Terms of Services
These Terms of Service (“TOS”) apply to the access and use of all of our web and mobile based applications (which are collectively referred to as “Platforms”) and use of our products and services provided through the Platforms (“Services”). The Platforms are owned, managed, and operated by HealthPlix Technologies Private Limited having its registered office at 1st Floor, 2gethr, Tower B, Mantri Commercio, Outer Ring Rd, near Sakra World Hospital, Bellandur, Bengaluru – 560103 (hereinafter referred as “us”/ “we”/ “HealthPlix”/ “Company”).
These TOS govern the use of the Platforms and Services by you, the registered medical practitioners, having valid credentials and having registered with the Medical Council of India or any successor organisation as may be notified in the future (“Doctors”), your staff (“Staff”), and the patients and end users who are using the Platforms (“Patients”). Patients, Staff and Doctors are jointly referred to as “Users” or “you”. By accessing or using the Platforms, registering for Services offered on the Platforms, or by accepting, uploading, submitting or downloading any information or content from or to the Platforms, you shall have agreed to these TOS.
IF YOU DO NOT AGREE TO BE BOUND BY ALL OF THESE TOS, we request you DO NOT USE THE PLATFORMS.
-
Acceptance of Terms
Your use of the Platforms is subject to these TOS, which may be updated, amended, modified or revised by HealthPlix from time to time without any notice to you. It is important for you to refer to these TOS from time to time to make sure that you are aware of any additions, revisions, amendments or modifications that we may have made to these TOS. Your use of the Platforms and engagement with HealthPlix constitutes your acceptance of these TOS. Your use of the Services herein is under a limited, non-transferable, non-licensable, non-assignable licence to use the Services granted by HealthPlix only for the purposes mentioned herein.
-
Use of Services
The Platforms and Services are designed to assist the Doctors to store, obtain and review health information of the Patients who visit their clinics or hospitals. The Doctor can review the health information such as the Patient’s vitals, medical reports, medical records, medical images, etc. (“Data”) and provide feedback, advice and suggestion or any other information that may be relevant to the Patient. The Platforms and Services are designed to allow the Doctors to seamlessly access their Patient Data via the Platforms and use the Data to provide healthcare services to the Patients. We endeavour to provide a functional and convenient Service through our Platforms, but we do not guarantee that your web browser, or mobile device will be compatible with the Platforms or the Services or that the Platforms and Services will be available uninterrupted or that any content will be error free. HealthPlix is not responsible for any interruption in Services or availability of Platforms due to, but not limited to, changes or updates in individual clinic’s practice, network failure, or any other technical incident. HealthPlix reserves the right, at its sole discretion, to modify or replace all or any part of the TOS (including, without limitation, pricing and payment terms), or change, suspend, or discontinue all or any part of the Services or Platforms at any time by posting a notice on the Platforms or by informing you through any other modes of communication. It is your responsibility to check the TOS periodically for changes. Your continued use of the Platforms or the Services following the posting of any changes to the TOS constitutes acceptance of those changes.
The Platforms may collect and store demographic, financial, health records and any other type of information that you may provide. This information is collected, stored and processed as per our privacy policy published on the Platforms.
The Doctors represent and warrant that they have taken the appropriate consent from Patients before storing, or sharing with any third parties, any of the Patients’ information including but not limited to personally identifiable information, health records, demographic information and financial information etc.
The Patients, by accessing the Platforms, consent and agree that the Platform may store their personal information including but not limited to contact information, demographic data, health records and medical history etc. The Platform may use this information for purposes as per our privacy policy published on the Platforms.
-
Registration
As part of the registration process you will need to create an account, including a username and password. It is your responsibility to ensure that the information you provide is accurate, not misleading and secure. You shall be responsible for keeping your credentials in safe custody. HealthPlix will not be liable for any losses or claims arising out of misuse of Platforms or Services accessed with your credentials. You cannot create an account or username and password using the names and information of another person or using words that are the trademarks or the property of another party (including ours), or vulgar, obscene or in any other way inappropriate. We reserve the right with or without notice to suspend or terminate any account in breach. Doctors represent and warrant that they are licensed medical practitioners registered with the Medical Council of India (MCI) and there are no legal or regulatory impediments which prevent you from practising medicine in India.
