Updated: 6/1/2024
These Platform Terms of Use (these “Terms of Use”) is a legal agreement between you (“you” or “your”) and Scribacare Inc. (“Scribacare,” “Scriba,” “we,” “us,” or “our”). These Terms of Use specify the terms under which you may access and use our proprietary software as a service (SaaS) platform that is made available to you as a web application and/or a mobile application (if any) (the “Platform”).
PLEASE READ THESE TERMS OF USE CAREFULLY. By ACCESSING AND/OR USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE LEGALLY BOUND BY THESE TERMS OF USE, AND THE TERMS AND CONDITIONS OF OUR PRIVACY POLICY (THE “PRIVACY POLICY”), WHICH IS HEREBY INCORPORATED INTO THESE TERMS OF USE AND MADE A PART HEREOF BY REFERENCE (COLLECTIVELY, THE “AGREEMENT”). IF YOU DO NOT AGREE TO ANY OF THE TERMS IN THIS AGREEMENT, THEN PLEASE DO NOT USE THE PLATFORM.
If you accept or agree to the Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the Agreement and, in such event, “you” and “your” will refer and apply to that company or other legal entity.
We reserve the right, at our sole discretion, to modify, discontinue, or terminate the Platform, or to modify the Agreement, at any time and without prior notice. If we modify the Agreement, we will post the modification on the Platform. By continuing to access or use the Platform after we have posted a modification on the Platform, you are indicating that you agree to be bound by the modified Agreement. If the modified Agreement is not acceptable to you, your only recourse is to cease using the Platform.
THE SECTIONS BELOW TITLED “BINDING ARBITRATION” AND “CLASS ACTION WAIVER” CONTAIN A BINDING ARBITRATION AGREEMENT AND CLASS ACTION WAIVER. THEY AFFECT YOUR LEGAL RIGHTS. PLEASE READ THEM.
Capitalized terms not defined in these Terms of Use shall have the meaning set forth in our Privacy Policy.
1. RIGHT TO ACCESS AND USE THE PLATFORM
Subject to the terms and conditions of this Agreement, we hereby grants you during the Term of this Agreement a limited, non-exclusive, non-transferable, non-sublicensable, revocable right, to authorize your Authorized Users to access and use the Platform solely for your internal business purposes to evaluate the Platform.
You will not (and will not authorize, permit, or encourage any third party to): (i) reverse engineer, decompile, disassemble, or otherwise attempt to discern the source code or interface protocols of the Platform; (ii) modify, adapt, or translate the Platform, or any portion or component thereof; (iii) make any copies of the Platform, or any portion or component thereof; (iv) resell, distribute, or sublicense the Platform, or any portion or component thereof; (v) remove or modify any proprietary markings or restrictive legends placed on the Platform; (vi) use the Platform, or any portion or component thereof in violation of any applicable law, in order to build a competitive product or service, or for any purpose not specifically permitted in this Agreement; (vii) introduce, post, or upload to the Platform any virus, worm, “black door,” Trojan Horse, or similar harmful code; (viii) save, store, or archive any portion of the services (including, without limitation, any data contained therein) outside the Platform other than those outputs generated through the intended functionality of the Platform without the prior, written permission of Scribacare in each instance; (ix) use the Platform in connection with service bureau, timeshare, service provider or like activity whereby you operate the Platform for the benefit of a third party; or (x) circumvent any processes, procedures, or technologies that we have put in place to safeguard the Platform.
If you violate this section, we reserve the right in our sole discretion to immediately deny you access to the Platform, or any portion of thereof, without notice. We reserve the right to change the availability of any feature, function, or content relating to the Platform, at any time, without notice or liability to you.
2. AUTHORIZED USERS
Your employees and contractors who access and use the Platform on your behalf are referred to herein as “Authorized Users.” Each Authorized User must create an account by providing his/her email address and creating a password (collectively “Login Credentials”). Login Credentials cannot be shared between Authorized Users or by any Authorized User with a third party. Login Credentials must be kept confidential. You agree to immediately notify us of any unauthorized use or suspected unauthorized use of any Login Credentials. You are fully responsible for all activities, and use or misuse of the Platform, that is associated any Authorized User’s Login Credentials. You are also responsible for ensuring that your Authorized Users comply with these Terms of Use. You will promptly inform us of any need to deactivate or change any Login Credentials. We have the right to disable any Platform account username or password at any time for any reason, including if in our sole discretion we believe that you have failed to comply with these Terms of Use.
