request  and shall only disclose PRACTICE NAME PHI with PRACTICE NAME’s express written consent such disclosure is required by law.

  5. Pattern of Activity.  If Business Associate becomes aware of a pattern of activity or practice by PRACTICE NAME that constitutes a material breach or violation of PRACTICE NAME’s obligations under this Agreement, Business Associate will notify PRACTICE NAME of the same.

  6. Business Associate shall maintain and make available the information required to provide an Accounting of Disclosures to PRACTICE NAME as necessary for PRACTICE NAME to satisfy its obligations under 45 CFR 164.528 within 5 calendar days of any such request from PRACTICE NAME.

  7. Notice of Patient Contact.  Business Associate shall notify the privacy officer of PRACTICE NAME within 5 calendar days if an Individual contacts Business Associate in connection with the Individual's PHI.

  8. Assistance. Business Associate shall, at any time during this Agreement, make PRACTICE NAME PHI in its possession or under its control available to PRACTICE NAME within 5 calendar days of a PRACTICE NAME request. 

  9. Electronic Health Records Related to Treatment, Payment, or Operations.  In the case of a direct request for an accounting from an individual to Business Associate related to treatment, payment or operations disclosures through electronic health records, Business Associate shall provide such accounting to the individual in accordance with the applicable effective date of Section 13405(c) of HITECH. Business Associate shall document such disclosures and provide PRACTICE NAME notice of the disclosure.

  10. Amendments.  Business Associate will make available PHI for amendment and incorporate any amendments to PHI in accordance with 45 CFR 164.526.

  11. To the extent Business Associate is to carry out one or more of PRACTICE NAME’s obligations under Subpart E of 45 CFR Part 164, Business Associate will comply with the requirements of Subpart E that apply to PRACTICE NAME in the performance of such obligations.  

 

  1. Breach Investigation and Notification.  

  1. Upon receipt of a report an actual or suspected Breach or Security Incident from Business Associate, PRACTICE NAME shall determine whether a Risk Assessment should be conducted, and if so, which entity (PRACTICE NAME or the Business Associate) is the appropriate party to conduct the Risk Assessment under the circumstances. Business Associate shall comply with all requests and directives of PRACTICE NAME in this regard.

  2. If a Risk Assessment is conducted and it is determined that a Breach has occurred, PRACTICE NAME shall determine the appropriate party to notify the affected Individuals, the Department of Health and Human Services, and if necessary, the media.  If it is determined that the Business Associate is the appropriate party to prepare and issue the notice, then Business Associate shall do so at its sole cost and within the time period specified by HIPAA.  Business Associate shall provide PRACTICE NAME with a draft copy of the Breach Notification letter for its review and approval at least 10 days in advance of the deadline.  No Breach Notification letter shall be issued without PRACTICE NAME’s written approval of same.  In the event that PRACTICE NAME has reasonable cause to anticipate that Business Associate is not sufficiently performing its obligations under this paragraph, then PRACTICE NAME may, in its sole discretion, take over these obligations and invoice Business Associate for its costs associated with performing these obligations.

 

  1. Security, Reporting, Mitigation and Termination.

  1. Suspension and Termination. Business Associate will immediately suspend or terminate its employee’s, agent’s or Subcontractor’s access to PRACTICE NAME’s Information Systems and/or connection to a PRACTICE NAME Network in the event of a suspected or actual violation, and will not reinstate access and/or connection privileges until PRACTICE NAME has agreed in writing to the reinstatement of these privileges. 

  2. Immediate Termination of Right to Access / Network Connection.  Business Associate acknowledges that PRACTICE NAME has, at its sole discretion, the right to immediately terminate any of the Business Associate's employees, agents or Subcontractors’ right to access any aspect of PRACTICE NAME's Information System and/or Network connection in the event of Business Associate’s improper use of PRACTICE NAME’s Information System and/or Network connection, Business Associate’s failure to maintain the confidentiality of PRACTICE NAME or patient information, failure to maintain patient privacy or failure to safeguard and protect the security of the Information Systems and/or Network connection, or PRACTICE NAME’s patient or business information.


