Terms of Service
Last Updated: April 8, 2021
These Terms of Service ("Terms") govern your use of Medchat's website located at www.medchatapp.com (the "Website"), and all content, services and products made available at or through the Website (collectively, the "Services"). As used in these Terms, "Medchat", "we", "us", and "our" refer to MedChat, LLC, and "Customer", "you" and "your" refer to the individual, company, entity or organization that accesses and/or uses the Services.
If you are agreeing to be bound by these Terms on behalf of your employer, organization or another entity, you represent and warrant that: (a) you have full legal authority to bind your employer, organization or the applicable entity to these Terms; (b) you have read and understand these Terms; and (c) you agree, on behalf of the party that you represent, to these Terms. If you do not have the legal authority to bind your employer, organization or the applicable entity, please do not use the Website and/or Services on its behalf.
BY ACCESSING OR USING THE SERVICES, YOU AGREE TO ALL PROVISIONS HEREIN WITHOUT MODIFICATION.
1. Your Use Of The Services
In order to use the Services, you will be required to embed a few lines of code into your website, digital app, or secure portal source code. Upon embedding such code, certain users authorized by you ("Authorized Personnel") will be able to use Medchat's web application available on the Website to chat live with your current and potential patients, insurance plan members, retail customers, clinical trial participants, referring physicians, and/or any other type of customer you serve (collectively, "End Users"). Depending on the Services you use, such End Users may also be able to chat with chatbots which store End User-provided information accessible by Authorized Personnel. Authorized Personnel and End Users are referred to, collectively, herein as "Users".
You will be required to provide a valid email address and create a password (collectively, the "Account Credentials"), and provide to Medchat certain additional information in order to access and use the Services. It is your responsibility to ensure that your Account Credentials are used only by you, and you agree to protect the confidentiality of your Account Credentials. All activity and use of the Services under your Account Credentials will be deemed to be authorized by you, and you will be responsible for all activity and use of the Services under your Account Credentials. You assume the entire risk for the fraudulent or unauthorized use of your Account Credentials.
All electronic data or information submitted via the Services, including data and information related to or provided by Users, is referred to herein as "Customer Data".
2. Your Obligations
You agree to use the Services solely in accordance with these Terms: (a) for your internal business purposes; and (b) to allow Users to live chat or otherwise communicate with one another via the Services.
You are responsible for all Users' access to and use of the Services, as well as their compliance with these Terms and all of your obligations set forth herein, and you expressly assume liability for any violations of these Terms caused by any of your Users. This includes any acts by a User that, if they were your acts, would be a violation of these Terms by you.
In addition, you shall: (i) have sole responsibility for the accuracy, quality, and legality of all Customer Data; (ii) use best efforts to prevent unauthorized access to, or use of, the Website and Services; and (iii) notify Medchat promptly of any such unauthorized access or use of which you become aware.
3. License To Use The Services
Subject to your compliance with these Terms, Medchat hereby grants to you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services in the United States solely for your own internal business purposes. Subject to the limited rights expressly granted hereunder, Medchat reserves all right, title and interest in and to the Website and Services, including all related intellectual property rights. No rights are granted to you hereunder other than as expressly set forth herein.
4. Third Party Services
Certain Services incorporate, connect to or integrate with products or services offered by third parties which are resold or sublicensed by Medchat ("Third Party Services"). In order to access and use such Third Party Services, you may be required to agree to certain additional terms and conditions and your access and use of such Third Party Services will be subject to such additional terms and conditions. You acknowledge and agree that you have been given the opportunity to review, analyse and confirm the operation of such Third Party Services (including any algorithms or similar technology used in connection with such Third Party Services), and have determined that such Third Party Services are appropriate for your use.
