Service Agreement
General Terms
1. Definitions. Certain capitalized terms not otherwise defined in this Agreement have the meaning set forth or cross-referenced in this Section 1.
- Application Documentation means only the technical specifications, knowledge database information, training documents and/or related documentation that WebPT makes generally available to its customers or the users of the Services, and that describe the features, functions and operation of the Services.
- Application IP means all technologies (including software) and all Intellectual Property Rights incorporated in or reading on (i) any Product and (ii) the Application Documentation, including any update or upgrade to the foregoing delivered during the Term.
- Authorized User means, collectively, any individual employees, agents, or contractors of Member accessing or using the Products, under rights granted to Member pursuant to this Agreement.
- Confidential Information means all proprietary and confidential information and materials of either Party and will include, without limitation, information relating to a Party’s business and marketing plans and processes, rates, fees and other terms of pricing of the Services, customers, software, and technology, or quality of performance of the Services. Confidential Information will not include information (i) already known or independently developed by the recipient, (ii) in the public domain through no wrongful act of the recipient, or (iii) received by the recipient from a third party who was authorized to disclose it. Member’s Confidential Information will include “Personally Identifiable Information” about Member and its Authorized Users.
- Intellectual Property Rights means all intellectual property rights, howsoever arising and in whatever media, whether or not registered, including patents, copyrights, trademarks, service marks, trade names, design rights, database rights, and any applications for the protection or registration of such rights and all renewals, and extensions thereof throughout the world.
- Member means the entity that enters into this Agreement with WebPT to allow the Authorized Users access or use the Products.
- Member Data means Member’s (or its patients’) data collected, used, processed, stored, or generated through or as the result of the use of the Services.
- Member Marks means the trademarks, service marks, and trade names of Member.
- Personally Identifiable Information means information that personally identifies a person or entity, including, without limitation, an individual’s social security number or other government-issued identification number, date of birth, address, or an individual’s name in combination with any other of the elements listed herein.
- Product means the software applications made available by WebPT that may be separately ordered by Member as part of the Services, and which (unless otherwise specified by WebPT) will be made available on a Software-as-a-Service (“SaaS”) basis.
- Services means, collectively, the Products and any related remote or in-person training, and other professional services that may be delivered in conjunction with or in addition to a Product.
2. Product Access, Use, and maintenance.
A. Access. WebPT shall provide to Member the Services. Certain product subscriptions include the right to certain upgrades, releases, and updates (major and minor) in line with WebPT’s policies, and all of the foregoing are delivered subject to the terms and conditions of the Agreement. WebPT, from time to time, may modify, upgrade or otherwise change the manner in which the Services are provided (including but not limited to, Product features, or operating environment), so long as such Services are substantially comparable or superior to the prior Services). WebPT shall provide Member the necessary passwords and usernames for Authorized Users, subject to this Article 2.
B. Orders for Additional Products. Member may order additional Products made available by WebPT at any time by submitting sales orders to WebPT for such Products. Should such sales orders be accepted by WebPT, the additional Products provided shall be deemed part of the Services provided pursuant to this Agreement. WebPT shall enable access to such additional Products within a commercially reasonable time after acceptance of such sales order(s). In no event shall any pre-printed terms appearing on any purchase or sales orders generated by Member be deemed part of this Agreement.
C. Permitted Use. Subject to the terms and conditions of this Agreement (including, e.g., payment of fees and the usage restrictions below), WebPT hereby grants Member a non-exclusive, non-transferable, non-sub-licensable right to access the features and functions of the Services during the Term. The foregoing license is granted solely for use by Authorized Users in accordance with the terms and conditions herein and in the applicable exhibit(s); and solely for use in the operation of Member’s business.
D. Restrictions on Use. Member will not, and will not permit any Authorized Users to, (i) copy or duplicate any of the Application IP; (ii) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of any of the Application IP is compiled or interpreted, or apply any other process or procedure to derive the source code of any software included in the Application IP, or attempt to do any of the foregoing, and Member acknowledges that nothing in this Agreement will be construed to grant Member any right to obtain or use such source code; (iii) modify, alter, tamper with or repair any of the Application IP, or create any derivative product from any of the foregoing, or attempt to do any of the foregoing, except with the prior written consent of WebPT; (iv) interfere or attempt to interfere in any manner with the functionality or proper working of any of the Application IP; (v) use the Services in violation of this Agreement; (vi) remove, obscure, or alter any notice of any intellectual property or proprietary right appearing on or contained within any of the Application IP; (vii) assign, sub-license, sell, resell, lease, rent or otherwise transfer or convey, or pledge as security or otherwise encumber, Member’s limited license rights to use the Products; or (viii) access the Product to build a competitive product or service, or copy any ideas, features, functions, or graphics of the Product.
E. Protection; Retained Rights; Ownership. Member acknowledges that WebPT and its licensors own all Intellectual Property Rights in and to the Services (including all components thereof) and all work product, developments, inventions, technology or materials provided under this Agreement. WebPT reserves all rights not expressly granted to Member in this Agreement. Member will not engage in any act or omission that would impair WebPT’s and/or its licensors’ Intellectual Property Rights in the Services, and any other materials, information, processes or subject matter proprietary to WebPT. Member further acknowledges that WebPT retains the right to use the foregoing for any purpose in WebPT’s sole discretion.
F. Authorized Users. Any act or omission by an Authorized User that, if done by Member, would constitute a breach of this Agreement, shall be deemed a breach of this Agreement by Member. Failure of any Authorized User to comply with this Article 2 may be a breach of the Agreement and may result in, among other things, the termination of the Agreement and/or the denial of access to one or more of the Products. Member and its Authorized Users shall keep their respective login IDs, passwords and other account details (collectively, “User Credentials”) confidential, and shall not share them with anyone else. Member shall promptly notify WebPT if it, or any of its Authorized Users, learns of or believes that any loss, theft, or unauthorized use of User Credentials, or any breach of the security of the Products. WebPT cannot and will not be liable for any loss or damage arising from any unauthorized access or use of User Credentials.
G. Application Documentation. Subject to the terms and conditions contained in this Agreement, Member will have access to Application Documentation during the Term solely for Member’s internal purposes in connection with its permitted use of the Products.
H. Specific Member Covenants.
- i. Unlawful or Unacceptable Use. Member shall not upload, transmit or post any material, or engage in any other use of the Products, that violates any law, rule or regulation, defames or libels any other person or entity, infringes any other person’s or entity’s rights, including, without limitation, any Intellectual Property Rights or privacy rights, or otherwise could impose civil or criminal liability. WebPT reserves the right to notify any governmental entity, law enforcement authority, or any other party that it deems appropriate in its sole discretion, of any such activity. Uploading, posting or transmitting any content that infringes any patent, trademark, trade secret, copyright, publicity or proprietary right of any person or entity will be grounds for immediate termination of the Services or other corrective action. WebPT reserves the right, but does not assume any obligation, to determine in its sole discretion what is and is not acceptable content in connection with the Products, to limit placement of any content in a database or on any other area provided in connection with the Services, to use commercially reasonable efforts to remove, alter or block access to any offensive, objectionable, or unacceptable content immediately and without prior notice, to determine in its sole discretion what is and is not an appropriate conduct and use of any of the Products, and to cease providing or bar access to any or all of the Products to any user at any time, for any reason or for no reason, without prior notice. WebPT reserves the right, but does not assume any obligation, to monitor and investigate complaints regarding any of the foregoing, and Member agrees to grant WebPT access to Member’s account at any time without notice, and to cooperate fully with WebPT in providing access and information as may be requested at any time and from time to time. Member agrees that any reservation of rights by WebPT imposes no obligation of any kind on WebPT to take any of the foregoing actions.
