FDNA’s mission is to save lives and improve the quality of life of patients with rare, or difficult-to-diagnose genetic syndromes. By making our innovative technology and tools available through our websites and mobile applications, we intend to help medical professionals to search and reference genetic syndromes, maintain their personal search history archive and facilitate easy peer communication.
License and warranty for your submissions to FDNA
You must comply with all applicable laws, the Agreement, as may be amended from time to time with or without advance notice, and the policies and processes explained below
You have control over the information you provide FDNA under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users.
Additionally, and subject to our obligations under our Data Sharing and Protection Policy with respect to any protected health information (“PHI”). you grant FDNA and its registered users a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to FDNA, including, but not limited to, any user generated content, ideas, concepts, techniques or data to the services, you submit to FDNA, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss as noted below in this Agreement.
By providing information to us, you represent and warrant that you are entitled to and have the requisite rights to submit the information and that the information is accurate, not confidential (except for PHI, which is subject to the terms of our Data Sharing and Protection Policy), and not in violation of any contractual restrictions or other third party rights. FDNA hereby grants you a non-exclusive, non-transferable license to re-use or republish your own contributions made to us in its original or derivative form for republication elsewhere, such as in journals or other professional publications. This license is restricted to your own contributions and does not grant you rights to republish the contributions or postings of other Users or information furnished under the Services, without our explicit permission. FDNA shall be free to use any ideas, concepts, know-how or techniques contained in such information for any purpose whatsoever including, but not limited to, developing, manufacturing, and marketing products and services incorporating such information. It is your responsibility to keep your FDNA profile information accurate and updated.
To be eligible to use the Service, you must meet the following criteria and represent and warrant that you: (1) are 18 years of age or older; (2) a certified physician, medical student, or other health care professional; (3) are not currently restricted from the Services, or not otherwise prohibited from having an account, (4) are not a competitor of FDNA or are not using the Services for reasons that are in competition with FDNA; (5) have full power and authority to enter into this Agreement and doing so will not violate any other agreement to which you are a party; (6) will not violate any rights of FDNA, including intellectual property rights such as copyright or trademark rights; and (7) agree to provide at your cost all equipment, software, and internet access necessary to use the Services.
You agree to: (1) Keep your password secure and confidential; (2) not permit others to use your login credentials to access your account; (3) refrain from using other Users’ accounts; (4) refrain from selling, trading, or otherwise transferring your account or any information and content of another FDNA user to another party; and (5) refrain from charging anyone for access to any portion of the Services, or any information therein. Further, you are responsible for anything that happens through your account until you close down your account or prove that your account security was compromised due to no fault of your own.
You will indemnify us and hold us harmless for all damages, losses and costs (including, but not limited to, reasonable attorneys’ fees and costs) related to all third party claims, charges, and investigations, caused by (1) your failure to comply with this Agreement, including, without limitation, your submission of content that violates third party rights or applicable laws, (2) any content you submit to the Services, and (3) any activity in which you engage on or through the Services.
Notify Us of Acts Contrary to the Agreement
If you believe that you are entitled or obligated to act contrary to this Agreement under any mandatory law, you agree to provide us with detailed and substantiated explanation of your reasons in writing at least 30 days before you act contrary to this Agreement, to allow us to assess whether we may, at our sole discretion, provide an alternative remedy for the situation, though we are under no obligation to do so. If we cannot provide a reasonable alternative remedy, we may decide at our sole discretion to terminate this agreement and close or suspend your account.
Notifications and Service Messages
For purposes of service messages and notices about the Services to you, FDNA may place a banner notice across its pages to alert you to certain changes such as modifications to this Agreement. Alternatively, notice may consist of an email from FDNA to an email address associated with your account, even if we have other contact information. You also agree that FDNA may communicate with you through your FDNA account or through other means including email, mobile number, telephone, or delivery services including the postal service about your FDNA account or services associated with FDNA. You acknowledge and agree that we shall have no liability associated with or arising from your failure to do so maintain accurate contact or other information, including, but not limited to, your failure to receive critical information about the Service.
User-To-User Communication and Sharing
FDNA offers various message boards and tools that facilitate peer communication. These message boards are designed to be used only by healthcare professionals and we do our best to grant access only to Users who are validated as such. However, we cannot guarantee that all users are indeed healthcare professionals.
