Terms of Service
This Terms of Service (“TOS”) entered into by and between Legare Development LLC (“Company”) and the “User” who, by clicking “Accept” following review of this TOS, acknowledged, understood, and agreed to be bound by this TOS. Company and User shall be individually referred to herein as “Party” and collectively as the “Parties.”
1. Access to the Service; Ownership; Data
a. License. The “Service” means the electronic health records service for medical providers, as updated by Company from time to time. Subject to User’s compliance with this TOS, Company hereby grants User the limited, non-exclusive, non-assignable, non-transferable, revocable right to access and use the Service in the United States, during the Term (as defined below), solely for internal use related to User’s patients and clinical practice. User will only use the Service in accordance with this TOS, the User Documentation, all instructions of Company, and in compliance with all law User will be responsible for and shall be fully liable for its use of the Service. Upon Company’s prior written consent, User shall be able to use the Services outside of the United States solely while temporarily traveling abroad and only to the extent necessary to treat patients within the United States (“Non-US Access”). Such Non-US Access shall be permitted only through a VPN connection or other similarly secured method unless otherwise agreed upon in writing by Company. Non-US Access shall be in accordance with all applicable export regulations and shall not include access in countries or regions about which Company has a good faith concern that cybersecurity attacks may be likely to originate or other concerns regarding security and intellectual property protections.
c. User ID User will have a unique user identification name and password, utilizing Active Directory created for user authentication, to access and use the Service (“User ID”). User will (i) limit access and use of its User ID to only itself and no other person, entity or system, (ii) ensure the security and confidentiality of its User ID and will be responsible for the use of, and all activities performed under, its User ID, (iii) notify Company as soon as practicable, but in any event no later than three (3) business days before User no longer requires access to the Services so that any access can be timely deactivated; and (iv) notify Company immediately in the event User becomes aware of any unauthorized use of its User ID. Company will not be liable, and User shall be solely liable, for all Claims in any way related to the use and/or misuse of User’s User ID either with or without User’s knowledge.
d. Documentation. Company may make available to User information, as updated from time to time by Company in its discretion, to enable User to use the Service (the “User Documentation”).
e. Updates. Company has the right, from time to time, to make modifications to the Service and/or this TOS.
f. Ownership of Service Subject to a Third Party Providers’ rights to a Third Party Service (as applicable), the Service, User Documentation, and all intellectual property rights in and to the Service are, as between Company and User, the sole and exclusive property of Company, including all updates, enhancements, modifications, and improvements thereto, and all recommendations, suggestions, feedback or ideas for modifications, customizations, improvements or enhancements to the Service submitted by Users to Company and/or its personnel. Company will treat all such recommendations, suggestions, feedback, and ideas as non-confidential and non-proprietary. Company reserves all rights not expressly granted pursuant to this TOS. User will not: (i) attempt to modify, reverse compile, disassemble or otherwise reverse engineer the source or object code of the Service; (ii) copy, distribute, license, sell or otherwise make available including through any dial-up, remote access, interactive or other on-line service, directly or indirectly, the Service to anyone other than User, including without limitation any third party; (iii) use the Service to provide data processing services to any third party on a service bureau, outsourcing, time-sharing or facilities management basis or otherwise; (iv) access or use the Service other than as expressly provided in this TOS; or (v) assist directly or indirectly in the development, design or enhancement of software that competes with, or is being developed to compete with, the Service.
g. Informational Materials. Company may, at its discretion, provide User with educational materials and support services, both verbal and written, from time to time (“Informational Materials”). INFORMATIONAL MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON- INFRINGEMENT, AND ARE NOT A SUBSTITUTE FOR COMPREHENSIVE LEGAL OR COMPLIANCE ADVICE OR ANALYSES.
2. Representations and Warranties.
3. User Responsibilities.
User shall, as applicable, do each of the following (collectively, the “User Responsibilities”):
a. Read information displayed or transmitted by the Service accurately and completely.
b. Ensure User is trained on and using the Service in accordance with the User Documentation.
c. Be responsible for all decisions made related to use of the Service (including without limitation any enabling or disabling of features and functionality).
d. Be responsible for User’s use of and access to all third party products and services.
e. Confirm the accuracy of life threatening information and clinically important results that are accessed or stored through or in the Service in the same manner that such information and results would be confirmed or verified if they were in paper form and as would otherwise be confirmed or verified if User were using applicable standards of good medical practice. By way of example, Users must verify allergies, current medications, relevant histories and problems with the patient and confirm questionable results (including without limitation lab pathology and radiology results) with the applicable department using applicable standards of good medical practice to no less a degree than if Users were using paper records.
f. Report to Company all errors and other problems related to the Service that Users know or should know could adversely affect patient care. If User is alerted to such a problem, such User shall immediately alert all other applicable care provider whom User knows or should know could be affected by the problem; educate other applicable care providers about the problem, including affected workflows, known workarounds and potential impacts; take all measures reasonably likely to avoid or mitigate such impacts, including implementing additional safeguard procedures, deploying other available workflows or functionality and turning off the Service functionality related to the problem; and promptly install all available software updates to avoid or mitigate any impact on patient care promptly following such update being made available by Company.
g. Maintain disaster recovery, business continuity plans, and system unavailability policies and procedures (“BCPs”) for all systems related to the operation and use of the Service to enable User to continue to provide patient care in the event of a disaster or system unavailability, have working knowledge of such BCPs, and promptly utilize such BCPs as necessary.
h. Use the Service only in accordance with applicable standards of good medical practice.
i. Use the Service solely in connection with User’s clinical practice operations, and in no event use the Service to conduct personal business or business unrelated to the operations of User’s clinical practice.