3. USE OF PERSONAL INFORMATION
Your use of the Platform may involve the transmission to us of certain personal information. Our policies with respect to the collection and use of such personal information are governed according to our Privacy Policy, which is hereby incorporated by reference in its entirety.
4. OWNERSHIP
The Platform contains material, such as software, text, graphics, images, sound recordings, audiovisual works, and other material provided by or on behalf of Scribacare (collectively referred to as the “Content”). The Content may be owned by us or by third parties. The Content is protected under both United States and foreign laws. Unauthorized use of the Content may violate copyright, trademark, and other laws. You have no rights in or to the Content, and you will not use the Content except as permitted under this Agreement. No other use is permitted without prior written consent from us. You must retain all copyright and other proprietary notices contained in the original Content on any copy you make of the Content. You may not sell, transfer, assign, license, sublicense, or modify the Content or reproduce, display, publicly perform, make a derivative version of, distribute, or otherwise use the Content in any way for any public or commercial purpose. The use or posting of the Content on any other website or in a networked computer environment for any purpose is expressly prohibited.
The Services are licensed, not sold to You, for use only in accordance with this Agreement. We reserve all rights not expressly granted to You. The Services are protected by United States copyright laws and international copyright treaties, as well as by other intellectual property laws and treaties. Except as expressly permitted herein, You may not make a copy of the Services or any associated User Documentation. Additionally, You may reproduce all User Documentation for use solely by Administrators and Users provided that; You reproduces all copyright, confidentiality and other proprietary notices that are on the original copy of the User Documentation.
If you violate any part of this Agreement, your permission to access and/or use the Content, and the Platform automatically terminates and you must immediately destroy any copies you have made of the Content. The trademarks, service marks, and logos of Scribacare (the “Scribacare Trademarks”) used and displayed on the Platform are registered and unregistered trademarks or service marks of Scribacare. Other company, product, and service names located on the Platform may be trademarks or service marks owned by others (the “Third-Party Trademarks,” and, collectively with Scribacare Trademarks, the “Trademarks”). Nothing on the Platform should be construed as granting, by implication, estoppel, or otherwise, any license or right to use the Trademarks, without our prior written permission specific for each such use. Use of the Trademarks as part of a link to or from any website is prohibited unless establishment of such a link is approved in advance by us in writing. All goodwill generated from the use of Scribacare Trademarks inures to our benefit.
Elements of the Platform are protected by trade dress, trademark, unfair competition, and other state and federal laws and may not be copied or imitated in whole or in part, by any means, including, but not limited to, the use of framing or mirrors. None of the Content may be retransmitted without our express, written consent for each and every instance.
5. YOUR DATA; USAGE DATA; DE-IDENTIFIED DATA; AGGREGATE DATA; AND OUTPUT
For purposes of this Agreement, “Your Data” means any data and information that you and your Authorized Users submit to the Platform, including but not limited to, Patient Recordings (as defined below) and the personal information of Authorized Users; “Patient Recordings” means: (i) the audio and/or video recordings of the sessions between you (or your Authorized Users) and patient (and the patient’s parents, or other family members or friends, to the extent participating in such sessions) that you or your Authorized Users conduct and upload to the Platform; and (ii) the information and data collected and/or gathered by you (or your Authorized Users) during such sessions that you or your Authorized Users upload to the Platform; “Protected Health Information” or “PHI” means as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and related regulation (“HIPAA”); “Usage Data” means anonymous, analytical data that we collect concerning the performance and use of the Platform by you and your Authorized Users, including, without limitation, date and time that you access the Platform, the portions of the Platform visited, the frequency and number of times such pages are accessed, the number of times the Platform is used in a given time period and other usage and performance data; “Output” meaning includes, without limitation, the medical documentation generated by processing Your Data through the Platform and provided to you and your Authorized Users through the Platform.