- ii. Unauthorized Access. Member shall not access, or attempt to access, another person’s or entity’s accounts without proper authorization to do so, or attempt to disrupt or interfere with the Products in any manner.
- iii. Connectivity. Member is solely responsible for all telecommunication or Internet connections required to access the Products, as well as all hardware and software at its facilities needed to access the Products.
- iv. Compliance with Laws and Export. In connection with Member’s access to and use of the Products, Member is responsible for complying with all applicable laws, regulations and policies of all relevant jurisdictions, including all laws governing text-messaging including, but not limited to, the CAN-SPAM Act of 2003 (“CAN-SPAM”) or the Telephone Consumer Protection Act. 47 U.S.C. § 227, et. seq (“TCPA”), or when using the Products that involve text messages, telephone messages or email messages, Member agrees that it is the sole or designated “sender” as defined by CAN-SPAM or TCPA and Member shall only communicate with individuals from whom Member has the legally required consent. Without limiting the foregoing, Member agrees that it will not use the Products for any unlawful purpose, and Member will not export, directly or indirectly, the Products to any country for which the United States requires any export license or other governmental approval without first obtaining such license or approval.
- v. Other Activities. Member shall not engage in any other activity in its use of the Services that WebPT determines in its sole discretion may be harmful to other Users or the Services.
I. Suspension. Notwithstanding anything to the contrary in this Agreement, WebPT may temporarily suspend Member’s and any Authorized User’s access to any portion or all of a Product and/or the Application IP and/or Services if (i) WebPT reasonably determines that (a) there is a threat or attack on any Product or any of the Application IP; (b) Member’s or any Authorized User’s use of the Product or Application IP disrupts or poses a security risk to the Application IP or any other customer or vendor of WebPT; (c) Member or any Authorized User is/are using the Product or any Application IP for fraudulent or illegal activities; or (d) WebPT’s provision of the Service to Member or any Authorized User is prohibited by applicable law; or (ii) any vendor of WebPT has suspended or terminated WebPT’s access to or use of any third party services, products or Intellectual Property Rights required to enable Member to access the Application IP (each such suspension, in accordance with this Section, a “Service Suspension”); or (iii) for Member’s non-payment of the Services. WebPT will use commercially reasonable efforts to resume providing access to the Application Service as soon as reasonably possible after the event giving rise to the Service Suspension is cured. WebPT will have no liability for any damage, liabilities, losses (including any loss of data or profits) or any other consequences that Member or any Authorized User may incur as a result of a Service Suspension.
3. Product Access, Use, and maintenance.
- Data. Member (on its own behalf and on behalf of its Authorized Users) grants WebPT the right to use the Member Data as necessary to perform its obligations under this Agreement. WebPT’s use of protected health information contained in the Member Data is also subject to the Business Associate Agreement Exhibit. Notwithstanding the foregoing, WebPT may use Member Data to analyze use of the Products, improve the Products and identify trends and best practices related to the Products; and to create Aggregated Statistics (as defined in Section 4). Member and its Authorized Users shall ensure they have obtained all rights, consents and authorizations necessary to license the Member Data to WebPT as set forth herein.
- Member Marks. Member hereby grants to WebPT a limited, non-transferable, non-sub-licensable, non-exclusive license, during the Term, to use, reproduce, display, and distribute the Member Marks solely in connection with and solely as necessary to provide the Product to Member and its Authorized Users, subject to the terms of this Agreement. WebPT shall comply with Member’s then-current policies regarding the use of Member’s Marks.
- Feedback. Member and/or its Authorized Users may provide suggestions, comments or other feedback to WebPT with respect to the products and services, including the Products (“Feedback”). Feedback is voluntary and WebPT is not required to hold it in confidence. Feedback may be used by WebPT for any purpose without obligation or restriction of any kind, on a perpetual, unlimited, royalty-free, sub-licensable, transferable basis.
4. Data Matters
- Data Ownership. WebPT agrees that Member Data (which shall also be known and treated by WebPT as Confidential Information) is the exclusive property of Member. Member Data is and shall remain the sole and exclusive property of Member and all right, title, and interest in the same is reserved by Member (subject to the limited license granted above, and without limiting WebPT’s rights to Aggregated Statistics (as defined below)).
- Data Aggregation. Notwithstanding anything else in this Agreement or otherwise, WebPT may monitor Member’s use of the Services and may use data and information related to such use, and Member Data in an aggregate manner, including to compile statistical, performance, and benchmarking information related to the provision and operation of the Products (“Aggregated Statistics”). As between WebPT and Member, all right, title, and interest in the Aggregated Statistics and all intellectual property rights therein, belong to and are retained solely by WebPT. Member acknowledges that WebPT will be compiling Aggregated Statistics based on Member Data input into the Services and Member agrees that WebPT may (a) make such Aggregated Statistics available to third parties in an anonymous manner, and (b) use such information to the extent and manner permitted by applicable law or regulation including for purposes of data gathering, analysis and service enhancement, provided that such data and information will be used in accordance with WebPT’s privacy policies and confidentiality terms of this Agreement. Aggregated Statistics may be used for the purposes above, and to improve Member’s clinical outcomes and to establish the efficacy of Member’s Services. WebPT will never sell Member Data to third parties for marketing purposes.
5. Integration and other Professional Services.
- Integration and other Professional Services. If separately agreed by the Parties pursuant to a separate statement of work, WebPT may provide certain services in the way of custom integrations of the Products, e.g., into Member’s operating environment or with third party systems (collectively, “Integration Services”). All such Integration Services shall be separately negotiated in a statement of work referencing this Agreement between the Parties. Member acknowledges and agrees that WebPT is under no obligation to provide such Integration Services, unless separately agreed in writing executed by an authorized representative of WebPT.
6. Payment for Services.
- Payment. Member will pay all fees specified (the “Fees”). Except as otherwise specified herein or in an Order, (i) fees are based on Product and Service subscriptions purchased and not actual usage (unless priced on usage), (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term. Member will provide WebPT with valid and updated credit card information or ACH information and will authorize WebPT to charge such credit card or authorize such ACH for all Products listed in the Order Form for the Initial Term and any renewal terms as set forth in Section 7.1 below. Such charges for subscription fees shall be made in advance monthly. Member is responsible for providing complete and accurate billing and contact information to WebPT and notifying WebPT of any changes to such information. WebPT may increase the Fees at its election by providing advance notice of such change (which may be delivered electronically)
- Taxes. WebPT shall invoice Member for applicable sales, use and similar taxes on services fees and charges sourced to States where WebPT has nexus, as determined by WebPT in its sole discretion. Member agrees to promptly pay such taxes when invoiced by WebPT. Notwithstanding the foregoing, Member shall be solely responsible for the timely payment of all sales, use and similar taxes not invoiced by WebPT that are attributable to WebPT’s service fees and charges, including any interest, penalties and other costs incurred as a result of Member’s non-compliance or delay with the performance of Member’s obligations described in this sentence.
- Late Payments; Interest. Any portion of any amount payable hereunder that is not paid when due will accrue interest at one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less, from due date until paid.
