Email: [email protected]
Email: [email protected]
These Terms of Service constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and the Coordinated Assistance Network ("CAN") concerning your access to canportal.org, which also includes any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). CAN has set forth below a Series of Access and use Terms ("SATS"). Compliance with and acceptance of the SATS are required in order for you to have access to and use of the Site. We have also included below CAN's agent for receipt of notice regarding copyright claims and other communication regarding the Site. IF YOU DO NOT AGREE WITH OR DO NOT ACCEPT ANY OF THE SATS, YOU MUST IMMEDIATELY EXIT THE SITE AND REFRAIN FROM FURTHER ACCESS.
CAN reserves the right, at its sole discretion, to change, modify, add or remove all
or any portion of the Site or the SATS. Changes to the SATS shall be immediately
effective when posted.
Supplemental terms and conditions or documents that may be posted on the Site from
time to time are hereby expressly incorporated herein by reference. CAN reserves the
right, in its sole discretion, to make changes or modifications to these Terms of
Service at any time and for any reason. CAN will alert you by sending notice to your
registered email address about any changes. It is your responsibility to review this
email and these supplemental or amended Terms of Service to stay informed of
updates. You will be subject to and will be deemed to have been made aware of and to
have accepted, the changes in any revised Terms of Service by your continued use of
the Site after the date such revised Terms of Service are emailed to you.
Events may arise that result in disruption or discontinuation of access to the Site,
removal of specific Site Contents or corruption of Site Code. Therefore, CAN
reserves the right, without liability to: (1) discontinue provision of access to the
Site to any and all users without notice; and (2) remove or modify any Site Content.
Your access to the Site and compliance with all policies and terms of service provide a limited, terminable license to view the Site contents and engage its interactive features. All information contained on the Site, such as text, graphics, logos, button icons, images, audio clips and the like are copyrighted by and proprietary to CAN, and may not be copied, reproduced, transmitted, displayed, performed, distributed, sublicensed, altered, stored for subsequent use or otherwise used in whole or in part in any manner without the prior written consent of CAN, except that the user may make such temporary copies in a single computer's RAM and hard drive cache as are necessary to browse the Site. The user may also make a single copy of the content displayed on any page of the Site to be used by the user for personal and noncommercial uses which do not harm the reputation of CAN or infringe on any copyright or trademark right of CAN, provided that the user does not remove any trademarks, copyright and any other notice contained in such content. Unless expressly permitted in writing from CAN, you shall not frame, link or commercially exploit any of the Site, Site contents or Site code.
Your access to the Site and compliance with all trademarks, service marks, trade names, trade dress, copyrights, patent rights and other proprietary rights in or associated with the Site, the Site Contents, and Site Code are the property of CAN or its licensors. Site Content includes, but is not limited to, text, images, graphics, audiovisual content and audio content. Site Code means any and all underlying elements of the Site, including, but not limited to source code, object code, and other sets of statements or instructions that relate to the operation or functions of the Site.
CAN is pleased to hear from its customers and Site users. We welcome your comments. However, due to legal requirements, we cannot provide compensation for, agree to consider, or agree to keep confidential, any submission of creative ideas, disclosures of inventions, other disclosures of potentially useful information, or submission of any other content. In the Site and in the Company, all content submitted by you via the Site are provided with a paid-up, perpetual, non-exclusive license, effective everywhere, to CAN to consider, use, re-publish, modify, disclose or otherwise exploit, at its sole discretion. If any applicable law, judicial decision or regulatory requirement restricts or limits the provisions of this paragraph, CAN's liability shall not exceed the amount set forth in THE LIMITATION OF LIABILITY paragraph of these SATS.
CAN may provide from time to time, at its sole discretion, one or more chat areas,
message boards, e-mail functions, polls, surveys, and other features for use by
visitors to the Site. Such features are referred to herein as "Visitor
Features."
CAN may, in its sole discretion, discontinue provision of any Visitor Features to
any or all Site visitors and may, in its sole discretion, remove any content
provided by a Site visitor. Certain Visitor Features may be provided free of charge,
but others may be subject to charges. Please consult these SATS and any instructions
associated with a Visitor Feature to determine the charges, if any, for use of or
access to particular Visitor Features.
