Terms and Conditions of Services
Effective Date: March 17, 2020
MobileSmith, Inc.(“MobileSmith”) may update these Terms from time to time, but Customer will only be bound by the version in effect on the date of Customer’s acceptance. The Effective Date of these Terms is shown above.
- NO MEDICAL ADVICE
MOBILESMITH PRODUCTS AND SERVICES ARE DESIGNED TO ENHANCE COMMUNICATION AND INFORMATION SHARING BETWEEN PATIENTS AND HEALTH CARE PROVIDERS. HOWEVER, THEY ARE NOT FOR USE FOR TREATING OR DIAGNOSING ANY MEDICAL CONDITION. IF YOU ARE A PATIENT AND ARE SEEKING MEDICAL TREATMENT OR EMERGENCY CARE, CONTACT YOUR HEALTHCARE PROVIDER, OR IN AN EMERGENCY IN THE UNITED STATES, DIAL 911 RIGHT AWAY. THE PRODUCT AND SERVICES DO NOT CONSTITUTE MEDICAL TREATMENT OR MEDICAL ADVICE, AND MOBILESMITH IS NOT A HEALTHCARE PROVIDER.
- BINDING AGREEMENT, ACCEPTANCE
BY EXECUTING AN ORDER THAT REFERENCES THESE TERMS, OR BY USING A MOBILESMITH PRODUCT OR SERVICE, CUSTOMER AGREES TO BE BOUND BY THESE TERMS. IF CUSTOMER IS AGREEING TO THE ORDER ON BEHALF OF A LEGAL ENTITY, THEN (I) CUSTOMER’S EXECUTION INDICATES CUSTOMER’S ACCEPTANCE OF THESE TERMS ON BEHALF OF THAT ENTITY, (II) CUSTOMER REPRESENTS THAT CUSTOMER IS AUTHORIZED TO BIND THAT ENTITY, AND (III) REFERENCES HEREIN TO “CUSTOMER” REFER TO THAT ENTITY.
Except as described below, these Terms form a binding agreement between Customer and MobileSmith effective on the date when Customer and MobileSmith enter into an Order referencing these Terms, or that Customer first uses a MobileSmith Product or Service.
Notwithstanding the foregoing:
- If an Order contained an expiration date and Customer returned the signed Order to MobileSmith after the expiration date, then MobileSmith may reject the Order within a reasonable time after delivery, in which case neither Customer nor MobileSmith will have any further obligation to each other related to the Order.
- MobileSmith may cancel an unsigned Order before the expiration date by providing Customer written notice of cancellation.
- If Customer makes any changes to an Order, then such changes shall have no effect unless MobileSmith separately agrees to the changes in writing. Changes to an Order should be requested from MobileSmith, and, if agreed, shall be made on an updated Order.
- Even if Customer indicates on an Order that Customer’s company requires the use of a purchase order, the Order will be considered effective on the date when Customer and MobileSmith enter into the Order referencing these Terms. The use of purchase orders is for Customer’s convenience only. If the purchase order purports to change or add to these Terms or any descriptions, quantities or other terms shown on the Order, then such changes shall have no effect. Customer’s agreement with MobileSmith is governed solely by the Order and these Terms.
- LICENSE TO USE PRODUCTS
During the Term, MobileSmith grants Customer a limited, non-exclusive, non-transferable license only to access and to use the Products for Customer’s own internal use, subject to Customer’s compliance with these Terms. Customer may not use the Products for any other purpose and may not use the Products after the end of the Term, or the subscription will be automatically renew for successive renewal terms as described in section 7.
Customer shall provide, at Customer’s own expense, suitable mobile devices, equipment, third-party software, and internet access as necessary to access and use the Products.
- CUSTOMER’S RESPONSIBILITIES
- ensure that Users treat all passwords, authentications and logins as confidential;
- ensure that Users comply with these Terms;
- be responsible for Patient Data and Customer Content, and Customer’s use of Patient Data and Customer Content with the Products;
- use commercially reasonable efforts to prevent unauthorized access to or use of the Products and notify MobileSmith promptly if Customer discovers any unauthorized access or use;
- use the Products only in accordance with these Terms and applicable laws and government regulations, including (but not limited to) those related to the protection of personal data;
- not reverse engineer the Products or otherwise attempt to discover their source code;
- not introduce any worm, virus, trojan horse or other types of malicious code or malware into the Products;
- not use the Products in a manner that would reasonably be expected to disrupt the use of the Products by MobileSmith’s other customers; and
- comply with all applicable laws and regulations when using the Products.