We may decide to remove content from these channels, if we believe that the content violates this Agreement or others’ intellectual property rights. We can also decide to restrict access to Users who we suspect or believe are not healthcare professionals, at our sole discretion.
Please note that ideas you post and information you share may be seen and used by other Users, and FDNA cannot guarantee that other Users will not use the ideas and information that you share on FDNA. Therefore, if you have an idea or information that you would like to keep confidential and/or don’t want others to use, or that is subject to third party rights that may be infringed by your sharing it, do not share it on FDNA. FDNA IS NOT RESPONSIBLE FOR A USER’S MISUSE OR MISAPPROPRIATION OF ANY CONTENT OR INFORMATION YOU POST, UPLOAD, OR TRANSMIT WITHIN FDNA.
Contributions to FDNA
By submitting ideas, suggestions, documents, and/or proposals (“Contributions”) to FDNA through its suggestion or feedback webpages, you acknowledge and agree that: (a) your Contributions do not contain confidential or proprietary information; (b) FDNA is not under any obligation of confidentiality, express or implied, with respect to the Contributions; FDNA shall be entitled to use or disclose (or choose not to use or disclose) such Contributions for any purpose, in any way, in any media worldwide; (d) FDNA may have something similar to the Contributions already under consideration or in development; (e) you irrevocably assign to FDNA all rights to your Contributions; and (f) you are not entitled to any compensation or reimbursement of any kind from FDNA under any circumstances.
Certain information and content made available by FDNA through the Services is gathered from publicly available data or submitted by other Users, and FDNA cannot guarantee the accuracy of such information. Use of the Services by you is conditioned upon your agreement that all of the information and content is for informational and educational purposes only and should not be relied upon, and that as a User, you agree to hold harmless FDNA and other Users and data suppliers for your use or reliance on such information.
Code of Conduct
You hereby undertake to always take the following actions:
- Comply with all applicable laws, including, without limitation, state and federal patient privacy laws, intellectual property laws, export control laws, tax laws, and regulatory requirements;
- Provide accurate information to us and update it as necessary;
- Review and comply with notices sent by FDNA concerning the Services; and
- Disclose any potential conflicts-of-interest, such as consultant fees (e.g. promoting “off-label” use) as appropriate; and
- Use the Services in a professional manner.
You hereby undertake never to take the following actions:
- Act dishonestly or unprofessionally by engaging in unprofessional behavior by posting inappropriate, inaccurate, or objectionable content to the Services;
- Harass, abuse or harm another person, including sending unwelcomed communications to others using FDNA;
- Upload a profile image that is not your likeness or a head-shot photo;
- Use or attempt to use another’s account without authorization from the user, or create a false identity on FDNA;
- Upload, post, transmit or otherwise make available or initiate any content that:
- Falsely states, impersonates or otherwise misrepresents your identity, including but not limited to misrepresenting your current or previous positions and qualifications, or your affiliations with a person or entity, past or present;
- Is unlawful, libelous, abusive, obscene, discriminatory or otherwise objectionable;
- Includes information that you do not have the right to disclose or make available under any law or under contractual or fiduciary relationships (such as private patient information, insider information, or proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
- In fringes upon patents, trademarks, trade secrets, copyrights or other proprietary rights;
- Includes any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation;
- Contains software viruses, worms, or any other computer code, files or programs that interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment of FDNA or any Users;
- Forges headers or otherwise manipulate identifiers in order to disguise the origin of any communication transmitted through the Services; and/or
- Duplicate, license, sublicense, publish, broadcast, transmit, distribute, perform, display, sell, rebrand, or otherwise transfer information found on FDNA (excluding content posted by you) except as permitted in this Agreement or as expressly authorized by FDNA;
- Reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive the source code for any underlying intellectual property used to provide the Services, or any part thereof;
- Utilize or copy information, content or any data you view on and/or obtain from FDNA to provide any service that is competitive, in FDNA’s sole discretion, with FDNA;
- Imply or state, directly or indirectly, that you are affiliated with or endorsed by FDNA unless you have entered into a written agreement with FDNA;
- Adapt, modify or create derivative works based on FDNA or technology underlying the Services, or other Users’ content, in whole or part;
- Rent, lease, loan, trade, sell/re-sell access to FDNA or any information therein, or the equivalent, in whole or part;Sell, sponsor, or otherwise monetize any service or functionality of FDNA, without the express written permission of FDNA.