You and your Users shall not:
(a) modify, copy or create any derivative works based on the Website or Services;
(b) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau mode, or otherwise make the Website or Services available to any third party, other than to Users as permitted herein;
(c) frame or mirror any content forming part of the Website or Services;
(d) reverse engineer or decompile any portion of the Website or Services, including but not limited to, any algorithms or software utilized by Medchat in the provision of the Website or Services;
(e) access the Website or Services in order to build any commercially available product or service;
(f) copy any features, functions, integrations, interfaces or graphics of the Website or Services;
(g) remove any proprietary notices or legends from the Website or Services;
(h) use the Website or Services in violation of applicable law;
(i) send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights, in connection with the Website or Services;
(j) send or store malicious code in connection with the Website or Services;
(k) interfere with or disrupt performance of the Website or Services or the data contained therein; or
(l) attempt to gain access to the Website or Services or its related systems or networks in a manner not set forth in these Terms.
6. Intellectual Property
Except for the limiting license granted herein, these Terms do not transfer from Medchat to you any Medchat or third party intellectual property rights, and all right, title and interest in and to the Website and the Services will remain (as between you and Medchat) solely with Medchat. Medchat, the Website, the Medchat logo, and all other trademarks, service marks, graphics and logos used in connection with the Website are trademarks of Medchat or its licensors. Your use of the Website or Services grants you no right or license to reproduce or otherwise use any Medchat or third party trademarks.
As between you and Medchat, you own your Customer Data. During the time period in which you are using the Services, you grant to Medchat a non-exclusive license to access and use your Customer Data solely for the purpose of providing the Services in accordance with these Terms.
Medchat owns the aggregated and statistical data (collectively, "Aggregated Data") derived from the operation of the Services, including, without limitation, the number of records in the Services, the number and types of transactions processed using the Services and the performance results for the Services. Nothing herein shall be construed as prohibiting Medchat from utilizing the Aggregated Data for purposes of operating Medchat's business. Notwithstanding the foregoing, in no event whatsoever will Medchat disclose to any third party any Aggregated Data that reveals any PHI or other personally identifiable information of a User, whether directly or indirectly.
8. Fees & Payment
You agree to pay to Medchat the subscription fees associated with Services and the plan you selected, as well as any applicable taxes. If you have contracted for the Services through an authorized reseller of Medchat (a "Reseller"), you will pay subscription fees to the Reseller in accordance with your agreement with such Reseller. Except as expressly set forth herein, all payment obligations are non-cancelable and all payments made are non-refundable.
Should you have any dispute as to the fees associated with your account, please contact us at firstname.lastname@example.org within 30 days of the date of the activity that generated such dispute, and we will attempt to resolve the matter. Disputes older than 30 days shall not be entitled to any refunds.
9. Business Associate Agreement
Medchat acknowledges that certain Customer Data may also be considered PHI. As used herein, "PHI" means protected health information as defined under the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act (commonly referred to as the "HITECH Act"), and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services (collectively, as amended from time to time, "HIPAA").
When you access or use the Services, you automatically enter into the business associate agreement ("BAA") attached hereto as Exhibit A with Medchat. In the event of any conflict between these Terms and the BAA as to any PHI, the terms of the BAA shall control.
You acknowledge and agree that you are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules including, but not limited to, HIPAA and HITECH in connection with your security and dissemination of any PHI on your website or with which you come into contact while using the Website or the Services.
10. Suspension Of Services
Medchat may, in its sole discretion, temporarily or permanently suspend your access to the Services or Website without prior notice if: (a) payments related to your account are more than 30 days past due; (b) your use (or your Users' use) of the Website or Services violates these Terms; or (c) your use of the Website or Services subjects Medchat or its other customers to a heightened risk of breach of its security.
THE WEBSITE AND SERVICES ARE PROVIDED "AS IS". EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MEDCHAT AND ITS SUPPLIERS AND LICENSORS (INCLUDING PROVIDERS OF THIRD PARTY SERVICES) MAKE NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICES AND/OR WEBSITE. NEITHER MEDCHAT NOR ITS SUPPLIERS AND LICENSORS (INCLUDING PROVIDERS OF THIRD PARTY SERVICES) WARRANT THAT THE SERVICES OR WEBSITE WILL BE ERROR FREE OR UNINTERRUPTED.