If MobileSmith, in its discretion, determines that Customer or any Users have not complied with the foregoing obligations and that such failure to comply threatens the security, integrity, legality or availability of any Product or Service, then MobileSmith may suspend Customer’s and such Users’ access to the Products until MobileSmith determines that such threat no longer exists.
- SUPPORT SERVICES
Unless otherwise set forth in the applicable Order, a subscription to use the Products includes Standard Support Services, as defined in this Section 5:
- Annual Product Support. MobileSmith shall use commercially reasonable efforts to maintain the Product so that it operates without Issues.
- MobileSmith shall supply Customer with Updates for the Product that are released to the general customer base during the Term. Such Updates will be provided to Customer at no additional charge, other than any applicable shipping charges. Updates may be delivered via physical media or made available electronically, at MobileSmith’s discretion.
- “Support” Defined. The term “Support” consists of assistance to customers via the Internet and telephone with respect to use of the Product and to resolve Issues. Support cases are tracked and managed through access to a Customer support portal (the “Customer Support Portal”). Support will be available during MobileSmith’s business hours, Monday through Friday, excluding local holidays.
- Submission of Issues for Resolution. Customer shall submit to MobileSmith via the Customer Support Portal and provide all relevant data requested, including, but not limited to: (i) Customer contact information; (ii) Product version; and (iii) a complete description of the Issue and Customer Product environment. Customer shall also provide access to the Customer Product environment so the Issue may be replicated.
- Problem Definition. Customer shall provide to MobileSmith: (i) error messages and indications that Customer received when the Issue occurred; (ii) description of what the user was doing when the Issue occurred; (iii) steps Customer has taken to reproduce the Issue; (iv) steps Customer took to solve the Issue; and (v) any relevant log files.
- Severity Classification and Response Time Goals. Issues are classified according to the severity of impact on the use of the Product. All disputes regarding severity classification will be resolved by MobileSmith in its sole discretion.
- PROFESSIONAL SERVICES
MobileSmith shall perform Professional Services in material compliance with the relevant Order. MobileSmith warrants that Professional Services shall be performed by personnel who are qualified by education or experience to perform such Services and shall be performed in accordance with a commercially reasonable standard of care. If MobileSmith breaches such warranty, then Customer’s sole remedy shall be to have MobileSmith re-perform such Professional Services, but only if Customer has provided notice to MobileSmith within 30 days after delivery of the Professional Services.
MobileSmith shall be responsible for all employment-related matters related to the personnel used to perform Services including, but not limited to, the payment of wages and the withholding and payment of applicable taxes and benefits. Customer agrees not to hire or solicit for hire any of MobileSmith’s personnel involved in performing Services for Customer during the period of time they are performing such Services and for one (1) year after they cease performing such Services.
Customer shall reasonably cooperate with MobileSmith in the delivery of Services, including without limitation by providing MobileSmith with approvals and access to Customer’s personnel, information, systems and other items as reasonably requested by MobileSmith in connection with the delivery of the Services.
If Services require MobileSmith personnel to access Third-Party Services, then Customer shall provide all accounts and passwords necessary to access such services and databases and shall ensure that such access by MobileSmith personnel is permitted by the relevant Third-Party Provider.
- TERM AND TERMINATION
These Terms and Customer’s right to use the Products remain in effect for the subscription term specified in the Order (the “Initial Term”), unless terminated earlier in accordance with these Terms.
Upon the end of the subscription term specified in the Order, the term of the Order will automatically renew for successive renewal terms, each of equal length with the original subscription term unless either party provides written notice of non-renewal to the other party at least sixty (60) calendar days before the start of the renewal term.
MobileSmith may increase its prices from time to time by providing written notice to Customer of the price increase at least ninety (90) days before the start of a renewal term, with each such price increase being effective for the next renewal term.
Professional Services shall not automatically renew, unless such renewal is specifically provided for in the relevant Order.