- Deep-link to the Site for any purpose, (i.e. including a link to a FDNA web page other than FDNA’s home page) unless expressly authorized in writing by FDNA;
- Remove any copyright, trademark, insignia or other proprietary rights notices contained in or on the Services, including those of both FDNA and any of its licensors;
- Collect, use, copy, or transfer any information, including, but not limited to, personally identifiable information obtained from FDNA except as expressly permitted in this Agreement or as the owner of such information may expressly permit;
- Share information of non-Users without their express consent;
- Infringe or use FDNA’s brand, logos and/or trademarks, including, without limitation, using the word “FDNA” in any business name, email, or URL or including FDNA’s trademarks and logos or as expressly permitted by FDNA;
- Use manual or automated software, devices, scripts robots, other means or processes to access, “scrape,” “crawl” or “spider” any web pages or other services contained in the site, unless explicitly permitted by FDNA;
- Use bots or other automated methods to access FDNA, add or download contacts, send or redirect messages, or perform other activities through the Services, unless explicitly permitted by FDNA;
- Access, via automated or manual means or processes, the Services for purposes of monitoring FDNA’s availability, performance or functionality for any competitive purpose;
- Engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of FDNA’s website;
- Attempt to or actually access the Services by any means other than through the interfaces provided by FDNA such as its mobile application or by navigating to http://www.fdna.com using a web browser. This prohibition includes accessing or attempting to access the Services using any third-party service, including software-as-a-service platforms that aggregate access to multiple services, including the Services;
- Attempt to or actually override any security component included in or underlying the Services;
- Engage in any action that directly or indirectly interferes with the proper working of or places an unreasonable load on FDNA’s infrastructure, including, but not limited to, sending unsolicited communications to other Users or FDNA personnel, attempting to gain unauthorized access to the Services, or transmitting or activating computer viruses through or on the Services;
- Interfere with or disrupt or game the Services, including, but not limited to, any servers or networks connected to the Services. Any attempt to obtain unauthorized access, interfere with or to exceed authorized access to the Services shall be considered a trespass and computer fraud and abuse, punishable under state and federal laws. FDNA hereby notifies you that any or all communications with this website can and will be monitored, captured, recorded, and transmitted to the authorities as deemed necessary by FDNA in its sole discretion and without further notice.
Subject to your compliance with all your obligations under this Agreement, we grant you a limited, revocable, nonexclusive, nonassignable, nonsublicenseable license and right to access the Services, through a generally available web browser, mobile device or application (but not through scraping, spidering, crawling or other technology or software used to access data without the express written consent of FDNA or its Users), view information and use the Services that we provide in accordance with this Agreement. Any other use is strictly prohibited and a violation of this Agreement. We reserve all rights not expressly granted in this Agreement, including, without limitation, title, ownership, intellectual property rights, and all other rights and interest in FDNA and all related items.
OUR RIGHTS AND OBLIGATIONS
For as long as FDNA continues to offer the Services, FDNA shall provide and seek to update, improve and expand the Services. As a result, we allow you to access FDNA as it may exist and be available on any given day and have no other obligations, except as expressly stated in this Agreement. We may modify, replace, refuse access to, suspend or discontinue the Services, partially or entirely, or change and modify prices for all or part of the Services for you or for all our users in our sole discretion. All of these changes shall be effective upon their posting on our site or by direct communication to you unless otherwise noted. FDNA further reserves the right to withhold, remove and or discard any content available as part of your account, with or without notice if deemed by FDNA to be contrary to this Agreement. For avoidance of doubt, FDNA has no obligation to store, maintain or provide you a copy of any content that you or other Users provide when using the Services.
Third Party Sites
FDNA is not responsible for and does not endorse any features, content, advertising, products or other materials on or available from Third Party Sites. Accordingly, if you decide to access Third Party Sites, you do so at your own risk.
Disclosure of User Information
You acknowledge, consent and agree that we may access, preserve, and disclose your registration and any other information you provide if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary in our opinion to: (1) comply with legal process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) enforce this Agreement; (3) respond to claims of a violation of the rights of third parties, whether or not the third party is a User, individual, or government agency; (4) respond to customer service inquiries; or (5) protect the rights, property, or personal safety of FDNA, our Users or the public.