You own all right, title, and interest in and to Your Data and Output, including all modifications, improvements, adaptations, enhancements, or translations made thereto, and all intellectual rights therein. You hereby grant us a non-exclusive, worldwide, fully paid-up, royalty-free right and license, with the right to grant sublicenses, to reproduce, execute, use, store, archive, modify, perform, display and distribute Your Data: (i) during the term of this Agreement, in furtherance of our obligations hereunder; and (ii) for our internal business purposes, including using such data to analyze, update, and improve the Platform and our analytics capabilities. We will process any PHI included in Your Data in accordance with the Business Associate Agreement attached hereto as Schedule A (“BAA”). You will have sole responsibility for the accuracy, quality, and legality of Your Data. If the terms of this Agreement conflict with the terms of the BAA, the terms of the BAA shall control solely with respect to processing of PHI. By providing Your Data, you agree to be legally bound by the terms and conditions of the BAA, which is made part of this Agreement.
Pursuant to Section 2a of the BAA, we have the right in our sole discretion to use De-identified Data and to disclose such De-identified Data to third parties. We may also link your De-identified Data with your customer ID and use it to customize and train our Platform based on your specific styles and requirements that can be identified from Your Data.
Notwithstanding anything to the contrary herein, we may use, and may permit our third-party service providers to access and use, Your Data, as well as any Usage Data that we may collect, in an anonymous and aggregated form (“Aggregate Data”) for the purposes of operating, maintaining, managing, and improving our products and services including the Platform. Aggregate Data does not identify you. You hereby agree that we may collect, use, publish, disseminate, sell, transfer, and otherwise exploit such Aggregate Data.
6. RETENTION OF YOUR DATA
We retain Your Data in the Platform for the Term of this Agreement and will delete your information no more than 30 days after the termination of the Agreement.
7. FEES
In exchange for your access to and use of the Platform, you agree to pay the fees for the applicable subscription plan that you selected at registration within thirty (30) days of receipt of the invoice. We reserve the right to update and modify our pricing structure with reasonable notice, with any updated pricing for your subscription plan to go into effect the next announced period of service. We reserve the right to institute new or additional fees, at any time upon notice to you. By purchasing a subscription, you agree to pay us through a third-party payment processor of our choosing. We reserve the right to change our third-party payment processor at any time.
8. PLATFORM RULES AND CONFIDENTIALITY
By accessing and/or using the Platform, you hereby agree to comply with the following guidelines:
- You will not use the Platform for any unlawful purpose;
- You will not access or use the Platform to collect any market research for a competing business;
- You will not upload, post, e-mail, transmit, or otherwise make available any content that: infringes any copyright, trademark, right of publicity, or other proprietary rights of any person or entity; or constitutes promotion or advertising of any third-party website, product, or service; or is defamatory, libelous, indecent, obscene, pornographic, sexually explicit, invasive of another’s privacy, promotes violence, or contains hate speech (i.e., speech that attacks or demeans a group based on race or ethnic origin, religion, disability, gender, age, veteran status, and/or sexual orientation/gender identity); or discloses any sensitive information about another person, including that person’s e-mail address, postal address, phone number, credit card information, or any similar information.
- You will not impersonate any person or entity or falsely state or otherwise misrepresent your affiliation with a person or entity;
- You will not decompile, reverse engineer, or disassemble any software or other products or processes accessible through the Platform;
- You will not cover, obscure, block, or in any way interfere with any advertisements and/or safety features on the Platform;
- You will not circumvent, remove, alter, deactivate, degrade, or thwart any of the protections in the Platform;
- You will not use automated means, including spiders, robots, crawlers, data mining tools, or the like to download or scrape data from the Platform, directly or indirectly, except for Internet search engines (e.g., Google) and non-commercial public archives (e.g., archive.org) that comply with our robots.txt file;
- You will not take any action that imposes or may impose (in our sole discretion) an unreasonable or disproportionately large load on our technical infrastructure; and
- You will not interfere with or attempt to interrupt the proper operation of the Platform through the use of any virus, device, information collection or transmission mechanism, software or routine, or access or attempt to gain access to any data, files, or passwords related to the Platform through hacking, password or data mining, or any other means.
