Terms of Use


TERMS OF USE

These terms and conditions of use (“Terms of Use”) are entered into by and between users (“you”) and Healthcelerate, Inc. (“Healthcelerate”, “our”, “we”, “us” or the “Company”). These Terms of Use govern your access to and use of all content, functionality, and services offered on or through www.healthcelerate.com (the “Website”) in Section 1, and the careMESH Services provided by Healthcelerate on www.caremesh.com in Section 2.

This page also includes the careMESH Business Associates Agreement (“BAA” or Agreement) in Section 3. Unless your organization has entered into a separate business associate agreement which shall prevail, this BAA is entered into between Healthcelerate Inc. (“Business Associate”), and you (“Covered Entity”) and is incorporated into the careMESH Service Terms of Use by reference.


Section 1: The Website - www.healthcelerate.com

Please read the Terms of Use carefully before you start to use the Website. By accessing or using the Website you accept and agree to be bound and abide by these Terms of Use and our Privacy Policy, incorporated herein by reference. If you do not want to agree to these Terms of Use or the Privacy Policy, you must not access or use the Website.

1. CHANGES TO THE TERMS OF USE

We may revise these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them.  Please check this page regularly to ensure that you are familiar with the current version of the Terms of Use. By your continued use of healthcelerate.com after publication of the revised Terms of Use, you accept and agree to the terms and conditions in the revised Terms of Use.

2. ACCESSING THE WEBSITE AND ACCOUNT SECURITY

We reserve the right to withdraw or amend this Website, and any service or material we provide in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period. From time to time, we may restrict access to some or all parts of the Website.

To access the Website or some of the resources it offers, you may be asked to provide certain information. It is a condition of your use of the Website that all the information you provide is correct, current and complete. You agree that all information you provide, including but not limited to the use of any interactive features on the Website, is governed by our Privacy Policy, and you consent to all actions we take with respect to your information consistent with our Privacy Policy.

3. INTELLECTUAL PROPERTY RIGHTS

The Website and its entire contents, features and functionality (including but not limited to all information, software, text, displays, images, video and audio, and the design, selection and arrangement thereof), are owned by the Company, its licensors or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.

These Terms of Use permit you to use the Website for your personal, non-commercial use only. You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store or transmit any of the material on our Website, except as follows:

  • Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.

  • You may store files that are automatically cached by your Web browser for display enhancement purposes.

  • You may print one copy of a reasonable number of pages of the Website for your own personal, non-commercial use and not for further reproduction, publication or distribution.

  • If we provide social media features with certain content, you may take such actions as are enabled by such features.

You must not:

  • Modify copies of any materials from this site.

  • Delete or alter any copyright, trademark or other proprietary rights notices from copies of materials from this site.

You must not access or use for any commercial purposes any part of the Website or any services or materials available through the Website.

4. TRADEMARKS

The Company name, the Company logo, and all related names, logos, product and service names, designs and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs and slogans on this Website are the trademarks of their respective owners.

5. PROHIBITED USES

You may use the Website only for lawful purposes and in accordance with these Terms of Use. You agree not to use the Website:

  • In any way that violates any applicable federal, state, local or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries).

  • For the purpose of exploiting, harming or attempting to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information or otherwise.

  • To impersonate or attempt to impersonate the Company, a Company employee, another user or any other person or entity (including, without limitation, by using e-mail addresses associated with any of the foregoing).

  • To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of the Website, or which, as determined by us, may harm the Company or users of the Website or expose them to liability.

Additionally, you agree not to:

  • Use the Website in any manner that could disable, overburden, damage, or impair the site or interfere with any other party’s use of the Website, including their ability to engage in real-time activities through the Website.

  • Use any robot, spider or other automatic device, process or means to access the Website for any purpose, including monitoring or copying any of the material on the Website.

  • Use any manual process to monitor or copy any of the material on the Website or for any other unauthorized purpose without our prior written consent.

  • Use any device, software or routine that interferes with the proper working of the Website.

  • Introduce any viruses, trojan horses, worms, logic bombs or other material which is malicious or technologically harmful.

  • Attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Website, the server on which the Website is stored, or any server, computer or database connected to the Website.

  • Attack the Website via a denial-of-service attack or a distributed denial-of-service attack.

  • Otherwise attempt to interfere with the proper working of the Website.

Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone posting any materials on or through the Website. YOU WAIVE AND HOLD HARMLESS THE COMPANY AND ITS AFFILIATES, LICENSEES AND SERVICE PROVIDERS FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY THE COMPANY/ANY OF THE FOREGOING PARTIES DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER THE COMPANY/SUCH PARTIES OR LAW ENFORCEMENT AUTHORITIES.

6. RELIANCE ON INFORMATION POSTED

The information presented on or through the Website is made available solely for general information purposes. We do not warrant the accuracy, completeness or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to the Website, or by anyone who may be informed of any of its contents.

This Website may include content provided by third parties, including materials provided by other users, bloggers and third-party licensors, syndicators, aggregators and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by the Company, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of the Company. We are not responsible, or liable to you or any third party, for the content or accuracy of any materials provided by any third parties.

7. CHANGES TO THE WEBSITE

We may periodically update the content on this Website, but its content is not necessarily complete or up-to-date. Any of the material on the Website may be out-of-date at any given time, and we are under no obligation to update such material.

8. LINKING TO THE WEBSITE AND SOCIAL MEDIA FEATURES

You may link to our website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part without our express written consent. This Website may provide certain social media features that enable you to:

  • Link from your own or certain third-party websites to certain content on this Website.

  • Send e-mails or other communications with certain content, or links to content, on this Website.

  • Cause limited portions of content on this Website to be displayed or appear to be displayed on your own or certain third-party websites.

You may use these features solely as they are provided by us, and solely with respect to the content they are displayed with and otherwise in accordance with any additional terms and conditions we provide with respect to such features. Subject to the foregoing, you must not:

  • Establish a link from any website that is not owned by you.

  • Cause the Website or portions of it to be displayed, or appear to be displayed by, for example, framing, deep linking or in-line linking, on any other site.

  • Link to any part of the Website other than the homepage.

  • Otherwise take any action with respect to the materials on this Website that is inconsistent with any other provision of these Terms of Use.

You agree to cooperate with us in causing any unauthorized framing or linking immediately to cease. We reserve the right to withdraw linking permission without notice. We may disable all or any social media features and any links at any time without notice in our discretion.

