HEALTHCARE PROVIDER USER AGREEMENT
Last revised May 2017
Welcome to Medici, an electronic communication platform for Healthcare Providers and their patients, operated by Medici Technologies, LLC (“Medici”, “us”, “our”, and “we”). Medici provides a website located at www.medici.md (the “Site”), mobile applications (“Mobile App”), and services provided through the Mobile Apps collectively referred to as (“Services”).
NOTE: THIS AGREEMENT CONTAINS A DISPUTE RESOLUTION AND ARBITRATION PROVISION, INCLUDING CLASS ACTION WAIVER THAT AFFECTS YOUR RIGHTS UNDER THIS AGREEMENT AND WITH RESPECT TO DISPUTES YOU MAY HAVE WITH MEDICI. YOU MAY OPT OUT OF THE BINDING INDIVIDUAL ARBITRATION AND CLASS ACTION WAIVER AS PROVIDED BELOW.
- Our Services
We offer an online communication platform for healthcare Providers (“Healthcare Providers” or “you”) and their patients (“Patient Users”) to connect via the Site and/or Mobile App through the use of interactive video, audio and other telecommunications technology (collectively referred to as the “Services”). The Mobile App facilitates communication from Patient Users to existing Healthcare Providers.
To be a Healthcare Provider using the Services, you must agree to comply with all laws, medical board rules and other rules and regulations applicable to you as a Healthcare Provider or otherwise. Your relationship with the Medici users (including your patients) is directly between you and the patient. The patient will never have a physician-patient relationship with Medici. Medici does not practice medicine and offers no medical services. You, as the Healthcare Provider, are solely responsible for all agreements, consents, notices and other interactions with patients and other consumers. Without limiting the generality of the foregoing, Healthcare Provider is solely responsible for all billings and collections from patients and other consumers, and Medici shall have no liability whatsoever to Healthcare Provider with respect to any amounts owed by any patient or other consumer to Healthcare Provider.
- Ownership Of The Site and Mobile App
All pages within this Site and Mobile App any material made available for download are the property of Medici, or its licensors or suppliers, as applicable. The Site and Mobile App is protected by United States and international copyright and trademark laws. The contents of the Site and Mobile App, including without limitation the files, documents, text, photographs, images, audio, and video, and any materials accessed through or made available for use or download through this Site or Mobile App (“Content”) may not be copied, distributed, modified, reproduced, published or used, in whole or in part, except for purposes authorized or approved in writing by Medici. You may not frame or utilize framing techniques to enclose, or deep linking to, any name, trademarks, service marks, logo, Content or other proprietary information (including; images, text, page layout, or form) of Medici without our express written consent.
- For the purposes of this Agreement, the terms set forth in this Section 3 have the meanings assigned to them below. Terms not defined below or in the body of this Agreement (whether or not capitalized) have the definitions given to them in HIPAA.
- “Administrative Rights” means the rights to administer and direct the use of a Provider’s account, including the authority to provide, request, issue, administer and limit the access rights to other User accounts issued to such Provider’s Authorized Workforce, as well as the rights to integrate, connect, or otherwise share Your Information with, or receive Protected Health Information from, third parties through the Services.
- “Authorized Workforce” means those natural persons who are members of your Workforce who you have identified (by their legal names, and the legal names of their employers) in your account as authorized to access the Services on your behalf.
- “Clinical Data Exchange” means the exchange, with your Consent, of Protected Health Information (and Your Personal Information as necessary) between You and covered entities (and their business associates) for any permitted purpose, including, to the extent applicable, care coordination, performance or quality measurement programs, and risk adjustment, and other treatment, payment or health care operations purposes.
- “Confidential Information” means any information relating to our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. “Confidential Information” does not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you. “Confidential Information” does not include individuals” health information.
- “Consent” means consent or authorization by a user of the Services allowing us to take actions described under this Agreement, which the user of the Services may give in an electronic communication to us or by use of the features of the Services (such as “share,” “transmit,” “refer,” “authorize,” “opt-in,” “agree” or toggling or selecting an action through a settings or activation page located within the Service, and the like).” Such Consent may apply to an individual case or situation, or may apply globally or programmatically based on variables that apply to an overall situation or circumstance (whether through a settings or preference page, a global “opt-in” or otherwise).
- “Credentials” means any unique identifier, password, token, credential, any combination thereof, or other means we may utilize from time to time for authorizing access to all, or any portion of, the Services.
- “De-Identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule.
- “De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.
- “De-Identified Personal Information” means Personal Information from which all identifiers that could reasonably be anticipated to identify an individual by an anticipated recipient ” such an individual”s name, contact information, or government identifiers ” have been removed.
- “De-Identify,” means (i) with respect to Personal Information, to make such information into De-Identified Personal Information, and (ii) with respect to health information, means to make such health information into De-Identified Health Information.