We reserve the right, in our sole and absolute discretion, to deny you (or any device) access to the Platform, or any portion thereof, without notice.
You acknowledge and agrees that any and all information emanating from our business in any form is “Confidential Information,” and You agree that it will not, during or after the term of this Agreement, permit the duplication, use, or disclosure of any such Confidential Information to any person (other than an employee, agent, or representative of the other party who must have such information for the performance of its obligation hereunder), unless such duplication, use, or disclosure is specifically authorized by the other party in writing. You shall:
(a) Not disclose any Confidential Information to any third person without the express written consent of the disclosing party;
(b) not use, directly, indirectly, or in concert with any other person, any Confidential Information for any purpose other than the performance of their obligations under this Agreement;
(c) use reasonable diligence, and in no event less than that degree of care that such party uses in respect to its own confidential information of like nature, to prevent the unauthorized disclosure or reproduction of such information. Without limiting the generality of the foregoing, to the extent that this Agreement permits the copying of Confidential Information, all such copies shall bear the same confidentiality notices, legends, and intellectual property rights designations that appear in the original versions.
For the purposes of this Section, the term “Confidential Information” shall not include: information that is in the public domain; information known to the recipient party as of the date of this Agreement as indicated by the recipient’s written records, unless the recipient party agreed to keep such information in confidence at the time of its receipt; and information properly obtained hereafter from a source who is not under an obligation of confidentiality with respect to such information; is independently developed by the receiving party through persons who have not had, either directly or indirectly, access or knowledge of such Confidential Information which can be verified by independent evidence; or is obligated to be produced under a court order of competent jurisdiction or a valid administrative or congressional subpoena. You acknowledge that a breach or threatened breach of its obligations hereunder would cause immediate and irreparable harm to us for which monetary damages would be an inadequate remedy, and that We shall be entitled to injunctive relief without the necessity of posting bond or other security.
Unless otherwise agreed to by the Parties in writing, We may use Customer’s name and/or logo to refer to You as our customer on our website and other marketing materials.
9. RESTRICTIONS
The Platform is available only for individuals aged 18 years or older. If you are under 18 years of age, then please do not access and/or use the Platform. By entering into this Agreement, you represent and warrant that you are 18 years or older.
10. FEEDBACK
We welcome and encourage you to provide feedback, comments, and suggestions for improvements to the Platform and our services (“Feedback”). Although we encourage you to e-mail us, we do not want you to, and you should not, e-mail us any content that contains confidential information. With respect to any Feedback you provide, we shall be free to use and disclose any ideas, concepts, know-how, techniques, or other materials contained in your Feedback for any purpose whatsoever, including, but not limited to, the development, production and marketing of products and services that incorporate such information, without compensation or attribution to you.
11. NO WARRANTIES; LIMITATION OF LIABILITY
THE PLATFORM, THE CONTENT AND OUR SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND NEITHER WE NOR OUR SUPPLIERS MAKE ANY WARRANTIES WITH RESPECT TO THE SAME OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT, AND WE HEREBY DISCLAIM ANY AND ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. TO THE EXTENT THAT WE AND OUR SUPPLIERS MAY NOT AS A MATTER OF APPLICABLE LAW DISCLAIM ANY IMPLIED WARRANTY, THE SCOPE AND DURATION OF SUCH WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW. THE PLATFORM, THE CONTENT, AND THE OUTPUT ARE NOT INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT ANY DISEASE OR HEALTH CONDITION. YOU AND YOUR AUTHORIZED USERS ARE SOLELY RESPONSIBLE AND LIABLE FOR ANY MEDICAL CONCLUSIONS OR TREATMENT DECISIONS YOU MAKE BASED UPON ANY OUTPUT PROVIDED AND/OR MADE AVAILABLE THROUGH THE PLATFORM. THE PLATFORM, THE CONTENT AND THE OUTPUT IS NOT INTENDED TO BE A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT. WE DO NOT WARRANT, GUARANTEE OR MAKE ANY REPRESENTATION TO YOU OR ANY AUTHORIZED USER REGARDING THE USE OR PERFORMANCE OF THE PLATFORM, OR ANY COMPONENT THEREOF OR ANY OUTPUT PRODUCED BY THE PLATFORM. WE WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH ANY USE OF THE PLATFORM, AND/OR THE OUTPUT. WE ARE NOT RESPONSIBLE FOR ANY DECISIONS TAKEN BY YOU OR ANY OF YOUR AUTHORIZED USERS BASED ON THE OUTPUT PRODUCED AND/OR MADE AVAILABLE THROUGH THE PLATFORM. YOU AND EACH OF YOUR AUTHORIZED USER AGREES THAT ITS USE OF THE PLATFORM, THE OUTPUT, OR ANY COMPONENT THEREOF IS ENTIRELY AT HIS/HER OWN RISK.
