Terms of Service
These Terms of Service (“Terms”) govern your use of Medchat’s website located at www.medchatapp.com (the “Website”), and all content, services and products made available at or through the Website, including Medchat’s live chat, team chat, chat bot, answer bot and two-way texting service (collectively, the “Services”). As used in these Terms, “Medchat”, “we”, “us”, and “our” refer to Medchat, LLC, and “Customer”, “you” and “your” refer to the company, entity or organization that registers for the Services via the Website. IN ORDER TO ACCESS OR USE THE SERVICES, YOU MUST FIRST READ THESE TERMS AND AGREE TO ALL PROVISIONS HEREIN WITHOUT MODIFICATION.
1. YOUR USE OF THE SERVICES.
In order to use the Services, you will be required to embed a few lines of code into your website source code, or use a plugin if Medchat has made one available for the specific platform on which your website is built (e.g., Wordpress). Once the code is included in your website’s source code, certain users authorized by you (“Authorized Users”) will be able to use Medchat’s web application available on the Website to chat live with your current and potential patients (collectively, “Patients”).
During the registration process, you will be required to provide a valid email address and create a password (collectively, the “Account Credentials”), and provide to Medchat certain additional information in order to access and use the Services. It is your responsibility to ensure that your Account Credentials are used only by you, and you agree to protect the confidentiality of your Account Credentials. All activity and use of the Services under your Account Credentials will be deemed to be authorized by you, and you will be responsible for all activity and use of the Services under your Account Credentials. You assume the entire risk for the fraudulent or unauthorized use of your Account Credentials.
All electronic data or information submitted via the Services, including data and information related to or provided by Patients or Authorized Users, is referred to herein as “Customer Data ”.
2. YOUR OBLIGATIONS.
You agree to use the Services solely in accordance with these Terms (a) for your internal business purposes; and (b) to allow Authorized Users and Patients to live chat or otherwise communicate with one another via the Services.
You are responsible for all Authorized Users’ and Patients’ use of the Services, as well as their compliance with these Terms and all of your obligations set forth herein, and you expressly assume liability for any violations of these Terms caused by any of your Authorized Users or Patients. This includes any acts by an Authorized User or Patient that, if they were your acts, would be a violation of these Terms by you.
In addition, you shall: (i) have sole responsibility for the accuracy, quality, and legality of all Customer Data; (ii) use best efforts to prevent unauthorized access to, or use of, the Services; and (iii) notify Medchat promptly of any such unauthorized access or use of which you become aware.
3. LICENSE TO USE THE SERVICES.
Subject to your compliance with these Terms, Medchat hereby grants to you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services. Subject to the limited rights expressly granted hereunder, Medchat reserves all right, title and interest in and to the Website and Services, including all related intellectual property rights. No rights are granted to you hereunder other than as expressly set forth herein.
You shall not:
(a) modify, copy or create any derivative works based on the Website or Services;
(b) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau mode, or otherwise make the Services available to any third party, other than to Authorized Users and Patients as permitted herein;
(c) frame or mirror any content forming part of the Services;
(d) reverse engineer or decompile any portion of the Services, including but not limited to, any algorithms or software utilized by Medchat in the provision of the Services;
(e) access the Services in order to build any commercially available product or service;
(f) copy any features, functions, integrations, interfaces or graphics of the Services;
(g) remove any proprietary notices or legends from the Website and/or Services;
(h) use the Services in violation of applicable law;
(i) send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights, in connection with the Website or Services;
(j) send or store malicious code in connection with the Website or Services;
(k) interfere with or disrupt performance of the Services or the data contained therein; or
(l) attempt to gain access to the Services or its related systems or networks in a manner not set forth in this Agreement.
5. INTELLECTUAL PROPERTY.
These Terms do not transfer from Medchat to you any Medchat or third party intellectual property rights, and all right, title and interest in and to the Website and the Services will remain (as between you and Medchat) solely with Medchat. Medchat, the Website, the Medchat logo, and all other trademarks, service marks, graphics and logos used in connection with the Website are trademarks of Medchat or its licensors. Your use of the Website or Services grants you no right or license to reproduce or otherwise use any Medchat or third party trademarks.