Company may from time to time require User to implement and/or execute certain policies, procedures, and/or related documentation (“Requirements”). Such Requirements may include, without limitation, updates to User’s patient notifications related to User’s privacy practices. User agrees that it will execute all necessary documentation required to implement and/or enforce the Requirements.
5. Clinical Claims
While software such as the Service might improve the quality of service that User offers to patients, many factors, including without limitation, the provider-patient relationship, can affect patient outcomes and claims related to such outcomes, and with intricate and interdependent technologies and complex decision-making it is often difficult or impossible to accurately determine what factors existed and in what proportion such factors affected a patient outcome. In light of the difficulties, complexities, and uncertainties inherent in healthcare information technology and the patient care process, User agrees to indemnify, hold harmless, and defend Company Indemnitees from any Claims by or on behalf of any patient of User, or by or on behalf of any other third party or person claiming damage by virtue of a familial or financial relationship with such a patient, regardless of the cause, if such Claim in any way arises out of or relates to patient care or outcomes (including as may be affected by the operation of the Service) (a “Clinical Claim”). Upon reasonable request of the other Party, the Parties will cooperatively discuss and assess the Clinical Claim, the underlying facts related to the Clinical Claim, and potential defenses to and/or settlements of such Clinical Claim (in each case taking into account each Party’s privilege-related concerns).
6. User Data
As between the Parties, User will have ownership of User individual patient medical records and laboratory and clinical data (the “Data”) entered into and maintained in the Service on behalf of User. Notwithstanding the foregoing, User hereby grants Company and Company’s affiliates, subsidiaries, and parent (collectively, “Company’s Affiliates”) a royalty-free, worldwide, perpetual license to: (i) use the Data in connection with the Services; (ii) use the Data for the Company’s internal management and administration, including optimizing and improving the Services; (iii) use the Data to create a Limited Data Set as defined in 45 CFR § 164.514(e)(2); (iv) use and disclose such Limited Data Set for research, public health and health care operations, provided Company has in place with any recipient of such Limited Data Set a Data Use Agreement that complies with 45 CFR § 164.514(e)(4) and a Business Associate Agreement; (v) use the Data to create information that is de-identified in accordance with 45 CFR § 164.514(b) (“Data Derivatives”); (vi) use the Data and Data Derivatives for analysis and research; and (vii) disclose and sublicense use of the Data and Data Derivatives to third parties including non-affiliated third parties. User further grants Company and Company’s Affiliates a perpetual, royalty- free, exclusive license in any and all Data Derivatives created in compliance with this TOS. Notwithstanding the foregoing, User shall not hereby be prevented from creating, using, disclosing, licensing or transferring its own de-identified information using User’s Data. Company will implement commercially reasonable physical, technical and administrative safeguards designed to protect the Data in its possession or under its control against accidental loss or unauthorized access, use, disclosure, alteration, or destruction.
7. Term and Termination
This TOS is effective on the date accepted by the User and continues until terminated pursuant to the terms of this TOS. Either Party may terminate this TOS in the event the other Party commits a material breach and fails to cure such breach within thirty (30) days of receiving notice. Either Party may terminate this TOS for convenience at any time upon written notice to the other Party. All provisions of this TOS relating to ownership, confidentiality, compliance with laws, limitation of liability, warranties, warranty disclaimers, indemnification, data rights, term, termination, audit rights, and governing law or that by their terms contemplate obligations intended to survive termination, will survive the termination of this TOS. Upon any termination of this TOS, User will discontinue all use of the Service and immediately return all Company Confidential Information in its possession to Company or, at Company’s option, destroy all such Confidential Information, including all copies or partial copies thereof and certify thereto. In the event Company reasonably believes that User has violated any provision of this TOS, Company has the right to immediately suspend User’s access and use of the Service.