9. LINKS FROM THE WEBSITE

If the Website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. This includes links contained in advertisements, including banner advertisements and sponsored links. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to this Website, you do so entirely at your own risk and subject to the terms and conditions of use for such websites.

10. GEOGRAPHIC RESTRICTIONS

The owner of the Website is based in the Commonwealth of Virginia in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

11. DISCLAIMER OF WARRANTIES

You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Website will be free of viruses or other destructive code. You are responsible for implementing sufficient procedures and checkpoints to satisfy your requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to our site for any reconstruction of any lost data. WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.

HEALTHCELERATE  WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THE WEBSITE, OR FROM ANY INFORMATION CONTENT, MATERIALS, PRODUCTS OR OTHER SERVICES INCLUDED ON OR OTHERISE MADE AVAILABLE TO YOU THROUGH THE WEBSITE, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES.

HEALTHCELERATE EXPRESSLY DISCLAIMS ANY RESPONSIBILITY FOR THE ACCURACY, CONTENT, AVAILABILITY OF INFORMATION, PRODUCTS, SERVICES, PRIVACY OR SECURITY PRACTICES OR MERCHANDISE FOUND ON THIRD PARTY SITES THAT LINK TO OR FROM THE WEBSITE. HELTHCELERATE CANNOT BE HELD RESPONSIBLE FOR THE MATERIAL CONTAINED ON THIRD PARTY SITES.

YOUR USE OF THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR PURPOSE. WITHOUT LIMITING THE FOREGOING, HEALTHCELERATE.COM AND ITS CONTENTS ARE OFFERED FOR INFORMATIONAL PURPOSES ONLY. YOU UNDERSTAND, ACKNOWLEDGE AND AGREE THAT YOU ARE ASSUMING THE ENTIRE RISK AS TO THE QUALITY, ACCURACY, PERFORMANCE, TIMELINESS, ADEQUACY, COMPLETENESS, CORRECTNESS, AUTHENTICITY, SECURITY AND VALIDITY OF ALL FEATURES AND FUNCTIONS OF HEALTHCELERATE.COM.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

12. LIMITATION ON LIABILITY

IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE.

THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

13. INDEMNIFICATION

You agree to defend, indemnify and hold harmless Healthcelerate, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of these Terms of Use or your use of the Website, including, but not limited to, any use of the Website’s content, services and products other than as expressly authorized in these Terms of Use or your use of any information obtained from the Website.

14. GOVERNING LAW AND JURISDICTION

All matters relating to the Website and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the Commonwealth of Virginia without giving effect to any choice or conflict of law provision or rule (whether of the Commonwealth of Massachusetts or any other jurisdiction).

You expressly agree that exclusive jurisdiction for any dispute with Healthcelerate resides in the courts of Virginia, and you further agree and expressly consent to the exercise of personal jurisdiction in the courts of Virginia, in connection with any claim involving Healthcelerate. Use of the Website is unauthorized in any jurisdiction that does not give effect to these Terms of Use and all the terms and conditions set forth herein.

15. LIMITATION ON TIME TO FILE CLAIMS

ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS AND CONDITIONS, THE WEBSITE OR THE CONTENT MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES, OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.

16. WAIVER AND SEVERABILITY

No waiver by the Company of any term or condition set forth in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision.

If any provision of these Terms of Use is held by a court or other tribunal of jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.

17. ENTIRE AGREEMENT

This Terms of Use and our Privacy Policy constitute the entire agreement between you and Healthcelerate with respect to the Website and supersede all prior and contemporaneous understandings, agreements, representations and warranties, with respect to the Website.


Section 2: The careMESH Services - www.caremesh.com

THESE TERMS OF USE (THE “TERMS”) GOVERN YOUR ACCESS TO AND USE OF THE CAREMESH SERVICES PROVIDED BY HEALTHCELERATE, INC. (“HEALTHCELERATE,” “US” OR “WE”). BY COMPLETING THE REGISTRATION PROCESS AND CLICKING THE "I ACCEPT" BUTTON, YOU ARE AGREEING TO BE BOUND BY THESE TERMS, OUR PRIVACY POLICY AND OUR BUSINESS ASSOCIATES AGREEMENT, INCORPORATED HEREIN BY REFERENCE.

PLEASE READ THESE TERMS CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS, REMEDIES AND OBLIGATIONS. THESE INCLUDE VARIOUS LIMITATIONS AND EXCLUSIONS, AND A DISPUTE RESOLUTION CLAUSE THAT GOVERNS HOW DISPUTES WILL BE RESOLVED.

1. ACCESS TO AND USE OF THE CAREMESH SERVICES

(a) Healthcelerate operates a secure cloud-based communications platform for exchanging health information (the “careMESH Services”), including without limitation, the ability to securely exchange structured and unstructured User Content that may include (i) patient information and health records ("Patient Records") and (ii) messages among clinicians ("Messaging Services"). The careMESH Services may be provided to you through a variety of mediums including but not limited to browser-based online access, mobile applications, text message, voice and facsimile.

(b) Subject to the terms and conditions of this Agreement, Healthcelerate hereby grants you a non-exclusive, non-transferable, revocable right to access the careMESH Services solely in connection with your legitimate healthcare related practices, subject to the Use Restrictions set forth in Section 3 below. Any and all rights to use the careMESH Services not expressly granted to you are reserved by Healthcelerate.

(c) Healthcelerate may make updates to the careMESH Services and release upgraded versions at any time.

2. YOUR RESPONSIBILITIES

(a) You shall: (i) comply with all applicable laws, court orders, rules and regulations, including without limitation, HIPAA and the HITECH Act; (ii) comply with applicable Healthcelerate policies for access to and use of the careMESH Services, including but not limited to, its Privacy Policy and business associate agreement (BAA); (iii) ensure at all times that your profile information located in the Directory of the careMESH Services is accurate; (iv) cooperate with Healthcelerate’s investigation of outages, security problems, unauthorized use of the careMESH Services and/or any suspected breach of these Terms or privacy policy, or any applicable law, court order, rule or regulation; and (v) promptly notify Healthcelerate of any known or suspected unauthorized use of your account, the User Content, the careMESH Services or any other breach of security. You are exclusively responsible for complying with any applicable compliance, security and termination of access policies, including but not limited to any employer or affiliate policies governing the use, disclosure and/or storage of User Content on any devices used to access the careMESH Services. Healthcelerate has no responsibility or liability for your failure to comply with such applicable policies.