As between you and Medchat, you own your Customer Data. During the time period in which you are using the Services, you grant to Medchat a non-exclusive license to access and use your Customer Data solely for the purpose of providing the Services, and in accordance with these Terms.
Medchat owns the aggregated and statistical data (collectively, “Aggregated Data”) derived from the operation of the Services, including, without limitation, the number of records in the Services, the number and types of transactions processed using the Services and the performance results for the Services. Nothing herein shall be construed as prohibiting Medchat from utilizing the Aggregated Data for purposes of operating Medchat’s business. Notwithstanding the foregoing, in no event whatsoever will Medchat disclose to any third party any Aggregated Data that reveals any PHI or other personally identifiable information of an Authorized User or Patient, whether directly or indirectly.
7. FEES & PAYMENT.
You agree to pay to Medchat the monthly subscription fees associated with Services and the plan you selected, as well as any applicable taxes. Except as expressly set forth herein, all payment obligations are non-cancelable and all payments made are non-refundable.
Should you have any dispute as to the fees associated with your account, please contact us at firstname.lastname@example.org within 30 days of the date of the activity that generated such dispute, and we will attempt to resolve the matter. Disputes older than 30 days shall not be entitled to any refunds.
8. BUSINESS ASSOCIATE AGREEMENT.
Medchat acknowledges that certain Customer Data may also be considered PHI. As used herein, “PHI” means protected health information as defined under the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act (commonly referred to as the “HITECH Act”), and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services (collectively, as amended from time to time, “HIPAA”).
When you register to use the Services, you automatically enter into the business associate agreement (“BAA”) attached hereto as Exhibit A with Medchat. In the event of any conflict between these Terms and the BAA as to any PHI, the terms of the BAA shall control.
You acknowledge and agree that you are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules including but not limited to HIPAA and HITECH in connection with your security and dissemination of any PHI on your website or with which you come into contact while using the Website or the Services.
9. SUSPENSION OF SERVICES.
Medchat may, in its sole discretion, temporarily or permanently suspend your access to the Services or Website without prior notice if: (a) payments related to your account are more than 30 days past due; (b) your use (or the use of your Authorized Users or Patients) violates these Terms; or (c) your use of the Website or Services subjects Medchat or its other customers to a heightened risk of breach of its security.
10. REPRESENTATIONS & WARRANTIES; DISCLAIMER.
If you are agreeing to be bound by these Terms on behalf of your employer or another entity, you represent and warrant that: (a) you have full legal authority to bind your employer, or the applicable entity, to these Terms; (b) you have read and understand these Terms; and (c) you agree, on behalf of the party that you represent, to these Terms. If you do not have the legal authority to bind your employer or the applicable entity, please do not use the Medchat Website and/or Services on its behalf.
THE WEBSITE AND SERVICES ARE PROVIDED “AS IS”. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MEDCHAT AND ITS SUPPLIERS AND LICENSORS MAKE NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICES AND/OR WEBSITE. NEITHER MEDCHAT NOR ITS SUPPLIERS AND LICENSORS WARRANTS THAT THE SERVICES OR WEBSITE WILL BE ERROR FREE OR UNINTERRUPTED.
Medchat agrees to defend, indemnify and hold you harmless against (a) any claim, demand, suit, or proceeding (“Claim”) made or brought by a third party against you alleging that the use of the Services as contemplated hereunder infringes a valid U.S. copyright or patent, and (b) all damages associated with such Claim finally adjudicated against you for the Claim; provided, however, that you: (i) promptly give written notice of the Claim to Medchat; (ii) make no admission of liability and give Medchat sole authority, at Medchat’s expense, to direct and control all defense, settlement, and compromise negotiations; and (iii) provide to Medchat, at Medchat’s cost, all reasonable assistance and provides Medchat with full disclosure, in each case that may be reasonably required to defend any such Claim. Notwithstanding the foregoing, Customer may participate in the defense of any Claim with counsel of its own choosing at its own expense.
You agree to defend, indemnify and hold Medchat and its employees, agents, and subcontractors harmless from and against any and all claims, damages, costs and expenses, including reasonable attorney’s fees, arising from or related to: (a) your use of the Website and Services; (b) a breach of these Terms by you and/or any Authorized User or Patient; (c) allegations that your Customer Data infringes, violates, or misappropriates the rights of, or has caused harm to, a third party; or (d) any tortious act or omission of any Authorized User in the provision of care to a Patient while using the Services.