Users of Visitor Features are bound by and must comply with the SATS, and must agree
not to do one or more of the following:
CAN expects that all of those who use and have access to the Site will follow the SATS and otherwise conduct themselves properly. CAN is not responsible for monitoring, verifying or substantiating content or code provided by third-party users of the Site. Therefore, you agree that CAN shall not be liable for any breach of the SATS by third parties or for other injurious behavior engaged in by third parties who use or gain access to the Site.
CAN is not necessarily affiliated with sites that may be linked to or from the Site.
CAN cannot monitor or otherwise evaluate such sites, and CAN is not responsible for
any of their contents, features, codes, underlying materials, terms of access or
privacy policies. LINKS ARE PROVIDED FOR YOUR CONVENIENCE ONLY AND THEIR USE IS AT
YOUR SOLE DISCRETION AND RISK.
WARRANTY DISCLAIMERS, DAMAGE LIMITATION, INDEMNIFICATION
THE SITE, OPERATION OF THE SITE CODE, SITE CONTENTS (INCLUDED BUT NOT LIMITED TO
LINKED SITE CONTENTS), AS WELL AS THE OPERATION OF AND EFFECTS OF ACCESS TO THE SITE
AND LINKED SITES, ARE PROVIDED "AS IS," AND CAN, ITS LICENSORS AND SUPPLIERS,
SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES OF: (1) SUITABILITY
FOR ANY PARTICULAR PURPOSE, (2) MERCHANTABILITY (3) COMPLETENESS, (4) ACCURACY; (5)
NON-INFRINGEMENT, AND (6) FREEDOM FROM TECHNICAL ERRORS OR UNAUTHORIZED, INJURIOUS
MATTER, SUCH AS VIRUSES OR OTHER HARMFUL COMPONENTS.
NEITHER CAN, NOR ITS LICENSORS OR SUPPLIERS, WARRANT THAT DEFECTS IN THE CONTENTS OR
OPERATIONS OF THE SITE OR LINKED SITES WILL BE CORRECTED OR THAT ACCESS WILL NOT BE
INTERRUPTED OR DISCONTINUED.
WARRANTIES, OR ASPECTS OF THEM, THAT ARE, BY LAW, INCAPABLE OF BEING DISCLAIMED ARE
NOT DISCLAIMED.
IRRESPECTIVE OF WHETHER A CLAIM IS BASED UPON CONTRACT OR TORT PRINCIPLES, AND
IRRESPECTIVE OF WHETHER THEY HAD NOTICE OF THE POSSIBILITY OF SUCH DAMAGES, NEITHER
CAN, ITS DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS, LICENSORS OR SUPPLIERS SHALL
BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES.
You agree to indemnify, defend and hold harmless CAN, its directors, officers,
employees, contractors, licensors and suppliers against all losses, expenses,
damages and costs, including reasonable attorneys' fees, resulting from any
violation of the SATS by you or by others that access the Site through your terminal
or to whom you have provided access to Site Contents. CAN reserves the option, at
its own expense, to assume the exclusive defense and control of any matter otherwise
subject to indemnification by you, in which event you shall cooperate with CAN in
asserting any available defenses. You shall be responsible for any damages or fines
assessed due to violation of the SATS by you or others that access the Site through
your terminal or to whom you have provided access to Site Contents.
Products and services offered through the Site may be subject to license terms and terms of sale that are in addition to, or distinct from, the SATS. Therefore, the provision and acceptance of any such product or service shall be subject to any additional or distinct terms supplied by CAN or the third-party supplier of the product or service.
You consent to any transfer, in whole or part, of CAN's terms, interests, rights, and obligations hereunder to a subsequent owner of an interest in the Site. You also consent to any transfer, in whole or part, of your agreements hereunder to a subsequent owner, if any, of an interest in the Site.
The Site is controlled by CAN from its offices within the United States of America. CAN makes no representation that the Site, the Site Contents, links, or the Site Code are appropriate for use in countries other than the United States.