8. Confidential Information
As used herein, “Confidential Information” means all confidential and proprietary information of either Party (including Company’s Affiliates and Third-Party Providers) (“Disclosing Party”) disclosed to the other Party (including Company’s Affiliates) (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including without limitation the terms and conditions of this TOS. Confidential Information (except for Data) shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) was independently developed by the Receiving Party without breach of any obligation owed to the Disclosing Party; or (iv) is received from a third party without breach of any obligation owed to the Disclosing Party. The Receiving Party will hold in strict confidence all Confidential Information of the Disclosing Party to which such Receiving Party gains access under this TOS, and will not use, reproduce, publish, disclose or otherwise make known to any person or entity any such Confidential Information, except to the extent (i) required in the performance of the Receiving Party’s obligations under this TOS, (ii) as otherwise required by applicable law and/or by a court of competent jurisdiction, or (iii) disclosure is made, in accordance with applicable law, to a Company agent who the Company reasonably and in good faith believes is needed to be involved in the evaluation and performance of the Services, provided such agent is informed of the confidentiality requirements contained herein and agrees to be bound to substantially similar confidentiality requirements. Company acknowledges and agrees that from time to time during the term of this TOS, Company may be exposed to or have access to Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 45 CFR Parts 160 and 164 (“HIPAA”) related to patients of User. Company acknowledges that any such PHI is Confidential Information of User. In respect of such PHI that Company has exposure or access to as a result of the Service, Company and User will comply with the terms of the Business Associate Agreement attached hereto as Exhibit A, made a part hereof, and hereby entered into by and between Company and User. Except as otherwise set forth herein or as required in connection with Third Party Services, neither Party will use, release, publish or distribute any materials or information containing the names, trade names, or trademarks of the other Party without the express prior written consent of such other Party. Notwithstanding anything to the contrary herein, the Parties agree that certain identifying information about User and User’s practice will not constitute Confidential Information. Such excluded identifying information shall include without limitation, User name, practice name, National Provider Identifier, and the address of User’s practice.
Company has the right, upon three (3) business day’s prior notice, to inspect any of User’s premises and to access the Service during normal business hours, to verify that it is being used and protected as specified herein.
User will indemnify, defend, and hold Company and Company’s Affiliates, directors, officers, employees, customers, agents, service providers, successors, and assigns (“Company Indemnitees”) harmless from and against all claims, demands, proceedings, suits, and/or actions brought against any Company Indemnitee and all related loss, damage, liability, expense, and cost (including the cost of investigating, defending or settling any action, claim or demand including, but not limited to, awards, fines, penalties, attorneys’ fees, professional’s fees, litigation costs, and the cost of remedial actions) (collectively, “Claims”) from every kind and nature, which may be made, threatened to be made, or instituted against the Company Indemnitees arising out of or in any way connected with or relating to: (i) a breach of the TOS by User; (ii) any medical malpractice claim, tort claim, statutory claim or other claim against the Company Indemnitees arising out of this TOS and/or User’s use of the Service; (iii) the negligence or willful misconduct of User; and (iv) Third Party Provider claims against the Company Indemnitees related to User’s use of the Third Party Services. User will not settle a Claim or pending matter or admit guilt or fault related to a Claim without first obtaining written consent from Company.
11. Warranties, Limitation of Liability; Allocation of Risk
a. WARRANTY DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS TOS, THE SERVICES ARE PROVIDED TO USER “AS IS” WITH ALL FAULTS AND DEFECTS AND WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, COMPANY HEREBY DISCLAIMS ALL WARRANTIES PERTAINING TO THE SERVICES OR THE USE THEREOF, INCLUDING WITHOUT LIMITATION ANY MATERIALS PROVIDED TO USER UNDER THIS TOS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, DESIGN, ACCURACY, NON-INFRINGEMENT, ENJOYMENT, INTERFERENCE, OPERATION OR FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM CONDUCT, COURSE OF DEALING, CUSTOM OR USAGE IN TRADE. COMPANY DOES NOT WARRANT THAT THE SERVICES WILL SATISFY USER’S REQUIREMENTS OR THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED OR ERROR FREE. THE ENTIRE RISK ARISING OUT OF THE USE, PERFORMANCE, OR INABILITY TO USE THE SERVICES REMAINS WITH USER. COMPANY SHALL NOT BEAR ANY RESPONSIBILITY FOR ERRORS OR DAMAGES OF ANY KIND RESULTING FROM USER’S SYSTEMS, INPUT ERRORS, THIRD PARTY CRIMINAL ACTS OR CHANGES TO THE SERVICE MADE OR REQUESTED BY USER. USER ACKNOWLEDGES THAT NO EMPLOYEE OR CONTRACTOR OF COMPA NY OR ANY AFFILIATE OR OTHER THIRD PARTY IS AUTHORIZED TO MAKE ANY COMPANY REPRESENTATION OR WARRANTY NOT IN THIS TOS.
b. LIMITATION OF LIABILITY. NEITHER COMPANY NOR ANY THIRD PARTY PROVIDERS WILL HAVE ANY LIABILITY FOR INDIRECT, INCIDENTAL, PUNITIVE, ENHANCED, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES (EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), INCLUDING BUT NOT LIMITED TO, LOSS OF REVENUE, PROFITS OR ANITCIPATED SAVINGS, LOST BUSINESS, GOODWILL OR REPUTATION, OR LOSS OF DATA OR OTHERWISE RELATING TO THE SERVICES OR THE USE OR INABILITY TO USE ANY OF THE SERVICES. COMPANY’S (AND COMPANY’S THIRD PARTY PROVIDERS’) TOTAL LIABILITY TO USER AND ANY OTHER PERSON OR ENTITY, INCLUDING WITHOUT LIMITATION USER’S PATIENTS, FOR BREACH OF CONTRACT AND ALL OTHER CLAIMS (INCLUDING TORT CLAIMS) ARISING IN CONNECTION WITH THIS TOS OR THE SERVICE, WILL NOT EXCEED THE FEES PAID BY USER TO COMPANY HEREUNDER DURING THE TWELVE MONTH PERIOD IMMEDIATELY PRECEDING THE CLAI
c. ALLOCATION OF RISK. IN THE EVENT THAT THE SERVICE OR ANY REPORT OR INFORMATION GENERATED BY THE SERVICE IS USED IN CONNECTION WITH ANY DIAGNOSIS OR TREATMENT BY USER OR ANY OF USER’S EMPLOYEES, AGENTS, REPRESENTATIVES, AND THE LIKE, USER WILL TAKE ALL RESPONSIBILITY IN CONNECTION THEREWITH, INCLUDING RESPONSIBILITY FOR INJURY, DAMAGE AND/OR LOSS RELATED TO SUCH DIAGNOSIS OR TREATMENT. The considerations and limitations of liability set forth in this TOS reflect the allocation of risk negotiated and agreed to by the Parties. The Parties would not enter into this TOS without these limitations on its liability. These limitations will apply notwithstanding any failure of essential purpose of any limited remedy.
