As more healthcare providers integrate personal devices in their practices, there’s a growing risk of HIPAA violations with sensitive patient images. Here’s how to protect patient privacy.
PrivateEyeHC Terms of Service
MyMobile ER, LLC (“Company”/“us”/“we”), provides a messaging and communications service called “MyMobileHC” or “PrivateEye™” through our application for mobile devices, tablet computers and similar devices (the “App”) and provides access to Collective Content (defined below), collectively the App and Collective Content are referred to herein as the “Services”). Please read carefully the following terms and conditions of this End User Agreement (“Agreement”).
BY CLICKING ON THE “AGREE” OR “I ACCEPT” BUTTON, OR ACCESSING OR USING THE SERVICES INCLUDING BY DOWNLOADING OR POSTING ANY CONTENT FROM OR THROUGH THE SERVICES, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTAND AND AGREE TO BE BOUND BY, THIS AGREEMENT WHICH CONSTITUTE A BINDING LEGAL AGREEMENT BETWEEN YOU AND COMPANY. YOU HAVE NO RIGHT TO ACCESS OR USE THE SERVICES OR COLLECTIVE CONTENT UNLESS YOU AGREE TO THIS AGREEMENT. If you accept or agree to this Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the Agreement and, in such event, “you” and “your” extends beyond you to also refer and apply to that company or other legal entity. If you are using the Services on behalf of a company, medical practice or other legal entity, you are nevertheless individually bound by this Agreement even if your company has a separate agreement with us.
The purpose of the App is to provide medical professionals and those working with medical professionals a HIPAA-compliant app in which patient health information can be securely shared among other medical professionals.
1. KEY CONTENT-RELATED TERMS
“Content” means text, graphics, images, software (excluding the App) information, messages or other materials.
“Collective Content” means, collectively, Company Content and Registered User Content. Certain areas of the App (and your access to or use of certain Collective Content) may have different terms and conditions posted or may require you to agree with and accept additional terms and conditions. If there is a conflict between this Agreement and terms and conditions posted for a specific area of the Services, App or Collective Content, the latter terms and conditions will take precedence with respect to your use of or access to that area of the Services, App or Collective Content. Unless explicitly stated otherwise, any new features that augment or enhance the current Services in future shall be subject to the Agreement; they will be available on the App and you are deemed to have accepted them.
“Company Content” means Content that we make available through the Services including any Content licensed from a third party, but excluding Registered User Content.
“Photo Sharing” means Company’s photo sharing feature which allows one Registered User to share and comment on a photograph taken with a Company-registered mobile device, with one or more Registered Users.
“Registered User” and “you” means a person that completes Company’s account registration process, as described in the “Account Registration” section below.
“Registered User Content” means Content a Registered User posts, uploads, publishes, submits, or transmits to be made available through the Services.
Company reserves the right, at its sole discretion, to modify, discontinue or terminate the Services (or any aspect thereof) or to modify this Agreement, at any time and without prior notice. If we modify this Agreement we will post the modification via the App or provide you with other notice in Company’s sole discretion of the modification. By continuing to access or use the Services after we have posted a modification or have provided you with notice of a modification, you agree to be bound by the modified Agreement. If the modified Agreement is not acceptable to you, you agree to immediately stop using the Services.
3. ACCOUNT REGISTRATION; CONDITIONS ON ACCESS AND USE OF SERVICES
3.1 COMPLIANCE WITH LAWS.
You are responsible for ensuring that your use of the Services complies with the laws of your country of residence and you assume the risks (including indemnity under Section 12) attendant to the use of the Services and the use of any materials that you provide. You must register to create an account (“Account”) and become a “Registered User” to use the Services.
To access the Services, you must login with your Doximity credentials. You are responsible for all activity that occurs in association with your account. You agree to: (1) keep your password secure and confidential; (2) not permit others to use your login credentials to access your account; (3) refrain from using other Registered Users' accounts; (4) refrain from selling, trading, or otherwise transferring your Doximity account or any information and content of another Doximity user to another party; and (5) refrain from charging anyone for access to any portion of Doximity, or any information therein. Further, you are responsible for anything that happens through your account until you close down your account or prove that your account security was compromised due to no fault of your own.