- “HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.
- “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.
- “Personal Information” means information that includes an individual’s name, contact information, government identifiers, or includes identifiers that could reasonably be anticipated to identify an individual personally by an anticipated recipient.
- “Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the Services, as changed from time to time and as posted electronically on our Internet website.
- “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.
- “Protected Health Information” has the meaning given it in the Privacy Rule.
- “Provider” or “Healthcare Provider” has the same meaning as “health care provider” given in 45 CFR “160.103.
- “Provider of Record” has the meaning given in Section 4.2.1.
- “Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C, as amended.
- “Services” has the meaning defined in Section 1.
- “Term” means the initial term and all renewal terms of this Agreement as provided in Section 20.1.
- “User” (capitalized) means a natural person who has been authorized, pursuant to this Agreement, to access the Services on your behalf; a “user” (un-capitalized) shall mean any user of the Services.
- “Workforce” means a Provider’s employees, volunteers, trainees, and other persons whose conduct, in the performance of work for Provider, is under the direct control of such Provider, whether or not they are paid by the Provider.
- “Your Protected Information” means Protected Health Information that you or your Workforce input or upload onto the Services, or that we receive on your behalf from your patient’s, authorized service providers, or our third party partners pursuant to this Agreement (including Section 7.1.7).
- “Your Information” means information that you or your Workforce input or upload onto the Services, including Your Personal Information and Your Health Information.
- “Your Personal Information” means Personal Information that you or your Workforce enter or upload onto the Services.
- Accounts and Access to the Services
- Healthcare Provider Account
- Account Responsibilities. You are responsible for maintaining the confidentiality of your Account login information and are fully responsible for all activities that occur under your Account. You agree to immediately notify us of any unauthorized use, or suspected unauthorized use, of your Account or any other breach of security. We cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.
- Verification. You agree that your use of the Services, or certain features or functionality of the Services, may be subject to verification by us of your identity and credentials as a healthcare provider or healthcare professional, and to your ongoing qualification as such. You agree that we may use and disclose Your Personal Information for such purposes, including making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. Notwithstanding the applicable provisions at Section 20, you agree that we may terminate your access to or use of the Services at any time if we are unable at any time to determine or verify your identity, qualifications or credentials.
- Account Termination. If you desire to terminate your account, please see the provisions in your Section 20.
- Access Rights of Provider Account.
- Provider of Record. We offer the Services to Providers and to natural persons who are members of such Providers” Authorized Workforce, as more fully described in this Section 4.2.5. All persons who sign up for an account on behalf of a Provider must furnish, among other things, that Provider”s full legal name and fictitious business name(s) (i.e., trade name, d/b/a or “doing business as”) as part of the sign-up process. We treat the Provider in whose name the account is established as the owner of all User accounts associated with such Provider, and we call this Provider the “Provider of Record.”
- Healthcare Provider Account
The Provider of Record is a party to this Agreement for all purposes and shall be subject to all of the provisions are applicable to the person addressed as “you” in this Agreement.” Although a member of a Provider of Record”s Authorized Workforce may have signed-up for an account or electronically entered into this Agreement, or may continue to administer Administrative Rights on the Provider of Record”s behalf, only the Provider of Record is entitled to any of the rights, remedies or benefits under this Agreement and control over the Administrative Rights. The Provider of Record is likewise subject to, and we may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, waivers and releases included in this Agreement. The Provider of Record may delegate Administrative Rights to one or more members of the Provider of Record”s Authorized Workforce, but the Provider of Record remains responsible for all activity occurring thereunder.
- Authorized Representatives. An authorized representative of a Provider may obtain an account on behalf of such Provider, and may have administrative privileges on the account. We call the person(s) authorized to act on behalf of a Provider the “Authorized Representative(s)” of such Provider. The Provider and Authorized Representative may be the same person. If you are establishing an account or taking any action with respect to a Provider’s account, you represent and warrant that (a) you have the authority to act on such Provider’s behalf either as owner/principal or as a member of such Provider’s Authorized Workforce, (b) the information you submit is complete and accurate, and (c) you have the authority to enter into this Agreement on behalf of such Provider and bind such Provider to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in this Agreement. If you are an Authorized Representative, you recognize that you have no personal rights with respect to such Provider”s account, and that such Provider may change the Authorized Representative at any time, for any or no reason, with or without notice.