If you believe that any Site Content or Site Code, including but not limited to
content provided by third parties via Visitor Features, infringes a copyright or
other proprietary right, please forward to our Copyright Agent, Coordinated
Assistance Network at 2519 N McMullen booth Rd Suite 510 Clearwater, FL 33761, the
following information:
1. Your name, address, telephone number, e-mail address and other pertinent contact
information;
2. A description of the copyrighted work or proprietary right that you believe is
infringed;
3. The URL or a description of where the allegedly infringing content is
located;
4. A statement by you, with respect to the copyright or other proprietary right,
that you have a good faith belief that the disputed use is not authorized by either
the owner of the asserted right, by an agent of the owner, or by the law;
5. An electronic or physical signature of the person authorized to act on behalf of
the owner of the asserted right;
6. A statement by you, made under penalty of perjury, that the above information in
your notice is correct and that you are the owner of the asserted right, or are
authorized to act on behalf of the owner.
These SATS, and all disputes arising from or related to them, their interpretation,
or their subject matters shall be governed by, resolved and remedied in accordance
with the laws of the State of Florida (without resort to conflict of law principles)
as it applies to agreements entered into and to be performed entirely within such
State and to acts or omissions occurring wholly within the State. Any claims arising
from or related to the SATS or their subject matters shall be brought and resolved
only in the appropriate State or Federal Courts located in or closest to Tampa,
Florida, and you expressly consent to the jurisdiction and exclusive venue of said
courts. However, CAN, at its sole discretion, can also institute or convert any
action (no matter which party initiates it) to an arbitration under the applicable
rules of the American Arbitration Association, said arbitration to: (1) apply the
choice-of-law specified above; and (2) take place in Tampa, Florida.
If otherwise applicable hereto, the Uniform Computer Information Transactions Act
(as adopted by any State) and the United Nations Convention for the International
Sale of Goods are hereby agreed not to be applicable to these SATS and their subject
matters. In addition, all dis-claimable or waivable local and international
provisions related to choice of law or dispute resolution are waived or disclaimed
by you in favor of the above choice of Florida law, jurisdiction and forms for
dispute resolution.
You agree and represent that you have carefully considered the SATS and that
ambiguities, if any, shall not be enforced against the drafter but shall be fairly
read so as not to prejudice the rights of CAN.
If any provision(s) of the SATS are deemed unenforceable in a determination by a
body with proper jurisdiction, the Parties agree (without waiving rights of appeal)
that the unenforceable provision(s) shall be: (1) reconstituted to approximate as
closely as lawfully possible the evident intent of the original provision(s); or (2)
if option (1), above, cannot be implemented, the unenforceable provision(s) shall be
excised from the SATS and the Parties shall negotiate in good faith with respect to
their modification. If the Parties cannot agree to a modification, the SATS shall be
enforced, without the unenforceable provision, in a fair manner and without undue
prejudice to either Party.
These Terms of Service and SATS as well as any policies or operating rules posted by CAN on the Site or in respect to the Site constitute the entire agreement and understanding between you and CAN. CAN’s failure to exercise or enforce any right or provision of SATS or these Terms of Service shall not operate as a waiver of such right or provision. These SATS and Terms of Service operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these SATS and Terms of Service is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these SATS or Terms of Service and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment or agency relationship created between you and us as a result of these SATS or Terms of Service or use of the Site. You agree that these SATS and Terms of Service will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.
In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at [email protected]
In addition to all Terms of Service, a Business Associate Agreement (“BAA”) is entered into effective of accepting these SATS by and between The Coordinated Assistance Network (“Covered Entity”) and your non-profit organization (“Business Associate”)(each a “Party” and collectively, the “Parties”)
A. Covered Entity is a “Covered Entity” as that term is defined under the Health
Insurance Portability and Accountability Act of 1996 (Public Law 104-91), as
amended, (“HIPAA”), and the regulations promulgated thereunder by the Secretary of
the U.S. Department of Health and Human Services (“Secretary”), including, without
limitation, the regulations codified at 45 C.F.R. Parts 160 and 164 (“HIPAA
Regulations”);
B. Business Associate performs Services for or on behalf of Covered Entity, and in
performing said Services; Business Associate creates, receives, maintains, or
transmits Protected Health Information (“PHI”);
C. The Parties intend to protect the privacy and provide for the security of PHI
Disclosed by Covered Entity to Business Associate, or received or created by
Business Associate, when providing Services in compliance with HIPAA, the Health
Information Technology for Economic and Clinical Health Act (Public Law 111-005)
(“the HITECH Act”) and its implementing regulations and guidance issued by the
Secretary, and other applicable state and federal laws, all as amended from time to
time; and
D. As a Covered Entity, Covered Entity is required under HIPAA to enter into a BAA
with Business Associate that meets certain requirements with respect to the Use and
Disclosure of PHI, which are met by this BAA.