WITHOUT LIMITING THE FOREGOING, WE DO NOT WARRANT, GUARANTEE OR MAKE ANY REPRESENTATION, NOR SHALL WE BE RESPONSIBLE FOR (A) THE CORRECTNESS, ACCURACY, RELIABILITY, COMPLETENESS OR CURRENCY OF THE PLATFORM; OR (B) ANY RESULTS ACHIEVED OR ACTION TAKEN BY YOU IN RELIANCE ON THE PLATFORM OR THE OUTPUT OF THE PLATFORM. ANY DECISION, ACT OR OMISSION OF YOURS THAT IS BASED ON THE PLATFORM OR OUTPUT OF THE PLATFORM IS AT YOUR OWN AND SOLE RISK. THE PLATFORM AND THE OUTPUT IS PROVIDED AS A CONVENIENCE ONLY AND DOES NOT REPLACE THE NEED TO REVIEW THE OUTPUT ACCURACY, COMPLETENESS AND CORRECTNESS.
IN CONNECTION WITH ANY WARRANTY, CONTRACT, OR COMMON LAW TORT CLAIMS: (I) WE SHALL NOT BE LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS INTERRUPTION RESULTING FROM THE USE OR INABILITY TO ACCESS AND USE THE PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (II) ANY DIRECT DAMAGES THAT YOU AND YOUR AUTHORIZED USERS MAY SUFFER AS A RESULT OF YOUR USE OF THE PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED SERVICES SHALL BE LIMITED TO THE GREATER OF ONE HUNDRED DOLLARS ($100) OR THE TOTAL FEES PAID BY YOU TO USE IN THREE (3) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM ARISES.
12. EXTERNAL SITES
The Platform may contain links to third-party websites (“External Sites”). These links are provided solely as a convenience to you and not as an endorsement by us of the content on such External Sites. The content of such External Sites is developed and provided by others. You should contact the website administrator or webmaster for those External Sites if you have any concerns regarding such links or any content located on such External Sites. We are not responsible for the content of any linked External Sites and do not make any representations regarding the content or accuracy of materials on such External Sites. You should take precautions when downloading files from all websites to protect your computer from viruses and other destructive programs. If you decide to access linked External Sites, you do so at your own risk.
13. REPRESENTATIONS AND WARRANTIES
You represent and warrant that you have: (i) all rights and permissions necessary to provide us with or grant us access to and use of Your Data, and (ii) obtained all necessary and appropriate consents, permissions, and authorizations in accordance with all applicable laws and regulations with respect to Your Data provided hereunder, including but not limited to, consents from patients, their parents and/or legal guardians, including consents to record patient’s visit sessions and authorization for the use, exchange and disclosure of any applicable PHI (collectively, “Consents”).