- Authorized Workforce. If you are a member of a Provider’s Authorized Workforce, and such Provider has authorized you to access the Services on its behalf by authorizing a Credential for you, then you are authorized under this Agreement to access the Services solely on behalf and at the direction of such Provider. As such, you may sign in and use the functionality of the Services solely on behalf and at the direction of such Provider. You consent to and authorize the disclosure to such Provider any content related to, or otherwise generated by your use of the Services, including secure messages. You hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in this Agreement that are applicable to the person addressed as “you” in this Agreement, and you hereby grant and make all rights, waivers and releases set forth in this Agreement that are granted and made by the person addressed as “you” in this Agreement, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under this Agreement other than the limited, non-exclusive, non-transferable, personal right under this Section 4.2.3 to sign in and use the functionality of the Services solely on behalf and direction of such Provider. Notwithstanding the applicable provisions at Section 16, you acknowledge that your access to the Services may be terminated by the Provider or us at any time, for any reason or no reason at all, with or without notice. By (i) accessing any of the Services under a Provider”s account(s), or (ii) contacting us by any means and requesting or directing us to take any action with respect to any Provider”s account(s) or data held by such account(s), or (iii) asserting any right or authority with respect to such account(s) or data, you represent and warrant that you have the authority to act on such Provider”s behalf and that you are not using the Services, or otherwise engaging in the activities described in clauses (i) through (iii) above, for the benefit or at the direction, of any person or entity other than such Provider, including yourself.
- User Identification. We authorize you and your Authorized Workforce to use the Credentials uniquely assigned to, or selected by, each such individual User. You acquire no ownership rights in any such Credentials, and such Credentials may be revoked, reset or changed at any time in the discretion of us or the Provider of Record. You will adopt and maintain reasonable and appropriate security precautions for your Credentials to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce shall have and use a unique identifier. You will ensure that no member of your Workforce uses Credentials assigned to another Workforce member.
- Your Workforce. You may permit your Authorized Workforce to use the Services on your behalf, subject to the terms of this Agreement. You will:
- require each member of your Authorized Workforce to have unique Credentials, and will provide the legal name(s) of each such member for which you are seeking Credentials;
- train all members of your Authorized Workforce in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the Services, and ensure that they comply with such requirements;
- take appropriate disciplinary action against any member of your Workforce who violates the terms of this Agreement or the Policies and Procedures;
- ensure that only the person to whom a specific set of Credentials have been assigned accesses the Services with such Credentials; and
- immediately notify us of the termination of employment of any member of your Authorized Workforce, or of your withdrawal of authorization for any such person to access the Services.
- Medici Does Not Provide Advice or Medical Services
As part of the Services, Medici provides a platform for Healthcare Provider to communicate with patients. Medici does not provide any medical advice, legal advice, or representations in any way regarding any legal or medical issues associated with Healthcare Provider, goods or services offered by Healthcare Provider, including but not limited any compliance obligations or steps necessary to comply with any state or federal laws and regulations. Healthcare Provider should seek legal counsel regarding any legal and compliance issues, and should not rely on any materials or content associated with the Services in determining Healthcare Provider’s compliance obligations under law. Healthcare Provider and Medici agree that Medici is not providing, to patients or Healthcare Provider or anyone else, medical advice or legal advice.
- Healthcare Provider’s Independent Medical Judgment and Indemnification
- Independent Medical Judgment. Healthcare Provider will use the Services only in accordance with applicable standards of good medical practice. While software products such as the Services can facilitate and improve the quality of service that Healthcare Provider and its personnel offer to patients, many factors, including the provider/patient relationship can affect a patient outcome, and with intricate and interdependent technologies and complex decision-making it is often difficult or impossible to accurately determine what the factors were and in what proportion they affected an outcome. Healthcare Provider shall be solely responsible for its use of the Services, and the provision of services to Healthcare Provider’s patients. In this regard, Healthcare Provider releases Medici and waives any and all potential claims against Medici as a result of Healthcare Provider’s use of the Services, and the provision of services to Healthcare Provider’s patients. As a result of the complexities and uncertainties inherent in the patient care process, Healthcare Provider agrees to defend, indemnify and hold Medici harmless from any claim by or on behalf of any patient of Healthcare Provider or its personnel, or by or on behalf of any other third party or person claiming damage by virtue of a familial or financial relationship with such a patient, which is brought against Medici, regardless of the cause if such claim arises for any reason whatsoever, out of Healthcare Provider’s use or operation of the Services. To the extent applicable, Healthcare Provider will obtain Medici’s prior written consent to any settlement or judgment in which Healthcare Provider agrees to any finding of fault of Medici or defect in the Services. Medici will promptly notify Healthcare Provider in writing of any claim subject to this indemnification, promptly provide Healthcare Provider with the information reasonably required for the defense of the same, and grant to Healthcare Provider exclusive control over its defense and settlement.
- Malpractice Coverage. Healthcare Provider of Record affirms they are practicing with sufficient medical malpractice insurance with coverage liability in line with the best practices for Health Providers’ specialty and patient volume. Any Malpractice offered by Medici is an umbrella coverage that provides secondary coverage above the Healthcare Provider of Record’s primary individual malpractice obligations.