12. LIMITATION ON LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL MEDCHAT HAVE ANY LIABILITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE WEBSITE OR SERVICES, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICES OR WEBSITE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF MEDCHAT OR MEDCHAT’S LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL MEDCHAT’S LIABILITY FOR ANY AND ALL OF YOUR CLAIMS AGAINST MEDCHAT, ITS SUPPLIERS AND ITS LICENSORS ARISING OUT OF OR RELATED TO THE USE OF THE WEBSITE, SERVICES, OR THE CONTENTS THEREOF EXCEED THE AMOUNTS ACTUALLY PAID BY YOU TO MEDCHAT DURING THE 3-MONTH PERIOD IMMEDIATELY PRECEDING THE OCCURRENCE OF THE EVENTS GIVING RISE TO THE CLAIM.
13. TERM & TERMINATION.
These Terms shall become effective upon the date the last party hereto executes these Terms, and will remain in effect for three (3) months. Thereafter, these Terms will automatically renew on a month-to-month basis. Either party may terminate these Terms by providing the other party at least thirty (30) days’ written notice of such termination. Upon request by Customer made within thirty (30) days after any termination of this Agreement, to the extent Medchat has any stored Customer Data, Medchat will make such Customer Data available to Customer for download. After such thirty (30) day period, Medchat and its hosted service provider shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.
The following provisions of these Terms shall survive termination of this Agreement: Sections 5 (Intellectual Property), 6 (Ownership), 7 (Fees & Payment), 11 (Indemnity), 12 (Limitation on Liability), 13 (Term & Termination), 15 (Governing Law) and 17 (Entire Agreement).
You agree that Medchat may reference you as a client of Medchat’s products and services in any of our advertising and promotion.
15. GOVERNING LAW.
You agree that the laws of the State of North Carolina, without regard to principles of conflicts of laws, will govern these Terms and any dispute of any sort that might arise between you and Medchat. You agree that the exclusive jurisdiction (personal and, as allowed, subject matter) and venue for any action relating to these Terms shall be the Federal District Court for the Western District of North Carolina, Charlotte Division, or state court in Charlotte, North Carolina, and you hereby consent to such jurisdiction and venue.
If any provision of these Terms is found to be void or unenforceable the remainder of these Terms shall not be affected and the parties hereby agree that they will replace any such void or unenforceable provision with a new provision that achieves substantially the same practical or economic effect and which is valid and enforceable.
17. ENTIRE AGREEMENT.
These Terms constitute the entire agreement between you and Medchat. We reserve the right to change these Terms from time to time without notice. When we do, we will also revise the “last updated” date located at the top of these Terms. Your continued use of the Services after such posting will constitute acceptance by you of such amendments.
EXHIBIT A – BUSINESS ASSOCIATE AGREEMENT
All use of the Services is subject to this Business Associate Agreement (“BAA”), which is entered into by Customer (the “Covered Entity”) and Medchat, LLC (the “Business Associate”).
WHEREAS , Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, known as “the Administrative Simplification provisions,” direct the Department of Health and Human Services to develop standards to protect the security, confidentiality and integrity of health information, and the “Health Information Technology for Economic and Clinical Health” (“HITECH”) Act (Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5)) modified and amended the Administrative Simplification provisions;
WHEREAS , pursuant to the Administrative Simplification provisions, the Secretary of Health and Human Services issued regulations modifying 45 CFR Parts 160 and 164 (the “HIPAA Rules”), as further amended by the Omnibus Final Rule (78 Fed. Reg. 5566), (hereinafter, the Administrative Simplification provisions, HITECH, such rules, amendments, and modifications, including any that are subsequently adopted, will be collectively referred to as “HIPAA”); and
WHEREAS , the parties wish to enter into or have entered into an arrangement whereby Business Associate will provide certain services and/or products to Covered Entity (the agreement evidencing such arrangement is hereby referred to as the “Terms of Service”), and Business Associate may create, receive, or maintain Protected Health Information of Covered Entity in fulfilling Business Associate’s responsibilities to Covered Entity pursuant to the Terms of Service, and therefore Business Associate may be considered a “business associate” of Covered Entity as defined by HIPAA.