14. INDEMNIFICATION
You will indemnify, defend, and hold us, our affiliates, and our and their respective shareholders, members, officers, directors, employees, agents, and representatives (collectively, “Scribacare Indemnitees”) harmless from and against any and all damages, liabilities, losses, costs, and expenses, including reasonable attorney’s fees (collectively, “Losses”) incurred by any Scribacare Indemnitee in connection with a third-party claim, action, or proceeding (each, a “Claim”) arising from your or your Authorized User’ (i) breach of this Agreement, including but not limited to, any breach of your representations and warranties; (ii) misuse of the Platform, the Output, and/or the Content; (iii) negligence, gross negligence, willful misconduct, fraud, misrepresentation or violation of law and regulation; or (iv) violation of any third-party right, including without limitation any copyright, trademark, property, or privacy right; provided, however, that the foregoing obligations shall be subject to our: (i) promptly notifying you of the Claim; (ii) providing you, at your expense, with reasonable cooperation in the defense of the Claim; and (iii) providing you with sole control over the defense and negotiations for a settlement or compromise.
15. COMPLIANCE WITH APPLICABLE LAWS
The platform is based on Microsoft Azure for all data hosting services.
Microsoft has designed Azure with industry-leading security controls, compliance tools, and privacy policies to safeguard data stored in the cloud, including:
HIPAA/HITECH - Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act for protection of Protected Healthcare Information (PHI) within the US
ISO/IEC 27018 - Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors
EU-U.S. Privacy Shield Framework for transfer of personal data to the US
EU GDPR - General Data Protection Regulations for personal data protection and privacy within the European Union
California Consumer Privacy Act (CCPA) for personal data protection and privacy for residents of California
More info is available on Microsoft Azure website - https://learn.microsoft.com/en-us/azure/compliance/
The Platform is based in the United States. We make no claims concerning whether the Platform may be viewed or be appropriate for use outside of the United States. If you access the Platform from outside of the United States, you do so at your own risk. Whether inside or outside of the United States, you are solely responsible for ensuring compliance with the laws and regulations of your specific jurisdiction.You shall not use the platform in violation of any law or regulation. You will indemnify us of any harm to us of any use that is in violation of any law or regulation.
You represent that You are not named on any U.S. government denied-party list.
You shall ensure that your use of the Software and the Services complies with all applicable laws, including, without limitation, the Health Insurance Portability and Accountability Act (“HIPAA”) and other data privacy laws. You represent and warrant that you shall be solely responsible for obtaining and maintaining any and all consents, authorizations, or permissions that maybe required by the HIPAA Privacy Rule, 42 CFR Part 2 (“Confidentiality of SubstanceUse Disorder Patient Records or other applicable federal or state data privacy laws and regulations before disclosing to Business Associate the Protected Health Information pertaining to an Individual. Without limiting the generality of the foregoing, you shall not request us to use or disclose Protected Health Information (as defined in the BAA) in any manner that would not be permissible under HIPAA if done by you (unless permitted by HIPAA for a Business Associate).
16. TERM; TERMINATION
Your right to access and use the Platform will commence upon your acceptance of these Terms of Use and will continue for the duration of the subscription plan that you selected at registration (the “Term”). Thereafter, the Term will automatically renew for consecutive terms equivalent to the duration of your subscription plan, unless either of us notifies the other at least thirty (30) days prior to the expiration of the then-current renewal term of its intention to not renew.
We reserve the right to change, suspend, discontinue or terminate your access and use of all or any part of the Platform at any time without prior notice or liability. Sections 4, 5, 6, 7, and 9-21 shall survive the termination of these Terms of Use.
17. BINDING ARBITRATION
(a) Any controversy or claim, whether based on contract, tort, strict liability, fraud, misrepresentation, or any other legal theory, related directly or indirectly to this Agreement (the “Dispute”) shall be resolved solely in accordance with the terms of this Section. Each party reserves the right to seek an injunction or other equitable relief in court to prevent or stop a breach of this Agreement or a violation of any rights that such party has under statutory law.
(b) If the Dispute cannot be settled by good faith negotiation between the parties, We and You will submit the Dispute to non-binding mediation. If complete agreement cannot be reached within thirty (30) days of submission to mediation, any remaining issues will be resolved by binding arbitration in accordance with paragraphs (c) and (d) below. The Federal Arbitration Act, 9 U.S.C. Sections 1 to 15, not state law, will govern the arbitrability of all Disputes.