- Use of Information
- Purpose of Services. Part of the Services includes the storage of Your Protected Information, and the PHI of your Patient’s Information (defined in this section as “Your Information”) in order to: (i) make it available to you and your Workforce for any legal purpose, including treatment, payment and health care operations; (ii) to facilitate the sharing of individuals’ health information among users and other parties with whom you or your Workforce member elect to share such information, and (iii) to make information available to your patients through Medici. You may make Your Health Information accessible to other users of the Services, other individuals and entities, or your patients through the Services for these purposes. You authorize us, as your business associate, to use and disclose Your Information as follows:
- We will permit unrestricted access to Your Health Information to you and your Authorized Workforce. You are responsible for ensuring that your use of Your Health Information is consistent with the relevant legal restrictions.
- We will permit access to Your Health Information to your patients to whom you have enabled access through Medici.
- We will permit access to Your Information by health care providers, covered entities and their business associates to whom you have Consented to provide access to the Services and who have otherwise agreed to integrate with our Services. We will obtain your Consent before we make Your Health Information available to other providers, covered entities and their respective business associates. You acknowledge that once we have granted access rights to another provider or covered entity (or their respective business associates), we have no control over the uses and disclosures that such person or entity makes of Your Protected Information, and the recipient may be subject to its own legal and regulatory obligations (including HIPAA) to retain such information and make such information available to patients, governmental authorities and others as required by applicable law or regulations.
- We may De-identify Your Information, and use and disclose De-identified Information for any purpose whatsoever.
- We may create limited data sets from Your Protected Information, and disclose them for any purpose for which you may disclose a limited data set; and you hereby authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable law and regulation.
- We may use Your Information for the proper management and administration of the Services and our business, and to carry out our legal responsibilities, which may include us disclosing such information to one of our business associates that has entered into a business associate agreement in accordance with Section 10 below. We may also disclose Your Information for such purposes if the disclosure is required by law (as such term is defined in 45 CFR “164.103), or we obtain reasonable assurances (as such term is interpreted or applicable in connection with or under HIPAA) from the recipient that it will be held confidentially and used or further disclosed only (a) as required by law (as such term is defined in 45 CFR “164.103), or (b) for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.
- We may use Your Protected Information and Directory Information (defined below) to contact your patients on your behalf for any purpose for which you would be permitted to contact them, including:
- For treatment and health care operations messages, including sending appointment notifications (such as appointment requests, confirmations, reminder, cancellations and the like) and messages about currently prescribed medications (including refill reminders), and post-visit treatment satisfaction surveys, invitations and administrative messages concerning Medici access, and the like;
- With your Consent, to request an authorization on your behalf from your patients to use or disclose health information for any purpose for which use or disclosure may be made with an appropriate authorization, including marketing and research purposes. You agree that we may also use and disclosure your patients’ health information as permitted by such authorization, and
- To provide information about health-related products or services that you provide, or that we provide on behalf as your business associate.
- From time to time we may incorporate information we receive from your authorized service providers (including Third-Party Applications as discussed in Section 11), our third party partners, or covered entities (and their business associates) who are providing or paying for medical services for one or more of your patients, into the Services we provide to you. Such information may include, without limitation, clinical information such as lab results, imaging results, eligibility information, prior authorizations and prescription history; and shall, upon incorporation into the Services, be treated as “Your Health Information” for all purposes hereunder. You hereby authorize us to request and receive such information on your behalf from such authorized service providers or our third party partners.
- We may use or disclose Your Health Information for other purposes, as from time to time described in our Policies and Procedures; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate.
- Responsibility for Misuse by Other Users. You acknowledge that in granting access to the Services for the purposes set forth in Section 4.1, we will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the system, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the Services will contain certain technical safeguards against misuse of the Services, it will rely to a substantial extent on the representations and undertakings of users of the Services. You agree that we will not be responsible for any unlawful access to or use of Your Health Information by any user resulting from the user”s misrepresentation to us, or breach of the user”s user agreement or our Policies and Procedures.
- Specially Protected Information. We apply the standards of the Privacy Rule in permitting access to the Services. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in Section 7.1, subject to the restrictions of the Privacy Rule and applicable law, including those laws that may be more restrictive than the Privacy Rule. In particular, you will:
- not make available to other users through the Services any information in violation of any restriction on use or disclosure (whether arising from your agreement with such users or under law);
- obtain all necessary consents, authorizations or releases from individuals required for making their health information available through the Services for the purposes set forth in Section 7.1;
- include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the Services; and
- not place in the Services any information that you know or have reason to believe is false or materially inaccurate.