 

  1. Notices.  

All notices and reports required under this Agreement shall be provided in writing, and Business Associate shall retain proof of transmission, to the following persons on behalf of PRACTICE NAME:  

PRACTICE NAME Privacy Officer:  ENTER EMAIL 

PRACTICE NAME Security Officer:  ENTER EMAIL

 

  1. Amendment.  

The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of HIPAA and/or HITECH and any other applicable law.

 

  1. Access for Audit.  

Business Associate shall make its internal practices, books and records relating to the use and disclosure of any PHI available to PRACTICE NAME, the Secretary of the Department of Health and Human Services, and to other authorized government investigators for purposes of determining Business Associate's and PRACTICE NAME's compliance with HIPAA.   Business Associate agrees that PRACTICE NAME has the right to audit, investigate, monitor, access, review and report on Business Associate's use of any PRACTICE NAME PHI, with or without advance notice or knowledge from PRACTICE NAME.

 

  1. Assignment.  

No party may assign or transfer any or all of its rights and/or obligations under this Agreement or any part of it, nor any benefit or interest in or under it, to any third party without the prior written consent of the other party, which shall not be unreasonably withheld.  Business Associate may not assign any rights, nor may it delegate its duties, under this Agreement without the express written consent of PRACTICE NAME.

 

  1. Laws.  

Business Associate also will comply with all federal and state security and privacy laws applicable to Business Associate and more protective of individual privacy than are the HIPAA and / or HITECH.

 

  1. Injunctive Relief.  

Business Associate acknowledges and stipulates that its, including its agents and/or subcontractors, unauthorized use or disclosure of PHI while performing services pursuant to this Agreement may cause irreparable harm to PRACTICE NAME, and in such event, PRACTICE NAME will be entitled, if it so elects, to institute any type of proceeding in any court of competent jurisdiction in equity, to seek injunctive relief.

 

  1. Termination of Relationship for Failure to Comply.

  1. Immediate Termination and Cure.  PRACTICE NAME may immediately terminate its relationship with Business Associate upon written notice to Business Associate without damages or liability to Business Associate if PRACTICE NAME determines that Business Associate has violated a material requirement related to HIPAA and/or HITECH.  PRACTICE NAME, at its option and within its sole discretion, has the right to take reasonable steps to cure the breach and/or may (a) allow Business Associate to take steps to cure the breach, and (b) in the event of such a cure, elect to keep the relationship in force.

  2. PHI Obligations upon Termination or Expiration.  Unless Business Associate is required by law to maintain PHI, Business Associate shall return (and not retain any copies of) all PHI in its possession or under its control within 30 days after the termination/expiration of this Agreement.  If Business Associate is unable to return PHI, then Business Associate shall notify PRACTICE NAME of the reasons for being unable to return PHI in writing and must, at a minimum, maintain PHI as required by this Agreement and HIPAA and/or HITECH for so long as the PRACTICE NAME PHI exists.  Business Associate shall not transfer possession of PRACTICE NAME PHI without prior written approval of PRACTICE NAME.  If at any time Business Associate determines it is unable to protect PRACTICE NAME PHI, Business Associate shall destroy all PRACTICE NAME PHI and all copies and maintain proof of such destruction. Business Associate’s obligations under this paragraph shall survive the termination of this Agreement.

  3. PRACTICE NAME may terminate this Agreement effective immediately, if (i) Business Associate is named as a defendant in a criminal proceeding for a violation of HIPAA, HITECH, or other security or privacy laws or (ii) there is a finding or stipulation that Business Associate has violated any standard or requirement of HIPAA, HITECH, or other security or privacy laws in any administrative or civil proceeding in which Business Associate is involved.

  4. Termination of Other Agreements.  If this Agreement is terminated for any reason, PRACTICE NAME or Business Associate also may terminate any or all other agreements between the parties. This provision shall supersede any termination provision to the contrary which may be set forth in any other agreement.

bottom of page