Use of the Services is void where prohibited by law or otherwise. By using the Services, you represent and warrant that you have the right, authority, and capacity to agree to and abide by this Agreement and that you are not prohibited from using the Services. You understand that your use of the Services may involve or require the transmission of significant amounts of data. You are solely responsible for all data charges that may be charged by your wireless carrier or internet service provider or that may otherwise arise from your use of the Services.
3.3 SUBSCRIPTION/USAGE FEES.
Company does not currently charge fees for the use of the Services. However, you acknowledge and agree that Company reserves the right, in its sole discretion, to charge you for and collect fees from you for the use of the Services and to send and receive communications. Company will provide notice of any fee collection via the Services prior to implementing such a fee, and you will have a choice at that time to continue to use the Services or not. If you choose not to pay, Company reserves the right to immediately terminate your access to the Services.
4.1 NO DIAGNOSTIC SERVICE.
COMPANY’S SERVICES ARE INTENDED AS PRIMARILY AN EDUCATIONAL TOOL FOR MEDICAL PROFESSIONALS AND IS NOT INTENDED TO SERVE THE FOLLOWING NEEDS: AS A DIAGNOSTIC SERVICE; AS A CONFIRMATORY SERVICE TO PROVIDE CERTAINTY IN DIAGNOSIS; TO SELECT, GUIDE, OR PROMOTE THERAPY OF MEDICAL CONDITIONS; FOR USE IN HAZARDOUS OR MISSION-CRITICAL CIRCUMSTANCES OR FOR USES REQUIRING FAIL-SAFE PERFORMANCE; OR IN SITUATIONS WHERE FAILURE COULD LEAD TO DEATH OR PERSONAL INJURY (COLLECTIVELY, “UNAUTHORIZED PURPOSES”). BECAUSE COMPANY HAS NOT BEEN DESIGNED, INTENDED, OR AUTHORIZED FOR SUCH UNAUTHORIZED PURPOSES, YOU SHALL NOT USE THE SERVICES FOR SUCH PURPOSES OR UNDER SUCH CIRCUMSTANCES. YOU FURTHER ACKNOWLEDGE THAT THE USE OF COMPANY’S SERVICES FOR SUCH UNAUTHORIZED PURPOSES MAY CONSTITUTE A VIOLATION OF LAWS APPLICABLE TO THE PRACTICE OF MEDICINE OR OTHER HEALTH PROFESSION(S).
4.2 NO WARRANTY.
YOUR RELIANCE UPON THE CONTENT OBTAINED OR USED BY YOU THROUGH THE SERVICES IS SOLELY AT YOUR OWN RISK.
4.3 PHOTO SHARING FEATURE; NO MEDICAL SERVICES.
COMPANY’S SERVICES ARE INTENDED TO BE UTILIZED BY MEDICAL PROFESSIONALS FOR EDUCATION, FEEDBACK AND DISCUSSION. THE SERVICES ARE NOT INTENDED FOR USE BY PATIENTS SEEKING MEDICAL ADVICE. NEITHER THE USER SHARING THE PHOTO NOR THE USERS WHO CHOOSE TO COMMENT ON THE PHOTO ARE INTENDING TO OR ARE PROVIDING MEDICAL SERVICES BY DOING SO. A REGISTERED USER USING THE PHOTO SHARING FEATURE IS NOT REQUESTING AND SHALL NOT REQUEST A MEDICAL CONSULTATION OF ANY KIND; YOU ARE SOLELY REQUESTING FEEDBACK, EDUCATION, AND DISCUSSION. YOU ACKNOWLEDGE THAT YOU ARE NOT REQUESTING MEDICAL SERVICES OF ANY KIND OR INTENDING TO CREATE ANY KIND OF PHYSICIAN/PATIENT RELATIONSHIP BY USING THE SERVICES AND BY RESPONDING TO OR ENGAGING IN ANY KIND OF CONVERSATION RELATED TO THE PHOTO BEING SHARED ON THE APP. A USER RESPONDING TO A PHOTO IS NOT GIVING AND SHALL NOT GIVE MEDICAL ADVICE OF ANY KIND. YOU ACKNOWLEDGE THAT BY RESPONDING TO ANOTHER USER’S SHARED PHOTO AND PROVIDING INFORMATION, YOU, AS A SPECIALIST OR OTHER REGISTERED USER, ARE NOT AND SHALL NOT PROVIDE MEDICAL SERVICES OR CREATE OR INTEND TO CREATE A PHYSICIAN/PATIENT RELATIONSHIP OR TO ACT AS A MEDICAL CONSULTANT.