7. Term and Termination.
- Term of Agreement. Unless otherwise provided in the order or signup form, the initial term of this Agreement will commence on the Effective Date and will continue for an initial term of one (1) month (the “Initial Term”). Unless earlier terminated in accordance with this Section 7, this Agreement will automatically renew for periods equal to the Initial Term (each a “Renewal Term”), unless either Party provides written notice of its desire not to renew at least thirty (30) days prior to the expiration of the then-current term (collectively, the “Term”). Similarly, if Member desires to make any reductions to the scope of this Agreement (e.g., number of providers or scope of the Services), Member must provide written notice to WebPT at least thirty (30) days prior to the expiration of the then-current term.
- Termination for Breach. Either Party may, at its option, terminate this Agreement in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party, sufficiently describing the nature of the breach. The Party receiving such notice shall have a right to cure such breach within thirty (30) days of receipt of such notice. If the breaching Party has not cured such breach or is not diligently pursuing a cure, the non-breaching Party may terminate this Agreement as of the date specified in such notice.
- Termination – Fraud or Unlawful Activity. If the stated cause of breach is an allegation of fraudulent or criminal activity on the part of the breaching party, the termination shall take effect immediately (in addition to other remedies available).
- Termination Upon Bankruptcy or Insolvency. Each Party agrees to notify the other within five (5) business days if it files for bankruptcy, bankruptcy protection or reorganization or is the subject of a bankruptcy filing by a creditor. Either Party may, at its option, terminate this Agreement immediately upon written notice to the other Party, in the event (i) that the other Party becomes insolvent or unable to pay its debts when due; (ii) the other Party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against, such petition is not removed within ninety (90) days after such filing; (iii) the other Party discontinues it business; or (iv) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors.
- Effect of Termination. Upon any termination of this Agreement, (i) Member will immediately discontinue all use of the Services, the Application Documentation, and any WebPT Confidential Information; (ii) return to the other Party or, at the other Party’s option, destroy, all copies of the Application Documentation and any Confidential Information then in the other Party’s possession; and (iii) promptly pay to WebPT all amounts due and payable to the other Party hereunder. Following the termination of this Agreement, WebPT shall provide Member with a final extract of the Member Data pursuant to WebPT’s then-current data retrieval option at no charge. Notwithstanding the foregoing, the Parties may retain such copies as are reasonably necessary to comply with any company archival purposes, laws or regulations applicable to the Party, provided such copies shall be subject to the terms of this Agreement while in the Party’s possession.
- Survival. Following termination, the provisions of the following sections shall survive: Retained Rights, Ownership, Third Party Products, Effect of Termination, Usage Restrictions, Confidentiality, Indemnification, Disclaimers and Limitations of Liability, Data Ownership, Survival, Arbitration, and General.
8. Confidentiality.
Member agrees to provide true, accurate and complete information about itself and its Authorized Users of the Services. All Confidential Information of either Party will be held in confidence by the other Party. WebPT will not, nor knowingly permit others to release Personally Identifiable Information without the written consent of Member. Neither Party will use (for itself or for any third party) or disclose, nor permit any other person or entity under its control to use or disclose any Confidential Information, except (A) to employees, agents, third party contractors, or representatives of the recipient who have a “need to know” the information and are subject to an obligation of confidentiality at least as restrictive as the restrictions contained in this Confidentiality section, (B) if required by law or legal process, (C) to enforce this Agreement, (D) to respond to claims that any content violates the rights of third parties, or (E) to protect the rights, property, or personal safety of the Parties, users of the Services or members of the public. Each Party will promptly notify the other Party if it receives a request for the other party’s Confidential Information (unless notice is prohibited by law),and will reasonably cooperate with the other Party’s efforts to seek protection from disclosure. Upon termination of this Agreement, the provisions of this Confidentiality section will survive for a period of three (3) years from the termination date, and each Party will either return to the other Party all Confidential Information of the other Party in its possession or control, or, at the other Party’s request, destroy any such Confidential Information. Notwithstanding the above, the obligations of confidentiality pertaining to trade secrets shall continue indefinitely.
9. Compliance.
- HIPAA Compliance. WebPT agrees to comply with all applicable federal and state laws and regulations governing the privacy and security of health information, including without limitation the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations promulgated thereunder and shall remain in compliance with these laws and regulations as they may be amended from time to time. WebPT represents and warrants that its employees performing services under this Agreement receive appropriate HIPAA training. The Parties agree to execute and abide by the terms of the Business Associate Agreement Exhibit presented by WebPT.
- Certain Legal Actions. The parties agree to immediately notify one another by telephone and thereafter in writing if it or any of its personnel are named as defendants in (a) any civil or criminal action alleging any violation of the False Claims Act, HIPAA privacy regulations, mail or wire fraud statutes, Medicare or Medicaid civil or criminal fraud or false claims or similar statutes or any comparable state statutes; or (b) any private action alleging any contractual or tortious actions involving the submissions of claims for payment.
- Change of Ownership. Member agrees to notify WebPT within twenty (20) days of any change in ownership. Change of ownership, for purposes of this provision, shall mean any acquisition, merger or joint venture to which Member is a party.
- Identification Numbers. Member shall notify WebPT immediately of any changes in tax identification number(s), Medicare or Medicaid provider numbers or of any change in private insurance participation or account numbers.
- Audits and Investigations. The parties agree to immediately notify one another by telephone and thereafter in writing if they become aware of the existence or possible existence of an audit or investigation of personnel or claims covered by this Agreement. For purposes of this paragraph, investigation shall mean a carrier or insurer audit, attempts by investigators or auditors from either private or governmental entities to interview current or former employees, issuance of any summons, subpoena or other request for documents or compelled testimony and the execution of search warrants.
- No Medical Advice. Member acknowledges and agrees that (a) the Services are not considered as medical advice, (b) any use of the Services is not a substitute for professional judgment and does not relieve Member from exercising the appropriate standard of care and professional judgment relevant to the treatment of patients, (c) information offered by WebPT in any particular situation does not constitute a recommendation or advice about any course of treatment or the practice of medicine, and (d) and Member and its Authorized Users assume responsibility for their actions undertaken in connection with the use of the Services in their medical practice.
10. Third Party Products; Third Party Data.
Member acknowledges and agrees that third party products, if any, which are [provided with or incorporated] as part of the Services (and/or the Application IP) (the “Third Party Products”) are additionally subject to the applicable flow through provisions. Notwithstanding anything to the contrary in this Agreement, the use of Third Party Products is at all times subject to the terms and conditions of the Third Party Products’ agreements if made available to Member. WebPT makes no representation or warranties of any kind with respect to Third Party Products. In addition, in connection with certain integrations to third party platforms (e.g., CEU and Marketplace), Member may be required to affirmatively accept certain additional license terms.
11. Editorial Content
- WebPT licenses from the American Medical Association (“AMA”) certain editorial content (“Editorial Content” or “CPT”), which is commercial technical data and/or computer data bases and/or commercial computer software and/or commercial computer software documentation, as applicable which were developed exclusively at private expense by the AMA. The license granted by the AMA to WebPT is a nontransferable, nonexclusive license for the sole purpose of internal use by Member, subject to the terms and conditions of this Agreement. Continued use of the Editorial Content and any such update to such Editorial Content is dependent on the continued contractual relationship by and between WebPT and the AMA. This Article 11 takes precedence over the other provisions of this Agreement.