(b) You will be required to create a careMESH account in order to access the careMESH Services. By creating an account, you represent and warrant that all information that you provide on the registration form is, and will be at all times, (i) true, accurate, current and complete information about yourself. You further agree to maintain and update this information from time to time to keep such information true, accurate, current and complete. If any information provided by you is untrue, inaccurate, not current or incomplete, Healthcelerate has the right to terminate your account and refuse you any and all current or future use of the careMESH Services.

(c) You are responsible for maintaining the security of any device that you use to access the careMESH Services. You are also responsible for all use of your careMESH account and for ensuring that all use of your account complies fully with the provisions of these Terms. You agree to notify Healthcelerate immediately of all unauthorized use of your account and if the security or secrecy of your account login information has been compromised. You may be held responsible for any losses incurred by Healthcelerate or any other user of the careMESH Services that are in any way related to your failure to maintain the security of your account information.

(d) You acknowledge, consent and agree that Healthcelerate may investigate your use of the Services in order to determine whether a violation of the Terms of Use has occurred or to comply with any applicable law, regulation, governmental request or legal process.

3. USE RESTRICTIONS

You shall not do any of the following:

(a) Sell, lease, license, sublicense, or otherwise encumber any portion of the careMESH Services or Healthcelerate’s documentation;

(b) Access or share Protected Health Information (“PHI”) that you do not have the right to access or share;

(c) Access or share any User Content that is protected from distribution through other agreements that you hold with other vendors or organizations;

(d) Harm minors in any way;

(e) Decompile, disassemble, or reverse engineer any portion of the careMESH Services or attempt to discover any source code or underlying ideas or algorithms of the careMESH Services;

(f) Create any derivative work based on the careMESH Services or any Healthcelerate Confidential Information;

(g) Use the careMESH Services to provide processing services to third parties, commercial timesharing, rental or sharing arrangements, or on a “service bureau” basis or otherwise use or allow others to use the careMESH Services for the benefit of any third party;

(h) Use the careMESH Services to store or transmit infringing, libelous, obscene, threatening, or otherwise obscene, defamatory, threatening, harassing, abusive, slanderous, hateful, or embarrassing to any other person or entity as Healthcelerate may determine in Healthcelerate’s sole discretion, including without limitation material harmful to children, or use the careMESH Services to post, upload, email, transmit or otherwise distribute any User Content any Content that infringes on the intellectual property rights of others or on the privacy or publicity rights of others;

(i) Provide, disclose, divulge or make available to, permit use of or invite others to use the careMESH Services by any third party or any non-health related clinician who have signed a confidentiality agreement consistent with the terms and provisions herein, without Healthcelerate’s prior written consent;

(j) Use the careMESH Services, or allow the transfer, transmission, export, or re-export of the Services or portion thereof in violation of any export control laws or regulations administered by the U.S. Commerce Department, OFAC, or any other government agency; or

(k) Interfere with or disrupt the integrity or performance of the careMESH Services;

(l) Use the careMESH Service to post advertisements or solicit business or to contact any other user of the careMESH Services unrelated to the purposes of the careMESH Services;

(m) Forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Services;

(n) Post, upload, email, transmit or otherwise distribute chain letters, pyramid schemes, unsolicited or unauthorized advertising or spam;

(o) Impersonate another person or business entity or stalk or otherwise harass another person;

(p) Post, upload, email, transmit or otherwise distribute viruses or other harmful computer code designed to interrupt, destroy or limit the use of any computer software or hardware;

(q) Harvest or otherwise collect information about others, including email addresses;

(r) Allow any other person or entity to use your identification;

(s) Interfere with or disrupt the Services or computers, networks or other hardware connected to the Services, or disregard any requirements or policies of networks connected to the Services;

(t) Engage in any other conduct that restricts or inhibits any other person from using or enjoying the Services, or which, in Healthcelerate’s sole judgment, exposes us or its licensors, customers or suppliers to any liability or detriment of any type;

(u) Fail to respect privacy. This includes revealing another user's password, phone number, address, or any other personally identifiable information;

(v) Create user names, or post, solicit or send messages, text or photographs that are sexually explicit, that denigrate, threaten, abuse or harm others in any way.

(w) Use or permit the use of the careMESH Services by any non-US person or any entity located in a country other than the United States.

You agree and understand that the foregoing restrictions also prohibit you from asking a third party who has separately executed a master services agreement with Healthcelerate to send invitations to unregistered users on your behalf. If the organization that sponsors your access to the careMESH Services has separately executed a master services agreement with Healthcelerate, you understand and agree that you are prohibited from sending invitations on behalf of a user that has not entered into a separately executed a master services agreement with Healthcelerate.

4. YOUR REPRESENTATIONS, WARRANTIES AND CONVENANTS

(a) You hereby agree and acknowledge that the careMESH Services is a secured, cloud-based environment within which you may collaborate and share health related information. Healthcelerate has no control over any information uploaded to, or shared using the careMESH Services, including any User Content residing on the careMESH Services and had no control generally over the use of the careMESH Services by its users. Your use and access of the careMESH Services is at your own risk, and Healthcelerate provides no warranties or guaranties that the careMESH Services will meet your particular needs, will fulfill a particular requirement or that any of the information that is accessible via the careMESH Services, including without limitation, the User Content is accurate. You are solely responsible for the use and reliance and any information received or exchanged using the careMESH Services, and the careMESH Service is not meant to serve as a substitute for the clinical judgment of a healthcare professional. You agree to evaluate and independently verify the information provided by or transmitted through the careMESH Service. Healthcelerate does not provide professional advice or recommend particular products through the careMESH Service.

(b) You represent and warrant to Healthcelerate that you are either a physician or a healthcare professional and that you are 18 years of age or older.

(c) You are employed by or authorized to use the careMESH Service by a Covered Entity, as defined in the BAA.

(d) Consumers are not permitted to use the careMESH Service and Healthcelerate does not accept any liability for any consumer that gains access to the careMESH Services.