THEREFORE , in consideration of the parties’ continuing obligations under the Terms of Service, compliance with HIPAA, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, and intending to be legally bound, the parties agree to the provisions of this BAA in order to address the requirements of HIPAA and to protect the interests of both parties.
Except as otherwise defined herein, any and all capitalized terms in this BAA shall have the definitions set forth by HIPAA. For purposes of this BAA, the term “Protected Health Information” shall have the same meaning as that term is defined at 45 C.F.R. § 160.103, limited to the information received, maintained, transmitted or created by the Business Associate from or on behalf of the Covered Entity. In the event of an inconsistency between the provisions of this BAA and mandatory provisions of HIPAA, HIPAA shall control. Where provisions of this BAA are different from those mandated by HIPAA, but are nonetheless permitted by HIPAA, the provisions of this BAA shall control.
2. BUSINESS ASSOCIATE OBLIGATIONS.
Business Associate acknowledges and agrees that all Protected Health Information that is created, maintained, transmitted or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate, or Protected Health Information which, on behalf of Covered Entity, is created, maintained, transmitted or received by Business Associate or a Subcontractor, shall be subject to this BAA.
(a) Business Associate agrees:
(i) it is aware of and will comply with all provisions of HIPAA that are directly applicable to business associates;
(ii) in the event it enters into an agreement with a Subcontractor under which Protected Health Information could or would be disclosed or made available to the Subcontractor, to have in place an appropriate Business Associate Agreement with the Subcontractor before any Protected Health Information is disclosed or made available to the Subcontractor;
(iii) to use or disclose any Protected Health Information solely as would be permitted by HIPAA if such use or disclosure were made by Covered Entity: (1) for meeting its obligations as set forth in the Terms of Service, or any other agreements between the parties evidencing their business relationship or (2) as required by applicable law, rule or regulation, or as otherwise permitted under this BAA, the Terms of Service (if consistent with this BAA and HIPAA), or HIPAA;
(iv) at the request of the Secretary, to comply with any investigations and compliance reviews, permit access to information, provide records and compliance reports, and cooperate with any complaints, pursuant to 45 CFR § 160.310;
(v) at termination of this BAA or the Terms of Service, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible;
(vi) to ensure that its Subcontractors to whom it provides Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, agree to the same (or greater) restrictions and conditions that apply to Business Associate with respect to such information, and agrees to, pursuant to 45 CFR § 164.314, implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity and ensure that any Subcontractors to whom it provides such information agree to implement reasonable and appropriate safeguards to protect it;
(vii) Business Associate shall, following the discovery of a breach of unsecured Protected Health Information (as defined in HIPAA) notify Covered Entity of such breach of unsecured Protected Health Information pursuant to the terms of 45 CFR § 164.410 and cooperate in Covered Entity’s breach analysis procedures, including risk assessment, if requested. A breach of unsecured Protected Health Information shall be treated as discovered by Business Associate as of the first day on which such breach is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. Business Associate will provide such notification to Covered Entity without unreasonable delay. Such notification will contain the elements required in 45 CFR § 164.410, to the extent known. Covered Entity shall be solely responsible to determine any required actions with respect to any such breach of unsecured Protected Health Information, and Business Associate shall reasonably cooperate with Covered Entity and comply with such actions; and
(b) Notwithstanding the prohibitions set forth in this BAA, Business Associate may use and disclose Protected Health Information as follows:
(i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met:
(A) the disclosure is required by law; or
(B) Business Associate obtains satisfactory assurances through a written Business Associate Agreement from the Subcontractor to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the Subcontractor, and the Subcontractor notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached;
(ii) for Data Aggregation services, if to be provided by Business Associate for the Health Care Operations of Covered Entity pursuant to the Terms of Service or any other agreements between the parties evidencing their business relationship.
(iii) Business Associate and its Subcontractors may disclose information that is not individually identifiable health information provided that the disclosed information does not include a key or other mechanism that would enable the information to be identified.
(c) Business Associate will implement appropriate safeguards, and comply, where applicable, with Subpart C of 45 CFR 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as permitted in this BAA.