- Provider Directories. We may include your Directory Information (defined below) in our (a) “Public Provider Directories,” which are electronic directories for patients and the general public; and (b) “Professional Provider Directories,” which are electronic directories for Providers and other members of the healthcare community ((a) and (b) collectively, “Provider Directories”). Provider Directories may be made available in various electronic formats, including searchable databases, Provider landing pages, interactive reference tools, reference lists, and integrated look-up features, among others. They may also incorporate information designed to help users, such as integrated maps, and licensure confirmation tools, among others. Provider Directories may include a “contact” feature that allows users to contact other users directly through the Services. Our Public Provider Directory may be made available to public search engines to aid Provider discovery. Listing in the Provider Directories is subject to eligibility criteria, which may differ between the Public Provider Directory and Professional Provider Directory. “A Provider’s “Directory Information” includes the Provider”s name, name(s) of physicians or other healthcare professionals associated with a Provider, associated specialties, Provider’s business telephone number(s) and physical address(es), National Provider Identifiers (or NPI), and the Provider”s available appointment slots, as each is indicated from information a Provider has inputted or imported into the Services. The Directory Information may include additional information you input or upload into profile tools we make available in the Services (such as a profile photograph, accepted insurance, available office hours, a front desk email address, and the like), as and when such tools are available.
- Providing Provider Data to Payers and Others. Without limiting the provisions of Section 14.2, you agree that we may provide De-Identified Health Information and other information (including Your Personal Information and information concerning your practice) to any medical group, independent practice association of physicians, health plan or other organization with which you have a contract to provide medical services, or to whose members or enrollees you provide medical services. Such information may identify you, but will not identify any individual to whom you provide services. Such information may include aggregated data concerning your patients, diagnoses, procedures, orders and the like.
- Site and Mobile App Access, Security and Restrictions; Passwords
- Obligation to Safeguard.
- You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Services. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the Services.
- You will immediately notify us of any breach or suspected breach of the security of the Services of which you become aware of, or any unauthorized use or disclosure of information within or obtained from the Services, and you will take such actions to mitigate the breach, suspected breach, or unauthorized use or disclosure of information within or obtained from the Services as we may direct, and will cooperate with us in investigating and mitigating the same.
- Obligation to Safeguard.
- Use License
- Business Associate Provisions
In maintaining, using and affording access to Your Health Information in accordance with this Agreement, we will, in accordance with the requirements of HIPAA, as such requirements are informed by the guidance given by the United Stated Department of Health and Human Services (or any office, department or agency operating thereunder, “HHS”):
- Not use or disclose such information except as permitted or required by this Agreement or as required by law (as such term is defined in 45 CFR “164.103);
- Use appropriate safeguards consistent with the requirements of the Security Rule with respect to Your Health Information to prevent the use or disclosure of such information in a manner inconsistent with the provisions of this Agreement;
- Report to you any use or disclosure of Your Health Information not provided for by this Agreement of which we become aware, including breaches of Your Health Information that meets the definition of “unsecured protected health information” under HIPAA, in each case as required by “164.410 of HIPAA, and any security incident (as defined by HIPAA) involving Your Health Information of which we become aware;
- In accordance with Sec. 164.502(e)(1)(ii) and 164.308(b)(2) of HIPAA, as applicable, ensure that any subcontractors that create, receive, maintain or transmit Your Health Information on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information (as such requirement is interpreted or applicable in connection with or under HIPAA); and we obtain satisfactory assurances (as such term is interpreted or applicable in connection with or under HIPAA) that such subcontractors will appropriately safeguard such information (it being understood, for the avoidance of doubt,
that other users of the Services are not our subcontractors);
- Make available to you Your Health Information in furtherance of your obligations under Sec. 164.524 of the Privacy Rule;
- Make available to you Your Health Information in furtherance of your obligations to amend and incorporate any amendments to such information in accordance with Sec. 164.526 of the Privacy Rule;
- Maintain and make available Your Health Information to provide an accounting of disclosures in accordance with Sec. 164.528 of the Privacy Rule;
- To the extent that we are to carry out your obligations under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to you in the performance of such obligations;
- Make our internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by us on your behalf, available to the Secretary of HHS for purposes of determining your compliance with the Privacy Rule; and
- At termination of this Agreement we will provide the Provider of Record with a copy of Your Health Information in an electronic form that is accessible through commercially available hardware and software. You may have to purchase such hardware and software from third parties in order to access your data, and you may have to configure your systems in order to use your data in your practice. Upon termination we will, if feasible, return or destroy all Protected Health Information received from, or created or received by us on your behalf that we still maintain in any form, and retain no copies of such information; or, if such return or destruction is not feasible (whether for technical, legal, regulatory or operational reasons), extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. You acknowledge that if you have approved, in accordance with the terms of this Agreement, other users of our Services (such as your patients or other providers) or their respective business associates, we will continue to make such information Provider consented to share and data available to such users pursuant to the terms of the agreements we have with them.