d. Company does not and cannot independently verify or review the information transmitted through the Service for accuracy or completeness. Pursuant to the foregoing, User acknowledges that the information provided by Company from Services, including without limitation the Third-Party Services, may not be complete or accurate, and that neither Company nor any Third-Party Provider provides any representations or warranties with respect to the accuracy or completeness of such information. User hereby releases and holds harmless Company and the Third-Party Providers from any liability, cause of action or claim related to the completeness or lack thereof of such information.
Support may be contacted via telephone, email or fax. Company will provide User with telephone access to a help desk during standard Business Hours of 8:00 a.m. to 8:00 p.m. Eastern Time, Monday to Friday. On call support will be available twenty four hours a day, seven days a week (24/7) for emergencies; all non-emergency and routine calls will be returned the next business day. Email and fax requests will be read and responded to within sixty (60) minutes during Business Hours and next business day for outside Business Hours. The Help Desk is not to be used by anyone other than User. Contact information for Support is as follows:
a. No Requirement to Refer. Nothing in the TOS will be construed to require or encourage Company or User to refer, or to encourage others to refer, patients or other business opportunities to each other or to Company’s Affiliate Company does not restrict, and will not take any action to limit, User’s right or ability to use the Services for any patient without regard to payor status. User acknowledges that the receipt, amount or nature of any donated items or services is not a condition of doing business with Company.
b. Notice. Any notice required to be given under this TOS will be in writing, in English, and transmitted via overnight courier, hand delivery or certified or registered mail, postage prepaid and return receipt requested, to a Party at the address as may be specified or updated by written notice from time to time. In order to be valid, concurrently with any notice being sent to Company, a copy of such notice will also be sent to: 2000 16th Street, Denver, Colorado 80202 Attention: Assistant General Counsel – Legare Development LLC. Notices sent in accordance with this Section will be deemed effective when received.
c. Entire Agreement. This TOS contains the full and complete understanding of the Parties with respect to the subject matter hereof and supersedes all prior oral and written instruments, communications and understandings by and between the Parties concerning such subject matter, and may only be amended in a writing signed by the Parties or as otherwise accepted by User via Company’s online click-to-accept functionality as such terms may be presented to User from time to time. No terms, provisions, or conditions of any User purchase order, acknowledgement, or other business form that User may use in connection with the licensing of the Services will have any effect on the rights, duties or obligations of the Parties under, or otherwise modify, this TOS, regardless of any failure of Company to object to such terms, provisions, or conditions. Any such additional or conflicting terms and conditions on any purchase order, acknowledgement, or other business form are hereby rejected by Company.
d. Injunctive Relief. The Parties acknowledge that any disclosure of a Party’s Confidential Information will result in irreparable injury to the Party, which injury could not be adequately compensated by the payment of money damages. The Parties will be entitled to seek and obtain injunctive relief against any breach or threatened breach of its confidentiality obligations here under, in addition to any other legal remedies which may be available. In the event of any actual or threatened breach of Company’s intellectual property rights or User’s confidentiality obligations, Company is entitled to obtain injunctive and all other appropriate relief from a court of competent jurisdiction, without being required to: (a) show any actual damage or irreparable harm, (b) prove the inadequacy of its legal remedies, or (c) post any bond or other security. Each Party acknowledges and agrees that the covenants contained herein are necessary for the protection of legitimate business interests and are reasonable in scope and content. If User’s use of the Service is at risk of being enjoined, Company has the right, at its sole option to: (a) procure for User the right to continue using such Service under the terms of this TOS; (b) replace or modify such Service; or (c) terminate User’s rights and Company’s obligations hereunder with respect to such Service with no further liability.
e. Waiver/Amendment. No waiver, amendment, or modification of any provision of this TOS will be effective unless it is made in writing and signed by the Party against whom such waiver, amendment, or modification is sought to be enforced or as otherwise accepted by User via Company’s online click-to-accept functionality as such terms may be presented to User from time to time. No failure or delay by either Party in exercising any right, power or remedy under this TOS, except as specifically provided herein, will be deemed as a waiver of any such right, power, or remedy.