THE COMPANY IS NOT LIABLE FOR ANY MEDICAL DECISION MAKING, AND THE SERVICES ARE ONLY MEANT TO AUGMENT CLINICAL DECISION MAKING AND COMMUNICATION, BASED ON YOUR OWN MEDICAL KNOWLEDGE, PROFESSIONALISM AND COMMUNICATION. THE COMPANY MAKES NO WARRANTEES AND ACCEPTS NO LIABILITY REGARDING THE ACCURACY OF DIAGNOSIS, AS IT IS LIMITED TO QUALITY OF IMAGES OF PHONE MAKERS, YOUR PHOTOGRAPHY AND CONTEXT.
We welcome and encourage you to provide feedback, comments, and suggestions for improvements to the Services (“Feedback”). You may submit Feedback by emailing us. You acknowledge and agree that if you submit any Feedback to us, you hereby grant to us a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sub-licensable (through several tiers) and transferable license under any and all intellectual property rights that you own or control in relation to the Feedback to use, reproduce, view, communicate to the public by any means, print, copy (whether onto hard disk or other media), edit, translate, perform and display (publicly or otherwise), distribute, redistribute, modify, adapt, make, sell, offer to sell, transmit, license, transfer, stream, broadcast, create derivative works from, and otherwise use and exploit the Feedback for any purpose.
5.3 USER CONTENT TERMS.
All content generated by a Registered User including all message data transmitted using Photo Sharing, must comply with local, national, provincial, state, and federal privacy legislation and best practices. All electronic personal health information communicated will be subject to the Business Associate Agreement attached as Exhibit A.
5.4 OWNERSHIP OF CONTENT.
If you submit content to Company, you are authorizing Company to act as your agent to issue take-down notices under the Digital Millennium Copyright Act (the “DMCA”) and/or any other similar legislation that allows the submission of requests to Internet Service Providers for the purpose of removing infringing or allegedly infringing materials. You will be responsible for monitoring and enforcing your copyright. If Company does become aware of infringement, then Company, at its sole discretion, may elect to issue take-down notices under the DMCA or similar legislation.
5.5 USER CONTENT WARRANTIES.
You acknowledge and agree that you are solely responsible for all Registered User Content that you make available through the Services. Accordingly, you represent and warrant that: (i) you either are the sole and exclusive owner of all Registered User Content that you make available through the Services or you have all rights, licenses, consents and releases that are necessary to grant to Company the rights in such Registered User Content, as contemplated under this Agreement; and (ii) neither the Registered User Content nor your posting, uploading, publication, submission, or transmittal of the Registered User Content or Company’s use of the Registered User Content (or any portion thereof) on, through or by means of the Services will (a) infringe, misappropriate, or violate a third party’s patent, copyright, trademark, trade secret, moral rights, or other intellectual property rights, or rights of publicity or privacy, or (b) result in the violation of any applicable law or regulation, including, but not limited to any applicable laws, rules, or regulations relating to personal health information, personal information and privacy, the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable National, Provincial, State, and Federal privacy laws (collectively, the “Privacy Laws”) depending on your country or jurisdiction of access to the App. You retain the sole responsibility of your individual compliance with applicable laws.
You acknowledge and agree that some of the Services may be supported by advertising revenue and may contain advertisements or promotions. If you elect to have any personal, professional or business dealings with anyone whose products or services may be advertised on the Services, you acknowledge and agree that such dealings are solely between you and such advertiser and you further acknowledge and agree that Company shall not have any responsibility or liability for any losses or damages that you may incur as a result of such dealings.