- Third-Party Services
Any Third-Party Services Medici directly contracts with to perform our Services will be held to the same security and privacy standards as we require in this Agreement, and a BAA will be entered if the Third-Party Services include sharing of PHI. We may also present to you, through the Services (including via emails, displays or advertisements) or through the use of Your Information, the opportunity to learn about, access, integrate with, or otherwise use services operated by third parties (each a “Third-Party Service”). If you choose to sign-up for or utilize a Third- Party Service, that Third-Party Service may be able to access Your Information. Additionally, we may allow you to access the Third-Party Services, or integrate the Services you receive from us with such Third-Party Services using your Credentials that allow you to receive services or information from such Third-Party Services. Although we may receive remuneration from the operators or sponsors of these Third-Party Services, we do not endorse any Third-Party Services and you are responsible for evaluating any Third-Party Services prior to signing-up for, accessing, or integrating them (including any information) with the Services you receive from us.
- Accuracy and Integrity of Information.
Although Medici attempts to ensure the integrity and accurateness of the Services, it makes no representations, warranties or guarantees whatsoever as to the correctness or accuracy of the Services and Content thereon. It is possible that the Services could include typographical errors, inaccuracies or other errors, and that unauthorized additions, deletions and alterations could be made to the Services by third parties. In the event that an inaccuracy arises, please inform Medici so that it can be corrected. Information contained on the Site or Mobile App may be changed or updated without notice. Additionally, Medici shall have no responsibility or liability for information or Content posted to the Site or Mobile App from any third party.
- Links to Other Sites
Medici makes no representations whatsoever about any other website that you may access through Medici Services. When you access a non-Medici site, please understand that it is independent from Medici, and that Medici has no control over the Content on that website. In addition, a link to a non-Medici website does not mean that Medici endorses or accepts any responsibility for the Content, or the use, of the linked site. It is up to you to take precautions to ensure that whatever you select for your use or download is free of such items as viruses, worms, Trojan horses, and other items of a destructive nature. If you decide to access any of the third party sites linked to the Services, you do this entirely at your own risk.
- Intellectual Property Rights
- Individually Identifiable Health Information. You retain all rights with regard to Your Health Information, and we will only use such information as expressly permitted in this Agreement.
- De-Identified Health Information. In consideration of our provision of the Services, you hereby transfer and assign to us all right, title and interest in and to all De-Identified Information that we make from Your Information pursuant to Section 7.1. You agree that we may use, disclose, market, license and sell such De-Identified Information for any purpose without restriction, and that you have no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. You acknowledge that the rights conferred by this Section are the principal consideration for the provision of the Services, without which we would not enter into this Agreement.
- Other Works and Information. If you submit, upload or post any agreements, contracts, consents, notices, advice, recommendations, comments, files, videos, images or other materials to us or within our Services (“Healthcare Provider Content”) or provide any Healthcare Provider Content to patients or other consumers, you agree not to provide any Healthcare Provider Content that (1) is defamatory, abusive, libelous, unlawful, obscene, threatening, harassing, fraudulent, pornographic, or harmful, or that could encourage criminal or unethical behavior, (2) violates or infringes the privacy, copyright, trademark, trade dress, trade secrets or intellectual property rights of any person or entity, or (3) contains or transmits a virus or any other harmful component. Healthcare Provider is solely responsible for obtaining all necessary agreements and consents from, and providing all required notices to, patients and other consumers. You agree not to contact other users through unsolicited e-mail, telephone calls, mailings or any other method of communication. You represent and warrant to Medici that you have the legal right and authorization to upload all Healthcare Provider Content at the Site or Mobile App. Medici shall have a royalty-free, irrevocable, transferable right and license to use the Healthcare Provider Content however Medici desires, including without limitation, to copy, modify, delete in its entirety, adapt,, translate, create derivative works from such Healthcare Provider Content and/or incorporate such Healthcare Provider Content into any form, medium or technology throughout the world.
Medici does not regularly review Healthcare Provider Content, but does reserve the right (but not the obligation) to monitor and edit or remove any Healthcare Provider Content submitted to the Site. You grant Medici the right to use the name that you submit in connection with any Healthcare Provider Content. You agree not to use a false email address, impersonate any person or entity, or otherwise mislead as to the origin of any Healthcare Provider Content. You are and shall remain solely responsible for the content of any Healthcare Provider Content you post to the Site, Mobile App, or provide to patients or other consumers. Medici and its affiliates take no responsibility and assume no liability for any Healthcare Provider Content submitted by you or any third party.
You agree to defend, indemnify and hold Medici harmless from and against all third party claims, damages and expenses (including reasonable attorneys’ fees) against or incurred by Medici arising out of any Healthcare Provider Content you post or allow to be posted to the Site or Mobile App.
- Individuals’ Rights
You are solely responsible for affording individuals their rights with respect to relevant portions of Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to information in the Services other than Your Health Information.