AGREEMENT
In consideration of the Recitals and for other good and valuable consideration, the
receipt and adequacy of which is hereby acknowledged, the Parties agree as follows:
The following terms shall have the meaning set forth below. Capitalized terms used in
this BAA and not otherwise defined shall have the meanings ascribed to them in
HIPAA, the HIPAA Regulations, or the HITECH Act, as applicable.
1.1. “Breach” shall have the meaning given under 42 U.S.C. § 17921(1) and 45 C.F.R.
§ 164.402.
1.2. “Designated Record Set” shall have the meaning given such term under 45 C.F.R.
§ 164.501.
1.3. “Disclose” and “Disclosure” mean, with respect to PHI, the release, transfer,
provision of access to, or divulging in any other manner of PHI outside of Business
Associate or to other than members of its Workforce, as set forth in 45 C.F.R. §
160.103.
1.4. “Electronic PHI” or “e-PHI” means PHI that is transmitted or maintained in
electronic media, as set forth in 45 C.F.R. § 160.103.
1.5. “Protected Health Information” and “PHI” mean any information, whether oral or
recorded in any form or medium, that: (a) relates to the past, present or future
physical or mental health or condition of an individual; the provision of health
care to an individual, or the past, present or future payment for the provision of
health care to an individual; (b) identifies the individual (or for which there is a
reasonable basis for believing that the information can be used to identify the
individual); and (c) shall have the meaning given to such term under the Privacy
Rule, including, but not limited to, 45 C.F.R. § 160.103. Protected Health
Information includes e-PHI.
1.6. “Security Incident” shall have the meaning given to such term under 45 C.F.R. §
164.304.
1.7. “Services” shall mean the services for or functions on behalf of Covered Entity
performed by Business Associate pursuant to any service agreement(s) between Covered
Entity and Business Associates which may be in effect now or from time to time
(“Underlying Agreement”), or, if no such agreement is in effect, the services or
functions performed by Business Associate that constitute a Business Associate
relationship, as set forth in 45 C.F.R. § 160.103.
1.8. “Unsecured PHI” shall have the meaning given to such term under 42 U.S.C. §
17932(h), 45 C.F.R. § 164.402, and guidance issued pursuant to the HITECH Act
including, but not limited to the guidance issued on April 17, 2009 and published in
74 Federal Register 19006 (April 27, 2009) by the Secretary
1.9. “Use” or “Uses” mean, with respect to PHI, the sharing, employment,
application, utilization, examination or analysis of such PHI within Business
Associate’s internal operations, as set forth in 45 C.F.R. § 160.103. 1.10.
“Workforce” shall have the meaning given to such term under 45 C.F.R. § 160.103.
2.1. Permitted Uses and Disclosures of Protected Health Information Business
Associate shall not Use or Disclose PHI other than for the purposes listed on the
signature page hereto for performing the Services, as permitted or required by this
BAA, or as Required by Law. Business Associate shall not Use or Disclose PHI in any
manner that would constitute a violation of Subpart E of 45 C.F.R. Part 164 if so
Used or Disclosed by Covered Entity. However, Business Associate may Use or Disclose
PHI (i) for the proper management and administration of Business Associate; (ii) to
carry out the legal responsibilities of Business Associate, provided that with
respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b)
Business Associate obtains a written agreement from the person to whom the PHI is to
be Disclosed that such person will hold the PHI in confidence and will not Use and
further Disclose such PHI except as Required by Law and for the purpose(s) for which
it was Disclosed by Business Associate to such person, and that such person will
notify Business Associate of any instances of which it is aware in which the
confidentiality of the PHI has been breached; (iii) for Data Aggregation purposes
for the Health Care Operations of Covered Entity. To the extent that Business
Associate carries out one or more of Covered Entity’s obligations under Subpart E of
45 C.F.R. Part 164, Business Associate must comply with the requirements of Subpart
E that apply to the Covered Entity in the performance of such obligations.