4. Data Confidentiality
a) Responsibility of Doctors and Staff
Through your use of the Platforms, you shall have access to sensitive and valuable Data of the Users which may include medical records, medical information, personal information or any other information as may be required. Additionally, Doctors and their Staff agree to treat as confidential all Data that they have been provided access to, and that they shall make their best efforts to maintain the confidentiality of such Data. Doctors and their Staff should be aware of the Patient confidentiality requirements and observe all caution and the applicable duty of care in provision of services under these TOS. The Data, provided by the Patient or entered by the Doctor or the Staff. The Platforms present the Patient Data to the Doctors in an As-Is manner and the Platforms do not make any warranties, representations, etc. on the accuracy and correctness of the Data.
b)Restrictions on Use of Platforms. Doctors and Staff agrees that they shall not:
i. and shall not permit anyone to: (i) copy or republish the Platforms, except as may be provided herein; (ii) make the Platforms available to any person other than its authorized personnel, (iii) remove, modify or obscure any copyright, trademark or other proprietary notices contained in the Platforms, (iv) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of Platforms or (vii) access the Platforms in order to build a similar or competitive product. Doctors and Staff shall not access (or attempt to access) the Platforms and the materials or services by any means other than through the interface that is provided by Company.
ii. use any deep-link, robot, spider or other automatic device, program, algorithm or methodology, or any similar or equivalent manual process, to access, acquire, copy or monitor any portion of the Platforms or content, or in any way reproduce or circumvent the navigational structure or presentation of the Platforms, materials or any content, to obtain or attempt to obtain any materials, documents or information through any means not specifically made available through the Platforms.
iii. attempt to gain unauthorized access to any portion or feature of the Platforms, any other systems or networks connected to the Platforms, to any Company server, or to any of the services offered on or through the Platforms, by hacking, password mining or any other illegitimate means.
iv. probe, scan or test the vulnerability of the Platforms or any network connected to the Platforms, nor breach the security or authentication measures on the Platforms or any network connected to the Platforms. Doctors and Staff may not reverse look-up, trace or seek to trace any information on any other user, of or visitor to, the Platforms, or any other customer of Company, including any Company account not owned by Doctors, to its source, or exploit the Platforms or Services or information made available or offered by or through the Platforms, in any way whether or not the purpose is to reveal any information, including but not limited to personal identification information, other than Doctors’ own information, as provided for by the Platforms;
v. disrupt or interfere with the security of, or otherwise cause harm to, the Platforms, systems resources, accounts, passwords, servers or networks connected to or accessible through the Platforms or any affiliated or linked sites.
In case of breach of this provision, all parties including but not limited to Users shall be liable to pay Company a pre-agreed liquidated damages amount to INR 1,00,00,000 (One crore only).
b) Non-Disclosure by HealthPlix
The Company shall not share the Data with other doctors or clinics or hospitals. In other words, the Company shall not engage in any activity that can be construed as “poaching of patients”. HealthPlix will store the Data on a secure cloud infrastructure and/or third-party servers chosen by HealthPlix or built by HealthPlix. HealthPlix is committed to protecting the identity of the Users. The following security procedures have been put in place by us to protect Data:
a) Access to the Services is only after the user keys in his username and password. The username and password have to be successfully authenticated post which the access to the Platforms and Services is granted. Users are fully and solely responsible for any or all use of the Platforms or the Services while accessing these using the username and password (upon successful authentication).
b) To prevent impersonation, your password is never stored in plain text format on any of our servers.
c) The communication between your device and our servers will be through a secure HTTPS connection.
d) A secure session is established with the help of a session token for providing access to the Patient Data after the Doctors or the Staff have successfully authenticated their username and password
e) Role based access to database depending on the roles assigned by the Doctor to his/her Staff
f) Within our server we use an Advanced Encryption Standard (AES) and multi-level security and authentication checks to protect the confidential Data. Personally identifiable patient information is always kept strictly confidential and is never disclosed with any third party except as provided under our privacy policy. We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our Users, or others. This includes exchanging information with other companies and organisations for fraud protection and risk reduction. The Company may also use the data in de-identified and aggregated form for the following purposes without violating the relevant data privacy and data security laws of India.