Connections and Interactions With Other Users
You are solely responsible for your interactions with other Users. FDNA may limit the number of colleague connections you may have to other Users and may, in certain circumstances, prohibit you from contacting other Users through use of the Services or otherwise limit your use of the Services. FDNA reserves the right, but has no obligation, to monitor disputes between you and other members and to restrict, suspend, or close your account if FDNA determines, in our sole discretion, that doing so is necessary to enforce this Agreement.
You agree that from time to time FDNA may invite or otherwise make you aware of certain educational, promotional or financial opportunities relating to Your Communications and profile.
Do not rely on FDNA, any information therein, or its continuation. We provide the Services on an “as is” and “as available” basis. FDNA does not control or vet User generated content for accuracy. We do not provide any express warranties or representations.
To the fullest extent permissible under applicable law, we disclaim any and all implied warranties and representations, including, without limitation, any warranties of merchantability, fitness for a particular purpose, title, accuracy of data, and noninfringement. If you are dissatisfied or harmed by FDNA or anything related to FDNA, you may close your FDNA account and terminate this agreement in accordance with the provisions of this Agreement and such termination shall be your sole and exclusive remedy.
FDNA is not responsible, and makes no representations or warranties for the delivery of any messages sent through the Services to anyone. In addition, we neither warrant nor represent that your use of the Service will not infringe the rights of third parties. Any material, service, or technology described or used on the website may be subject to intellectual property rights owned by third parties who have licensed such material, service, or technology to us.
FDNA does not guarantee that the services it provides will function without interruption or errors in functioning. In particular, the operation of the services may be interrupted due to maintenance, updates, or system or network failures. FDNA disclaims all liability for damages caused by any such interruption or errors in functioning. Furthermore, FDNA disclaims all liability for any malfunctioning, impossibility of access, or poor use conditions of the Services due to inappropriate equipment, disturbances related to internet service providers, to the saturation of the internet network, and for any other reason.
The contents of FDNA, such as text, graphics, images, information obtained from FDNA’s licensors, Users, employees and other material contained in the Services (“Content”) is for informational and educational purposes only and are not a substitute for the professional judgment of a health care professional in diagnosing and treating patients. Neither the content nor any other service offered by or through the Services is intended to be for medical diagnosis or treatment. Persons accessing this information assume full responsibility for the use of the information and agree that FDNA is not responsible or liable for any claim, loss, or damage arising from the use of the information. FDNA does not recommend or endorse any specific drugs, tests, physicians, products, procedures, opinions, “off-label” drug uses or other information that may be mentioned through the Services and Users are required to disclose any such conflicts of interest. Your reliance upon the Content obtained or used by you is solely at your own risk.
FDNA reminds you that the Service is not meant to serve as a substitute for your own professional medical judgment. You should always exercise your professional judgment in evaluating your patients, and should carefully consider any treatment plan. FDNA encourages you to confirm the information made available or otherwise obtained through the Service with other reliable sources before undertaking any treatment.
BUSINESS ASSOCIATE AGREEMENT
You agree to be bound the terms and conditions of the Business Associates Agreement provided in Exhibit A.
LIMITATION OF LIABILITY
Neither FDNA nor any of its subsidiaries or their employees, shareholders, or directors (“FDNA Affiliates”) shall be cumulatively liable for (a) any damages in excess of US $100, or (b) any special, incidental, indirect, punitive or consequential damages or loss of use, profit, revenue or data to you or any third person arising from your use of the Service, any platform applications or any of the content or other materials on, accessed through or downloaded from FDNA. This limitation of liability is part of the basis of the bargain between the parties and without it the terms and prices charged would be different. This limitation of liability shall apply regardless of whether (1) you base your claim on contract, tort, statute or any other legal theory, (2) we knew or should have known about the possibility of such damages, or (3) the limited remedies provided in this section fail of their essential purpose.
Mutual Rights of Termination
You may terminate this Agreement, for any or no reason, at any time, with notice to FDNA. This notice will be effective upon FDNA processing your notice. FDNA may terminate the Agreement and your account for any reason or no reason, at any time, with or without notice. This cancellation shall be effective immediately or as may be specified in the notice. Termination of your account includes disabling your access to the Services and may also bar you from any future use of the Services.
Misuse of the Services
FDNA may restrict, suspend or terminate the account of any User who abuses or misuses the Services or offers competitive services. Misuse of the Services includes breach of any of your obligations under this Agreement or any other behavior that FDNA, in its sole discretion, deems contrary to its purpose.
Effect of Termination
Upon the termination of your FDNA account, you lose access to the Services. The terms of this Agreement shall survive any termination, except the terms set forth under “Your Rights” hereof.