2.2. Prohibited Marketing and Sale of PHI Notwithstanding any other provision in
this BAA, Business Associate shall comply with the following requirements: (i)
Business Associate shall not Use or Disclose PHI for fundraising or marketing
purposes, except to the extent expressly authorized or permitted by this BAA and
consistent with the requirements of 42 U.S.C. § 17936, 45 C.F.R. §§ 164.514(f), and
164.508(a)(3)(ii), and (iii) Business Associate shall not directly or indirectly
receive remuneration in exchange for PHI except with the prior written consent of
Covered Entity and as permitted by the HITECH Act, 42 U.S.C. § 17935(d)(2), and 45
C.F.R. § 164.502(a)(5)(ii).
2.3. Adequate Safeguards of PHI Business Associate shall implement and maintain
appropriate safeguards to prevent Use or Disclosure of PHI other than as provided
for by this BAA. Business Associate shall reasonably and appropriately protect the
confidentially, integrity, and availability of e-PHI that it creates, receives,
maintains or transmits on behalf of Covered Entity in compliance with Subpart C of
45 C.F.R. Part 164 to prevent Use or Disclosure of PHI other than as provided for by
this BAA.
2.4. Mitigation Business Associate agrees to mitigate, to the extent practicable,
any harmful effect that is known to Business Associate of a Use or Disclosure of PHI
by Business Associate in violation of the requirements of this BAA.
2.5. Reporting Non-Permitted Use or Disclosure
2.5.1. Reporting Security Incidents and Non-Permitted Use or Disclosure Business
Associate shall report to Covered Entity in writing each Security Incident or Use or
Disclosure that is made by Business Associate, members of its Workforce or
Subcontractors that is not specifically permitted by this BAA no later than three
(3) business days after becoming aware of such Security Incident or non-permitted
Use or Disclosure, in accordance with the notice provisions set forth herein.
Business Associate shall investigate each Security Incident or non-permitted Use or
Disclosure of Covered Entity’s PHI that it discovers to determine whether such
Security Incident or non-permitted Use or Disclosure constitutes a reportable Breach
of Unsecured PHI. Business Associate shall document and retain records of its
investigation of any Breach, including its reports to Covered Entity under this
Section 2.5.1. Upon request of Covered Entity, Business Associate shall furnish to
Covered Entity the documentation of its investigation and an assessment of whether
such Security Incident or non-permitted Use or Disclosure constitutes a reportable
Breach. If such Security Incident or non-permitted Use or Disclosure constitutes a
reportable Breach of Unsecured PHI, then Business Associate shall comply with the
additional requirements of Section 2.5.2 below.
2.5.2. Breach of Unsecured PHI If Business Associate determines that a reportable
Breach of Unsecured PHI has occurred, Business Associate shall provide a written
report to Covered Entity without unreasonable delay but no later than thirty (30)
calendar days after discovery of the Breach. To the extent that information is
available to Business Associate, Business Associate’s written report to Covered
Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall
cooperate with Covered Entity in meeting Covered Entity’s obligations under the
HITECH Act with respect to such Breach. Covered Entity shall have sole control over
the timing and method of providing notification of such Breach to the affected
individual(s), the Secretary and, if applicable, the media, as required by the
HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable
costs and expenses in providing the notification, including, but not limited to, any
administrative costs associated with providing notice, printing and mailing costs,
and costs of mitigating the harm (which may include the costs of obtaining credit
monitoring services and identity theft insurance) for affected individuals whose PHI
has or may have been compromised as a result of the Breach.