If either party materially breaches these Terms, and such breach is not cured within thirty (30) days after written notice of the breach from the other party, then the other party may terminate the relevant Order. In addition, MobileSmith may suspend delivery of any Product or Service (or any portion thereof) upon notice to Customer if Customer breaches these Terms and does not cure such breach within ten (10) days after written notice thereof. The remedies in this paragraph are non-exclusive and do not limit any other remedies available to a party.
In order to protect the integrity of its Products and Services, MobileSmith reserves the right at any time in its sole reasonable discretion to block users from certain IP addresses or device identifiers from accessing Products and Services.
Customer agrees to pay MobileSmith for the Products and Services at the prices and rates shown in the Order. Customer also agrees to reimburse MobileSmith for all expenses reasonably incurred in providing Professional Services. If an Order does not specify rates for Professional Services, then Customer agrees to pay MobileSmith for such Professional Services at MobileSmith’s then-current standard hourly rates.
MobileSmith shall invoice Customer for Products and Services as specified in the relevant Order. Payment on invoices is due thirty (30) days from the date of the invoice. Amounts not paid when due will incur interest at a rate of one and a quarter percent (1.25%) per month or, if lower, the highest interest rate allowed by applicable law. Customer also agrees to pay MobileSmith’s cost of collection of any past-due amount, including, but not limited to, attorney’s fees and costs. All fees paid hereunder are nonrefundable.
Amounts shown on an Order are exclusive of sales taxes, GST, HST, value-added taxes or similar (excluding taxes on MobileSmith’s income), and Customer agrees to pay all such taxes in addition to the amounts shown on the face of the Order. If any withholding tax is imposed by any government entity on payments to be made to MobileSmith, then Customer agrees to true-up the payment such that the payment received by MobileSmith after application of the withholding tax shall equal the amount shown on the Order.
- THIRD PARTY PROVIDERS
Customer may have the choice to incorporate third party software into the Product and/or to connect the Product to various software and databases controlled by Customer or by third parties using third-party data connectors and database management systems. Such software and connectors, among other applications, are referred to as “Third-Party Services” and the associated vendors are referred to as “Third-Party Providers.”
Customer’s use of, or integration with, Third-Party Services, and Customer’s interaction with Third Party Providers are solely at Customer’s option and at Customer’s risk. MobileSmith is not responsible for any Third-Party Services or their compatibility with the MobileSmith Software. MobileSmith is not responsible for any disclosure, modification or deletion of Patient Data or Customer Content resulting from access by Third-Party Providers.
- INTELLECTUAL PROPERTY RIGHTS
MobileSmith and its licensors shall retain all intellectual property rights in and to the Products and Services.
As between MobileSmith and Customer, Customer owns all intellectual property rights in and to Customer Content and Patient Data. Customer hereby grants MobileSmith a license to Customer Content and Patient Data as necessary for MobileSmith to provide Customer with the Products and Services. Customer agrees that MobileSmith may use ideas, general layouts, organization, structure and processes associated with Customer Content to create generic templates for ongoing use by MobileSmith in its Products and Services. MobileSmith also may, in compliance with HIPAA: (a) perform data aggregation for Customer’s health care operations: (b) de-identify Patient Data in accordance with HIPAA requirements; and (c) use or disclose (and permit others to use or disclose) de-identified, aggregated information on a perpetual, unrestricted basis for improving its Products and Services and other purposes.
Unless otherwise set forth in an Order, MobileSmith owns the results of all Professional Services, which are licensed to Customer on the same terms as the license to the Product in these Terms.
Customer will not (and will not knowingly allow any third party to): (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Products; (ii) modify, translate, or create derivative works based on the Products; (iii) copy, rent, lease, distribute, sublicense, resell, pledge, assign, or otherwise transfer or encumber rights to the Products; (iv) use the Products for timesharing or service bureau purposes or otherwise for the benefit of a third party; (v) remove or alter any proprietary notices from the Products, or (vi) use the Products to create any other product or service, or knowingly allow any party who provides services or software that competes with or who is planning to compete with any MobileSmith product or service to use or access the Products. Except for the rights expressly granted to Customer under these Terms, MobileSmith and its licensors reserve all right, title, and interest in and to the Products and Services.