(e) Provider Director. The Service includes a directory of healthcare professionals (the "Directory”) that is derived from a variety of public sources including but not limited to Physician Compare, the DirectTrust Framework and the National Plan and Provider Enumeration System and is provided for informational purposes only. You assume full responsibility for the communications with any individual you contact through the Provider Directory. The database of information which populates the Provider Directory does not contain sufficient information in its own right to verify credentials under the standards of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), National Committee for Quality Assurance (NCQA) of the Utilization Review Accreditation Committee (URAC. The inclusion of a healthcare professional in the Directory is not an endorsement of any such healthcare professional by Healthcelerate, any of its licensors, affiliates or any third-party sponsor of any component of the Services. Healthcelerate does not guaranty the accuracy of the information included in the Directory and assumes no liability for any use thereof or inaccuracies contained therein

(f) Patient Records. Healthcelerate provides a mechanism for displaying Patient Records that are extracted from certain Electronic Health Record systems (“EHRs). Original data is saved by the EHR as an Extensible Markup Language file (“XML”) or other human or machine-readable format and may be download from the Service (“Source Data”). Healthcelerate also provides a mechanism for sharing a subset of Source Data with other Healthcelerate users and exporting Source Data from the Service into an EHR. You agree that you are responsible for verifying that the data displayed, shared or imported into an EHR is complete and accurate by comparing it to the Source Data.

(g) Patient Matching

(i) Healthcelerate has developed an algorithm for presenting Source Data from the same or different EHRs in a single or combined view of a patient (the “Matching Algorithm”). The Matching Algorithm uses, among other attributes, first and last name, date of birth and location to present source data in a single view.

(ii) Both the display of patient information and the Source Data contains demographic information on each Patient Record. You understand that the Matching Algorithm may result in false matches of different patients or a failure to match the same patient and agree that it is your responsibility to review the demographic information to determine whether the Matching Algorithm is accurate.

(h) Notifications. When another User of the careMESH Services sends you a Message, you agree that Healthcelerate has the right but not obligation to send you notifications via email, push notifications or text message. By providing your mobile phone number, you agree and understand that your telecommunications network provider may charge you additional data rates and/or fees related to text messages that Healthcelerate sends you, whether to notify you of a new Message or in support of the careMESH Service.

5. PROPRIETARY RIGHTS

(a) Healthcelerate retains all right, title and interest in and to the careMESH Services, the look, feel and graphical interface of the careMESH Services, its Confidential Information and all its property and all intellectual property rights therein, together with all enhancements, improvements, and further developments thereto, whether or not made in connection with you use and access to the careMESH Service or any requests, suggestions, ideas, feedback, or recommendations provided by you relating to the careMESH Service. No license will be deemed to have been granted by Healthcelerate to any of its intellectual property, except as otherwise expressly provided in these Terms.

(b) Suggestions and Contributions. Healthcelerate welcomes feedback on the careMESH Service, and by submitting suggestions or other feedback about the careMESH Services (“Contributions”) you agree that (i) Healthcelerate is not under any obligation of confidentiality with respect to Contributions; (ii) Healthcelerate may use or disclose Contributions for any purpose and in any way; (iii) you irrevocably licenses Healthcelerate the right to use and exploit Contributions; and (iv) you are not entitled to any compensation or reimbursement for Contributions.

(c) Healthcelerate owns all rights to its logos and trademarks used in connection with the careMESH Service. All other logos and trademarks used in connection with the careMESH Service are the property of their respective owners. Healthcelerate promotes the availability of its mobile application through the App Store and Google Play. Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries. Android and Google Play are trademarks of Google LLC.

6. USER CONDUCT

(a) You are responsible for all communications, information, data, text, files, sounds, records, documents, pictures, videos, correspondence, including without limitation any personally identifiable information, any protected health information or electronic health records, messages and other material ("User Content") that you upload, post, transmit, email, text or otherwise distribute using the careMESH Services.

(b) You are responsible for taking reasonable steps to confirm the accuracy of email addresses, phone numbers and fax numbers that you provide as part of invitations to other individuals to enroll in the careMESH Services. Healthcelerate accepts no responsibility for validating the accuracy of email addresses, phone numbers and fax numbers provided by you prior to the transmission of invitations, Messages or Patient Records and does not guarantee delivery to email addresses and phone numbers provided by you.

(c) Neither Healthcelerate or its licensors are responsible for the consequences of the User Content posted by you or any other party through the careMESH Services, and as such, do not guarantee the accuracy, integrity or quality of such User Content. You understand that by using the careMESH Services, you may be exposed to User Content that is offensive or objectionable. In no event will Healthcelerate be liable in any way for any User Content or for any loss or damage of any kind incurred as a result of the use of any User Content uploaded, posted, transmitted, emailed or otherwise made available through the careMESH Services. 

7. USER CONTENT

(a) Rights to User Content. Prior to uploading or sharing any User Content using the careMESH Services, you shall obtain all permissions that may be necessary and appropriate with respect to such User Content or required by this Section. You hereby permit Healthcelerate the right to access and use any User Content as necessary to maintain or provide the careMESH Services, or as necessary to comply with the law or a binding order of a governmental body. You further agree to allow other users of the careMESH Services to copy, store, process, analyze and display User Content that you send or share with them through the careMESH Services.

(b) Security. Healthcelerate uses third-party data centers located in the United States in order to provide the careMESH Services, and you hereby consent to the storage of any User Content in the United States. Healthcelerate shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the careMESH Services and agrees to implement reasonable and appropriate measures designed to help you secure the User Content against accidental or unlawful loss, access or disclosure. Healthcelerate shall encrypt User Content in transit and at rest using generally accepted industry standards and methods, and in no case less than is required under the BAA and under other applicable laws.

(c) You shall be solely responsible for, and assumes the risk of, any problems resulting from, the content, accuracy, completeness, consistency integrity, legality, reliability, and appropriateness of all User Content that you provide. You will ensure that the use and sharing of the User Content will not violate any of these Terms or Healthcelerate’s Privacy Policies or any applicable law. You shall be the data controller and Healthcelerate shall be a data processor with respect to any User Content processed via the careMESH Services.

(d) Provider Directory. When you submit information to areas of the careMESH Services that are publicly available, including but not limited to the Directory, you hereby grant Healthcelerate the right to publicly display that information in connection with the careMESH Services. See Healthcelerate’s Privacy Policy for an explanation of how Healthcelerate uses information that you provide to the careMESH Services and your rights to change or delete it.