Law and Forum for Legal Disputes
This Agreement or any claim, cause of action or dispute (“claim”) arising out of or related to this Agreement shall be governed by the laws of the British Virgin Islands regardless of your country of origin or where you access the Services, and notwithstanding of any conflicts of law principles and the United Nations Convention for the International Sale of Goods. You and FDNA agree that all claims arising out of or related to this Agreement must be resolved exclusively by a competent court located in the British Virgin Islands. You and FDNA agree to submit to the personal jurisdiction of the courts located within the British Virgin Islands for the purpose of litigating all such claims. Notwithstanding the above, you agree that FDNA shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
If any provision of this Agreement is found by a court of competent jurisdiction or arbitrator to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable and effective to the maximum extent possible in order to effect the intention of the provision; and if a court or arbitrator finds the modified provision invalid, illegal, void or unenforceable, the validity, legality and enforceability of the remaining provisions of this Agreement will not be affected in any way.
You agree that this Agreement constitutes the entire, complete and exclusive agreement between you and us regarding the Services and supersedes all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of this Agreement. You also may be subject to additional terms and conditions that may apply when you use or purchase certain other FDNA services, third-party content or third party software.
Initial Posting and Amendments to This Agreement
No Informal Waivers, Agreements or Representations
Our failure to act with respect to a breach of this Agreement by you or others does not waive our right to act with respect to that breach or subsequent similar or other breaches. Except as expressly and specifically contemplated by the Agreement, no representations, statements, consents, waivers or other acts or omissions by any FDNA Affiliate shall be deemed legally binding on any FDNA Affiliate, unless documented in a physical writing hand signed by a duly appointed officer of FDNA.
No Injunctive Relief
In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Service, exploitation of any advertising or other materials issued in connection therewith, or exploitation of the Services or any content or other material used or displayed through the Services.
Assignment and Delegation
You may not assign or delegate any rights or obligations under the Agreement. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under the Agreement, fully or partially without notice to you. We may also substitute, by way of unilateral novation, effective upon notice to you, FDNA for any third party that assumes our rights and obligations under this Agreement.
COMPLAINTS REGARDING CONTENT POSTED ON OUR WEBSITE OR MOBILE APPLICATIONS
If you believe any materials accessible on or from the Services infringe your copyright, you may request removal of those materials (or access thereto) from the Services by contacting FDNA at firstname.lastname@example.org, and providing the following information:
- Identification of the copyrighted work that you believe to be infringed. Please describe the work, and where possible include a copy or the location (e.g., URL) of an authorized version of the work.
- Identification of the material that you believe to be infringing and its location. Please describe the material, and provide us with its URL or any other pertinent information that will allow us to locate the material.
- Your name, address, telephone number and (if available) e-mail address.
- A statement that you have a good faith belief that the complained of use of the materials is not authorized by the copyright owner, its agent, or the law.
- A statement that the information that you have supplied is accurate, and indicating that “under penalty of perjury,” you are the copyright owner or are authorized to act on the copyright owner’s behalf.
- A signature or the electronic equivalent from the copyright holder or authorized representative.
EXHIBIT A – HIPAA BUSINESS ASSOCIATE AGREEMENT BETWEEN FDNA AND PROVIDER
WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which protects the confidentiality of health information;WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services (“HHS”) promulgated Privacy Standards and Security Standards, each as defined below, governing confidential health information;
WHEREAS, Business Associate performs services through its provision of the FDNA service (the “Service”) on behalf of Covered Entity;
WHEREAS, Business Associate’s provision of the Service requires Covered Entity to provide Business Associate with access to confidential health information; and
WHEREAS, in order to comply with the business associate requirements of HIPAA and its implementing regulations, Business Associate and Covered Entity must enter into an agreement that governs the uses and disclosures of such confidential health information by the Business Associate.
NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Minimum Necessary, Notice of Privacy Practices, Security Incident, Subcontractor, and Use.
For purposes of this Agreement, the following terms shall have the following meanings:
“Breach” when capitalized, “Breach” shall have the meaning set forth in 45 C.F.R. 164.402 (including all of its subsections); with respect to all other uses of the word “breach” in this Agreement, the word shall have its ordinary contract meaning.
“Business Associate” shall generally have the same meaning as the term “business associate” at 45 C.F.R. § 160.103.“Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 C.F.R. § 160.103.