Unless otherwise set forth in an Order, the parties agree that the Products will be co-branded with both MobileSmith’s trademark(s) and Customer’s trademark(s). Accordingly, each party agrees to the terms of this Section 11 relating to the use of the other party’s trademark:
- During the term of this Agreement, each party grants the other party the non-exclusive, royalty-free right and license to use the trademarks of the other party (the “Trademarks”) solely for the purpose of performing its obligations and exercising its rights under this Agreement, including delivery by MobileSmith of any co-branded Products and delivery by Customer to Users of information regarding authorized use of Products.
- All use of the Trademarks of a party by the other party will inure to the benefit of the first party.
- Customer agrees that MobileSmith may use Customer’s name and logo for marketing purposes in a list of clients on its web site and other marketing materials. Customer also agrees to consider in good faith upon MobileSmith’s request a press release or case study with MobileSmith regarding Customer’s use of the Products; the contents of any press release or case study must be mutually agreed by the parties.
“Confidential Information” means all information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer’s Confidential Information includes Patient Data. MobileSmith’s Confidential Information includes (a) non-public information regarding the operation of the Products, and/or proposed future modifications to the Products or future products or services to be provided by MobileSmith; and (b) any special pricing which has been offered to Customer. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.
The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care). The Receiving Party agrees not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of these Terms.
The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.
The terms of this Section supplement, and do not replace, any confidentiality terms which may be in a separate written agreement between Customer and MobileSmith.
MobileSmith shall have a royalty-free, worldwide, perpetual license to use or incorporate into the Products and/or Services any suggestions, ideas, enhancement requests, or other feedback provided by Customer or any User relating to the Products and/or Services.
- DATA PROTECTION
Each party agrees to comply with all applicable laws and regulations related to privacy and data protection, including (but not limited to), to the extent applicable the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation, and Massachusetts’ Standards for the Protection of Personal Information of the Commonwealth. The parties agree to the Business Associate Terms attached as Exhibit A to these Terms.
MobileSmith shall maintain a commercially reasonable information security program that complies with applicable laws and industry standards. MobileSmith’s’ information security program shall include administrative, technical, and physical, safeguards and other security measures designed to (i) protect the security and confidentiality of Patient Data and (ii) protect against the threat of information security incidents.
Customer agrees to indemnify, defend and hold MobileSmith harmless from and against any losses, damages, liabilities and all related expenses (including reasonable attorneys’ fees and expenses and cost of litigation) arising from a claim or action brought by a third party related to: (a) Customer’s breach of these Terms or an Order, (b) Customer’s infringement of any third-party intellectual property right or any third-party proprietary right (unless arising from the Products or Services and covered by the following paragraph), (c) Customer Content; or (d) the use by MobileSmith of Third-Party Services selected by Customer in the performance of Professional Services.
MobileSmith shall indemnify, defend and hold Customer harmless from and against any losses, damages, liabilities and all related expenses (including reasonable attorneys’ fees and expenses and cost of litigation) arising from a claim or action brought by a third party arising from the infringement of the third party’s intellectual property rights by the Products. MobileSmith shall not have any liability or obligation to Customer under this Section in regard to any claim to the extent the infringement is caused by: (1) the combination, operation or use of the Products with software, services, systems or other items not supplied by MobileSmith; or (2) modifications to the Products by Customer or Customer’s contractor; or (3) Customer Content or specifications provided by Customer.
Each party shall inform the other party of any claim which may be subject to the foregoing indemnification obligations within thirty (30) days of receiving notice of such claim, shall allow the other party to defend such claim using counsel of its choice and shall cooperate with the other party in the defense of such claim. The indemnified party may participate in the defense of the claim using counsel of its own choice, at the indemnified party’s expense.
This Section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third-party infringement claim.
- LIMITATION OF LIABILITY
NEITHER PARTY’S LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS, THE PRODUCTS OR THE SERVICES WILL EXCEED THE AMOUNT PAID BY CUSTOMER FOR SUCH PRODUCTS OR SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT GIVING RISE TO SUCH LIABILITY; PROVIDED THAT IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OR RELATED TO AN ORDER EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER UNDER SUCH ORDER.
IN ADDITION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR CONSEQUENTIAL DAMAGES, PUNITIVE DAMAGES, INDIRECT DAMAGES, LOST PROFITS OR LOST OPPORTUNITIES. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY.
HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT CUSTOMER’S OBLIGATION TO PAY FOR PRODUCTS OR SERVICES, OR EITHER PARTY’S OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION), OR CUSTOMER’S LIABILITY TO MOBILESMITH FOR INFRINGEMENT OF ANY MOBILESMITH INTELLECTUAL PROPERTY, OR MOBILESMITH’S LIABILITY TO CUSTOMER FOR UNAUTHORIZED USE BY MOBILESMITH OF ANY OF PATIENT DATA.
Customer is solely responsible for evaluating the information obtained from the Products and Services and for Customer’s use or misuse of such information in connection with Customer’s treatment decisions or otherwise. Customer agrees that Customer shall be solely responsible for Customer’s compliance with all laws and standards of professional practice applicable to Customer and the practice of medicine or other relevant health profession.
EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, MOBILESMITH DOES NOT MAKE ANY WARRANTIES OF ANY KIND, AND EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- APPLE IOS TERMS
The terms in this Section apply only to the extent Customer is using the Products (“Apps”) on an Apple iOS device (iPhone, iPod, or iPad).
These Terms are between Customer and MobileSmith only, and not with Apple. In the event that these Terms provide usage rules that are less restrictive than the Usage Rules set forth for Apps in, or otherwise are in conflict with, the Apple Apps Store Terms and Conditions (which Customer acknowledges Customer has had an opportunity to review), then the Apps Store Terms and Conditions shall take precedence.
To the maximum extent permitted by applicable law, Apple will have no warranty obligation whatsoever with respect to the Apps, and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be MobileSmith’s sole responsibility.
Customer and MobileSmith acknowledge that: (a) MobileSmith, not Apple, is responsible for addressing any claims by Customer or any third party relating to the Apps or Customer’s possession and/or use of the Apps, including, but not limited to: (i) product liability claims; (ii) any claim that the Apps fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation, and (b) in the event of any third party claim that the Apps or Customer’s possession and use of the Apps infringes that third party’s intellectual property rights, MobileSmith, not Apple, will be solely responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claim.
The parties acknowledge and agree that Apple, and Apple’s subsidiaries, are third party beneficiaries of these Terms, and that, upon acceptance of these Terms, Apple will have the right (and will be deemed to have accepted the right) to enforce these Terms against Customer as a third-party beneficiary thereof.
Customer’s obligation to pay for Products and Services and the provisions of Sections 1, 2, 8, 9, 10, 11(b), 12, 14, 15, 16, 18, 19, 20, 21, 22, 23 and 24 of these Terms shall survive termination of the relevant Order for any reason.
All notices under these Terms shall be in writing and may be personally delivered, sent by U.S. mail or overnight delivery, or transmitted by e-mail. Notices shall be effective upon receipt or refusal of delivery, provided that any notice received not during normal business hours shall be deemed to have been received on the following business day.
- GOVERNING LAW; DISPUTES.
These Terms are governed by North Carolina substantive law and any dispute arising from or related to the parties’ relationship, these Terms or their subject matter shall be heard exclusively by the state and federal courts whose judicial districts include Wake County, North Carolina. The parties consent to the personal jurisdiction of such courts.
Neither party may assign its rights or obligations under these Terms or an Order, in whole or in part, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, (i) either party may assign an Order in its entirety to the successor company in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its business (or division of its business relating to these Terms), whether by sale of assets or otherwise; and (ii) MobileSmith may assign its right to receive payments due hereunder to any third party.
Notwithstanding the foregoing, MobileSmith may subcontract portions of its obligations under an Order, provided that MobileSmith shall be responsible for the performance of such subcontractors and that such subcontractors are bound by obligations of confidentiality consistent with those of these Terms.
- FORCE MAJEURE
If either party is delayed in performing its obligations under an Order due to war, natural disaster, act of terrorism, disease pandemic, civil unrest, strike or other circumstances outside its reasonable control, then such obligations shall be suspended until such time as the underlying cause of the delay has been remedied. This section shall not, however, suspend Customer’s obligation to pay amounts when due.