Your representations, warranties, and obligations in this section survive termination of this Agreement.
6. LICENSE TERMS
6.1 COMPANY CONTENT LICENSE GRANT.
Subject to your compliance with the terms and conditions of this Agreement, Company grants you a limited, non-exclusive, non-transferable license: (i) to view any Company Content solely for your personal and non-commercial purposes; and (ii) to view any Registered User Content to which you are permitted access solely for your personal and non-commercial purposes. You have no right to sublicense the license rights granted in this section.
6.2 COMPANY CONTENT LICENSE RESTRICTIONS.
You will not use, copy, adapt, modify, prepare derivative works based upon, distribute, license, sell, transfer, publicly display, publicly perform, transmit, stream, broadcast or otherwise exploit the Services, except as expressly permitted in this Agreement or expressly permitted by applicable copyright laws. No licenses or rights are granted to you by implication or otherwise under any intellectual property rights owned or controlled by Company or its licensors, except for the licenses and rights expressly granted in this Agreement.
6.3 USER CONTENT LICENSE.
We may, in our sole discretion, permit Registered Users to post, upload, publish, submit, or transmit Registered User Content. By making available any Registered User Content on or through the Services, you hereby grant to Company a worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free license, with the right to sublicense (through several tiers), to use, reproduce, view, communicate to the public by any means, print, copy (whether onto hard disk or other media), edit, translate, perform and display (publicly or otherwise), distribute, redistribute, modify, adapt, make, sell, offer to sell, transmit, license, transfer, stream, broadcast, create derivative works from, and otherwise use and exploit such Registered User Content only on, through or by means of the Services or by sublicense to partner or affiliate publications. Company does not claim any ownership rights in any Registered User Content and nothing in this Agreement will be deemed to restrict any rights that you may have to use and exploit any Registered User Content.
6.4 APP LICENSE.
Subject to your compliance with this Agreement, Company grants you a limited non-exclusive, non-transferable license to download and install a copy of the App on your mobile devices and/or computer that you own or control and to run such copies of the App solely for your own personal and professional use. The non-transferable license is also limited by any terms of service provisions required by the vendor from whom you purchased the Company App (e.g., Apple iTunes, Google Play, etc.) (hereinafter, “App Vendor”).
7. PATIENT DATA AND LEGAL COMPLIANCE
7.1 LEGAL OBLIGATIONS.
National, State, and Federal laws, as well as ethical and licensure requirements of your profession and health regulatory college and licensing requirements impose obligations with respect to protection of privacy and patient confidentiality that may limit the ability of physicians, healthcare providers, and persons acting on their behalf, to make use of certain confidential patient information (“Patient Information”) and/or to transmit Patient Information to third parties without express consent.
7.2 COMPLIANCE REPRESENTATIONS AND WARRANTIES.
7.3 COMPANY DISCLAIMER ON PATIENT INFORMATION.
We expressly do not assume any responsibility for your use or misuse of patient information or other information, whether intentional or inadvertent, that is transmitted, monitored, stored or received while using the Services. We reserve the right to amend or delete any Collective Content (along with the right to revoke any membership or restrict access to the Services) that we determine in our sole discretion violates the above. We further do not assume any responsibility to make any determinations regarding your subsequent reporting or notification obligations arising from any use or misuse of Patient Information or other information; these determinations and your actions in response to such determinations remain your sole responsibility.
Your representations, warranties, and obligations in this section survive termination of this Agreement.