f. Force Majeure. Each Party will be excused from performance under this TOS while and to the extent that it is unable to perform due to a cause beyond its reasonable control. If either Party is rendered unable wholly or in part by force majeure to carry out its obligations under this TOS, then the Party affected by force majeure will give written notice with explanation to the other Party immediately. The affected obligations of the Party giving notice will be suspended only during the continuance of the events giving rise to the force majeure provided that the affected Party is acting with due diligence to remedy the delay caused by the force majeur If either Party is unable to perform due to force majeure for a period of more than twenty (20) days due to any delay, the other Party has the right to terminate this TOS.
g. User will not have the right to assign any of its rights or delegate any of its obligations under this TOS to any third party without the express written consent of Company, and any purported attempt to do so will be void. Company will have the right to assign any of its rights or delegate any of its obligations under this TOS to any third party at any time.
h. Jurisdiction and Venue; Choice of Law. This TOS is governed by the laws of the State of Colorado without regard to its conflicts of law provisions. THE PARTIES WAIVE ALL RIGHTS TO TRIAL BY JURY IN ANY LITIGATION ARISING FROM OR RELATED TO THIS TOS. Any litigation or enforcement of an arbitration award will be brought in District Court, Denver County, State of Colorado or the U.S. District Court for the District of Colorado, as appropriate. Each Party consents to personal and subject matter jurisdiction and venue in such courts and waives the right to change venue. The Parties acknowledge that all directions issued by the forum court, including injunctions and other decrees, will be binding and enforceable in all jurisdictions and countries.
i. Copyrights and Trademarks. User shall not remove, modify or diminish any Company or third party trademarks or copyright or trademark notices contained in the Service (including any Third-Party Service). User further agrees to affix and maintain the copyright and trademark notices of Company and Third-Party Providers on all copies made of the User Documentation.
j. Severability. In the event any provision of this TOS is determined to be invalid, such invalidity will not affect the validity of the remaining portions of this TOS, and the Parties will promptly substitute for the invalid provision a valid and enforceable provision which most closely approximates the intent and economic effect of the invalid provision.
k. Interpretation. Any uncertainty or ambiguity with respect to any provision of this TOS will not be construed for or against any Party based on attribution of drafting to either Party. Article, section, and subsection titles and captions herein are inserted as a matter of convenience and for reference and do not, in any way, define, limit, extend, or describe the scope or construction of this TOS or the intent of any of its provisions.
l. No Partnership or Agency. Nothing contained in this TOS will be construed as creating a relationship between the Parties of partners, joint venturers, or agents, and neither Party has the power to bind the other to any contract or commitment. Unless otherwise expressly set forth herein, this TOS is not intended to create and will not create any third party beneficiary.
m. Advice of Counsel. The Parties represent that they have read and understand the terms of this TOS and are entering into this TOS freely, having had a full and fair opportunity to obtain the advice of counsel in relation hereto.
14. Electronic Signature Agreement
a. Electronic Signature. If User is an individual physician operating under the terms of this TOS (“Practitioner”) and such Practitioner is granted access to any DaVita Inc. (“DaVita”) software, systems and/or related products (“Systems”) with the ability sign physician orders online and/or electronically, Practitioner shall: (a) only electronically sign Practitioner’s own orders, (b) not have another physician or individual sign any of Practitioner’s orders, even if they are caring for a Practitioner’s patient in the Practitioner’s absence (if a physician enters an order for Practitioner’s patient while caring for Practitioner’s patient, that physician shall be responsible for signing that order), (c) in electronically signing Practitioner’s orders, verify the accuracy, appropriateness and the medical necessity of the order, (d) be held as legally bound, obligated, and responsible for any use of Practitioner’s electronic signature as Practitioner would be by signing the same medical documentation in hard copy, (e) only access health information on DaVita Systems in order to provide care for patients with whom Practitioner has a physician-patient relationship or for whom Practitioner has been asked to provide care by another physician, (f) maintain the confidentiality of the health information Practitioner accesses through DaVita Systems and will comply with all applicable federal and state laws an d professional standards, (g) be the only person permitted to use Practitioner’s password and that Practitioner will be solely responsible for the use and confidentiality of Practitioner’s password. Practitioner understands that it is a material breach of this TOS to share a password with another person. If Practitioner has a reason to believe that Practitioner’s password is no longer secure or that someone else has gained access to Practitioner’s password or has signed any of Practitioner’s orders, Practitioner agrees to immediately notify the DaVita Hotline at 1-888-782-1347 and then change Practitioner’s password. Practitioner understands that the Systems are the property of DaVita and that Practitioner is only allowed use of Systems in order to provide care to Practitioner’s patients. Practitioner agrees not to reproduce, redistribute, retransmit, publish or otherwise transfer, any proprietary aspect of Systems without DaVita’s prior written consent.