(d) The Secretary of Health and Human Services shall have the right to audit Business Associate’s records and practices related to the use and disclosure of Protected Health Information to ensure Covered Entity’s and Business Associate’s compliance with the terms of HIPAA.
(e) Business Associate shall report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware promptly and in the manner required by Covered Entity to permit compliance with the requirements of HIPAA. The parties agree that this section satisfies any notices necessary by the Business Associate to the Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to the Covered Entity shall be required. For purposes of this BAA, “Unsuccessful Security Incidents” include activity such as pings and other broadcast attacks on the firewall of the Business Associate, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Electronic Protected Health Information.
3. OBLIGATIONS OF COVERED ENTITY.
In addition to any other obligation set forth in the Terms of Service, Covered Entity agrees that it will: (i) not make any disclosure of PHI to Business Associate if such disclosure would violate HIPAA or any applicable federal or state law or regulation; (ii) not request Business Associate to use or make any disclosure of PHI in any manner that would not be permissible under HIPAA or any applicable federal or state law or regulation if such use or disclosure were done by Covered Entity; and (iii) limit any disclosure of PHI to Business Associate to the minimum necessary to accomplish the intended purpose of such disclosure. Further, Covered Entity agrees that it is solely responsible to comply with HIPAA and any other federal or state law or regulation applicable to the operation of its business or the performance of its obligations under the Terms of Service. Additionally, Covered Entity represents that the Covered Entity has not sought any Individual consents or authorizations or agreed to any restrictions requested by Individuals, and will not seek any Individual consents or authorizations or agree to any such restrictions in the future, which consents, authorizations or restrictions would restrict Business Associate’s ability to provide items and services under the Terms of Service or otherwise restrict Business Associate’s ability to use and disclose Protected Health Information as permitted under this BAA. Without limiting the foregoing, Covered Entity shall immediately notify Business Associate in writing of any change in, or the withdrawal of, the consent or authorization of an Individual regarding the use or disclosure of Protected Health Information to the extent that such change or withdrawal may affect Business Associate’s use or disclosure of Protected Health Information.
4. AVAILABILITY OF PROTECTED HEALTH INFORMATION.
Business Associate agrees to make available Protected Health Information to the extent and in the manner required by 45 CFR § 164.524. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information electronically available to the applicable individual. Business Associate agrees to make Protected Health Information available for amendment and incorporate any amendments to Protected Health Information as directed by Covered Entity in accordance with the requirements of 45 CFR § 164.526. In addition, Business Associate agrees to make Protected Health Information available for purposes of accounting of disclosures, as required by 45 CFR § 164.528. Business Associate and Covered Entity shall cooperate in providing any accounting required on a timely basis.
If Covered Entity reasonably determines that Business Associate has materially breached this BAA, Covered Entity shall provide Business Associate with written notice of the alleged material breach of this BAA and if such breach is not cured by Business Associate within a reasonable period, not to be less than thirty (30) days, following receipt of notice of breach from the Covered Entity, Covered Entity may immediately terminate this BAA.
Except as expressly stated herein or in HIPAA, the parties to this BAA do not intend to create any rights in any third parties. The obligations of Business Associate under this Section shall survive the expiration, termination, or cancellation of this BAA, the Terms of Service and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein.
None of the provisions of this BAA are intended to create, nor will they be deemed to create any relationship between the parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this BAA and any other agreements between the parties evidencing their business relationship. This BAA will be governed by the laws of the State of North Carolina. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion.
Any provision of the Terms of Service that contradicts one or more terms of this BAA shall be superseded by the terms of this BAA to the extent and only to the extent of the contradiction. The terms of this BAA, to the extent they are unclear, shall be construed to allow for compliance by Business Associate and Covered Entity with HIPAA and HITECH.
In the event that any provision of this BAA is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this BAA will remain in full force and effect. In addition, in the event a party believes in good faith that any provision of this BAA fails to comply with the then-current requirements of HIPAA, such party shall notify the other party in writing. For a period of up to thirty (30) days, the parties shall address such concern and negotiate in good faith to amend the terms of this BAA, if necessary to bring it into compliance. If, after such thirty-day period, the parties fail to negotiate an amendment intended to comply with HIPAA, then either party has the right to terminate upon written notice to the other party.