i. for the purpose of research and publications, statistical analysis, generating Real World Evidence (RWE) algorithmically,
ii. for communication purpose so as to provide the Doctor a better way of communicating with his/her patients by means of SMS/Emails,
iii. for debugging customer support related issues,
iv. for improving the algorithms of Company’s EMR to make it faster, efficient and reliable
v. for enhancing the Clinical Decision Support software developed by the Company
vi. for communicating about new Services and offerings by the Company or its partners with the Users
5. Communications
You agree to receive communications through emails, telephone, mobile phone and/or SMS, from HealthPlix or its third-party vendors or business partners or third-party service providers regarding the services or services updates, transactional and/or promotional emails and/or any announcements. In this context and regard, you agree and provide your consent to receive all communications at the mobile number provided to HealthPlix, even if this mobile number is registered under DND/NCPR list under Telecom Regulatory Authority of India (TRAI) laws, rules and regulations. And for that purpose, you further authorise HealthPlix to share/disclose the information to any third-party service provider or any affiliates, group companies, their authorised agents or third-party service providers. You also agree that in accordance with the applicable TRAI laws, rules and regulations specifically The Telecom Commercial Communications Customer Regulations, 2014:
i. Each time you do visit/transact or login in your account on the Platforms, it shall be regarded as a verifiable request from you pertaining to receipt of our Ser\
This Agreement shall be governed by and construed in accordance with the laws of India without regard to the conflict of laws provisions thereof. All claims, differences and disputes arising under or in connection with or in relation hereto the Website, the Terms or any transactions entered into on or through the Website shall be subject to the exclusive jurisdiction of the courts at Bangalore, India and you hereby accede to and accept the jurisdiction of such courts.
11. Miscellaneous
The TOS are the entire agreement between you and HealthPlix with respect to the use of Platforms or the Services, and supersede all prior or contemporaneous communications and proposals (whether oral, written or electronic) between you and HealthPlix with respect to the use of Platforms or the Services provided. If any provision of the TOS is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the TOS will otherwise remain in full force and effect and enforceable. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder. The TOS are personal to you, and are not assignable or transferable by you except with Company’s prior written consent. HealthPlix may assign, transfer or delegate any of its rights and obligations hereunder without consent.
Monitoring. Business Associate will monitor the appropriateness of its employees and agents activities within PRACTICE NAME Information Systems and/or the PRACTICE NAME Network by methods including any reports or tools provided by PRACTICE NAME.
-
Permissible Uses and Disclosures of PHI.
-
Using and Disclosing PHI. Business Associate may use or disclose PHI only as permitted by this Agreement or as required by law. Business Associate may use PHI only to directly perform services pursuant to any underlying agreement(s) for products or services with PRACTICE NAME.
-
Business Associate's Internal Management Uses of PHI. Business Associate may use PHI for internal management and administration of Contractor, but only in connection with the direct performance by Business Associate through its employees of services for PRACTICE NAME pursuant to this Agreement.
-
Minimum Necessary. Business Associate is permitted to access and use only the minimum necessary PHI to the extent required to perform its duties under this Agreement. Business Associate agrees not to use or store PHI or identifying information (e.g., name, date of birth, etc.) if the information can be removed and is not essential to the services to be provided.
-
Handling PHI. Business Associate further agrees to return or destroy any PHI that is erroneously shared or delivered to Business Associate.
-
Data Aggregation. Business Associate is permitted to use PHI for data aggregation for the health care operations of PRACTICE NAME, upon written request of PRACTICE NAME.
-
De-Identified – Business Associate Use for Own Purposes. Business Associate agrees not to use data that identifies PRACTICE NAME or PHI for its own purposes or for the benefit of its other customers, including de-identified PHI (as defined by HIPAA) without PRACTICE NAME’s prior written consent.
-
Additional Obligations of Business Associate.
-
Designated Record Set. Business Associate shall make available PHI in a designated record set to PRACTICE NAME within 5 calendar days of any such request as necessary to satisfy PRACTICE NAME’s obligations under 45 CFR 164.524.
-
Safeguards. Business Associate agrees to implement appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of all PHI. Business Associate agrees to implement appropriate electronic security practices for PRACTICE NAME PHI, which is transmitted, stored, received, or used in electronic form, in compliance with Subpart C of 45 CFR Part 164, to prevent use or disclosure of PHI other than as permitted by this Agreement.