MEDCHAT DOES NOT, AND THE WEBSITE AND SERVICES DO NOT, PROVIDE ANY MEDICAL ADVICE WHATSOEVER. ANY INFORMATION OR CONTENT PROVIDED BY MEDCHAT IN CONNECTION WITH THE WEBSITE OR SERVICES IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THE INFORMATION PRESENTED BY MEDCHAT THROUGH THE WEBSITE AND SERVICES (A) IS NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT, AND (B) IS NOT INTENDED, AND MUST NOT BE INTENDED, TO REPLACE MEDICAL ADVICE, DIAGNOSIS OR TREATMENT FROM CAPABLE MEDICAL EXPERTS. YOU AND YOUR AUTHORIZED PERSONNEL ALONE SHALL BE RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS THAT WERE BASED ON THE WEBSITE OR SERVICES OR ANY INFORMATION PROVIDED BY THE WEBSITE OR SERVICES AND ANY DECISIONS, ACTIONS AND/OR OMISSIONS THAT DERIVE FROM THE USE OF THE WEBSITE OR SERVICES OR THE INFORMATION PROVIDED, INCLUDING ANY DECISION NOT TO SEEK MEDICAL ADVICE, TREATMENT OR DIAGNOSIS.
Without limiting the foregoing, you acknowledge and agree that you are solely and fully assuming the risks of using the Website and Services to conduct your business activities, services or transactions, including interacting with Users through the Website and Services, and that you are solely responsible for complying with all applicable professional standards and obligations.
Medchat agrees to defend, indemnify and hold you harmless against: (a) any claim, demand, suit, or proceeding ("Claim") made or brought by a third party against you alleging that the use of the Services as contemplated hereunder infringes a valid U.S. copyright or patent, and (b) all damages associated with such Claim finally adjudicated against you for the Claim; provided, however, that you: (i) promptly give written notice of the Claim to Medchat; (ii) make no admission of liability and give Medchat sole authority, at Medchat's expense, to direct and control all defense, settlement, and compromise negotiations; and (iii) provide to Medchat, at Medchat's cost, all reasonable assistance and provide Medchat with full disclosure, in each case that may be reasonably required to defend any such Claim. Notwithstanding the foregoing, Customer may participate in the defense of any Claim with counsel of its own choosing at its own expense.
You agree to defend, indemnify and hold Medchat and its employees, officers, directors, agents, and any provider of Third Party Services harmless from and against any and all Claims, damages, costs and expenses, including reasonable attorney's fees, arising from or related to: (a) your use of the Website and Services; (b) a breach of these Terms by you and/or any User; (c) allegations that your Customer Data infringes, violates, or misappropriates the rights of, or has caused harm to, a third party; or (d) any tortious act or omission of you or any Authorized Personnel in the provision of care to an End User while using the Services.
13. Limitation On Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL MEDCHAT OR ANY PROVIDER OF THIRD PARTY SERVICES HAVE ANY LIABILITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE WEBSITE OR SERVICES, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICES OR WEBSITE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF MEDCHAT OR MEDCHAT'S LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL MEDCHAT'S LIABILITY, OR THE LIABILITY OF ANY PROVIDER OF THIRD PARTY SERVICES, FOR ANY AND ALL OF YOUR CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR YOUR USE OF THE WEBSITE, SERVICES, OR THE CONTENTS THEREOF EXCEED THE AMOUNTS ACTUALLY PAID BY YOU TO MEDCHAT DURING THE 3-MONTH PERIOD IMMEDIATELY PRECEDING THE OCCURRENCE OF THE EVENTS GIVING RISE TO THE CLAIM.