- ENTIRE AGREEMENT
These Terms, together with all Orders, constitute the entire agreement between the parties related to the Products and Services and supersedes all prior agreements, proposals or representations, written or oral, concerning their subject matter. In the event of any conflict or inconsistency between an Order and these Terms, the terms of the Order shall govern over these Terms but only if the Order expressly indicates an intent to do so. These Terms may not be waived (in whole or part), amended or superseded except in a writing which is signed by both Customer and MobileSmith.
“Content” means text, documents, templates, video, audio, graphics, and other content.
“Customer Content” means Content which Customer uploads to a Product or which Customer otherwise provides to MobileSmith for use with a Product (excluding Patient Data).
“MobileSmith Content” means Content owned or licensed by MobileSmith and made available by MobileSmith as part of a Product or Service, excluding Customer Content.
“Order” means a Quote, Order Form, Work Order, Statement of Work or other document used to order Products and Services which references these Terms, but excludes Customer’s purchase order, purchase acknowledgement or similar document.
“Products” mean the MobileSmith apps and other software products identified in an Order, including all associated documentation, MobileSmith Content, and all updates thereto provided in connection with an Order.
“Professional Services” means the consulting and other professional services identified in an Order.
“Services” means the Support Services and Professional Services.
“Patient Data” means information about Customer patients which Customer or its Users upload to a Product or which Customer or its Users otherwise provide to MobileSmith for use with a Product.
“Support Services” means the support and maintenance services delivered by MobileSmith under an Order.
“Term” means the subscription term for use of the Product as set forth in an Order, including any renewal term hereunder, unless the Order is terminated early in according with these Terms.
“User” means an individual who Customer authorizes to use a Product on Customer’s behalf, and includes, as applicable for the Product: (a) Customer’s employees, health care providers, and patients; and (b) health care providers with privileges at Customer’s facilities, to the extent working at such facilities.
BUSINESS ASSOCIATE TERMS (“BA TERMS”)
- DEFINITIONS. Unless otherwise specified in these BA Terms, all capitalized terms used in these BA Terms not otherwise defined shall have the meanings established by HIPAA and HITECH, as each is amended from time to time. The term “Covered Entity” means Customer (or Customer’s healthcare entity employer if Customer is accepting as an individual), and the term “Business Associate” means MobileSmith, Inc.
“Breach” means the acquisition, access, use or disclosure of Protected Health Information in a manner not permitted by the Privacy Rule that compromises the security or privacy of the Protected Health Information as defined, and subject to the exceptions set forth, in 45 C.F.R. 164.402.
“Electronic Protected Health Information” shall mean Protected Health Information, as defined below, that is transmitted or maintained in electronic media.
“HITECH” shall mean Subtitle D of the Health Information Technology for Economic and Clinical Health Act provisions of the American Recovery and Reinvestment Act of 2009, 42 U.S.C. §§17921-17954, and all references in these BA Terms to HITECH shall be deemed to include all associated existing and future implementing regulations.
“Protected Health Information” shall mean Protected Health Information, as defined in 45 C.F.R. § 160.103, and is limited to the Protected Health Information received from, or created, received, maintained, or transmitted on behalf of, Covered Entity by Business Associate pursuant to performance of the Services.
“Privacy Rule” shall mean the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, codified at 45 C.F.R. Parts 160 and 164 (Subparts A & E).
“Security Rule” shall mean the federal security regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, codified at 45 C.F.R. Parts 160 and 164 (Subparts A & C).
- PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
2.1 Services. The Services may involve the use and/or disclosure of Protected Health Information. Except as otherwise specified herein, the Business Associate may use and disclose Protected Health Information created or received from or on behalf of Covered Entity as necessary to perform the Services.
2.2. Business Activities of the Business Associate. Unless otherwise limited herein, Business Associate may, consistent with 45 C.F.R. § 164.504(e)(4), use and disclose the Protected Health Information in its possession for its proper management and administration and to fulfill any legal responsibilities of Business Associate, provided that (a) the disclosures are Required by Law; or (b) any third party to which Business Associate discloses Protected Health Information for those purposes provides reasonable assurances that the information will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third party, and the third party promptly will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information has been breached.
2.3 Other Permitted Uses. Business Associate may, in compliance with HIPAA: (a) perform data aggregation for Covered Entity’s health care operations; (b) de-identify PHI in accordance with HIPAA requirements; and (c) use or disclose (and permit others to use or disclose) de-identified, aggregated information on a perpetual, unrestricted basis for improving its Products and Services and other purposes.