8. GENERAL PROHIBITIONS
You agree not to do any of the following:
- Post, upload, publish, submit, or transmit or otherwise make available any Content that you do not have a right to make available under any law or under contractual or fiduciary relationships;
- Post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (iii) is fraudulent, false, misleading, or deceptive; (iv) is defamatory, obscene, pornographic, vulgar, or offensive; (v) promotes discrimination, bigotry, racism, hatred, harassment, or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any person or entity; or (vii) promotes illegal or harmful activities or substances;
- Use, display, mirror or frame the App, or any individual element within the Services, Company’s names, any Company’s trademark, logo, or other proprietary information, or the layout and design of any page or form contained on a page, without Company’s express written consent;
- Access, tamper with, or use non-public areas of the App, Company’s computer systems, or the technical delivery systems of Company’s providers;
- Attempt to probe, scan, or test the vulnerability of any Company system or network or breach any security or authentication measures;
- Avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by Company or any of Company’s providers or any other third party (including another user) to protect the Services;
- Attempt to access or search the Services or download Collective Content from the Services through the use of any engine, software, tool, agent, device, or mechanism (including scripts, bots, spiders, scrapers, crawlers, data mining tools or the like) other than the software and/or search agents provided by Company or other generally available third party web browsers;
- Send any unsolicited or unauthorized advertising, promotional materials, email, junk mail, spam, chain letters, or other form of solicitation, from the App or otherwise;
- Use any meta tags or other hidden text or metadata utilizing a Company trademark, logo URL, or product name without Company’s express written consent;
- Use the Services for any commercial purpose or the benefit of any third party or in any manner not permitted by this Agreement;
- Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Services to send altered, deceptive, or false source-identifying information;
- Attempt to decipher, decompile, disassemble, or reverse engineer any of the software used to provide the Services;
- Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Services;
- Collect or store any personally identifiable information from the Services from other users of the Services without their express permission;
- Impersonate or misrepresent your affiliation with any person or entity;
- Please do not publish sensitive personal information such as your email address, phone number, street address, or other information that is confidential in nature;
- Violate any applicable law or regulation, or any other rules of professional conduct; or
- Encourage or enable any other individual to do any of the foregoing.
The Services may contain links to third-party websites or resources, which do not form part of the Services. You acknowledge and agree that Company is not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the Content, products, or services on or available from such websites or resources for which such third party is solely responsible. Links to such websites or resources do not imply any endorsement by Company of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from your use of any such websites or resources or the Content, products, or services on or available from such websites or resources.
10. TERMINATION AND ACCOUNT CANCELLATION
If you breach any of this Agreement, Company will have the right to suspend or disable your Account or terminate this Agreement, at its sole discretion and without prior notice to you. Company reserves the right to revoke your access to and use of the Services at any time, with or without cause. You may cancel your Account at any time by contacting us. The change will be processed within seven (7) days.
THE SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, COMPANY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF THE COURSE OF DEALING OR USAGE OF TRADE. COMPANY MAKES NO WARRANTY THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.
NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COMPANY OR THROUGH THE SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.
YOU ARE SOLELY RESPONSIBLE FOR ALL OF YOUR COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SERVICES AND WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT WITH AS A RESULT OF YOUR USE OF THE SERVICES. YOU UNDERSTAND THAT COMPANY DOES NOT TAKE RESPONSIBILITY FOR SCREENING OR INQUIRY INTO THE BACKGROUND OF ANY USERS OF THE SERVICES, NOR DOES COMPANY VERIFY OR TAKE RESPONSIBILITY FOR THE STATEMENTS OF USERS OF THE SERVICES. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES AS TO THE CONDUCT OF USERS OF THE SERVICES OR THEIR COMPATIBILITY WITH ANY CURRENT OR FUTURE USERS OF THE SERVICES. YOU AGREE TO TAKE REASONABLE PRECAUTIONS IN ALL COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SERVICES AND WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SERVICE OR APP, PARTICULARLY IF YOU DECIDE TO MEET OFFLINE OR IN PERSON.
You agree to defend, indemnify, and hold Company, its officers, owners, directors, employees and agents, harmless from and against any claims, liabilities, damages, losses, and expenses, proceedings or demands including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Services, or your violation of this Agreement.