“Electronic Media” shall have the meaning set forth in 45 C.F.R. 160.103, which is defined as electronic storage media (including memory devices in computers, hard drives, any removable or transportable digital memory medium, such as magnetic tape or disk, optical disk or digital memory card) or transmission media used to exchange information already in electronic storage media (including the Internet, extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media). Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged does not exist in electronic form before the transmission.
“Electronic Protected Health Information” or “EPHI” shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media or (ii) maintained in any medium constituting Electronic Media. For instance, EPHI includes information contained in a patient’s electronic medical records and billing records. “EPHI” shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
“HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Part 160 and Part 164.
“HITECH Act” shall mean the Health Information Technology for Economic and Clinical Health Act, found in Title XIII of the American Recovery and Reinvestment Act of 2009, effective February 17, 2009.
“Individual” shall have the same meaning as set forth in 45 C.F.R. 160.103, defined as the person who is the subject of PHI, and shall include a personal representative in accordance with 45 C.F.R. 164.502(g).
“Individually Identifiable Health Information” shall mean information that is a subset of health information, including demographic information collected from an individual, and
(i) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(ii) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (a) identifies the individual, or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
“Privacy Standards” shall mean the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, as currently in effect.
“Protected Health Information” or “PHI” shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media, (ii) maintained in any medium constituting Electronic Media; or (iii) transmitted or maintained in any other form or medium. For instance, PHI includes information contained in a patient’s medical records and billing records. “Protected Health Information” shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
“Required by Law” shall have the same meaning as the term “Required by law” in 45 C.F.R. 164.103.
“Secretary” shall mean the Secretary of the U.S. Department of Health and Human Services or any office or person within the U.S. Department of Health and Human Services to which/whom the Secretary has delegated his or her authority to administer the Privacy Standards and the Security Standards, such as the Director of the Office for Civil Rights.
“Security Standards” shall mean Security Standards for the Protection of Electronic Protected Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and C.
“Subsequent Business Associate” shall mean any agent, including subcontractors, of Business Associate to whom Business Associate discloses Protected Health Information or Electronic Protected Health Information.
“Unsecured Protected Health Information” shall have the same meaning as the term “unsecured protected health information” in 45 C.F.R. 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
All references to “days” in this Agreement shall mean calendar days. Capitalized terms used not defined herein shall have the meanings ascribed to them in the Privacy Standards or the Security Standards.
2. Business Associate Obligations. Business Associate acknowledges and agrees that it is considered a “business associate” as defined by HIPAA and by regulations promulgated thereunder. As a business associate of Covered Entity, Business Associate shall comply with the following terms of this Agreement, as required pursuant to 45 C.F.R. § 164.504.
2.1 Permitted Uses and Disclosures. Business Associate agrees that it shall use and disclose Protected Health Information received from Covered Entity for the purposes of providing the Service, as otherwise permitted under this Agreement, or as Required by Law. Business Associate is authorized to use Protected Health Information to deidentify the information in accordance with 45 C.F.R. § 164.514(a)-(c). Business Associate agrees to follow guidance issued by the Secretary regarding what constitutes “minimum necessary” with respect to the use or disclosure of PHI and EPHI. Until such time that such guidance is issued, Business Associate shall limit its use or disclosure of PHI and EPHI, to the extent practicable, to the limited data set (as defined in 45 C.F.R. 164.514(e)(2)), or to the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively.
2.2 Disclosures to Subsequent Business Associates. Business Associate shall not disclose any PHI to any Subsequent Business Associate, unless and until Business Associate and the Subsequent Business Associate have entered into an agreement containing the same terms and conditions as set forth in this Agreement.
2.2.1 Business Associate, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and § 164.308(b)(2), if applicable, shall ensure that any subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.
2.3 Reporting Violations of Law. Consistent with the requirements of 45 C.F.R. 164.502(j)(1), Business Associate may disclose Protected Health Information to report violations of law to appropriate Federal and State authorities.
2.4 Appropriate Safeguards. Business Associate shall implement appropriate administrative, technical, and physical safeguards to prevent any use or disclosure of Protected Health Information not authorized by this Agreement. Specifically, Business Associate agrees to comply with the requirements of 45 C.F.R. 164.308, 164.310,164.312 and 164.316 to the same extent such requirements apply to Covered Entity.