(e) Other Uses. You hereby agree that Healthcelerate may use User Content (I) for the purpose of fulfilling its obligations under this Agreement, and (II) in aggregate form only as permitted by 45 C.F.R. §164.504(e)(2)(i)(B), or in de-identified form only in accordance with 45 C.F.R. §164.514(b).

8. GENERAL PRACTICES REGARDING USE AND STORAGE

(a) You acknowledge that Healthcelerate may establish general practices and limits concerning use of the careMESH Services, including without limitation the maximum number of Messages or Patient Records that may be sent from or received by an account on the careMESH Services, the maximum size of any Message or Patient Record that may be sent from or received by an account on the careMESH Services, the maximum disk space that will be allotted on Healthcelerate’s servers on your behalf, and the maximum number of times (and the maximum duration for which) you may access the careMESH Services in a given period of time. You acknowledge that Healthcelerate reserves the right to modify these general practices and limits from time to time.

9. CONFIDENTIALITY

(a) You acknowledge and agree that the careMESH Services, the User Content, and the software, applications and technology underlying the careMESH Services (collectively, the “Confidential Information”) contain proprietary and confidential information of Healthcelerate and its users that is protected under U.S. and international intellectual property laws, including copyright, trademarks, service marks, patents or other proprietary rights and laws. Except as expressly authorized by Healthcelerate, you agree not to sell, rewrite, modify, reproduce, distribute (via the Internet or other public computer-based information system), redistribute, create derivative works (including translating), rent or provide any Confidential Information accessed through the careMESH Services, in whole or in part, to an unauthorized party. Further, you are prohibited from using, downloading, publishing, republishing, transferring, selling, leasing, licensing, duplicating, or "scraping" for commercial or any other purpose any Confidential Information or database accessible via the careMESH Service, in whole or in part, in any medium whatsoever, including, without limitation, the Directory.

(b) Subject to the terms of the Business Associates Agreement, you may view Messages and Patient Records provided through the careMESH Services or download them to another system or database of your choosing. Other than Messages and Patient Records, all other copies of the information provided through the careMESH Services must include any trademark or copyright notices or disclaimers, and you may not remove any trademark or copyright notices or disclaimers from Healthcelerate’s or its licensors' materials. Healthcelerate and its licensors reserve all other rights not granted in these Terms. You agree not to access the careMESH Services by any means other than through the interface that is provided by Healthcelerate for use in accessing the careMESH Services.

(c) You expressly agree that Healthcelerate may preserve any transmittal or communication by you through the careMESH Services, or any service offered through the careMESH Services, and may disclose that information if legally required to do so or if Healthcelerate determines that the disclosure is reasonably necessary to enforce these Terms or to protect any rights hereunder or to respond to claims of wrongdoing by others. Please visit Healthcelerate’s Privacy Policy for its complete policy on what information Healthcelerate collects, how Healthcelerate may use that information and when Healthcelerate shares it.

10. TERMINATION AND MODIFICATION

(a) You agree that Healthcelerate may, under certain circumstances and without prior consent, discontinue, temporarily or permanently, the careMESH Services (or any part thereof) or eliminate your account, any associated email address, and remove any information you uploaded or provided to the careMESH Services with or without notice. Reasons to terminate your access rights to the careMESH Services include, without limitation, (i) breaches or violations of these Terms, Healthcelerate’s Privacy Policy, the BAA or other agreements or guidelines incorporated by reference, (ii) requests or inquiries by law enforcement or other government agencies, (iii) a request by you (self-initiated account deletions), (iv) discontinuance or material modification to the careMESH Services (or any part thereof), (v) unexpected technical or security issues or problems, (vi) extended periods of inactivity, and/or (vii) your engagement in fraudulent or illegal activities. 

(b) You agree that all terminations shall be made at Healthcelerate’s sole and absolute discretion, and neither Healthcelerate nor its licensors shall be liable to you or any third party for any termination of your account, any associated email address, or access to the careMESH Services or any portion thereof.

(c) The following provisions survive the expiration or termination of these Terms for any reason whatsoever: Your Responsibilities, Proprietary Rights, User Conduct, Confidentiality, Warranties, Indemnification, Limitation of Liability, and General Terms.

11. WARRANTIES

(a) Your use of the careMESH Services is provided on an "as is" basis. Without limiting the foregoing, Healthcelerate and its licensors, and suppliers make no representations or warranties about the accuracy, reliability, completeness, currentness, or timeliness of the careMESH Services, any User Content, the Directory or any other information obtained from the careMESH Services. You agree that you must evaluate, and bear all risks associated with, the use of any User Content, including any reliance on the accuracy, completeness, or usefulness of such User Content.

(b) The careMESH Services may contain links to websites, other applications or information collected from other parties. Healthcelerate does not sponsor, operate, control or endorse any of these sites or applications, nor the information, products or services provided by such third parties, nor does Healthcelerate make any guarantee, warranty or representation regarding the accuracy of information collected from such third parties or any guarantee, warranty or representation regarding any equipment utilized by the user in connection with the careMESH Services that has not been provided by Healthcelerate.

(c) Information Technology Infrastructure. When using the careMESH Services, information will be transmitted over a medium that may be beyond the control of Healthcelerate, its licensors or suppliers. Accordingly, neither Healthcelerate, its licensors nor suppliers assume liability for or relating to the delay, failure, interruption or corruption of any data or other information transmitted in connection with your use of the careMESH Services. You are responsible for obtaining and maintaining all connectivity, computer software, hardware and other equipment needed to access the careMESH Services and all charges related to the same.

(d) HEALTHCELERATE AND ITS LICENSORS AND SUPPLIERS, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, NON-INFRINGEMENT OF THIRD PARTIES' RIGHTS, FITNESS FOR PARTICULAR PURPOSE AND THAT THE CAREMESH SERVICES WILL MEET YOUR REQUIREMENTS. NEITHER HEALTHCELERATE NOR ITS LICENSORS OR SUPPLIERS WARRANT THAT THE CAREMESH SERVICES WILL BE UNINTERRUPTED OR ERROR FREE.

