HIPAA Compliance and Release
This Agreement is made by and between ReadySetConnect.com and its users “Customer”. ReadySetConnect.com and its affiliates and vendors may be individually referred to as a “Party” and collectively, the “Parties.”
WHEREAS, the Parties wish to enter into or have entered into an agreement (the “Underlying Agreement”) whereby ReadySetConnect.com will provide certain services to Customer, and pursuant to such agreement, ReadySetConnect.com may have access to Protected Health Information (as defined below) in fulfilling its responsibilities under such agreement.
WHEREAS, the Parties intend to protect the privacy and provide for the security of Protected Health Information disclosed to ReadySetConnect.com pursuant to the Underlying Agreement in compliance with (i) the Health Insurance Portability and Accountability Act of 1996, Public Law No. 104-91 (“HIPAA”); (ii) Subtitle D of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”); and (iii) regulations promulgated thereunder by the U.S. Department of Health and Human Services.
WHEREAS, the purpose of this Agreement is to satisfy certain standards and requirements of HIPAA, the Privacy Rule and the Security Rule (as those terms are defined below), and the HITECH Act.
THEREFORE, the Parties agree to the provisions of this Agreement, which are as follows:
Except as otherwise defined herein, all capitalized terms in this Agreement shall have the definitions set forth in the Privacy Rule and the Security Rule, which are incorporated into this Agreement by reference.
(a) “Electronic Protected Health Information” will have the meaning given to such term under the Privacy Rule and the Security Rule, including, but not limited to, 45 C.F.R. § 160.103, as applied to the information created, received, maintained or transmitted by ReadySetConnect.com from or on behalf of Customer.
(b) “Individual” will have the same meaning as the term “individual” in 45 C.F.R. § 160.103 and will include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
(c) “Privacy Rule” will mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and E.
(d) “Protected Health Information” will have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, as applied to the information created, received, maintained or transmitted by ReadySetConnect.com from or on behalf of Customer.
(e) “Secretary” will mean the Secretary of the Department of Health and Human Services or his or her designee.
(f) “Security Rule” will mean the Security Standards at 45 C.F.R. Part 160 and Part 164, Subparts A and C.
II. PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
(a) Except as otherwise limited in this Agreement, ReadySetConnect.com may use or disclose Protected Health Information to satisfy its obligations under the Underlying Agreement or as Required by Law, provided that such use or disclosure would not violate the Privacy Rule if done by Customer.
(b) Except as otherwise limited in this Agreement, ReadySetConnect.com may use and disclose Protected Health Information for the proper management and administration of ReadySetConnect.com or to carry out the legal responsibilities of ReadySetConnect.com, provided that (i) any such disclosure is Required by Law; or (ii) ReadySetConnect.com obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person (which purpose must be consistent with the limitations imposed upon ReadySetConnect.com under this Agreement), and the person notifies ReadySetConnect.com of any instances of which it is aware in which the confidentiality of the information has been breached.
(c) Except as otherwise limited in this Agreement, ReadySetConnect.com may use Protected Health Information to provide Data Aggregation services to Customer as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
(d) ReadySetConnect.com may de-identify Protected Health Information in accordance with the standards set forth in 45 C.F.R. § 164.514(b) and may use or disclose such de-identified data for any purpose unless prohibited by applicable law.
III. OBLIGATIONS OF ReadySetConnect.com
(a) ReadySetConnect.com shall not use or disclose Protected Health Information other than as permitted or required by the Agreement or as Required by Law.
(b) ReadySetConnect.com will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted by this Agreement and will comply with the Security Rule with respect to electronic Protected Health Information.
(c) To the extent ReadySetConnect.com is to carry out Customer’s obligations under the Privacy Rule, ReadySetConnect.com will comply with the requirements of the Privacy Rule that apply to Customer’s performance of such obligations.
(d) ReadySetConnect.com will mitigate, to the extent practical, any harmful effect that is known to ReadySetConnect.com of a use or disclosure of Protected Health Information by ReadySetConnect.com in violation of this Agreement.
(e) ReadySetConnect.com will report to Customer any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware, within 30 days following the discovery of such unauthorized use or disclosure.
(f) ReadySetConnect.com will ensure that its agents, including subcontractors, that create, receive, maintain or transmit Protected Health Information on ReadySetConnect.com’s behalf in connection with the services provided to Customer, agrees to the same restrictions and conditions that apply to ReadySetConnect.com with respect to such information.