2.5 Reporting of Illegal, Unauthorized or Improper Uses or Disclosures and Remedial Actions. Business Associate shall report to Covered Entity any illegal, unauthorized, or improper use or disclosure of Protected Health Information, Security Incident or any Breach (collectively, “Known Misuse”) by it or a Subsequent Business Associate without unreasonable delay and within ten (10) business days of obtaining knowledge of such Known Misuse. Additionally, if the Known Misuse is a Breach of Unsecured Protected Health Information, Business Associate shall comply with the requirements of 45 C.F.R. 164.410. Business Associate shall take, or, in the event that the acts or omissions of a Subsequent Business Associate gave rise to the Known Misuse, shall require a Subsequent Business Associate to take, commercially reasonable actions to mitigate the negative impact of any Known Misuse and adopt additional or improve existing safeguards to prevent recurrence.
2.6 Internal Practices, Books and Records. Business Associate shall make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, or their designees, for purposes of determining and facilitating Business Associate’s and Covered Entity’s compliance with the Privacy Standards and Security Standards.
2.7 Access to Protected Health Information.
2.7.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.524 to provide Individuals with access to their Protected Health Information.
2.7.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to access Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.8 Amendments to Protected Health Information.
2.8.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.526 to provide Individuals the right to amend their Protected Health Information.
2.8.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to amend Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9 Accounting of Disclosures.
2.9.1 Within twenty (20) days of a request by Covered Entity, Business Associate shall provide Covered Entity with an accounting of all disclosures of Protected Health Information, other than disclosures excepted from the Privacy Standards accounting requirement under 45 C.F.R. 164.528(a)(1)(i)-(ix), made by Business Associate or by a Subsequent Business Associate in the previous six (6) years (but in no event prior to April 14, 2003) in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.528 to provide Individuals with an accounting of disclosures of their Protected Health Information.
2.9.2 Such accounting shall include, with respect to each disclosure: the date of the disclosure; the name (and address, if known) of the entity or person receiving the Protected Health Information; a description of the Protected Health Information disclosed; a statement of the purpose of the disclosure; and any other information the Secretary may require under 45 C.F.R. 164.528 (collectively, “Disclosure Information”).
2.9.3 Notwithstanding Section 2.11.2, for repetitive disclosures of Protected Health Information that Business Associate makes for a single purpose to the same person or entity, Business Associate may record: (a) the Disclosure Information for the first of these repetitive disclosures; (b) the frequency, periodicity or number of these repetitive disclosures made during the accounting period; and the date of the last of these repetitive disclosures.
2.9.4 Business Associate shall notify Covered Entity within ten (10) days of receiving a request from an Individual for an accounting of disclosures of Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9.5 In accordance with the HITECH Act, the parties acknowledge that the Secretary shall promulgate regulations regarding the right of Individuals to receive an accounting of disclosures made for treatment, payment and healthcare operations during the previous three (3) years if such disclosures are made through the use of an electronic health record. The parties agree to comply with such regulations promulgated by the Secretary as of the effective date of those regulations.
2.10 Subpoenas, Court Orders, and Governmental Requests. If Business Associate receives a court order, subpoena, or governmental request for documents or other information containing Protected Health Information, Business Associate will use reasonable efforts to notify Covered Entity of the receipt of the request within ten (10) business days to provide Covered Entity an opportunity to respond. Business Associate may comply with such order, subpoena, or request as Required by Law or permitted by law.
2.11 Remuneration in Exchange for PHI. Except as permitted by the HITECH Act or regulations promulgated by the Secretary in accordance with the HITECH Act, and as of the effective date of such regulations, Business Associate shall not directly or indirectly receive remuneration in exchange for PHI unless Covered Entity notifies Business Associate that it obtained a valid authorization from the Individual specifying that the Individual’s PHI may be exchanged for remuneration by the entity receiving such Individual’s PHI.
3. Covered Entity Obligations.
3.1 Notice of Privacy Practices. Covered Entity shall notify Business Associate of limitation(s) in its notice of privacy practices, to the extent such limitation affects Business Associate’s permitted Uses or Disclosures.
3.2 Individual Permission. Covered Entity shall notify Business Associate of changes in, revocation of, permission by an Individual to use or disclose PHI, to the extent such changes affect Business Associate’s permitted Uses or Disclosures.
3.3 Restrictions. Covered Entity shall notify Business Associate of restriction(s) in the Use or Disclosure of PHI that Covered Entity has agreed to, to the extent such restriction affects Business Associate’s permitted Uses or Disclosures.