- CPT Usage; Restrictions. CPT is copyrighted by the AMA and is a registered trademark of the AMA. Any use not authorized herein is prohibited, such prohibited uses including by way of illustration and not by way of limitation, making copies of CPT for resale and/or license, transferring copies of CPT to any person who is not an Authorized User bound by this Agreement, creating any modified or derivative work of CPT, or making any commercial use of CPT. License to use CPT for any use not authorized herein must be obtained through the AMA, CPT Intellectual Property Services, 515 N. State Street, Chicago, IL 60610. Applications are available at the AMA Web site, http://www.ama-assn.org/go/cpt.
- CPT Data. U.S. Government rights to use, modify, reproduce, release, perform, display, or disclose these technical data and/or computer data bases and/or computer software and/or computer software documentation comprising the CPT are subject to the limited rights restrictions of DFARS 252.227-7015(b)(2) (November 1995) and/or subject to the restrictions of DFARS 227.7202-1(a) (June 1995) and DFARS 227.7202-3(a) (June 1995), as applicable for U.S. Department of Defense procurements and the limited rights restrictions of FAR 52.227-14 (December 2007) and/or subject to the restricted rights provisions of FAR 52.227-14 (December 2007) and FAR 52.227-19 (December 2007), as applicable, and any applicable agency FAR Supplements, for non-Department of Defense Federal procurements.
- CPT Disclaimer. CPT is provided “as is” without warranty of any kind, either expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose. No fee schedules, basic unit, relative values or related listings are included in CPT. The AMA does not directly or indirectly practice medicine or dispense medical services. The responsibility for the content of this file/product is with WebPT and no endorsement by the AMA is intended or implied. The AMA disclaims responsibility for any consequences or liability attributable to or related to any use, non-use, or interpretation of information contained or not contained in this file/product. This license will terminate upon notice if Member violates its terms. The AMA is a third party beneficiary to only this Article 11. The scope of this license is determined by the AMA, the copyright holder. Any questions pertaining to the license or use of CPT should be addressed to the AMA. End users do not act for or on behalf of the WebPT. WEBPT DISCLAIMS RESPONSIBILITY FOR ANY LIABILITY ATTRIBUTABLE TO END USER USE OF CPT. WEBPT WILL NOT BE LIABLE FOR ANY CLAIMS ATTRIBUTABLE TO ANY ERRORS, OMISSIONS, OR OTHER INACCURACIES IN THE INFORMATION OR MATERIAL CONTAINED IN THIS ARTICLE 11. In no event shall WebPT be liable for direct, indirect, special, incidental, or consequential damages arising out of the use of such information or material.
- CPT License Fee Increase. In the event that WebPT’s costs related to its license of CPT increase during the Term, WebPT shall have the option of increasing the Fees of any Product using CPT by the amount of the CPT license increase.
12. Warranty Disclaimers.
THE SERVICES AND ANY SOFTWARE PROVIDED IN CONNECTION WITH THE SERVICES, IS PROVIDED ON AN “AS IS” BASIS. WHILE WEBPT WILL EXERCISE ITS COMMERCIALLY REASONABLE EFFORTS TO PROVIDE THE SERVICES, WEBPT DOES NOT MAKE, AND HEREBY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, OF ANY KIND OR NATURE WITH RESPECT TO THE SERVICES OR SUCH PROPERTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WEBPT DOES NOT WARRANT OR GUARANTEE THE INTEGRITY OF THE SERVICES OR OF THE CONTENT, INFORMATION OR DATA TRANSMITTED THROUGH OR CONTAINED WITHIN ANY PORTION OF THE SERVICES. NEITHER WEBPT NOR ANY OTHER PERSON OR ENTITY INVOLVED IN CREATING, PRODUCING OR DELIVERING ANY OF THE SERVICES PROMISES, REPRESENTS OR WARRANTS THAT THE SERVICES WILL BE TIMELY, UNINTERRUPTED OR ERROR FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR THE SERVERS OR OTHER PROPERTY THAT ARE USED IN PROVIDING THE SERVICES WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
13. Limitations of Liability; Remedies.
- EXCEPT IN THE EVENT OF A BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATIONS, OR OBLIGATIONS UNDER SECTION 2.8, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT FOR WEBPT’S INDEMNIFICATION OBLIGATIONS, THE CUMULATIVE LIABILITY OF WEBPT TO THE MEMBER FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, WILL NOT EXCEED THE TOTAL AMOUNT OF ALL FEES PAID TO WEBPT BY MEMBER IN THE TWELVE (12) MONTHS PRECEDING THE DATE ON WHICH THE APPLICABLE CLAIM AROSE. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
- Claims. Notwithstanding any State or federal laws to the contrary, the Parties hereby agree that any claims of breach of express or implied contract, actions to enjoin or enforce rights under this Agreement or actions for any torts arising out of or related to this Agreement shall be initiated by either Party more than one (1) year after the cause of action has accrued, except that an action for non-payment may be brought within two (2) years after the date such amount was due.
- Essential Basis of the Agreement. Member acknowledges and understands that the disclaimers, exclusions and limitations of liability set forth in this Section 14 form an essential basis of the agreement between the Parties, that the Parties have relied upon such disclaimers, exclusions and limitations of liability in negotiating the terms and conditions in this Agreement, and that absent such disclaimers, exclusions and limitations of liability, the terms and conditions of this Agreement would be substantially different.
14. Indemnification.
- General Indemnity By Member. Member agrees to indemnify and hold WebPT (as well as its parents, subsidiaries, affiliates, officers, members, shareholders, employees, agents and representatives) harmless from any and all third-party claims, liability and expenses (including without limitation, reasonable attorneys’ fees) arising out of or related to (i) Member’s use of the Services (unless the claim directly relates to WebPT’s misconduct), and/or (ii) any claim arising out of content posted or transmitted by any person or entity associated with or authorized by Member (other than WebPT) through the use of the Services. WebPT reserves the right, to select counsel of its own choosing for and otherwise to control its own defense, of any matter subject to indemnification by Member, which shall not excuse Member’s indemnity obligations. Member will not settle any third-party claim against WebPT unless such settlement completely and forever releases WebPT from all liability with respect to such claim or unless WebPT consents to such settlement.
- Infringement Indemnity By WebPT. WebPT agrees to indemnify and hold Member (as well as its parents, subsidiaries, affiliates, officers, members, shareholders, employees, agents and representatives) harmless from any and all third-party claims, liability and expenses (including without limitation, reasonable attorneys’ fees) arising out of or related to the alleged infringement of such third party’s patent, trademark, copyright or trade secret rights under applicable laws within the United States of America, provided that Member promptly notifies WebPT in writing of the claim, cooperates with WebPT, and allows WebPT sole authority to control the defense and settlement of such claim. This Section 15.2 shall not apply to the extent such alleged infringement arises from (i) any unauthorized modification of WebPT’s intellectual property by Member; or (ii) Member Data. WebPT will not settle any third-party claim against Member unless such settlement completely and forever releases Member from all liability with respect to such claim or unless Member consents to such settlement. THIS SECTION STATES WEBPT’S ENTIRE OBLIGATION AND LIABILITY WITH RESPECT TO ANY CLAIM OF INFRINGEMENT.
15. Arbitration.
- Any controversy or claim arising out of or relating to this Agreement or any alleged breach of this Agreement shall be resolved by binding arbitration by the American Arbitration Association (“AAA”), under its Commercial Arbitration Rules, in Phoenix, Arizona. The arbitrator is not authorized to award punitive or other damages not measured by the prevailing party’s actual damages. Selection of the arbitrators shall be as follows: each party shall appoint one arbitrator within twenty (20) days after the initiating party files a Demand for Arbitration, and those two arbitrators shall appoint a third arbitrator who shall act as chairman, within a twenty (20) day period thereafter. If the parties fail to appoint the chairman within said period, the parties will apply to the American Arbitration Association for appointment of the third arbitrator.