2.6. Availability of Internal Practices, Books, and Records to Government Business
Associate agrees to make its internal practices, books and records relating to the
Use and Disclosure of PHI received from or created or received by the Business
Associate on behalf of Covered Entity available to the Secretary for purposes of
determining Covered Entity’s compliance with HIPAA, the HIPAA Regulations, and the
HITECH Act. Except to the extent prohibited by law, Business Associate shall notify
Covered Entity of all requests served upon Business Associate for information or
documentation by or on behalf of the Secretary. Business Associate agrees to provide
to Covered Entity proof of its compliance with the HIPAA Security Standards.
2.7. Access to and Amendment of Protected Health Information To the extent that
Business Associate maintains a Designated Record Set on behalf of Covered Entity and
within fifteen (15) days of a request by Covered Entity, Business Associate shall
(a) make the PHI it maintains (or which is maintained by its Subcontractors) in
Designated Record Sets available to Covered Entity for inspection and copying, or to
an individual to enable Covered Entity to fulfill its obligations under 45 C.F.R. §
164.524, or (b) amend the PHI it maintains (or which is maintained by its
Subcontractors) in Designated Record Sets to enable the Covered Entity to fulfill
its obligations under 45 C.F.R. § 164.526. Business Associate shall not Disclose PHI
to a health plan for payment or Health Care Operations purposes if and to the extent
that Covered Entity has informed Business Associate that the patient has requested
this special restriction and has paid out of pocket in full for the health care item
or service to which the PHI solely relates, consistent with 42 U.S.C. § 17935(a) and
42 C.F.R. § 164.522(a)(1)(vi). If Business Associate maintains PHI in a Designated
Record Set electronically, Business Associate shall provide such information in the
electronic form and format requested by the Covered Entity if it is readily
reproducible in such form and format, and, if not, in such other form and format
agreed to by Covered Entity to enable Covered Entity to fulfill its obligations
under 42 U.S.C. § 17935(e) and 45 C.F.R. § 164.524(c)(2). Business Associate shall
notify Covered Entity within fifteen (15) days of receipt of a request for access to
PHI.
2.8. Accounting To the extent that Business Associate maintains a Designated Record
Set on behalf of Covered Entity, within thirty (30) days of receipt of a request
from Covered Entity or an individual for an accounting of disclosures of PHI,
Business Associate and its Subcontractors shall make available to Covered Entity the
information required to provide an accounting of disclosures to enable Covered
Entity to fulfill its obligations under 45 C.F.R. § 164.528 and its obligations
under 42 U.S.C. § 17935(c). Business Associate shall notify Covered Entity within
fifteen (15) days of receipt of a request by an individual or other requesting party
for an accounting of disclosures of PHI.
2.9. Use of Subcontractors Business Associate shall require each of its
Subcontractors that creates, maintains, receives, or transmits PHI on behalf of
Business Associate, to execute a Business Associate Agreement that imposes on such
Subcontractors the same restrictions, conditions, and requirements that apply to
Business Associate under this BAA with respect to PHI.
2.10. Minimum Necessary Business Associate (and its Subcontractors) shall, to the
extent practicable, limits its request, Use, or Disclosure of PHI to the minimum
amount of PHI necessary to accomplish the purpose of the request, Use or Disclosure,
in accordance with 42 U.S.C. § 17935(b) and 45 C.F.R. § 164.502(b)(1) or any other
guidance issued thereunder.
3.1. Term The term of this Agreement shall be effective as of the Effective Date and
shall terminate as of the date that all of the PHI provided by Covered Entity to
Business Associate, or created or received by Business Associate on behalf of
Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible
to return or destroy the PHI, protections are extended to such information, in
accordance with Section 3.3, or on the date that Covered Entity terminates for cause
as authorized in Section 3.2, whichever is sooner.