- Claims of Copyright Infringement
We disclaim any responsibility or liability for copyrighted materials posted on our Site or Mobile App. If you believe that your work has been copied in a manner that constitutes copyright infringement, please follow the procedures set forth below. Medici respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act (“DMCA”), we will respond promptly to notices of alleged infringement that are reported to Medici’s Designated Copyright Agent, identified below.
- Notices of Alleged Infringement for Content Made Available on the Site or Mobile App If you are a copyright owner, authorized to act on behalf of one, or authorized to act under any exclusive right under copyright, please report alleged copyright infringements taking place on or through our Services by sending us a notice (“Notice”) complying with the following requirements.
- Identify the copyrighted works that you claim have been infringed.
- Identify the material or link you claim is infringing (or the subject of infringing activity) and that access to which is to be disabled, including at a minimum, if applicable, the URL of the link shown on the Site or Mobile App where such material may be found.
- Provide your mailing address, telephone number, and, if available, email address.
- Include both of the following statements in the body of the Notice, “I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use).” “I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorized to act on behalf of the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed.”
- Provide your full legal name and your electronic or physical signature.
- Deliver this Notice, with all items completed, to our Copyright Agent:
Medici Technologies, LLC
Attn: Privacy Officer
Contact: 2711 Centerville Rd, Ste 400
Wilmington DE 19808
- Disclaimer of Warranties
MEDICI DOES NOT WARRANT THAT ACCESS TO OR USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE SERVICES WILL BE CORRECTED. MEDICI SERVICES, INCLUDING ANY CONTENT OR INFORMATION CONTAINED WITHIN IT OR ANY SITE OR MOBILE APP-RELATED SERVICE, IS PROVIDED “AS IS,” WITH ALL FAULTS, WITH NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY OF INFORMATION, QUIET ENJOYMENT, AND TITLE/NON-INFRINGEMENT.
MEDICI DOES NOT WARRANT THE ACCURACY, COMPLETENESS OR TIMELINESS OF THE INFORMATION OBTAINED THROUGH THE SERVICES. YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR USE OF THE SERVICES, SITE OR MOBILE APP-RELATED SERVICES, AND LINKED WEBSITES. MEDICI DOES NOT WARRANT THAT FILES AVAILABLE FOR DOWNLOAD WILL BE FREE OF VIRUSES, WORMS, TROJAN HORSES OR OTHER DESTRUCTIVE PROGRAMMING. YOU ARE RESPONSIBLE FOR IMPLEMENTING PROCEDURES SUFFICIENT TO SATISFY YOUR NEEDS FOR DATA BACKUP AND SECURITY.
- Limitation of Liability Regarding Use of Services
MEDICI AND ANY THIRD PARTIES MENTIONED ON THE SERVICES ARE NEITHER RESPONSIBLE NOR LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATING IN ANY WAY TO THE SERVICES, SITE OR MOBILE APP-RELATED SERVICES, CONTENT OR INFORMATION CONTAINED WITHIN THE SERVICES, AND/OR ANY LINKED WEBSITE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR SOLE REMEDY FOR DISSATISFACTION WITH THE SERVICES, SITE OR MOBILE APP-RELATED SERVICES, AND/OR LINKED WEBSITES IS TO STOP USING THE SITE, MOBILE APP AND/OR THOSE SERVICES. YOU SHALL BE SOLELY RESPONSIBLE FOR YOUR RELATIONSHIP WITH PATIENTS USING THE MEDICI SERVICE, AND MEDICI SHALL HAVE NO LIABILITY TO YOU FOR ANY ACTS, OMISSIONS OR CLAIMS OF, OR RELATING TO, YOUR PATIENTS. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OF CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. TO THE EXTENT ANY ASPECTS OF THE FOREGOING LIMITATIONS OF LIABILITY ARE NOT ENFORCEABLE, THE MAXIMUM LIABILITY OF MEDICI TO YOU WITH RESPECT TO YOUR USE OF THE SERVICES IS $500 (FIVE HUNDRED DOLLARS).