- Either party may apply to the arbitrator seeking injunctive relief until an arbitration award is rendered or the dispute is otherwise resolved. Either party also may, without waiving any other remedy, seek from any court having jurisdiction any interim or provisional relief that is necessary to protect the rights or property of such party pending the arbitrator’s appointment or decision on the merits of the dispute.
- Judgement upon the arbitrator’s award may be entered in any court having jurisdiction. The arbitration proceeding and arbitrator’s award shall be maintained as strictly confidential, except as otherwise required by court order or as necessary to confirm, vacate or enforce the award and for disclosure in confidence to the parties’ respective attorneys.
- Each Party shall bear its own costs, fees and expenses of arbitration.
16. General.
- Notices and statements. All communications required or permitted to be given by this Agreement shall be made in writing and shall be sent by a recognized overnight commercial delivery or certified U.S. mail to the address for the respective Party shown on the first page of this Agreement or such other address as either Party may specify from time to time in writing.
- Press Releases. The Parties grant each other the right to issue at least two press releases regarding the Parties’ relationship: the first when this Agreement is executed, and the second when Member is operational on any of the Products. WebPT and Member must mutually agree upon the language in a press release. Member also agrees to provide WebPT with site visits and reference calls for WebPT’s sales prospects. Member further agrees to participate in case studies conducted by WebPT related to Member’s use of the Products or Services.
- Entire Agreement; Amendment and Waiver. This Agreement, its exhibits and any documents expressly referred to in this Agreement constitute the entire agreement between the Parties and supersede all prior understandings and agreements, whether written or oral, that may relate to the subject matter of this Agreement. Any term of this Agreement may be amended, modified, or waived only with the written consent of the Parties or their respective permitted successors and assigns. Any amendment or waiver effected in accordance with this Section 17.3 shall be binding upon the Parties and their respective successors and assigns.
- Force Majeure. Except with respect to payment obligations hereunder, if a Party is prevented or delayed in performance of its obligations hereunder as a result of circumstances beyond such Party’s reasonable control, including, by way of example, zero day attacks, nuclear or electromagnetic pulse, war, riot, fires, floods, epidemics, or failure of public utilities or public transportation systems, such failure or delay will not be deemed to constitute a material breach of this Agreement, but such obligation will remain in full force and effect, and will be performed or satisfied as soon as reasonably practicable after the termination of the relevant circumstances causing such failure or delay, provided that if such Party is prevented or delayed from performing for more than ninety (90) days, the other Party may terminate this Agreement upon thirty (30) days’ written notice.
- Severability. Should any provision of this Agreement be held by a court of competent jurisdiction to be illegal, invalid or unenforceable, such provision shall be deemed modified to the extent necessary (consistent with the intent of the Parties) to eliminate the illegal, invalid or unenforceable effect or to delete such provision if modification is not feasible, and the remaining terms shall continue in full force and effect.
- Independent Contractors. In making and performing this Agreement, Customer and WebPT act and will act at all times as independent contractors, and, except as expressly set forth herein, nothing contained in this Agreement will be construed or implied to create an agency, partnership or employer and employee relationship between them.
- Governing Law. This Agreement and all disputes arising under or related to it shall be governed by the laws of the State of Delaware, without regard to choice of law principles that would allow the application of another State’s law.
- Inapplicability of UCITA. THE PARTIES AGREE THAT NO PROVISION OF THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT (UCITA) IS INTENDED TO APPLY TO THE INTERPRETATIONS OF THIS AGREEMENT, WHETHER OR NOT UCITA IS ENACTED IN THE STATE WHOSE LAW GOVERNS THIS AGREEMENT.
- Successor and Assigns. Neither party will assign its rights or delegate its obligations under this Agreement without the other party’s prior written consent, and, absent such consent, any purported assignment or delegation will be null, void and of no effect. However, either party may, without the written consent of the other, assign this Agreement and its rights and obligations hereunder in connection with the transfer or sale of all or substantially all of its business related to this Agreement, or in the event of a merger, consolidation, change in control or similar transaction.
- Headings. Headings used in this Agreement are provided for convenience only and shall not be used to construe meaning or intent.
- Counterparts. This Agreement may be executed simultaneously in two or more counterparts, each of which will be considered an original, but all of which together will constitute one and the same instrument.
WebPT Billing - Billing Service
The following terms also apply if Member orders WebPT Billing:
Certain Products are used to bill for healthcare services rendered by Member (the “Billing Products”). In addition to the provisions of the MSA, the following billing-specific provisions also apply to such Billing Products.
1. Member Responsibilities.
- Documentation. Member shall: (a) be responsible for providing all documentation and information necessary to file a complete and accurate claim to a payer or responsible party for payment; (b) provide only information, diagnoses and codes which are fully supported in the patient medical record; (c) submit only those claims for payment which represent services actually performed; and (d) document patient care within a WebPT EMR system. Documentation includes but is not limited to charges for services, written or electronic correspondences from any payer or responsible party, records of payer and responsible party payments and other records identified by WebPT as required to manage Member’s accounts. Member acknowledges and agrees that Member is responsible for the accuracy of all information provided to WebPT, and WebPT is entitled to rely on information (e.g., patient information, payor instructions, credentials) and instructions Member provides. Member hereby certifies that the information provided to support each claim billed by Member shall be accurate and complete. Member agrees to indemnify and hold WebPT harmless against any liability for relying upon and using information Member provides and for following instructions Member provides related to billing for Member’s services.
- Authority and Accuracy of Enrollment and Billing Instructions. Member has the legal authority to submit bills under the provider numbers, tax identification numbers, or any other billing credentials or instructions that Member provides. Member agrees to appropriately maintain and update enrollment information with all payers, including taking all necessary actions in the event of changes in ownership or control. Member shall be solely and exclusively responsible for ensuring it has the appropriate authority to bill under the credentials, such as tax identification numbers.
2. Required Notices.
- Policies, Regulations and Governing Rules. The parties understand and acknowledge that both private and governmental payers and insurers make frequent changes in their policies, rules, regulations and statutes which can occur during the term of this Agreement and which may materially affect whether and how claims for reimbursement must be documented, coded and submitted. Member agrees to promptly provide to WebPT copies of any notices, including but not limited to, carrier bulletins, fraud alerts, industry publications, legal advice and the like it receives which relate to Member’s methods or policies for the delivery of clinical services, documentation, coding or billing or which otherwise relates to parties’ duties under this Agreement.
- Claims Errors. The parties understand that prompt notification of possible errors in claims, coding and the like is essential to permit correction of any errors and thereby reduce the risk of the submission of an inaccurate claim and/or to mitigate any such error. Member therefore agrees to review promptly and carefully all documents sent to it by WebPT. If Member disputes the accuracy of any document prepared by WebPT, including assignments of codes, modifiers and levels of service, Member shall notify WebPT in writing within ten (10) business days of receipt of the document. Failure to notify WebPT of any errors known to Member or which should have been known, shall constitute a complete waiver by Member of any claim of breach of contract, malfeasance or the like arising out of or related to that document and any claims or transaction identified therein. Upon receipt of such notice, the parties agree to communicate their views and take such action as may be reasonable and necessary. WebPT shall not be liable for any claims Member submits that are inconsistent with WebPT guidelines and recommendations.