b. Scope of Licensure. Practitioner understands that the scope of orders and other medical documentation Practitioner is able to electronically sign may be limited by applicable laws and regulations that govern the scope of practice based on Practitioner’s licensure and/or certification. Practitioner understands and agrees that it is Practitioner’s sole responsibility to use the System in accordance with all applicable laws and regulations and not to exceed the scope of practice authorized by such laws and regulations. Practitioner acknowledges that DaVita and Company in no way warrants or claims that the System has the controls in place to prevent Practitioner from signing orders or ordering prescriptions beyond this authorized scope of practice. DaVita and Company hereby disclaim any and all liability resulting from Practitioner’s use of the System contrary to all laws and regulations governing Practitioner’s scope of practice. Practitioner shall hereby indemnify and hold harmless DaVita and Company, their respective officers, agents, employees, successors, and assigns, from any claim, demands, damages, or costs (including reasonable attorneys’ fees), including but not limited to from any court or administrative tribunal in a disciplinary action, in any way related to or connected with the use of Practitioner’s electronic signature beyond Practitioner’s authorized scope of practice.
c. Termination. Without limiting other remedies available to DaVita and/or Company, Practitioner understands that DaVita and/or Company may restrict, suspend, or terminate Practitioner’s ability to sign Practitioner’s orders electronically without notice and with or without cause at DaVita’s and/or Company’s sole discretion.
BUSINESS ASSOCIATE AGREEMENT
THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is entered into as of the effective date of the TOS by and between User (“Covered Entity”) and Company, by and on behalf of its subsidiaries, affiliates, and related organizations (collectively, the “Business Associate”).
WHEREAS, Covered Entity and Business Associate have entered into an agreement (“Supply Agreement”) whereby Business Associate provides products and/or services (collectively “Deliverables”) to Covered Entity; and
WHEREAS, Business Associate requires access to Protected Health Information or other health information that is protected by state and/or federal law in connection with its performance of the Supply Agreement; and
WHEREAS, Covered Entity and Business Associate desire to reflect their mutual understanding regarding the use, disclosure and general confidentiality obligations of Business Associate relating to any Protected Health Information that Business Associate accesses in connection with its performance of the Supply Agreement and to allow Covered Entity and Business Associate to fully comply with the requirements of the Health Insurance Portability and Accountability Act of 1996, the “Privacy Rule” (45 CFR Parts 160 and 164, subparts A and E), the “Security Rule” (45 CFR Part 164, subparts A and C), and the federal “Breach Notification Rule” (45 CFR Part 164, subpart D), as amended or added by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and its implementing regulations (collectively “HIPAA”).
NOW, THEREFORE, the parties agree as follows:
1.1 “PHI” and “Protected Health Information” mean “protected health information” as defined in the Privacy Rule.
1.2 “Covered Entity PHI” means PHI that is created, maintained, transmitted, or received by Business Associate from or on behalf of Covered Entity.
1.3 Other Capitalized Terms: All other capitalized terms used, but not otherwise defined, herein have the meanings ascribed to them in HIPAA.
1.4 Amendments to HIPAA: A reference in this Agreement to a section of HIPAA means the section as it exists on the Effective Date or as it may be amended during the term of this Agreement.
2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
2.1. Permitted Uses: Business Associate will use Covered Entity PHI solely as permitted by this Agreement to (i) provide the Deliverables or (ii) carry out the proper management and administration of Business Associate, provided however, that in no circumstance may Business Associate use Covered Entity PHI in a manner that, if done by Covered Entity, would violate HIPAA.
2.2. Permitted Disclosures: Business Associate shall (i) hold Covered Entity PHI in confidence and (ii) not disclose Covered Entity PHI except as (A) Required by Law, (B) permitted by this Agreement to provide the Deliverables, or (C) necessary for the proper management and administration of Business Associate; provided that (x) such disclosure is limited to the minimum amount of PHI necessary, (y) Business Associate obtains reasonable assurances from the recipient that the PHI will remain confidential and be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to recipient, and (z) recipient agrees to notify the Business Associate of any known breach of the confidentiality of the disclosed PHI .
2.3. Obligations of Business Associate:
2.3.1. De-Identified Health Information: Except as otherwise provided herein, Business Associate will not de-identify any Covered Entity PHI without Covered Entity’s prior written consent, provided however, such consent will not be required for Business Associate to de-identify PHI in accordance with the Privacy Rule as necessary to provide the Deliverables under the Supply Agreement.
2.3.2. Safeguards: Business Associate shall implement appropriate administrative, physical and technical safeguards to prevent the use or disclosure of Covered Entity PHI for any purpose other than those permitted by this Agreement.
2.3.3. Minimum Necessary: Business Associate will make reasonable efforts to use, disclose and request of Covered Entity only the minimum amount of PHI reasonably necessary to accomplish the intended purpose of the use, disclosure or request. Without limiting the generality of the foregoing, Business Associate shall act in accordance with any related guidance promulgated by HHS.
2.3.4. No Sale of PHI: Except as specifically permitted by the Supply Agreement or approved by Covered Entity’s prior written consent, Business Associate will not sell, transfer, sub-license or disclose Covered Entity PHI to a third party, or receive any remuneration for the same. Any approved sale must be in accordance with the Privacy Rule.
2.3.5. No Marketing: Business Associate will not use or disclose Covered Entity PHI for any marketing activities, without Covered Entity’s prior written consent. Any permitted use must be in accordance with the Privacy Rule.
2.3.6. Agents and Subcontractors: Prior to disclosing Covered Entity PHI to any agent or Subcontractor engaged in accordance with the Supply Agreement, Business Associate will ensure that such agent or Subcontractor is bound to the same restrictions, obligations and conditions as required in this Agreement.