12. INDEMNIFICATION

You agree to defend, indemnify, and hold Healthcelerate and its officers, directors, employees, agents, users, licensors, and suppliers, harmless from and against any claims, actions or demands, losses, liabilities, expenses, damages and settlements including without limitation, reasonable legal and accounting fees, resulting or arising from, or alleged to result from, (a) your violation of these Terms, (b) any User Content you submit, post, transmit, upload, publish, or otherwise make available through the careMESH Services; (c) your use or misuse of the careMESH Services or User Content; or (d) your violation of any rights, including without limitation, the intellectual property rights, of a third party.

13. LIMITATION OF LIABILITY

(a) EXCEPT AS PROVIDED IN SECTION 13(B) BELOW, IN NO EVENT SHALL HEALTHCELERATE, ITS LICENSORS, SUPPLIERS, OR ANY THIRD PARTIES MENTIONED ON ITS WEBSITE(S) BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES ARISING FROM YOUR USE AND ACCESS TO THE CAREMESH SERVICES, INCLUDING WITHOUT LIMITATION, ANY LOSS, LIABILITY, DAMAGE, EXPENSE ARISING FROM PERSONAL INJURY/WRONGFUL DEATH, LOST PROFIT, LOSS OF DATA OR BUSINESS INTERRUPTION, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT YOU HAVE NOTIFIED HEALTHCELERATE, ITS LICENSORS, SUPPLIERS, OR ANY THIRD PARTIES MENTIONED ON HEALTHCELERATE’S WEBSITE IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES AND/OR LOSSES.

(b) SUBJECT TO THE TERMS AND CONDITIONS OF SECTION 13(A), THE MAXIMUM AGGREGATE LIABILITY OF HEALTHCELERATE, ITS LICENSORS, SUPPLIERS, OR ANY THIRD PARTIES MENTIONED ON ITS WEBSITE(S) ARISING FROM THESE TERMS AND YOUR USE AND ACCESS TO THE CAREMESH SERVICES SHALL BE LIMITED TO ACTUAL DIRECT DAMAGES INCURRED BY YOU NOT TO EXCEED U.S. $100. HEALTHCELERATE, ITS LICENSORS, SUPPLIERS, OR ANY THIRD PARTIES MENTIONED ON ITS WEBSITE(S) ARE NOT LIABLE FOR ANY PERSONAL INJURY, INCLUDING DEATH, CAUSED BY YOUR USE OR MISUSE OF THE CAREMESH SERVICES OR ANY INFORMATION CONTAINED THEREIN. ANY CLAIMS ARISING IN CONNECTION WITH YOUR USE OF THE CAREMESH SERVICES MUST BE BROUGHT WITHIN ONE (1) YEAR OF THE DATE OF THE EVENT GIVING RISE TO SUCH ACTION OCCURRED. REMEDIES UNDER THESE TERMS ARE EXCLUSIVE AND ARE LIMITED TO THOSE EXPRESSLY PROVIDED FOR IN THESE TERMS.

14. GENERAL PROVISONS

(a) Entire Agreement. Except as expressly amended by an applicable Enterprise Agreement (as contemplated in clause (b) below), these Terms constitutes the entire agreement between you and Healthcelerate regarding the use of the careMESH Services. Healthcelerate’s failure to exercise or enforce any right or provision of these Terms shall not operate as a waiver of such right or provision. The section titles in these terms of service are for convenience only and have no legal or contractual effect. The word including means including without limitation. If any provision of these Terms is, for any reason, held to be invalid or unenforceable, the other provisions of these Terms will be unimpaired, and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. You are not an agent of Healthcelerate. These Terms, and your rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by you without Healthcelerate’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. These terms of service shall be binding upon assignees.

(b) Unless your organization has entered into a separate agreement with Healthcelerate, these Terms of Use apply in their entirety.  Where your organization has entered into a separate agreement with Healthcelerate (an "Enterprise Agreement"), and that Enterprise Agreement contains specific provisions that conflict with or supplement these Terms of Use, those specific provisions shall apply along with the remaining provisions of the Terms of Use that are not in conflict. 

(c) Governing Law and Jurisdiction. These Terms shall be governed by the laws of the Commonwealth of Virginia without giving effect to any conflict of law principles that may require the application of the law of another jurisdiction. In connection with any claims, dispute, controversies, or proceeding arising from or relating to the careMESH Services, you agree to submit to the personal and exclusive jurisdiction of the state or federal courts located within the Eastern District of Virginia. You and Healthcelerate agree to submit to the jurisdiction of, and you hereby consent to the exercise of jurisdiction over you by such courts in any such legal action or proceeding.

(d) Dispute Resolution. If there is any dispute between us concerning these Terms of or your use of the Services, you agree to submit the dispute to non-binding mediation, followed by binding arbitration. Both the mediation and the arbitration will be governed under the rules of the American Arbitration Association, and the venue for the arbitration will be Fairfax County, Virginia.


Section 3: Business Associates Agreement

Unless your organization has entered into a separate business associate agreement which shall prevail, this Business Associates Agreement (“BAA” or “Agreement”) is entered into between Healthcelerate Inc. (“Business Associate”), and you (“Covered Entity”) and is incorporated into the careMESH Service Terms of Use by reference.

1. RECITALS

Business Associate provides services to Covered Entity in accordance with the careMESH Service Terms of Use.

Under this BAA, Covered Entity may disclose information to Business Associate which constitutes Protected Health Information as defined in the Health Insurance Portability and Accountability Act of 1996, as amended by the relevant portions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act (collectively, “HIPAA”).

The purpose of this BAA is to satisfy HIPAA requirements that Healthcelerate, acting as your Business Associate, provides satisfactory written assurances to you, as a Covered Entity, that it will comply with the applicable requirements of HIPAA.

Therefore, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:

2. DEFINITIONS

Unless otherwise defined in this BAA, capitalized terms shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

“HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

“Guidance” shall mean official guidance of the Secretary as specified in the HITECH Act and any other official guidance or interpretation of HIPAA by a federal governmental agency with jurisdiction.

References to “HIPAA Regulations” or “Regulations” shall mean the Privacy Rule and the Security Standards, as amended by Regulations commonly referred to as the HITECH Modifications to the HIPAA Privacy, Security Enforcement and Breach Notification Regulations.

“Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E, as amended by the HITECH Act and the HIPAA Regulations and Guidance.