- Notices to Government Agencies. The parties agree and understand that federal laws and some state laws provide substantial civil and criminal incentives for parties to self-report their possible violations of law. It is therefore important to the parties that they be given a reasonable notice and opportunity to investigate the possible violation and, where appropriate, report the violation to the authorities. The parties therefore agree that, to the extent permitted by law, neither party, its officers, directors or owners, shall notify any carrier, insurer or governmental agency of suspected violations of law by the other party without: (a) first providing the other notices required under this Agreement, if applicable; and (b) first giving the other party a reasonable opportunity to investigate and thereafter notify the appropriate entity(ies). Thereafter, if the party which believes the other has violated the law, decides to inform a third party of the suspected violation, it shall first, to the extent permitted by law, notify the other party in writing of (a) its intent to inform; (b) the substance of the intended notice to authorities; and (c) the intended date of notice to the authorities.
3. Party Compliance.
- WebPT Certification. WebPT warrants and certifies that: (a) neither it, nor its officers, directors or employees have been or are under a declaration of debarment or exclusion from participating in government contracting or participation in Medicare or Medicaid; (b) neither it, nor any of its officers, directors or employees is operating under or are otherwise subject to a Corporate Integrity Agreement (CIA); (c) neither it, nor any of its officers, directors or employees is aware of any pending investigation by any government agency relating in any way to its services; (d) neither it, nor its officers, directors or employees is currently a named defendant in criminal indictment or notification or a civil cause of action alleging a violation of the Civil False Claims Act or otherwise alleging the submission of false claims to any government or private insurer or any violations of HIPAA regulations.
- Member Certification. Member warrants and certifies that: (a) neither it, nor its officers, directors or employees have been or are under a declaration of debarment or exclusion from participating in government contracting or participation in Medicare or Medicaid; (b) neither it, nor any of its officers, directors or employees is operating under or are otherwise subject to a Corporate Integrity Agreement (CIA); (c) neither it, nor any of its officers, directors or employees is aware of any pending investigation by any government agency relating in any way to its services; (d) neither it, nor its officers, directors or employees is currently a named defendant in criminal indictment or notification or a civil cause of action alleging a violation of the Civil False Claims Act or otherwise alleging the submission of false claims to any government or private insurer or any violations of HIPAA regulations.
- Compliance Programs. The parties agree that each has or shall promptly implement a compliance program which meets the Office of Inspector General’s applicable compliance program guidance and shall, upon the request of the other, provide a copy of relevant portions of their compliance plan documents to the other.
4. Billing Service – WebPT Billing.
- General Services. WebPT shall perform the following services: (a) assure that it is operating the most current version of WebPT Billing applicable to Member, (b) programmatically review patient and responsible party information submitted by Member for completeness using the most up to date billing rules supplied by the Member and implemented in WebPT Billing, (c) provide for clearinghouse and payer connections, (d) provide claims formatting and electronic submission of claims to specification of Member and implemented in WebPT Billing, and (e) keep current, support and enhance reports in WebPT Billing.
- Services not Provided. WebPT is specifically not providing any service not specifically described above, including but not limited to: (a) practice and therapist payer credentialing, (b) negotiating and maintenance of payer contracts, (c) data entry of patient demographics, payer and responsible party information as is necessary to produce clean claims, (d) charge entry or charge capture through system interface from a third party vendor not agreed to by the parties, (e) management of denied claims, (f) filing and management of worker compensation and personal injury liens or letters of protection, (g) current licensing for any and all applications that may integrate with WebPT Billing or any other application not provided by WebPT, (h) collections of accounts receivable, (i) posting of payments to patient accounts, (j) patient and Member financial management, and (k) printing and mailing of ad hoc (on-demand) patient statements and paper claims. Payment posting by Member will consist of electronic posting of payments and clearing the associated “error report” and manually posting all payments that are not able to be posted electronically.
Keet Product Terms
The following terms also apply if Member orders any of the Keet Products:
- End User Application: The Keet Products involve the development and hosting of an End User-facing portal or application made available to End Users by WebPT in connection with the Keet Products (the “End User Application”), which may be branded by Member if agreed on in this Order. As used herein, an “End User” means any individual, including patients and care partners served by Member, authorized by Member to access and use the End User Application who has agreed to WebPT’s or its Affiliates corresponding terms and conditions (the “End User Terms of Service”) prior to access and use of the End User Application.
- End User Application Accounts. Member acknowledges and agrees that prior to an End User registering for an account on the End User Application, each End User will be required to agree to the End User Terms of Service and will be granted access to the End User Application with separate access protocols that WebPT make available directly to the End User. Member is not subject to the End User Terms of Service, or any other click-through or preprinted terms and conditions provided by WebPT or any of its licensors unless Member explicitly agrees to the same in writing. Member acknowledges and agrees that End User Data will be processed by or on behalf WebPT subject to the End User Terms of Service and WebPT’s then-current privacy policy.
- End User Data. Collection and use of data uploaded or transmitted by an End User to the End User Application (“End User Data”) is governed by WebPT’s Privacy Policy and End User Terms of Service. For the avoidance of doubt, End User Data shall not constitute “Member Data” for the purposes of the General Terms Exhibit. Member’s rights to access End User Data are limited to such features of the Keet Products for which Member has subscribed and exist only during the Term.
Additional Terms for Orders for Merit-based Incentive Payment System (“MIPS”) Products
- MIPS Product Order Term. Orders for Merit-based Incentive Payment System (“MIPS”) Products are for a full calendar year and commence not later than February 28 for the 2025 MIPS performance year, and will commence not later than January 1 for subsequent MIPS performance years (2026 onward). Renewal for MIPS Products will be on or before February 28th for the 2025 MIPS performance year, and on or before January 1 of the calendar year for all years following the 2025 MIPS performance year.
- Fees. MIPS Product Fees are invoiced and payable on an annual basis in January of the compliance year for which the MIPS Product is being made available. There are no discounts for partial years.
- Orders Placed after January 1. If Member orders a MIPS Product after January 1, Member will be responsible for providing and entering retrospective data into the Keet Products if data has not been entered from the beginning of the MIPS performance year (January 1) onward.
- Submission Deadline. Member must enter at least 50% of the reporting year’s data by October 1st of the then-current reporting year. Member’s failure to meet this data submission deadline may result in additional fees or a failed submission. No refunds will be applied as a result of Member’s failure to meet this data submission deadline. Member commits to meet the Submission Deadline. Failure of Member to meet the Registry Submission Deadline, negates obligation of WebPT to meet data submission requirements and Member agrees that any monies paid to WebPT are non-refundable. Member recognizes failure to provide to WebPT requisite data by the Registry Submission Deadline is the sole responsibility of Member and WebPT shall bear no financial or other responsibility and/or liability in this regard. WebPT at its sole discretion may accept data submitted after the Submission Deadline for any additional fees in accordance with its then-current fee schedule.
- Reporting Permissions Requirements. Member shall:
- Participate in QPP and report on required annual QPP measures for each and all MIPS eligible providers, or report as a group practice entity. Member assures it will not withhold or intentionally mislead WebPT regarding actual number of eligible NPIs and/or eligible providers. Further, Member recognizes WebPT retains right to elevate pricing or withhold all reporting based on WebPT affirming more eligible providers/NPIs than those for which Member has paid.
- Provide required identifiers (practice’s TIN and eligible professionals’ individual NPI), metric data and other demographics as required for each measure selected for reporting by provider.