14. Term & Termination
These Terms shall become effective upon the date the last party hereto executes these Terms, and will remain in effect for three (3) months. Thereafter, these Terms will automatically renew on a month-to-month basis. Notwithstanding the foregoing, if you purchased Services through a Reseller, these Terms will terminate when your agreement with such Reseller terminates. Either party may terminate these Terms by providing the other party at least thirty (30) days' written notice of such termination.
Without limiting any other termination rights of Medchat hereunder, Medchat may immediately cease providing any Services that incorporate, integrate with or otherwise uses a Third Party Service if the applicable third party provider ceases providing such Third Party Service to Medchat, or if Medchat is no longer authorized to resell or sublicense such Third Party Service.
Upon request by Customer made within thirty (30) days after any termination of this Agreement, to the extent Medchat has any stored Customer Data, Medchat will make such Customer Data available to Customer for download. After such thirty (30) day period, Medchat and its hosted service provider shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.
The following provisions of these Terms shall survive termination of this Agreement: Sections 6 (Intellectual Property), 7 (Ownership), 8 (Fees & Payment), 11 (Disclaimer), 12 (Indemnity), 13 (Limitation on Liability), 14 (Term & Termination), 16 (Governing Law) and 18 (Entire Agreement).
You agree that Medchat may reference you as a customer of Medchat's products and services. Any other use of your name, logo or trademarks by Medchat will require your prior written approval.
16. Governing Law
You agree that the laws of the State of North Carolina, without regard to principles of conflicts of laws, will govern these Terms and any dispute of any sort that might arise between you and Medchat. You agree that the exclusive jurisdiction (personal and, as allowed, subject matter) and venue for any action relating to these Terms shall be the state or federal course located in Charlotte, North Carolina, and you hereby consent to such jurisdiction and venue.
If any provision of these Terms is found to be void or unenforceable the remainder of these Terms shall not be affected and the parties hereby agree that they will replace any such void or unenforceable provision with a new provision that achieves substantially the same practical or economic effect and which is valid and enforceable.
18. Entire Agreement
These Terms constitute the entire agreement between you and Medchat. We reserve the right to change, add to or otherwise update these Terms from time to time upon reasonable notice to you. When we do, we will also revise the "last updated" date located at the top of these Terms. Your continued use of the Website and/or Services after such posting will constitute acceptance by you of such changes, additions or other updates.
EXHIBIT A -- BUSINESS ASSOCIATE AGREEMENT
All use of the Services is subject to this Business Associate Agreement ("BAA"), which is entered into by you (the "Covered Entity") and Medchat (the "Business Associate").
WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, known as "the Administrative Simplification provisions," direct the Department of Health and Human Services to develop standards to protect the security, confidentiality and integrity of health information, and the "Health Information Technology for Economic and Clinical Health" ("HITECH") Act (Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5)) modified and amended the Administrative Simplification provisions;
WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and Human Services issued regulations modifying 45 CFR Parts 160 and 164 (the "HIPAA Rules"), as further amended by the Omnibus Final Rule (78 Fed. Reg. 5566), (hereinafter, the Administrative Simplification provisions, HITECH, such rules, amendments, and modifications, including any that are subsequently adopted, will be collectively referred to as "HIPAA"); and
WHEREAS, the parties wish to enter into or have entered into an arrangement whereby Business Associate will provide certain services and/or products to Covered Entity (the agreement evidencing such arrangement is hereby referred to as the "Terms of Service"), and Business Associate may create, receive, or maintain Protected Health Information of Covered Entity in fulfilling Business Associate's responsibilities to Covered Entity pursuant to the Terms of Service, and therefore Business Associate may be considered a "business associate" of Covered Entity as defined by HIPAA.
THEREFORE, in consideration of the parties' continuing obligations under the Terms of Service, compliance with HIPAA, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, and intending to be legally bound, the parties agree to the provisions of this BAA in order to address the requirements of HIPAA and to protect the interests of both parties.