- RESPONSIBILITIES OF THE PARTIES
3.1 Responsibilities of Business Associate. With regard to its use and/or disclosure of Protected Health Information, Business Associate agrees to:
- not use or further disclose Protected Health Information other than as necessary to provide the Services, as permitted or required by these BA Terms or the Agreement, and in compliance with the applicable requirements of 45 F.R. § 164.504(e) or as otherwise Required by Law; provided that, to the extent Business Associate is to carry out Covered Entity’s obligations under the Privacy Rule, Business Associate will comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of those obligations.
- implement and use appropriate administrative, physical, and technical safeguards, and comply with the applicable requirements of the Security Rule with respect to Electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as provided for by these BA
- without unreasonable delay, and in any event no later than thirty (30) days after discovery, report to the Covered Entity: (i) any use and/or disclosure of the Protected Health Information of which Business Associate becomes aware that is not permitted or required by these BA Terms, in accordance with 45 F.R. § 164.504(e)(2)(ii)(C); and/or (ii) any Security Incident of which Business Associate becomes aware.
- without unreasonable delay, and in any event no later than thirty (30) days after discovery, Business Associate shall notify Covered Entity of any Breach of Unsecured Protected Health Information. The notification shall include, to the extent possible and subsequently as the information becomes available, the information required by 45 F.R. § 164.410.
- in accordance with 45 F.R. § 164.502(e)(1)(ii) and 45 C.F.R. § 164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree, in writing, to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply to the Business Associate, including complying with the applicable Security Rule requirements with respect to Electronic Protected Health Information.
- make available its internal practices, books and records relating to the use and/or disclosure of Protected Health Information to the Secretary of HHS for purposes of determining the Covered Entity’s compliance with the Privacy
- document and within thirty (30) days after receiving a written request from Covered Entity, make available information necessary for Covered Entity to make an accounting of disclosures of an Individual’s Protected Health Information, in accordance with 45 F.R. § 164.528 and, as of the date compliance is required by final regulations, 42 U.S.C. § 17935(c).
- within fifteen (15) days of receiving a written request from Covered Entity, make available (in accordance with the requirements of 45 F.R. § 164.524) Protected Health Information necessary for Covered Entity to respond to Individuals’ requests for access to Protected Health Information about them, including, providing or sending a copy to a designated third party and providing or sending a copy in electronic format, to the extent that the Protected Health Information in Business Associate’s possession constitutes a Designated Record Set.
- to the extent that the Protected Health Information in Business Associate’s possession constitutes a Designated Record Set, make available, within thirty (30) days after a written request by Covered Entity, Protected Health Information for amendment and incorporate any amendments to the Protected Health Information as directed by Covered Entity, all in accordance with 45 F.R. § 164.526.
3.2 Responsibilities of the Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA. Covered Entity represents and warrants that Covered Entity has obtained all consents, authorizations, or other permissions necessary under HIPAA. Covered Entity agrees to take all reasonable and appropriate steps to ensure compliance with its role as a Covered Entity, including implementing reasonable security measures such as firewalls, patch installations, and encryption.
4.1 Termination. Either party may terminate these BA Terms as part of the termination of the Agreement per the “Termination” section in the main Terms.
4.2 Effect of Termination or Expiration. Within thirty (30) days after the termination of these BA Terms, Business Associate shall return or destroy all Protected Health Information, if feasible to do so, including all Protected Health Information in possession of Business Associate’s subcontractors. In the event that Business Associate determines that return or destruction of the Protected Health Information is not feasible, Business Associate shall notify Covered Entity in writing and may retain the Protected Health Information subject to this Section 4.2. Under any circumstances, Business Associate shall extend all protections contained in these BA Terms to Business Associate’s use and/or disclosure of any Protected Health Information retained after the expiration or termination of these BA Terms, and shall limit any further uses and/or disclosures solely to the purposes that make return or destruction of the Protected Health Information infeasible.
5.1 Construction of Terms. The terms of these BA Terms to the extent they are unclear shall be construed to allow for compliance by Covered Entity and Business Associate with HIPAA and
5.2 No Third-Party Beneficiaries. Nothing in these BA Terms shall confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.