- Provide accurate data from reproducible documentation sources for all provider/patient data.
- Ensure that each Member’s eligible provider completes the required Consent Forms, or practice manager completes on behalf of group practice entities.MIPS Participation Guide. Member agrees to abide by the MIPS Participation Guide attached as Attachment A to this Keet Product Exhibit, as it may be amended from time to time.
- Late Fees. Member agrees to pay $200.00 per NPI for any data submitted after the WebPT Submission Deadline (defined as thirty (30) days prior to the CMS official publicly posted deadline).
- MIPS Participation Guide. Member agrees to abide by the MIPS Participation Guide attached as Attachment A to this Keet Product Exhibit, as it may be amended from time to time.
- MIPS Training. WebPT shall provide Documentation including the training materials through its then-current resources. As of the Effective Date, these resources include WebPT Discover, WebPT University and any renewal or Implementation Guides (as applicable). Member acknowledges and agrees that it is solely responsible for the training of its personnel, employees, contractors, or agents in the use and operation of the MIPS Products. WebPT shall not be liable for any delays, errors, or damages resulting from Member’s failure to adequately train its personnel. Upon request, WebPT may offer training services at an additional cost as outlined in a separate agreement or schedule.
MIPS Participation Guide
Link to current guide: https://21853389.fs1.hubspotusercontent-na1.net/hubfs/21853389/Downloads/202409_Guide_2024KeetOutcomesMIPSParticipationGuide_v2.pdf
WebPT Business Associate Agreement
This Business Associate Agreement (hereinafter referred to as “BAA”), is hereby entered into between Member (“Covered Entity”) and WebPT, Inc., a Delaware corporation (“Business Associate”).
Whereas Business Associate performs functions, activities, or services for or on behalf of Covered Entity, and Business Associate creates, receives, maintains, or transmits Protected Health Information (“PHI”), including Electronic Protected Health Information (“EPHI”), in order to perform such functions, activities, or services (referred to collectively as the “Services”);
Whereas the purpose of this BAA is to set forth the terms and conditions of PHI disclosure by Covered Entity to Business Associate; to set forth the terms and conditions of Business Associate’s use and disclosure of PHI; and to ensure the confidentiality, integrity, and availability of EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity;
Whereas it is the intent of Covered Entity and Business Associate that this BAA will meet the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the American Recovery and Reinvestment Act of 2009, Public Law 111-5 (“ARRA”), the Privacy Rule, the Security Rule, 45 C.F.R. Parts 160 and 164, and the Final HIPAA Omnibus Rule.
Now, therefore, in consideration of the mutual promises set forth in this BAA and other good and valuable consideration (the sufficiency and receipt of which are hereby severally acknowledged), the parties agree as follows:
1. Definitions. Unless otherwise specified in this BAA, all capitalized terms not otherwise defined shall have the meanings established in Title 45, Parts 160 and 164, of the United States Code of Federal Regulations, as amended from time to time, and/or in the American Recovery and Reinvestment Act of 2009 (“ARRA”). For purposes of clarification, the following terms shall have the definitions set forth below:
- “Privacy Standards” shall mean the Standards for Privacy of Individually Identifiable Health Information as set forth in 45 C.F.R. Parts 160 and 164.
- “Security Standards” shall mean the Security Standards for the Protection of Electronic Protected Health Information as set forth in 45 C.F.R. Parts 160 and 164.
2. Business Associate Obligations. Business Associate may create, receive, maintain, or transmit from or on behalf of Covered Entity health information that is protected under applicable state and/or federal law, including, without limitation, PHI. Business Associate shall not Use or Disclose the PHI other than as permitted or required by this BAA or as Required by Law. Business Associate agrees not to Use or Disclose (or permit the Use or Disclosure of) PHI in a manner that would violate the requirements of the Privacy Standards or the Security Standards if the PHI were Used or Disclosed by Covered Entity in the same manner, except as provided in Sections 3 and 4 of this BAA.
3. Use of PHI.
- Administrative and Other Duties. Business Associate may Use PHI as necessary (i) for performing Services on behalf of Covered Entity, (ii) for the proper management and administration of the Business Associate, and (iii) for carrying out Business Associate’s legal responsibilities, provided in each case that such Uses are permitted under federal and state law.
- Data Aggregation. Business Associate may provide Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B) and to Use, Disclose, and combine PHI created or received on behalf of Covered Entity by Business Associate pursuant to this BAA with PHI received by Business Associate in its capacity as a business associate of other covered entities, to permit data analyses that relate to the Health Care Operations of the respective covered entities and/or Covered Entity.
- De-Identified PHI. Business Associate may de-identify any and all PHI created or received by Business Associate under this BAA. PHI that has been de-identified within the meaning of 45 CFR § 164.514(b) is no longer PHI and may be used or disclosed by Business Associate for any lawful purpose.
4. Disclosure of PHI. Business Associate may Disclose PHI as necessary to perform Services on behalf of Covered Entity. Additionally, Business Associate may Disclose PHI (i) for the proper management and administration of the Business Associate and (ii) to carry out Business Associate’s legal responsibilities, provided that either (a) the Disclosure is Required by Law or (b) the Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that the information will be held confidential and further Used and Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person and such person agrees to immediately notify the Business Associate of any instances of which he or she is aware that the confidentiality of the information has been breached. Business Associate will determine the amount of PHI necessary to accomplish the intended purpose of disclosure and will make reasonable efforts to limit the receipt, use, and disclosure of PHI to the minimum necessary as required by the Privacy Laws.
5. Reports. Business Associate agrees to report to Covered Entity:
- Any Breach of Unsecured PHI. Each report of a Breach of Unsecured PHI Discovered by Business Associate, unless delayed for law enforcement purposes, shall be made without delay and in no case later than thirty (30) calendar days after Discovery of the Breach. Such report shall include the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, Used, or Disclosed during such Breach and any other available information Covered Entity is required to include in notification to the affected Individual(s) under 45 C.F.R. § 164.404(c);
- Any Security Incident. Any Security Incident within thirty (30) calendar days of the Business Associate becoming aware of such unauthorized Use or Disclosure. For Security Incidents that do not result in access to or a Use or Disclosure of EPHI in violation of this BAA or the Underlying Agreement (an “Unsuccessful Security Incident”), this Section 5.2 will be deemed as notice to Covered Entity that Business Associate periodically receives unsuccessful attempts for unauthorized access, Use, Disclosure, modification, or destruction of information or interference with the general operation of Business Associate’s information systems and the Services, including pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, and denial-of-service attacks, and, even if such events are defined as a Security Incident under the HIPAA Rules, Business Associate will not provide any further notice regarding such unsuccessful attempts. To the extent required by the Security Rule, Business Associate will record or otherwise log all Unsuccessful Security Incidents, will maintain such records for the period required under the Security Rule, and will, upon Covered Entity’s written request, provide a copy of any such records to Covered Entity.
6. Safeguards. Business Associate will use appropriate safeguards and comply, where applicable, with 45 C.F.R 164 Subpart C with respect to EPHI to prevent Use or Disclosure of the information other than as provided for by this BAA.
7. Subcontractors. Business Associate shall require Subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate to agree in writing to the same or similar restrictions and conditions that apply to the Business Associate under this BAA, including but not limited to, compliance with the applicable requirements of 45 C.F.R. Parts 160 and 164. Such agreement between Business Associate and the Subcontractor must be made in writing and must comply with the terms of this BAA and the requirements outlined in 45 C.F.R. § 164.504(e) and 164.314.