3.4 Consents and Authorizations. Covered Entity represents and warrants that any and all consents, authorizations, or other permissions necessary under the Privacy Standards or other applicable law (including state law) to transmit information through the Service and/or under this Agreement have been properly secured.
3.5 Marketing. Covered Entity represents and warrants that it has obtained any and all authorizations from Individual for any use or disclosure of PHI for marketing, unless the marketing communication is made without any form of remuneration (i) to describe medical services or products provided by either party; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual or to direct or recommend alternate treatments, therapies, providers or settings.
3.6 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164.
4. Term and Termination.
4.1 Term. The Term of this Agreement shall commence on and this Agreement shall be effective as of the date on which Covered Entity electronically registers for the Service, and shall continue in effect for as long as Covered Entity is registered for the Service.
4.2 Termination for Cause. In the event either party determines that the other has engaged in a pattern of activity or practice that constitutes a material breach of a term of this Agreement and such violation continues for thirty (30) days after written notice of such breach has been provided, the party claiming a breach shall have the right to terminate Covered Entity’s participation on the Service or, if termination is not feasible, to report the breach to the Secretary.
4.3 Effect of Termination.
4.3.1 Return or Destruction of Protected Health Information; Disposition When Return or Destruction Not Feasible. Upon termination of this Agreement, the parties hereby acknowledge that the return or destruction of PHI received by the Business Associate from Covered Entity is not feasible, and that, therefore, Business Associate may retain a copy of such Protected Health Information provided that: (i) the provisions of this Agreement shall continue to apply to any such information retained following cancellation, termination, expiration, or other conclusion of Covered Entity’s participation on the Service; and (ii) Business Associate shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible, for as long as Business Associate maintains such PHI.
4.3.2 Reasonable Fees. All reasonable fees incurred to cause the return, destruction, or storage of Protected Health Information under this Section 4.3 shall be borne by the Covered Entity.
5.1 Regulatory References. A reference in this Agreement to a section in HIPAA, the HITECH Act, the Privacy Standards, or the Security Standards means the section as in effect or as amended at the time.
5.2 Survival. The respective rights and obligations of the parties under Section 4.3 of this Agreement shall survive the termination of this Agreement.
5.3 Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the parties to comply with the Privacy Standards and Security Standards. Except to the extent specified by this Agreement, all of the terms and conditions governing Covered Entity’s participation on the Service shall be and remain in full force and effect. In the event of any inconsistency or conflict between this Agreement and the terms and conditions governing Covered Entity’s participation on the Service, the terms and provisions and conditions of this Agreement shall govern and control.
5.4 Amendment. The parties shall work together through reasonable negotiations to amend this Agreement as necessary to comply with any changes in law, including, but not limited to, the promulgation of amendments to the Privacy Standards or Security Standards required by the HITECH Act or any other future laws, applicable to or affecting the rights, duties, and obligations of the parties under this Agreement or the terms and conditions governing Covered Entity’s participation on the Service.
5.5 Independent Relationship. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this Agreement and the terms and conditions governing Covered Entity’s participation on the Service.
5.6 Notices. All notices and notifications under this Agreement shall be sent in writing by traceable carrier to the listed persons on behalf of Business Associate and Covered Entity at the addresses indicated on the last page hereof, or such other address as a party may indicate by at least ten (10) days’ prior written notice to the other party. Notices will be effective upon receipt.
5.7 Construction and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the British Virgin Islands (excepting any conflict of laws provisions which would serve to defeat application of BVI law). Each of the parties hereto submits to the exclusive jurisdiction of the competent courts located within the British Virgin Islands for any suit, hearing or other legal proceeding of every nature, kind and description whatsoever in the event of any dispute or controversy arising hereunder or relating hereto, or in the event any ruling, finding or other legal determination is required or desired hereunder.
5.8 Counterparts. This Agreement may be executed in two or more counterparts, each of which shall be an original, but all of which take together shall constitute one and the same agreement.
ADDRESSES FOR NOTICES
FOR FDNA INC:
FDNA Inc.(at FH Corporate Services Ltd.)
Palm Grove House, PO Box 4649
Road Town, Tortola
British Virgin Islands VG1110
FOR COVERED ENTITY:
The notice address for Covered Entity will be the address provided by that entity on the online registration page for the FDNA service
last update: March 5, 2014