- Mobile App Usage
- Medici App from iTunes. The following also applies to any Medici App you acquire from the iTunes Store (“iTunes-Sourced Software”): You acknowledge and agree that these Terms are solely between you and Medici, not Apple, and that Apple has no responsibility for the iTunes-Sourced Software or content thereof. Your use of the iTunes-Sourced Software must comply with the App Store Terms of Service. You acknowledge that Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the iTunes-Sourced Software. In the event of any failure of the iTunes-Sourced Software to conform to any applicable warranty, you may notify Apple, and Apple will refund the purchase price for the iTunes-Sourced Software to you; to the maximum extent permitted by applicable law, Apple will have no other warranty obligation whatsoever with respect to the iTunes-Sourced Software, and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be solely governed by these Terms of Service and any law applicable to Medici as provider of the software. You acknowledge that Apple is not responsible for addressing any claims of you or any third party relating to the iTunes-Sourced Software or your possession and/or use of the iTunes-Sourced Software, including, but not limited to: (i) product liability claims; (ii) any claim that the iTunes-Sourced Software fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation; and all such claims are governed solely by these Terms of Service and any law applicable to Medici as provider of the software. You acknowledge that, in the event of any third party claim that the iTunes-Sourced Software or your possession and use of that iTunes-Sourced Software infringes that third party’s intellectual property rights, Medici, not Apple, will be solely responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claim to the extent required by these Terms of Service. You and Medici acknowledge and agree that Apple, and Apple’s subsidiaries, are third party beneficiaries of these Terms of Service as they relate to your license of the iTunes-Sourced Software, and that, upon your acceptance of the terms and conditions of these Terms of Service, Apple will have the right (and will be deemed to have accepted the right) to enforce these Terms of Service as relates to your license of the iTunes-Sourced Software against you as a third party beneficiary thereof.
- Choice of Law. This agreement is made under and will be governed by and construed in accordance with the laws of the State of Texas, without giving effect to any principles that provide for the application of the law of another jurisdiction.
- Exclusions from Arbitration/Right to Opt Out. Notwithstanding the above, you or Medici may choose to pursue a claim or dispute in court and not by arbitration if (a) the claim or dispute qualifies, it may be initiated in small claims court; or (b) YOU OPT-OUT OF THESE ARBITRATION PROCEDURES WITHIN 30 DAYS FROM THE DATE THAT YOU FIRST CONSENT TO THIS AGREEMENT (the “Opt-Out Deadline”). You may opt out of this Section (Legal Disputes) by mailing written notification to Medici Technologies, LLC, 2711 Centerville Road, Suite 400, Wilmington, DE 19808, or email@example.com. Your written notification must include (1) your name, (2) your address, and (3) a clear statement that you do not wish to resolve disputes with Medici through arbitration. Your decision to opt-out of this Arbitration Provision will have no adverse effect on your relationship with Medici. Any opt-out request received after the Opt-Out Deadline will not be valid and you must pursue your claim or dispute in arbitration or small claims court.
- Jury Waiver. You understand and agree that by entering into this agreement you and Medici are each waiving the right to a jury trial or a trial before a judge in a public court. In the absence of this Section (Legal Disputes), you and Medici might otherwise have had a right or opportunity to bring claims or disputes in a court, before a judge or jury, and/or to participate or be represented in a case filed in court by others (including class actions). Except as otherwise provided herein, those rights are waived. Other rights that you would have if you went to court, such as the right to appeal and to certain types of discovery, may be more limited or may also be waived.
- Continuation. This Section (Legal Disputes) shall survive the termination of this agreement with Medici or its affiliates. Notwithstanding any provision in this agreement to the contrary, we agree that if Medici makes any change to this Section (Legal Disputes) (other than a change to the notice address), you may reject any such change and require Medici to adhere to the language in this Section (Legal Disputes) if a claim or dispute between us arises.
- Term; Modification; Suspension; Termination
- Term. The initial term of this Agreement shall commence on the date you “sign up” for the Services and continue in perpetuity until terminated as provided in this Section.
- Termination upon Notice. Notwithstanding Section 20.1, we or you may terminate this Agreement at any time without cause upon thirty (30) days” prior written notice to the other Party.
- Modification. We may update or change the Services or the terms set forth in this Agreement from time to time.” Accordingly, we recommend that you review the Agreement on a regular basis. You understand and agree that your continued use of the Services after the Agreement has been updated or changed constitutes your acceptance of the revised Agreement. Without limiting the foregoing, if we make a change to the Agreement that materially affects your use of the Services, we may post notice or notify you via email or our website(s) of any such change.
- Payment Security.
- Your Payment Information Hosted by Payment Vendor. All credit, debit card, or bank account payment information provided for Medici services is passed through directly to Payment Vendor, who maintains and all Payment data functions and account information. Your Payment information is not maintained or hosted by Medici, and Medici’s systems do not have access to any sensitive payment data. Please request our Payment Vendor Service Agreement for any further information on the maintenance of your payment information.
- PCI Compliance. Medici complies with the Payment Card Industry Data Security Standards (PCI-DSS) and, as applicable, the Payment Application Data Security Standards (PA-DSS) (collectively, the “PCI Standards”). Payment Vendor provides tools that assist Medici’s compliance with the PCI Standards.
- Revisions; General
Copyright/Trademark Information. Copyright ©2015 Medici Technologies, LLC. All rights reserved. All trademarks, logos and service marks (“Marks”) displayed on the Site are our property or the property of other third parties. You are not permitted to use these Marks without our prior written consent or the consent of such third party which may own the Marks.
Medici Technologies, LLC
Address: 2711 Centerville Rd, Ste 400
Wilmington DE 19808