8. Individual Rights to Access and Amend.
- Access. If Business Associate maintains a Designated Record Set on behalf of Covered Entity, Business Associate shall permit an Individual to inspect or copy PHI contained in that Designated Record Set about the Individual in accordance with the Privacy Standards set forth in 45 C.F.R. § 164.524, as it may be amended from time to time unless excepted or a basis for denial exists under 45 C.F.R. § 164.524, as determined by the Covered Entity. In the event that a Business Associate uses or maintains an Electronic Health Record on behalf of Covered Entity, then an Individual’s right of access under 45 C.F.R. § 164.524 shall include the right to obtain a copy of the PHI in an electronic format—if the Individual chooses in a clear, conspicuous, and specific manner to direct the Business Associate to transmit such copy to any person designated by the Individual. Business Associate shall respond to any request from Covered Entity for access by an Individual within five (5) days of such request unless otherwise agreed to by Covered Entity. The information shall be provided in the form or format requested (if it is readily producible in such form or format) or in summary if the Individual has agreed in advance to accept the information in summary form. A reasonable, cost-based fee may be charged for copying PHI or providing a summary of PHI in accordance with 45 C.F.R. § 164.524(c)(4), provided that any such fee relating to a copy or summary of PHI is not greater than the labor, supplies, and postage costs incurred in response to the request for the copy or summary.
- Amendment. Business Associate shall accommodate an Individual’s right to amend PHI about the Individual in a Designated Record Set in accordance with the Privacy Standards set forth at 45 C.F.R. § 164.526, as it may be amended from time to time unless excepted or a basis for denial exists under 45 C.F.R. § 164.526, as determined by the Covered Entity. Covered Entity shall determine whether a denial of an amendment request is appropriate or an exception applies. Business Associate shall notify Covered Entity within five (5) days of receipt of any request for amendment by an Individual and shall make any amendment requested by Covered Entity within ten (10) days of such request. Business Associate shall have a process in place for handling requests for amendments and for appending such requests to the Designated Record Set when required by 45 C.F.R. § 164.526.
9. Accounting of Disclosures
- General Accounting Provisions. Business Associate shall make available to Covered Entity, in response to a request from an Individual, information required for an accounting of Disclosures of PHI with respect to the Individual, in accordance with 45 C.F.R. § 164.528, as it may be amended from time to time, unless an exception to such accounting exists under 45 C.F.R. § 164.528. Business Associate shall provide such information necessary to provide an accounting within thirty (30) days of Covered Entity’s request.
- Fees for an Accounting. Any accounting provided under Section 9.1 must be provided without cost to the Individual or to Covered Entity if it is the first accounting requested by an Individual within any twelve (12) month period. However, a reasonable, cost-based fee may be charged for subsequent accountings if Business Associate informs the Covered Entity and the Covered Entity informs the Individual in advance of the fee. At this time, the Individual must be afforded an opportunity to withdraw or modify the request.
10. Withdrawal of Consent or Authorization. If the Use or Disclosure of PHI in this BAA is based upon an Individual’s specific consent or authorization for the Use or Disclosure of his or her PHI and (i) the Individual revokes such consent or authorization in writing, (ii) the effective date of such authorization has expired, or (iii) the consent or authorization is found to be defective in any manner that renders it invalid, Business Associate agrees, as long as it has notice of such revocation or invalidity, to cease the Use and Disclosure of any such Individual’s PHI except to the extent it has relied on such Use or Disclosure or where an exception under the Privacy Standards expressly applies.
11. Records and Audit. Business Associate shall make available to Covered Entity and to the Secretary or its agents, its internal practices, books, and records relating to the Use and Disclosure of PHI received from, or created or received by, Business Associate on behalf of Covered Entity for the purpose of determining Covered Entity’s compliance with the Privacy Standards and the Security Standards in a timely manner designated by Covered Entity or the Secretary. Except to the extent prohibited by law, Business Associate agrees to notify Covered Entity immediately upon receipt of any and all requests served upon Business Associate by or on behalf of any and all government authorities relating to PHI received from, or created or received by, Business Associate on behalf of Covered Entity.
12. Notice of Privacy Practices. Covered Entity shall provide to Business Associate its Notice of Privacy Practices (“Notice”), including any amendments to the Notice. Business Associate agrees that it will abide by any limitations set forth in the Notice, as it may be amended from time to time, of which it has knowledge. An amended Notice shall not affect permitted Uses and Disclosures on which Business Associate has relied prior to receipt of such Notice.
13. Compliance with Law. To the extent Business Associate is to carry out Covered Entity’s obligation under the Privacy Standards, Business Associate shall comply with the requirements of the Privacy Standards that apply to Covered Entity in the performance of such obligation.
14. Prohibition of Sale of PHI and use of PHI for Marketing. Business Associate will not directly or indirectly receive remuneration in exchange for any PHI, nor will it Use or Disclose PHI for fundraising and/or marketing purposes, except with the Covered Entity’s prior written consent and in accordance with applicable Privacy Laws.
15. Term and Termination.
- PHI Disposition. This BAA shall remain in effect until all PHI received from, or created or received by, Business Associate on behalf of Covered Entity is returned to Covered Entity or destroyed in accordance with Section 15.4.
- Material Breach. Upon either Party’s knowledge of a material breach of this BAA by the other Party, the non-breaching Party must (i) provide an opportunity for the breaching Party to cure the breach or end the violation, and, if the breaching Party does not cure the breach or end the violation within the time specified by the non-breaching Party, the non-breaching Party shall terminate this BAA and any underlying agreements that give rise to the business associate relationship described in this BAA (“Underlying Agreements”); or (ii) immediately terminate this BAA and any Underlying Agreements.
- Underlying Agreement. This BAA shall terminate simultaneously without additional notice upon the termination of any Underlying Agreement related to the Services or, if there is no Underlying Agreement, upon termination of the Services.
- Effect of Termination. Upon termination of this BAA for any reason, Business Associate agrees either to return to Covered Entity or to destroy all PHI received from or created or received by Business Associate on behalf of Covered Entity that is in the possession or control of Business Associate or its Subcontractors. If it is not feasible to return or destroy the information, Business Associate shall continue to comply with the terms in this BAA with respect to such PHI and shall comply with other applicable state or federal law.
16. Miscellaneous
- Notice. All notices, requests, demands, and other communications required or permitted to be given or made under this BAA shall be in writing, effective upon receipt or attempted delivery, and sent by (i) personal delivery; (ii) certified or registered United States mail, return receipt requested; or (iii) overnight delivery service with proof of delivery. Notices to Business Associate shall be sent to:
- WebPT, Inc.
111 W. Monroe Street, #200
Phoenix, Arizona 85003
Attention: Legal Department
- WebPT, Inc.
Notices to Covered Entity shall be sent to the address provided by Covered Entity in the Underlying Agreement.
- Third-Party Beneficiaries. There are no third-party beneficiaries to this BAA. Business Associate’s obligations are to the Covered Entity only
- Successors and Assigns. This BAA will inure to the benefit of, and be binding upon, the successors and assigns of the parties. However, this BAA is not assignable by any party without the prior written consent of the other parties. However, either party may, without the written consent of the other, assign this Agreement and its rights and obligations hereunder in connection with the transfer or sale of all or substantially all of its business related to this Agreement, or in the event of a merger, consolidation, change in control or similar transaction.
Learn how WebPT’s PXM platform can catapult your practice to new heights.
Get Started