3.2. Termination for Cause Upon Covered Entity’s knowledge of a material breach or
violation of this BAA by Business Associate, Covered Entity shall either:
a. Notify Business Associate of the breach in writing, and provide an opportunity
for Business Associate to cure the breach or end the violation within ten (10)
business days of such notification; provided that if Business Associate fails to
cure the breach or end the violation within such time period to the satisfaction of
Covered Entity, Covered Entity may immediately terminate this BAA upon written
notice to Business Associate; or
b. Upon written notice to Business Associate, immediately terminate this BAA if
Covered Entity determines that such breach cannot be cured
3.3. Disposition of Protected Health Information Upon Termination or Expiration
3.3.1. Upon termination or expiration of this BAA, Business Associate shall either
return or destroy all PHI received from or created or received by Business Associate
on behalf of Covered Entity, that Business Associate still maintains in any form and
retain no copies of such PHI. If Covered Entity requests that Business Associate
return PHI, PHI shall be returned in a mutually agreed upon format and timeframe, at
no additional charge to Covered Entity.
3.3.2. If return or destruction is not feasible, Business Associate shall (a) retain
only that PHI which is necessary for Business Associate to continue its proper
management and administration or to carry out its legal responsibilities; (b) return
to Covered Entity the remaining PHI that Business Associate still maintains in any
form; (c) continue to extend the protections of this BAA to the PHI for as long as
Business Associate retains the PHI; (d) limit further Uses and Disclosures of such
PHI to those purposes that make the return or destruction of the PHI infeasible and
subject to the same conditions set out in Section 2.1 and 2.2 above, which applied
prior to termination; and (e) return to Covered Entity the PHI retained by Business
Associate when it is no longer needed by Business Associate for its proper
management and administration or to carry out its legal responsibilities.
4.1. Amendment to Comply with Law This BAA shall be deemed amended to incorporate any
mandatory obligations of Covered Entity or Business Associate under the HITECH Act
and its implementing HIPAA Regulations. Additionally, the Parties agree to take such
action as is necessary to amend this BAA from time to time as necessary for Covered
Entity to implement its obligations pursuant to HIPAA, the HIPAA Regulations, or the
HITECH Act.
4.2. Indemnification Business Associate hereby agrees to indemnify and hold harmless
Covered Entity, its affiliates, and their respective officers, directors, managers,
members, shareholders, employees and agents from and against any and all fines,
penalties, damage, claims or causes of action and expenses (including, without
limitation, court costs and attorney’s fees) arising from any violation of HIPAA the
Business Associate incurs, from violations against the HIPAA Regulations, or the
HITECH Act or from any negligence or wrongful acts or omissions, including but not
limited to failure to perform its obligations, that results in a violation of HIPAA,
the HIPAA Regulations, or the HITECH Act, by Business Associate or its employees,
directors, officers, subcontractors, agents or members of Business Associate’s
Workforce.
4.3. Notices Any notices required or permitted to be given hereunder by either Party
to the other shall be given in writing: (1) by personal delivery; (2) by electronic
mail or facsimile with confirmation sent by United States first class registered or
certified mail, postage prepaid, return receipt requested; (3) by bonded courier or
by a nationally recognized overnight delivery service; or (4) by United States first
class registered or certified mail, postage prepaid, return receipt, in each case,
addressed to a Party on the signature page(s) to this Agreement or to such other
addresses as the Parties may request in writing by notice given pursuant to this
Section 4.3. Notices shall be deemed received on the earliest of personal delivery;
upon delivery by electronic facsimile with confirmation from the transmitting
machine that the transmission was completed; twenty-four (24) hours following
deposit with a bonded courier or overnight delivery service; or seventy-two (72)
hours following deposit in the U.S. mail as required herein
4.4. Relationship of Parties Business Associate is an independent contractor and not
an agent of Covered Entity under this BAA. Business Associate has the sole right and
obligation to supervise, manage, contract, direct, procure, perform or cause to be
performed all Business Associate obligations under this BAA.
4.5. Survival The respective rights and obligations of the Parties under Sections
3.3 and 4.2 of this BAA shall survive the termination of this BAA.
Applicable Law and Venue This Agreement shall be governed by and construed in
accordance with the laws of the state of Florida (without regards to conflict of
laws principles). The Parties agree that all actions or proceedings arising in
connection with this BAA shall be tried and litigated exclusively in the State or
federal (if permitted by law and if a Party elects to file an action in federal
court) courts located in The United States.