2.3.7. Inspection and Copies: Within ten (10) business days after receiving Covered Entity’s written request, Business Associate will make Covered Entity PHI in a Designated Record Set within Business Associate’s custody or control available to Covered Entity or, at Covered Entity’s direction, to an Individual (or the Individual’s Personal Representative) for inspection and copying pursuant to 45 CFR § 164.524.
2.3.8. Amendments: In accordance with 45 CFR § 164.526, Business Associate shall amend a Designated Record Set containing PHI promptly upon receiving Covered Entity’s written notice.
2.3.9. Documenting Disclosures: Business Associate shall document all of Business Associate’s disclosures of Covered Entity PHI other than disclosures to Covered Entity, an Individual, or an Individual’s health care providers for treatment or payment purposes. This documentation shall include: (1) the date of the disclosure; (2) the name of the entity or person who received the Covered Entity PHI and, if known, the address of such entity or person; (3) a brief description of the Covered Entity PHI disclosed; and (4) a brief statement that would reasonably inform the Individual of the basis for the disclosure.
2.3.10. Accounting of Disclosures: Business Associate will maintain records of its disclosures of Covered Entity PHI as necessary for Covered Entity to respond to an Individual’s request for an accounting of disclosures pursuant to 45 CFR § 164.528. Business Associate shall, within ten (10) business days of receiving Covered Entity’s written notice, make such records available to Covered Entity for the purpose of Covered Entity providing Individuals with an accounting of the disclosures of their PHI as required by 45 CFR § 164.528.
2.3.11. Restriction Agreements and Confidential Communication Requests. Business Associate shall comply with any agreement that Covered Entity makes that either (i) restricts the use or disclosure of Covered Entity PHI pursuant to 45 C.F.R. § 164.522(a) or (ii) requires confidential communication about Covered Entity PHI pursuant to 45 C.F.R. § 164.522(b), provided that Covered Entity has notified Business Associate in writing of such restriction or confidential communication obligation.
2.3.12. Access to Books and Records: Business Associate will make its internal practices, books, and records related to the use and disclosure of PHI available to Covered Entity for the purpose of determining Business Associate’s compliance with this Agreement and to HHS for the purpose of determining Business Associate’s and/or Covered Entity’s compliance with HIPAA.
2.3.13. Breach of Agreement, Privacy Rule or Security Rule; Security Incident Reporting; Breach Notification involving Unsecured PHI: Business Associate will report to Covered Entity, within seventy-two (72) hours of discovery, any (i) breach of this Agreement; (ii) Security Incident as defined at 45 C.F.R. Part 164, Subpart C; or (iii) Breach as defined at the Breach Notification Rule (collectively “Incident”). Business Associate’s report will include (i) any available information that Covered Entity would otherwise be required to include in a notification to the Individual under 45 C.F.R. Part 164.404(c) or under any other applicable HIPAA provision or State law, and (ii) such other information, as may be otherwise required by law and/or reasonably requested by Covered Entity.
2.3.14. Health Information Policies and Procedures: When performing under the Supply Agreement, Business Associate will comply with Covered Entity’s vendor policies and procedures pertaining to health information and confidentiality of Covered Entity’s PHI as published at https://www.davita.com/about/vendor-information.
2.3.15. Security Rule Obligations: In addition to complying with Covered Entity’s policies and procedures as provided in Section 2.3.14, Business Associate will comply with all aspects of the Security Rule and the HITECH Act, including (i) implementing Safeguards (including written policies and procedures) that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule and the HITECH Act and (ii) developing and implementing all required policies and procedures.
220.127.116.11. Addressable Specifications: Where the Security Rule categorizes an implementation specification as “Addressable,” Business Associate may analyze whether in Business Associate’s environment such implementation specification constitutes a reasonable and appropriate safeguard that is likely to contribute to protecting Covered Entity PHI. Business Associate shall have the reasonable discretion, based on that analysis, to either: (i) implement the implementation specification as set forth in the Security Rule; or (ii) document why Business Associate has determined that implementation of specification as set forth in the Security Rule is not reasonable and appropriate and implement an equivalent alternative measure that will adequately protect Covered Entity PHI.
18.104.22.168. Breach of Obligations Relating to Security Standards: In the event that Business Associate breaches any of its covenants and obligations under this Section 2.3.15, Covered Entity may, in addition to any other remedies, prohibit Business Associate from receiving Covered Entity PHI until such breach is remedied to Covered Entity’s satisfaction.
2.3.16. Compliance with Law: During the term of this Agreement, Business Associate shall comply with all applicable federal, state and local laws, rules and regulations pertaining to patient records and the confidentiality of patient information, including PHI. To the extent Business Associate is to carry out Covered Entity’s obligation under the Privacy Rule, Business Associate shall comply with the requirements of the Privacy Rule that apply to Covered Entity.
2.3.17. Mitigation: Business Associate will take all reasonable and necessary steps, in accordance with Covered Entity’s instructions, to negate any known harmful effect resulting from Business Associate’s use or disclosure of Covered Entity PHI in violation of this Agreement.