-
Business Associate will report to PRACTICE NAME any Use or Disclosure, or suspected Use or Disclosure, of PHI not provided for by this Agreement within 24 hours of becoming aware of same, including Breaches of Unsecured PHI, and any Security Incident of which it becomes aware. The content of said reports shall comply with 45 CFR 164.410(c).
-
Notice of Legal Contact. Business Associate shall notify PRACTICE NAME in writing within 5 calendar days of a disclosure request and shall only disclose PRACTICE NAME PHI with PRACTICE NAME’s express written consent such disclosure is required by law.
-
Pattern of Activity. If Business Associate becomes aware of a pattern of activity or practice by PRACTICE NAME that constitutes a material breach or violation of PRACTICE NAME’s obligations under this Agreement, Business Associate will notify PRACTICE NAME of the same.
-
Business Associate shall maintain and make available the information required to provide an Accounting of Disclosures to PRACTICE NAME as necessary for PRACTICE NAME to satisfy its obligations under 45 CFR 164.528 within 5 calendar days of any such request from PRACTICE NAME.
-
Notice of Patient Contact. Business Associate shall notify the privacy officer of PRACTICE NAME within 5 calendar days if an Individual contacts Business Associate in connection with the Individual's PHI.
-
Assistance. Business Associate shall, at any time during this Agreement, make PRACTICE NAME PHI in its possession or under its control available to PRACTICE NAME within 5 calendar days of a PRACTICE NAME request.
-
Electronic Health Records Related to Treatment, Payment, or Operations. In the case of a direct request for an accounting from an individual to Business Associate related to treatment, payment or operations disclosures through electronic health records, Business Associate shall provide such accounting to the individual in accordance with the applicable effective date of Section 13405(c) of HITECH. Business Associate shall document such disclosures and provide PRACTICE NAME notice of the disclosure.
-
Amendments. Business Associate will make available PHI for amendment and incorporate any amendments to PHI in accordance with 45 CFR 164.526.
-
To the extent Business Associate is to carry out one or more of PRACTICE NAME’s obligations under Subpart E of 45 CFR Part 164, Business Associate will comply with the requirements of Subpart E that apply to PRACTICE NAME in the performance of such obligations.
-
Breach Investigation and Notification.
-
Upon receipt of a report an actual or suspected Breach or Security Incident from Business Associate, PRACTICE NAME shall determine whether a Risk Assessment should be conducted, and if so, which entity (PRACTICE NAME or the Business Associate) is the appropriate party to conduct the Risk Assessment under the circumstances. Business Associate shall comply with all requests and directives of PRACTICE NAME in this regard.
-
If a Risk Assessment is conducted and it is determined that a Breach has occurred, PRACTICE NAME shall determine the appropriate party to notify the affected Individuals, the Department of Health and Human Services, and if necessary, the media. If it is determined that the Business Associate is the appropriate party to prepare and issue the notice, then Business Associate shall do so at its sole cost and within the time period specified by HIPAA. Business Associate shall provide PRACTICE NAME with a draft copy of the Breach Notification letter for its review and approval at least 10 days in advance of the deadline. No Breach Notification letter shall be issued without PRACTICE NAME’s written approval of same. In the event that PRACTICE NAME has reasonable cause to anticipate that Business Associate is not sufficiently performing its obligations under this paragraph, then PRACTICE NAME may, in its sole discretion, take over these obligations and invoice Business Associate for its costs associated with performing these obligations.
-
Security, Reporting, Mitigation and Termination.
-
Suspension and Termination. Business Associate will immediately suspend or terminate its employee’s, agent’s or Subcontractor’s access to PRACTICE NAME’s Information Systems and/or connection to a PRACTICE NAME Network in the event of a suspected or actual violation, and will not reinstate access and/or connection privileges until PRACTICE NAME has agreed in writing to the reinstatement of these privileges.
-
Immediate Termination of Right to Access / Network Connection. Business Associate acknowledges that PRACTICE NAME has, at its sole discretion, the right to immediately terminate any of the Business Associate's employees, agents or Subcontractors’ right to access any aspect of PRACTICE NAME's Information System and/or Network connection in the event of Business Associate’s improper use of PRACTICE NAME’s Information System and/or Network connection, Business Associate’s failure to maintain the confidentiality of PRACTICE NAME or patient information, failure to maintain patient privacy or failure to safeguard and protect the security of the Information Systems and/or Network connection, or PRACTICE NAME’s patient or business information.