Except as otherwise defined herein, any and all capitalized terms in this BAA shall have the definitions set forth by HIPAA. For purposes of this BAA, the term "Protected Health Information" shall have the same meaning as that term is defined at 45 C.F.R. § 160.103, limited to the information received, maintained, transmitted or created by the Business Associate from or on behalf of the Covered Entity. In the event of an inconsistency between the provisions of this BAA and mandatory provisions of HIPAA, HIPAA shall control. Where provisions of this BAA are different from those mandated by HIPAA, but are nonetheless permitted by HIPAA, the provisions of this BAA shall control.
2. Business Associate Obligations
Business Associate acknowledges and agrees that all Protected Health Information that is created, maintained, transmitted or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate, or Protected Health Information which, on behalf of Covered Entity, is created, maintained, transmitted or received by Business Associate or a Subcontractor, shall be subject to this BAA.
(a) Business Associate agrees:
(i) it is aware of and will comply with all provisions of HIPAA that are directly applicable to business associates;
(ii) in the event it enters into an agreement with a Subcontractor under which Protected Health Information could or would be disclosed or made available to the Subcontractor, to have in place an appropriate Business Associate Agreement with the Subcontractor before any Protected Health Information is disclosed or made available to the Subcontractor;
(iii) to use or disclose any Protected Health Information solely as would be permitted by HIPAA if such use or disclosure were made by Covered Entity: (1) for meeting its obligations as set forth in the Terms of Service, or any other agreements between the parties evidencing their business relationship or (2) as required by applicable law, rule or regulation, or as otherwise permitted under this BAA, the Terms of Service (if consistent with this BAA and HIPAA), or HIPAA;
(iv) at the request of the Secretary, to comply with any investigations and compliance reviews, permit access to information, provide records and compliance reports, and cooperate with any complaints, pursuant to 45 CFR § 160.310;
(v) at termination of this BAA or the Terms of Service, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible;
(vi) to ensure that its Subcontractors to whom it provides Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, agree to the same (or greater) restrictions and conditions that apply to Business Associate with respect to such information, and agrees to, pursuant to 45 CFR § 164.314, implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity and ensure that any Subcontractors to whom it provides such information agree to implement reasonable and appropriate safeguards to protect it;
(vii) Business Associate shall, following the discovery of a breach of unsecured Protected Health Information (as defined in HIPAA) notify Covered Entity of such breach of unsecured Protected Health Information pursuant to the terms of 45 CFR § 164.410 and cooperate in Covered Entity's breach analysis procedures, including risk assessment, if requested. A breach of unsecured Protected Health Information shall be treated as discovered by Business Associate as of the first day on which such breach is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. Business Associate will provide such notification to Covered Entity without unreasonable delay. Such notification will contain the elements required in 45 CFR § 164.410, to the extent known. Covered Entity shall be solely responsible to determine any required actions with respect to any such breach of unsecured Protected Health Information, and Business Associate shall reasonably cooperate with Covered Entity and comply with such actions; and
(b) Notwithstanding the prohibitions set forth in this BAA, Business Associate may use and disclose Protected Health Information as follows:
(i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met:
(A) the disclosure is required by law; or
(B) Business Associate obtains satisfactory assurances through a written Business Associate Agreement from the Subcontractor to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the Subcontractor, and the Subcontractor notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached;
(ii) for Data Aggregation services, if to be provided by Business Associate for the Health Care Operations of Covered Entity pursuant to the Terms of Service or any other agreements between the parties evidencing their business relationship.
(iii) Business Associate and its Subcontractors may disclose information that is not individually identifiable health information provided that the disclosed information does not include a key or other mechanism that would enable the information to be identified.
Business Associate will implement appropriate safeguards, and comply, where applicable, with Subpart C of 45 CFR 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as permitted in this BAA.
The Secretary of Health and Human Services shall have the right to audit Business Associate's records and practices related to the use and disclosure of Protected Health Information to ensure Covered Entity's and Business Associate's compliance with the terms of HIPAA.