2.4. Indemnity: Business Associate will indemnify and hold harmless Covered Entity and its directors, officers, employees, agents, successors and assigns from and against all losses (including awards, fines, penalties and the reasonable costs of investigation, defense, and any remedial actions), arising out of any breach of this Agreement by Business Associate.
3. OBLIGATIONS OF COVERED ENTITY
3.1. Restrictions Requests and Confidential Communications: Covered Entity will notify Business Associate, in writing, of any agreement Covered Entity makes regarding any restriction or requirement for confidential communication (including any changes or revocation of such restriction agreement or confidential communication requirement), with respect to the use or disclosure of PHI pursuant to 45 C.F.R. § 164.522, to the extent that such restriction agreement or confidential communication requirement may affect Business Associate’s use or disclosure of Covered Entity PHI in performing under the Supply Agreement.
3.2. Safeguards: Covered Entity will: (i) employ appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to this Agreement and the Supply Agreement, in accordance with the standards and requirements of HIPAA, the Privacy Rule and Security Rule, until such PHI is received by Business Associate; (ii) inform Business Associate of any consent or authorization, including any changes in or withdrawal of any such consent or authorization, provided to Covered Entity by an Individual pursuant to 45 C.F.R. § 164.506 or § 164.508; and (iii) permit Business Associate to make any use or disclosure of Covered Entity PHI required under 45 C.F.R. § 164.512.
4. TERM AND TERMINATION
4.1. Term: This Agreement shall commence on the Effective Date and remain in effect until terminated in accordance with Section 4.2.
4.2.1. This Agreement will terminate automatically upon the termination or expiration of the Supply Agreement.
4.2.2. Covered Entity may terminate this Agreement for Business Associate’s material breach, where such breach is not corrected to the reasonable satisfaction of Covered Entity by Business Associate within thirty (30) days of receiving Covered Entity’s notice of breach.
4.3. Effect of Termination: Upon termination of this Agreement, Business Associate shall return or destroy all Covered Entity PHI. In the event Business Associate determines (and Covered Entity agrees) that return or destruction is not feasible, Business Associate will extend the protections required in this Agreement to the Covered Entity PHI and limit further uses and disclosures to only those purposes that make the return or destruction of the information infeasible.
4.4. Survival: The terms of this Agreement shall continue to apply with regard to any Covered Entity PHI that Business Associate retains following the termination of this Agreement. To the extent that Business Associate does not retain any Covered Entity PHI post termination, the provisions of this Agreement shall survive as necessary to ensure each party’s continued compliance with HIPAA or applicable analogous state laws.
5.1. Amendment: No modification of this Agreement will be effective unless made in writing signed by each party. Each party will cooperate reasonably to amend this Agreement in the event that such amendment is necessary for Covered Entity and/or Business Associate to comply with any new final regulation or amendment to final regulation promulgated by HHS during the term of this Agreement.
5.2. Notices: Any notices to be delivered hereunder shall be delivered in accordance with the notice provision(s) of the Supply Agreement; provided, that a copy of any notice to Covered Entity shall also be delivered to: DaVita Inc., 2000 16th St. 12th Floor, Denver, CO 80202, Attention: Privacy Office. Notice shall be in writing and shall be deemed effective when personally delivered or, if mailed, three (3) calendar days after the date deposited in the United States mail, first class, postage prepaid, to the addressee at its current business address.
5.3. Counterparts: This Agreement may be executed in counterparts, each of which shall be deemed an original and when taken together shall constitute one agreement.
5.4. Governing Law: This Agreement is governed by the laws of the State of Colorado and applicable federal law. Any dispute arising under this Agreement shall be heard exclusively in the state or federal courts located in Denver, Colorado. Each party consents to the jurisdiction of such courts.
5.5. Joint Preparation: Each party: (i) has participated in the preparation of this Agreement; (ii) has read and understands this Agreement; and (iii) has been represented by counsel of its own choice in the negotiation and preparation of this Agreement, and (iv) represents that this Agreement is executed voluntarily and should not be construed against any party solely because such party drafted some or all of this document.
5.6. Severability: Whenever possible, each provision of this Agreement shall be interpreted in such manner to be effective and valid under applicable law, but if any provision of this Agreement is held to be invalid, illegal or unenforceable in any respect under any applicable law or rule in any jurisdiction, such invalidity, illegality or unenforceability will not affect any other provision in any other jurisdiction, but this Agreement will be reformed, construed, and enforced in such jurisdiction as if such invalid, illegal or unenforceable provision had never been contained herein.
5.7. Waiver: Any waiver of rights under this Agreement must be in writing, signed by the waiving party. Any such waiver is limited to its express terms. Waivers will not be implied from any action or inaction of a party.
5.8. Entire Agreement: This Agreement supersedes any and all prior business associate agreements and understandings relating to its subject matter, whether oral or written, between the parties.
Independent Contractor: Nothing in this Agreement shall be deemed or construed to create, any relationship between the parties hereto other than that of independent entities contracting with each other solely for the purpose of effecting the provisions of this Agreement, or to create any partnership, joint venture, legal association, or other operating relationship other than that of independent contractors. The governing bodies of each party shall have exclusive control of the policies, management, assets, and affairs of their respective organization.