(c) A single arbitrator who, unless otherwise agreed, is an attorney knowledgeable in the computer software field or in commercial matters will conduct the arbitration. The arbitrator’s decision and award will be final and binding and may be entered in any court with jurisdiction. The arbitrator will not have authority to limit, expand or otherwise modify the terms of this Agreement. The place of the arbitration shall be Miami, Florida. The arbitrator will not be empowered to determine issues of arbitrability nor to award exemplary or punitive damages. On motion, the arbitrator may determine to offer limited discovery, but in determining whether to permit discovery shall balance the benefit of the requested discovery against the burden on the party against whom discovery is sought.
(d) The mediation and, if necessary, the arbitration will be conducted under the then current rules of the alternate dispute resolution (“ADR”) firm selected by the parties, or if the parties are unable to agree on an ADR firm, the parties will conduct the mediation and, if necessary, the arbitration under the then current rules and supervision of the American Arbitration Association. Each party will each bear its own attorneys’ fees associated with the mediation and, if necessary, the arbitration. The parties will pay all other costs and expenses of the mediation/arbitration as the rules of the selected ADR firm provide. The parties and their representatives shall hold the existence, content and result of the mediation and arbitration in confidence.
The parties shall cooperate in good faith in the voluntary and informal exchange of all non-privileged documents and other information (including electronically stored information) relevant to the Dispute immediately after commencement of the arbitration. As set forth in Section 17, nothing in this Agreement will prevent us from seeking injunctive relief in any court of competent jurisdiction as necessary to protect our proprietary interests.
18. CLASS ACTION WAIVER
You agree that any arbitration or proceeding shall be limited to the Dispute between us and you individually. To the full extent permitted by law, (i) no arbitration or proceeding shall be joined with any other; (ii) there is no right or authority for any Dispute to be arbitrated or resolved on a class action basis or to utilize class action procedures; and (iii) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons. YOU AGREE THAT YOU MAY BRING CLAIMS AGAINST US ONLY IN YOUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
19. EQUITABLE RELIEF
You acknowledge and agree that in the event of a breach or threatened violation of our intellectual property rights and confidential and proprietary information by you, we will suffer irreparable harm and will therefore be entitled to injunctive relief to enforce this Agreement. We may, without waiving any other remedies under this Agreement, seek from any court having jurisdiction any interim, equitable, provisional, or injunctive relief that is necessary to protect our rights and property pending the outcome of the arbitration referenced above. You hereby irrevocably and unconditionally consent to the personal and subject matter jurisdiction of the federal and state courts in the State of Florida for purposes of any such action by us.
20. CONTROLLING LAW; EXCLUSIVE FORUM
The Agreement and any action related thereto will be governed by the laws of the State of Florida without regard to its conflict of laws provisions. The Parties hereby consent and agree to the exclusive jurisdiction of the state and federal courts located in the State of Florida for all suits, actions, or proceedings directly or indirectly arising out of or relating to this Agreement, and waive any and all objections to such courts, including but not limited to, objections based on improper venue or inconvenient forum, and each party hereby irrevocably submits to the exclusive jurisdiction of such courts in any suits, actions, or proceedings arising out of or relating to this Agreement.
21. MISCELLANEOUS
You may not assign any of your rights, duties, or obligations under these Terms of Use to any person or entity, in whole or in part, without written consent from us. Our failure to act on or enforce any provision of the Agreement shall not be construed as a waiver of that provision or any other provision in this Agreement. No waiver shall be effective against us unless made in writing, and no such waiver shall be construed as a waiver in any other or subsequent instance. Except as expressly agreed by us and you in writing, the Agreement constitutes the entire agreement between you and us with respect to the subject matter, and supersedes all previous or contemporaneous agreements, whether written or oral, between the parties with respect to the subject matter. The section headings are provided merely for convenience and shall not be given any legal import. This Agreement will inure to the benefit of our successors, assigns, licensees, and sublicensees.