“Protected Health Information” and “PHI” shall have the same meaning as the term “protected health information” in HIPAA and shall include ePHI. Specific references to “ePHI” shall be deemed to refer only to PHI in electronic form. All references to PHI or ePHI in this BAA shall refer only to PHI or ePHI of Covered Entity created, received, maintained or transmitted by Business Associate under the Terms of Use unless specifically stated otherwise. Protected Health Information includes Genetic Information.

“Security Standards” shall mean the Security Standards at 45 CFR parts 160, 162 and 164, as amended by the HITECH Act and HIPAA Regulations and Guidance.

3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE AS TO PROTECTED HEALTH INFORMATION

3.1. Business Associate agrees to not Use or further disclose Protected Health Information other than as permitted or required by the Terms of Use, this Agreement, or as Required by Law and to otherwise comply with the provisions of the Privacy Rule and the Security Rule applicable to Business Associate. This includes the restrictions on the sale of PHI and on its Use for marketing provided in the HIPAA Regulations.

3.2. Business Associate agrees to use appropriate safeguards to prevent Use or Disclosure of Protected Health Information. If and to the extent that Protected Health Information is disclosed to, accessed, used, maintained, held, or created by Business Associate as ePHI, Business Associate will comply with the applicable provisions of the Security Standards, by providing Administrative, Physical, and Technical Safeguards for all ePHI and by developing Policies and Procedures implementing those Safeguards.

3.3. Business Associate agrees to promptly report to Covered Entity any Use or Disclosure of Covered Entity’s Protected Health Information not provided for in the Terms of Use and/or this BAA. Business Associate agrees to report to Covered Entity any Breach within two (2) business days of the first day the Breach is known, or reasonably should have been known, to the Business Associate, including for this purpose known to any employee, officer, or other agent of the Business Associate (“Breach Notice”). The Breach Notice will include the date of the Breach and the date of discovery of the Breach and, to the extent known to Business Associate at the time of identification, the identity of each individual whose Unsecured PHI was, or is reasonably believed by the Business Associate to have been, subject to the Breach, and the nature of the PHI that was subject to the Breach and other information required for notification of Individuals of the Breach (collectively, “Breach Information”). Business Associate will notify Covered Entity in writing of any additional Breach Information not included in the Breach Notice or of the circumstances that prevent Business Associate from obtaining such information not later than ten (10) days after the Breach Notice was sent by Business Associate. Business Associate will cooperate with Covered Entity in the further investigation of the Breach, as reasonably required or as requested by Covered Entity. The steps required of Business Associate under this Section shall be at Business Associate’s expense. If Business Associate believes that the facts related to a Breach justify the application of any statutory exceptions specified at Section 13400 of the HITECH Act and to the regulatory exclusions specified at 45 C.F.R. §164.402, Business Associate shall describe those facts in the Breach Notice and the parties shall discuss the possible application of an exception or an exclusion, provided that any final decision on an exclusion or exception will be that of the Covered Entity.

3.4. The parties agree that this Section 3 satisfies any notices necessary by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required, except on request as stated below. For purposes of this BAA, such Unsuccessful Security Incidents include, without limitation, activity such as pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service and any combination of the above, so long as no such Unsuccessful Security Incident results in unauthorized access, Use, Disclosure, modification or destruction of ePHI or interference with information system operations related to the ePHI, provided that, upon written request from Covered Entity, Business Associate will provide a log or similar documentation of Unsuccessful Security Incidents for the period of time reasonably specified in Covered Entity’s request. Successful Security Incidents will be reported to Covered Entity within two (2) business days of the date the Successful Security Incident is known to Business Associate. If the Successful Security Incident constitutes a Breach, the parties will proceed as required under this BAA as to a Breach.

3.5. Business Associate agrees to use reasonable efforts to mitigate any harmful effect that is known to Business Associate that results from a Use or Disclosure of Protected Health Information by Business Associate in violation of the requirements of the Terms of Use and/or this BAA, including without limitation a Breach. Business Associate will coordinate any mitigation efforts with Covered Entity.

3.6. Business Associate agrees to ensure that any Subcontractor agrees, in a form meeting the requirements of 45 C.F.R. § 164.314, to substantially the same restrictions and obligations that apply through this BAA to Business Associate with respect to Protected Health Information, including those obligations relating to ePHI. Upon Business Associate’s knowledge of a pattern of activity or practice of a Subcontractor in violation of the requirements of the foregoing agreement, Business Associate will provide notice and an opportunity, not longer than a reasonable time consistent with the nature of the breach and the terms of the agreement with the Subcontractor, for the Subcontractor to end the violation. Business Associate will terminate the agreement with that Subcontractor if the Subcontractor does not end the violation within the time specified by the Business Associate.

3.7. To the extent Business Associate maintains a Designated Record Set for the Covered Entity, Business Associate will make available, within a reasonable amount of time of receipt of a written request, Protected Health Information in the Designated Record Set in accordance with the requirements of HIPAA, including information, if any, maintained in an electronic Designated Record Set. Business Associate will report any request for access that it receives directly from an individual to Covered Entity within five (5) business days of receipt. Covered Entity will determine any appropriate limitations on such access and the parties will determine a reasonable method for providing such access, including, if appropriate, transmission to a third party.

3.8. To the extent Business Associate maintains a Designated Record Set for the Covered Entity, Business Associate agrees to make an amendment, within a reasonable amount of time of receipt of a written request, to Protected Health Information in the Designated Record Set in accordance with the requirements of HIPAA. Business Associate will report any request for an amendment that it receives directly from an individual to Covered Entity within five (5) business days of receipt. The Covered Entity will determine and provide to Business Associate the appropriate substance of any such amendment.

3.9. Business Associate agrees to maintain and make available on written request information required to provide an accounting of its Disclosures of Protected Health Information required for the Covered Entity to respond to a request by an individual in accordance with the requirements of HIPAA.

3.10. Subject to receiving notice as described in Section 5, Business Associate agrees to abide by any restriction on the Use or Disclosure of PHI agreed to by Covered Entity.

3.11. Upon request, Business Associate will make its internal practices, books, and records relating to the Use and Disclosure of Protected Health Information received from or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of determining Covered Entity’s and Business Associate’s compliance with the HIPAA.

3.12. To the extent that Business Associate will carry out an obligation of Covered Entity under the Security and Privacy provisions set out in Subpart E of 45 CFR Part 164, Business Associate will perform such obligations in compliance with the provisions of such Subpart that apply to the Covered Entity as to such obligations.

4. PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BY BUSINESS ASSOCIATE

Business Associate may Use or Disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Terms of Use, provided that such Use or Disclosure would not violate the Privacy Rule if done by the Covered Entity. In addition, except as otherwise limited in this BAA, Business Associate may Use or Disclose Protected Health Information:

4.1. For the proper management and administration of the Business Associate or to carry out legal responsibilities of Business Associate, provided that in the event of Disclosures, the Disclosure is Required by Law or Business Associate obtains reasonable assurances, in a form substantially similar to a Business Associate Agreement, from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and that the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

4.2. To provide data aggregation services as permitted by 45 C.F.R. §164.504(e)(2)(i)(B);

4.3. For the proper management and administration of Healthcelerate, including, without limitation, making and maintaining reasonable business records of transactions in which Healthcelerate has participated or the Services have been used (including back-up documentation); and

4.4. To de-identify User PHI and use such de-identified information in accordance with 45 C.F.R. §164.514(b).

5. OBLIGATIONS OF COVERED ENTITY TO INFORM BUSINESS ASSOCIATE OF PRIVACY PRACTICES AND INDIVIDUAL RESTRICTIONS

5.1. Covered Entity shall notify Business Associate of limitation in its notice of privacy practices in accordance with 45 C.F.R. §164.520, or any restriction on the Use or Disclosure of Protected Health Information that Covered Entity has agreed to in accordance with the Privacy Rule, to the extent that such restriction will affect Business Associate’s Use or Disclosure of Protected Health Information. In order to allow Business Associate to comply with such agreed restriction, such notice will be provided at least fifteen (15) business days in advance of the date upon which compliance by the Business Associate is required under HIPAA.

6. PERMISSIBLE REQUESTS OR DISCLOSURES; MINIMUM NECESSARY

Except as specifically provided in the Terms of Use or this BAA, Covered Entity shall not request Business Associate to Use or Disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity, except as provided in this BAA for Business Associate’s data aggregation, internal management and administration or legal responsibilities. Without limiting the generality of the foregoing, Covered Entity will provide, and Business Associate will request, no more than, the minimum necessary amount of PHI required for the performance of Business Associate’s services under the Terms of Use.

7. TERM AND TERMINATION

7.1. Term. This BAA is effective as of the date Covered Entity accepts the careMESH Service Terms of Use (the “Effective Date”) and replaces any prior Business Associate Agreement between the parties relating to the Terms of Use. This BAA shall terminate when the Terms of Use terminates, and all of the Protected Health Information provided by Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or if it is not feasible to return or destroy Protected Health Information, when protections are extended to such information, in accordance with the provisions of Section 7.

7.2. Termination. Upon one party’s knowledge of a material breach by the other party of this BAA, the parties shall proceed under the termination for cause provisions of the Terms of Use. Notwithstanding the foregoing, if there is no termination for cause for material breach provision in the Terms of Use, then the non- breaching party shall provide the breaching party with written notice of the material breach which describes the breach in reasonable detail and the breaching party shall have thirty (30) days from receipt of the notice to cure the breach to the reasonable satisfaction of the non- breaching party. If the breaching party has not done so within that period, the non-breaching party may terminate this BAA for cause effective on further written notice to the breaching party. Notwithstanding the foregoing, the non-breaching party may immediately terminate this BAA if the breaching party has breached a material term of this BAA and the non-breaching party reasonably determines that cure is not feasible.

7.3. Effect of Termination. Upon termination of this BAA for any reason, Business Associate agrees to return or destroy (in a manner that renders the information Secure) all PHI received from, or accessed, maintained, used, disclosed and/or transmitted for or on behalf of, Covered Entity by Business Associate. If, or to the extent that, Business Associate reasonably determines that the return or destruction of PHI is not feasible, Business Associate shall inform Covered Entity in writing of the reason thereof and agrees to extend the protections of this BAA to such PHI and limit further Uses and Disclosures of the PHI to those purposes that make the return or destruction of the PHI not feasible until Business Associate returns or destroys the PHI.

Notwithstanding the foregoing, Covered Entity and Business Associate agree that, as provided in the Terms of Use, Customer Data (as defined in the Terms of Use to include Protected Health Information) that has been provided to other Unaffiliated Providers in accordance with the Terms of Use is not subject to the foregoing requirements.

8. MISCELLANEOUS

8.1. Regulatory References. A reference in this BAA to a section in HIPAA or the Privacy Rule, the Security Standards, or HIPAA Regulations or Guidance means the referenced material as in effect as of the Effective Date or as subsequently amended as supplemented or implemented.

8.2. State Privacy or Security Laws. Business Associate will comply with privacy, data security and consumer notification of a breach of personal information laws of the states in which it operates to the extent required under the Terms of Use. In addition, Business Associate will comply with applicable state restrictions on storage or transmission of PHI by Business Associate, as known, or as reasonably should be known, to Business Associate.

8.3. Amendment. In the event that either party believes that the provisions of this BAA require amendment based on HIPAA, including but not limited to, Guidance or Regulations or other legislative or regulatory changes to the Privacy Rule or the Security Standards occurring after the Effective Date of this BAA, that party may notify the other party in writing, including of the text and Effective Date of the proposed amendment (“Amendment Notice”). The parties shall promptly discuss the proposed amendment and either agree upon it or agree on other mutually acceptable changes to this BAA responsive to the Amendment Notice. If the parties are unable to agree on the amendment or such changes, in writing, within thirty (30) days of receipt of the Amendment Notice by the other party, the party providing the Amendment Notice may terminate the Terms of Use, without cost or penalty, effective on the date on which the proposed amendment was to be effective, as specified in the Amendment Notice.

8.4. Survival. The respective rights and obligations of the parties under this BAA which require or contemplate compliance after termination of this BAA shall survive the termination.

8.5. Independent Contractor. For purposes of this BAA and HIPAA, Business Associate will be deemed to be an independent contractor, and not an agent, of Covered Entity under applicable law, including federal common law.

8.6. Interpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits both Business Associate and the Covered Entity to comply with HIPAA, consistent with the Terms of Use.


YOUR COMMENTS AND CONCERNS

If you have any questions or comments, please contact us by:

Healthcelerate Inc.
c/o Chief Compliance Officer
12110 Sunset Hills Road, Suite 600
Reston, VA 20190 USA

Last Updated: October 16, 2018