-
Notices.
All notices and reports required under this Agreement shall be provided in writing, and Business Associate shall retain proof of transmission, to the following persons on behalf of PRACTICE NAME:
PRACTICE NAME Privacy Officer: ENTER EMAIL
PRACTICE NAME Security Officer: ENTER EMAIL
-
Amendment.
The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of HIPAA and/or HITECH and any other applicable law.
-
Access for Audit.
Business Associate shall make its internal practices, books and records relating to the use and disclosure of any PHI available to PRACTICE NAME, the Secretary of the Department of Health and Human Services, and to other authorized government investigators for purposes of determining Business Associate's and PRACTICE NAME's compliance with HIPAA. Business Associate agrees that PRACTICE NAME has the right to audit, investigate, monitor, access, review and report on Business Associate's use of any PRACTICE NAME PHI, with or without advance notice or knowledge from PRACTICE NAME.
-
Assignment.
No party may assign or transfer any or all of its rights and/or obligations under this Agreement or any part of it, nor any benefit or interest in or under it, to any third party without the prior written consent of the other party, which shall not be unreasonably withheld. Business Associate may not assign any rights, nor may it delegate its duties, under this Agreement without the express written consent of PRACTICE NAME.
-
Laws.
Business Associate also will comply with all federal and state security and privacy laws applicable to Business Associate and more protective of individual privacy than are the HIPAA and / or HITECH.
-
Injunctive Relief.
Business Associate acknowledges and stipulates that its, including its agents and/or subcontractors, unauthorized use or disclosure of PHI while performing services pursuant to this Agreement may cause irreparable harm to PRACTICE NAME, and in such event, PRACTICE NAME will be entitled, if it so elects, to institute any type of proceeding in any court of competent jurisdiction in equity, to seek injunctive relief.
-
Termination of Relationship for Failure to Comply.
-
Immediate Termination and Cure. PRACTICE NAME may immediately terminate its relationship with Business Associate upon written notice to Business Associate without damages or liability to Business Associate if PRACTICE NAME determines that Business Associate has violated a material requirement related to HIPAA and/or HITECH. PRACTICE NAME, at its option and within its sole discretion, has the right to take reasonable steps to cure the breach and/or may (a) allow Business Associate to take steps to cure the breach, and (b) in the event of such a cure, elect to keep the relationship in force.
-
PHI Obligations upon Termination or Expiration. Unless Business Associate is required by law to maintain PHI, Business Associate shall return (and not retain any copies of) all PHI in its possession or under its control within 30 days after the termination/expiration of this Agreement. If Business Associate is unable to return PHI, then Business Associate shall notify PRACTICE NAME of the reasons for being unable to return PHI in writing and must, at a minimum, maintain PHI as required by this Agreement and HIPAA and/or HITECH for so long as the PRACTICE NAME PHI exists. Business Associate shall not transfer possession of PRACTICE NAME PHI without prior written approval of PRACTICE NAME. If at any time Business Associate determines it is unable to protect PRACTICE NAME PHI, Business Associate shall destroy all PRACTICE NAME PHI and all copies and maintain proof of such destruction. Business Associate’s obligations under this paragraph shall survive the termination of this Agreement.
-
PRACTICE NAME may terminate this Agreement effective immediately, if (i) Business Associate is named as a defendant in a criminal proceeding for a violation of HIPAA, HITECH, or other security or privacy laws or (ii) there is a finding or stipulation that Business Associate has violated any standard or requirement of HIPAA, HITECH, or other security or privacy laws in any administrative or civil proceeding in which Business Associate is involved.
-
Termination of Other Agreements. If this Agreement is terminated for any reason, PRACTICE NAME or Business Associate also may terminate any or all other agreements between the parties. This provision shall supersede any termination provision to the contrary which may be set forth in any other agreement.
No agency, partnership, joint venture, or employment relationship is created as a result of the TOS and neither party has any authority of any kind to bind the other in any respect. All notices under the TOS will be in writing and will be deemed to have been duly given when received if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; or two days after it is sent, if sent for next day delivery by recognized overnight delivery service.