13. LIMITATION OF LIABILITY
YOU ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE ENTIRE RISK ARISING OUT OF YOUR ACCESS TO AND USE OF THE SERVICES REMAIN WITH YOU. NEITHER COMPANY NOR ANY OTHER PERSON OR ENTITY INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA, OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES, OR FOR ANY DAMAGES FOR PERSONAL OR BODILY INJURY OR EMOTIONAL DISTRESS ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR FROM THE USE OF OR INABILITY TO USE THE SERVICES, OR FROM ANY COMMUNICATIONS, INTERACTIONS, OR MEETINGS WITH OTHER USERS OF THE SERVICES OR OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SERVICES WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT COMPANY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED IN MEETING ITS ESSENTIAL PURPOSE.
IN NO EVENT WILL COMPANY’S AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR FROM THE USE OF OR INABILITY TO USE THE SERVICES EXCEED ONE HUNDRED DOLLARS ($100). THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN COMPANY AND YOU.
14. PROPRIETARY RIGHTS NOTICES
All trademarks, service marks, logos, trade names, and any other proprietary designations of Company used herein are trademarks or registered trademarks of Company. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties.
15. BUSINESS ASSOCIATE AGREEMENT
The Health Insurance Portability and Accountability Act of 1996 generally requires that covered entities and business associates enter into contracts to ensure that the business associates will appropriately safeguard protected health information. A business associate contract serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. You and Company agree to the terms of the business associates agreement provided in Exhibit A relating to any communications of electronic protected health information.
16. APPLICABLE LAW; JURISDICTION
This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania (excepting any conflict of laws provisions which would serve to defeat application of Pennsylvania law). Each of the parties hereto submits to the exclusive jurisdiction of the state and/or federal courts located within the Commonwealth of Pennsylvania for any suit, hearing or other legal proceeding of every nature, kind and description whatsoever in the event of any dispute or controversy arising hereunder or relating hereto, or in the event any ruling, finding or other legal determination is required or desired hereunder.
17. ENTIRE AGREEMENT
This Agreement together with all documentation and policies referenced herein constitute the entire and exclusive understanding and agreement between Company and you regarding the Services, and this Agreement supersede and replace any and all prior oral or written understandings or agreements between Company and you regarding the Services.
You may not assign or transfer this Agreement, by operation of law or otherwise, without Company’s prior written consent. Any attempt by you to assign or transfer this Agreement, without such consent, will be null and of no effect. Company may assign or transfer this Agreement, at its sole discretion, without restriction. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their successors and permitted assigns.
Any notices or other communications permitted or required hereunder, including those regarding modifications to this Agreement, will be in a written form and given: (i) by Company via email (in each case to the address that you provide); or (ii) via the App. For notices made by email, the date of receipt will be deemed the date on which such notice is transmitted.
The failure of Company to enforce any right or provision of this Agreement will not constitute a waiver of future enforcement of that right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Company Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect.
If you have any questions about this Agreement, please contact My Mobile ER, LLC, 2255 Montrose St., Philadelphia, PA 19146, or online at email@example.com or via mymobilehc.com.
5. PRIVACY & CONTENT TERMS
HIPAA BUSINESS ASSOCIATE AGREEMENT BETWEEN COMPANY AND PROVIDER
THIS HIPAA BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into as of the date that the Registered User (as defined in the End User Agreement and referred to in this Agreement as “Covered Entity”) electronically agrees to the End User Agreement governing the Service. This Agreement is entered into between the Covered Entity and MyMobile ER, LLC ("Business Associate" or “Company”).
WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), which protects the confidentiality of health information;
WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services ("HHS") promulgated Privacy Standards and Security Standards, each as defined below, governing confidential health information;
WHEREAS, Business Associate performs services through its provision of the Company Services (the "Service") on behalf of Covered Entity;
WHEREAS, Business Associate's provision of the Service requires Covered Entity to provide Business Associate with access to confidential health information; and
WHEREAS, in order to comply with the business associate requirements of HIPAA and its implementing regulations, Business Associate and Covered Entity must enter into an agreement that governs the uses and disclosures of such confidential health information by the Business Associate.
NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
(a) Catch-all definition
The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
(b) Specific definitions
Business Associate. “Business Associate” shall generally have the same meaning as the term “Business Associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean MyMobile ER, LLC.
Covered Entity. “Covered Entity” shall generally have the same meaning as the term “Covered Entity” at 45 CFR 160.103.
HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
2. Obligations and Activities of Business Associate
Business Associate agrees to:
- (a) Not use or disclose Protected Health Information other than as permitted or required by this Agreement or as required by law;
- (b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as provided for by this Agreement;
- (c) Promptly report in writing to Covered Entity any use or disclosure of Protected Health Information not provided for by the Agreement of which it becomes aware, including breaches of unsecured Protected Health Information as required at 45 CFR 164.410, and any security incident of which it becomes aware;
- (d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
- (e) Make available Protected Health Information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
- (f) Make any amendment(s) to Protected Health Information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
- (g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
- (h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
- (i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
3. Permitted Uses and Disclosures by Business Associate
- (a) Business Associate may only use Protected Health Information to complete its review and inspection of the Assets (as defined in the Purchase Agreement), but in any event not in any way inconsistent with HIPAA Rules or other applicable law or regulation.
- (b) After the Closing (as defined in the Purchase Agreement), Business Associate may use Protected Health Information permitted under HIPAA Rules.
- (b) Business Associate may use or disclose Protected Health Information as required by law.
- (c) Business Associate agrees to make uses and disclosures and requests for Protected Health Information consistent with Covered Entity’s minimum necessary policies and procedures.
- (d) Business Associate may not use or disclose Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
4. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
- (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.
- (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information.
- (c) Covered Entity shall notify Business Associate of any restriction on the use or disclosure of Protected Health Information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of Protected Health Information.
5. Access to Protected Health Information
- (a) Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.524 to provide Individuals with access to their Protected Health Information.
- (b) Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to access Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
6. Term and Termination
- (a) Term. The Term of this Agreement shall be effective as of the date hereof and, unless earlier terminated pursuant to Section 6(b) of this Agreement, shall continue in effect for as long as Covered Entity is registered for the Service.
- (b) Termination for Cause. Business Associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines Business Associate has violated a material term of this Agreement and such violation continues for thirty (30) days after written notice of such breach has been provided, the party claiming a breach shall have the right to terminate Covered Entity's participation on the Service. Business Associate shall retain no copies of the Protected Health Information.
- (c) Return or Destruction of Protected Health Information; Disposition When Return or Destruction Not Feasible. Upon termination of this Agreement, the parties hereby acknowledge that the return or destruction of PHI received by the Business Associate from Covered Entity is not feasible, and that, therefore, Business Associate may retain a copy of such Protected Health Information provided that: (i) the provisions of this Agreement shall continue to apply to any such information retained following cancellation, termination, expiration, or other conclusion of Covered Entity's participation on the Service; and (ii) Business Associate shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible, for as long as Business Associate maintains such PHI.
- (d) Reasonable Fees. All reasonable fees incurred to cause the return, destruction, or storage of Protected Health Information under this Section 4.3 shall be borne by the Covered Entity.
- (e) Survival. The obligations of Business Associate under this Section shall survive the termination of this Agreement.
- (a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.
- (b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law.
- (c) Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules.
- (d) Binding Effect. This Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective heirs, successors and permitted assignees.
- (e) Independent Relationship. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this Agreement and the terms and conditions governing Covered Entity's participation on the Service.
- (e) Notices. The Covered Entity may notify the Business Associate via postings at mymobilehc.net. The Covered Entity can be contacted at firstname.lastname@example.org or via mail or courier at the address below.
ADDRESSES FOR NOTICES
FOR MyMobile ER, LLC:
MyMobile, ER LLC
2255 Montrose St.
Philadelphia, PA 19146
FOR COVERED ENTITY:
The notice address for Covered Entity will be the address provided by that entity on the online registration page for the Company service.
As more healthcare providers integrate personal devices in their practices, there’s a growing risk of HIPAA violations with sensitive patient images. Here’s how to protect patient privacy.
Personal smartphone use by doctors and nurses can provide the best functionality and the promptest patient care. But here are some key questions that need to be addressed to ensure privacy.
Mobile sharing of clinical images can save lives, but current software solutions can’t prevent HIPAA-violations when it comes to patient images. Here’s one device that can.