SCHEDULE A
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (“BAA”) is by and between Scribacare, Inc. (“Business Associate”), and Customer (“Covered Entity” or “Business Associate”), and is effective as of the Effective Date.
WHEREAS, pursuant to these Terms of Use, Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information (“PHI”), and pursuant to such Terms of Use, Business Associate may be considered a “business associate” of Covered Entity; and
WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Provider Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR § 160 and § 164 (the “HIPAA Rules”), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”), in each case as amended from time to time; and
WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, as the same may be amended from time to time.
NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:
1. Definitions.
Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in 45 CFR Parts 160, 162, and 164, or the HITECH Act.
2. Obligations of Business Associate.
a. Permitted Uses and Disclosures.
Business Associate agrees to only Use or Disclose PHI as necessary in order to perform the services set forth in the Provider Agreement, as permitted under this BAA, or as Required by Law. Business Associate shall have the right to de-identify any and all PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. 164.514(a)-(c) (“De-identified Data”). Business Associate may Use or Disclose such De-identified Data to third parties at its discretion, as such De-identified Data does not constitute PHI and is not subject to the terms of this BAA. Business Associate shall own all right, title, and interest in and to such De-identified Data.
b. Nondisclosure.
Business Associate shall not Use or further Disclose PHI other than as permitted or required by this BAA.
c. Safeguards.
Business Associate shall use appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities.
d. Reporting of Disclosures; Mitigation.
Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this BAA of which Business Associate becomes aware. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.
e. Business Associate’s Agents.
Business Associate shall ensure that any subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.
f. Availability of Information to Covered Entity.
Business Associate shall make available to Covered Entity such information as Covered Entity may request, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR §§ 164.524 and 164.528. Requests for information must be submitted at least 14 days in advance of the due date.
g. Amendment of PHI.
Business Associate shall make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR § 164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate.
h. Internal Practices.
Business Associate shall make its internal practices, books, and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the HIPAA Rules.
i. Documentation of Disclosures for Accounting.
Business Associate may document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
j. Access to Documentation for Accounting.
Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity, information documented in accordance with Section 2(i) of this BAA in a time and manner as to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
k. Notification of Breach.
During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) days of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity.
l. Minimum Necessary.
When using, disclosing, or requesting PHI from the Covered Entity, or in accordance with any provision of this BAA, Business Associate shall limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
3. Obligations of Covered Entity.
a. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy, and security of PHI transmitted to Business Associate pursuant to the BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate.
b. Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.
c. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.
d. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures.
4. Term and Termination.
a. Term. The Term of this BAA shall become effective as of the Effective Date and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed, or, if it is infeasible to destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section. The provisions of this BAA shall survive termination of the BAA to the extent necessary for compliance with HIPAA and the HIPAA Rules.
b. Material Breach. A material breach by either party of any provision of this BAA shall constitute a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30) days of receipt of notice describing the material breach.
c. Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other party that constitutes a material breach or violation of the other party’s obligations under the provisions of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation, as applicable, within a period of time which shall in no event exceed thirty (30) days. If the breaching party’s efforts to cure such breach or violation are unsuccessful, the non-breaching party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breaching party’s breach or violation to the Secretary.
d. Judicial or Administrative Proceedings. Either party may terminate the BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined.
e. Effect of Termination.
1. Except as provided in paragraph (e)(2) of this Section or if required by law or regulation to be maintained by Business Associate, upon termination of the BAA for any reason, Business Associate shall, within 30 days, destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.
2. In the event that Business Associate determines that destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section shall survive the termination of the BAA.
5. Amendment to Comply with Law. The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of the BAA may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall promptly enter into negotiations concerning the terms of an amendment to the BAA embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party may terminate the BAA upon thirty (30) days’ written notice in the event the other party does not promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or does not enter into an amendment to the BAA providing assurances regarding the safeguarding of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or any other applicable laws relating to security and privacy of PHI.
6. No Third Party Beneficiaries. Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third party beneficiary of this BAA.
7. Effect on BAA. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and effect.
8. Interpretation. This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.
9. Regulatory References. A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.