(g) ReadySetConnect.com will provide access, within 30 days of Customer’s written request, to Protected Health Information in a Designated Record Set, to Customer or, as directed by Customer, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524.
(h) ReadySetConnect.com will make any amendments, within 30 days of Customer’s written request, to Protected Health Information in a Designated Record Set that Customer directs pursuant to 45 C.F.R. § 164.526.
(i) ReadySetConnect.com will document such disclosures of Protected Health Information and information related to such disclosures as would be required for Customer to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528.
(j) ReadySetConnect.com will provide to Customer, within 30 days, information collected in accordance with Section III(i) of this Agreement, to permit Customer to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528.
(k) ReadySetConnect.com will make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by, ReadySetConnect.com on behalf of Customer, available to the Secretary within 30 days or within the time frame designated by the Secretary, for purposes of the Secretary determining Customer’s compliance with the Privacy Rule and the Security Rule.
IV. OBLIGATIONS OF CUSTOMER
(a) Customer will immediately notify ReadySetConnect.com of any limitation in its notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect ReadySetConnect.com’s use or disclosure of Protected Health Information.
(b) Customer will obtain any consent or authorization that may be required by the Privacy Rule, or applicable state law, prior to furnishing ReadySetConnect.com with Protected Health Information. Customer will immediately notify ReadySetConnect.com of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect ReadySetConnect.com’s use or disclosure of Protected Health Information.
(c) Customer will immediately notify ReadySetConnect.com of any restriction to the use or disclosure of Protected Health Information that Customer has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect ReadySetConnect.com’s use or disclosure of Protected Health Information. If ReadySetConnect.com reasonably believes that any restriction agreed to by Customer pursuant to this Section may materially impair ReadySetConnect.com’s ability to perform its obligations under the Underlying Agreement or this Agreement, the Parties will mutually agree upon any necessary modification of ReadySetConnect.com’s obligations under such agreements.
V. TERM AND TERMINATION
(a) The term of this Agreement will begin as of the Effective Date, and will terminate when all of the Protected Health Information provided by Customer to ReadySetConnect.com, or created or received by ReadySetConnect.com on behalf of Customer, is destroyed or returned to Customer.
(b) Notwithstanding anything in this Agreement to the contrary, Customer shall have the right to terminate this Agreement immediately if (i) Customer determines that ReadySetConnect.com has violated any material term of this Agreement or (ii) Customer gives ReadySetConnect.com notice, where practicable, of its reasonable belief that ReadySetConnect.com will violate a material term of this Agreement and ReadySetConnect.com fails to provide Customer with adequate written assurances, within a reasonable period of time, that it will not breach the cited term of this Agreement.
(c) Upon termination of this Agreement, ReadySetConnect.com will return or destroy, if feasible, all Protected Health Information created or received by ReadySetConnect.com on behalf of Customer that ReadySetConnect.com still maintains in any form. If such return or destruction is infeasible, ReadySetConnect.com will extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures such information to those purposes that make the return or destruction of the information infeasible.
Except as expressly stated in this Agreement or the Privacy Rule, the Parties do not intend to confer any right upon any third party. The obligations of ReadySetConnect.com under Section V(c) shall survive the expiration, termination, or cancellation of this Agreement and shall continue to bind ReadySetConnect.com, its agents, employees, contractors, successors, and assigns as set forth herein. None of the provisions of this Agreement are intended to create, nor will they be deemed to create any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Agreement and any other agreement between the Parties. In the event the Underlying Agreement contains provisions relating to the use or disclosure of Protected Health Information that are more restrictive than the provisions of this Agreement, the provisions of the Underlying Agreement will control. In the event that any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and effect. In the event a Party believes in good faith that any provision of this Agreement fails to comply with the then-current requirements of the Privacy Rule or Security Rule, such Party shall notify the other Party in writing. For a period of up to thirty days, the Parties shall address in good faith such concern and amend the terms of this Agreement, if necessary to bring it into compliance. If, after such thirty-day period, this Agreement fails to comply with the Privacy Rule or Security Rule, then either Party may terminate upon written notice to the other Party.
By subscribing, registering, using or engaging with the product, the customer agrees to HIPAA Compliance and Release