Business Associate shall report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware promptly and in the manner required by Covered Entity to permit compliance with the requirements of HIPAA. The parties agree that this section satisfies any notices necessary by the Business Associate to the Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to the Covered Entity shall be required. For purposes of this BAA, "Unsuccessful Security Incidents" include activity such as pings and other broadcast attacks on the firewall of the Business Associate, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Electronic Protected Health Information.
3. Obligations Of Covered Entity
In addition to any other obligation set forth in the Terms of Service, Covered Entity agrees that it will: (i) not make any disclosure of PHI to Business Associate if such disclosure would violate HIPAA or any applicable federal or state law or regulation; (ii) not request Business Associate to use or make any disclosure of PHI in any manner that would not be permissible under HIPAA or any applicable federal or state law or regulation if such use or disclosure were done by Covered Entity; and (iii) limit any disclosure of PHI to Business Associate to the minimum necessary to accomplish the intended purpose of such disclosure. Further, Covered Entity agrees that it is solely responsible to comply with HIPAA and any other federal or state law or regulation applicable to the operation of its business or the performance of its obligations under the Terms of Service. Additionally, Covered Entity represents that the Covered Entity has not sought any Individual consents or authorizations or agreed to any restrictions requested by Individuals, and will not seek any Individual consents or authorizations or agree to any such restrictions in the future, which consents, authorizations or restrictions would restrict Business Associate's ability to provide items and services under the Terms of Service or otherwise restrict Business Associate's ability to use and disclose Protected Health Information as permitted under this BAA. Without limiting the foregoing, Covered Entity shall immediately notify Business Associate in writing of any change in, or the withdrawal of, the consent or authorization of an Individual regarding the use or disclosure of Protected Health Information to the extent that such change or withdrawal may affect Business Associate's use or disclosure of Protected Health Information.
4. Availability Of Protected Health Information
Business Associate agrees to make available Protected Health Information to the extent and in the manner required by 45 CFR § 164.524. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information electronically available to the applicable individual. Business Associate agrees to make Protected Health Information available for amendment and incorporate any amendments to Protected Health Information as directed by Covered Entity in accordance with the requirements of 45 CFR § 164.526. In addition, Business Associate agrees to make Protected Health Information available for purposes of accounting of disclosures, as required by 45 CFR § 164.528. Business Associate and Covered Entity shall cooperate in providing any accounting required on a timely basis.
If Covered Entity reasonably determines that Business Associate has materially breached this BAA, Covered Entity shall provide Business Associate with written notice of the alleged material breach of this BAA and if such breach is not cured by Business Associate within a reasonable period, not to be less than thirty (30) days, following receipt of notice of breach from the Covered Entity, Covered Entity may immediately terminate this BAA.
Except as expressly stated herein or in HIPAA, the parties to this BAA do not intend to create any rights in any third parties. The obligations of Business Associate under this Section shall survive the expiration, termination, or cancellation of this BAA, the Terms of Service and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein.
None of the provisions of this BAA are intended to create, nor will they be deemed to create any relationship between the parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this BAA and any other agreements between the parties evidencing their business relationship. This BAA will be governed by the laws of the State of North Carolina. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion.
Any provision of the Terms of Service that contradicts one or more terms of this BAA shall be superseded by the terms of this BAA to the extent and only to the extent of the contradiction. The terms of this BAA, to the extent they are unclear, shall be construed to allow for compliance by Business Associate and Covered Entity with HIPAA and HITECH.
In the event that any provision of this BAA is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this BAA will remain in full force and effect. In addition, in the event a party believes in good faith that any provision of this BAA fails to comply with the then-current requirements of HIPAA, such party shall notify the other party in writing. For a period of up to thirty (30) days, the parties shall address such concern and negotiate in good faith to amend the terms of this BAA, if necessary to bring it into compliance. If, after such thirty-day period, the parties fail to negotiate an amendment intended to comply with HIPAA, then either party has the right to terminate upon written notice to the other party.