Software End-User License Agreement
Copyright 2021 All Rights Reserved.
This TeleRay software or TeleRay branded derivatives thereof (“Software”) may not, in whole or in any part, be copied, reproduced, transmitted, translated (into any language, natural or computer), stored in a retrieval system, reduced to any electronic medium or machine readable format, or by any other form or means without prior consent, in writing, from TeleRay, (“TeleRay”).
You are granted a limited license to use this software. The software may be used or copied only in accordance with the terms of that license, which is described in the following paragraphs.
Software logos, icons, and Trademarks such as the TeleRay name or logo may not be reproduced or used without permission of TELERAY.
“THE SOFTWARE” SHALL BE TAKEN TO MEAN THE TELERAY SOFTWARE HOWSOEVER COMMERCIALLY ACQUIRED BY YOU (EITHER ON A SUBSCRIPTION OR PAY PER CALL BASIS OR AS A PATIENT) AND ANY SUBEQUENT VERSIONS OR UPGRADES RECEIVED AS A RESULT OF HAVING ACQUIRED THIS PACKAGE. “BUYER” SHALL BE TAKEN AS ANY USER OF THE SOFTWARE AS DESCRIBED IN THIS PARAGRAPH.
BUYER HAS THE NON-EXCLUSIVE RIGHT TO USE THE SOFTWARE ON SINGLE OR MULTIPLE DEVICES. HOWEVER, BUYER MAY NOT DISTRIBUTE COPIES OF THE SOFTWARE OR THE ACCOMPANYING DOCUMENTATION TO OTHERS EITHER FOR A FEE OR WITHOUT CHARGE.
BUYER MAY NOT MODIFY OR TRANSLATE THE PROGRAM OR DOCUMENTATION. USER MAY NOT DISASSEMBLE THE PROGRAM OR ALLOW IT TO BE DISASSEMBLED INTO ITS CONTITUENT SOURCE CODE.
BUYER’S USE OF THE SOFTWARE INDICATES HIS/HER ACCEPTANCE OF THESE TERMS AND CONDITIONS. IF BUYER DOES NOT AGREE TO THESE CONDITIONS, RETURN THE DISTRIBUTION MEDIA, DOCUMENTATION, AND ASSOCIATED MATERIALS TO THE VENDOR FROM WHOM THE SOFTWARE WAS PURCHASED, AND ERASE THE SOFTWARE FROM ANY AND ALL STORAGE DEVICES UPON WHICH IT MAY HAVE BEEN INSTALLED.
THIS LICENSE AGREEMENT SHALL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, STATE OF ILLINOIS, AND SHALL INURE TO THE BENEFIT OF TELERAY OR ITS ASSIGNS. DISCLAIMER / LIMITATION OF LIABILITY: BUYER ACKNOWLEDGES THAT THE SOFTWARE MAY NOT BE FREE FROM DEFECTS AND MAY NOT SATISFY ALL OF BUYER’S NEEDS. TELERAY WARRANTS ALL MEDIA ON WHICH THE SOFTWARE IS DISTRIBUTED FOR 60 DAYS TO BE FREE FROM DEFECTS IN MATERIALS AND WORKMANSHIP UNDER NORMAL USE. THE SOFTWARE AND ANY ACCOMPANYING WRITTEN MATERIALS ARE LICENSED “AS IS”. BUYER’S EXCLUSIVE REMEDY DURING THE WARRANTY PERIOD SHALL CONSIST OF REPLACEMENT OF SOFTWARE IF DETERMINED TO BE FAULTY. IN NO EVENT WILL TELERAY BE LIABLE FOR DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGE OR DAMAGES RESULTING FROM LOSS OF USE, OR LOSS OF ANTICIPATED PROFITS RESULTING FROM ANY DEFECT IN THE PROGRAM, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. SOME LAWS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITIES FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSION MAY NOT APPLY.
IN ACCORDANCE WITH THE COMPUTER SOFTWARE RENTAL ACT OF 1990, THIS SOFTWARE MAY NOT BE RENTED, LENT OR LEASED.
THE SOFTWARE AND ACCOMPANYING DOCUMENTATION MAY NOT BE PROVIDED BY A “BACKUP SERVICE” OR ANY OTHER VENDOR WHICH DOES NOT PROVIDE AN ORIGINAL AGREEMENT TO DO SO AS COMPOSED AND EXECUTED BY TELERAY
If you acquired or use this SOFTWARE in the United States, this EULA is governed by the laws of the State of Illinois. If this SOFTWARE was acquired and is used exclusively outside of the United States, then local law may also apply. Should you have any questions concerning this EULA, or if you desire to contact TELERAY for any reason, please contact TELERAY at 844-4-TELERAY or firstname.lastname@example.org.
TeleRay represents and warrants that its SOFTWARE will perform the Services to a workable, acceptable degree and that any services or materials provided by TeleRay to the Client under the terms and conditions of this Agreement will not infringe on or violate the intellectual property rights or any other right of any third party.
EXCEPT AS EXPLICITLY SET FORTH HEREIN, TELERAY SERVICES ARE DELIVERED “AS IS,” AND TELERAY MAKES NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE TELERAY SERVICES. TELERAY DOES NOT WARRANT THAT THE TELERAY SERVICES WILL BE SUITABLE FOR ANY PURPOSE – INCLUDING PATIENT DIAGNOSIS OR RESULTING TREATMENT – OR ARE ERROR-FREE.
CLIENT ASSUMES THE SOLE RESPONSIBILITY FOR DETERMINING THE SUITABILITY OF THE TELERAY PROPERTY FOR ITS INTENDED USE.
TeleRay represents and warrants that TeleRay operates under the “Information Conduit” rule of 45 Code of Federal Regulations 160.103, and, as defined, is referenced in Section 13400 of Subtitle D (‘Privacy’) of the The Health Information Technology for Economic and Clinical Health (HITECH) Act 2009.
Further, support services provided by TELERAY shall be substantially as described in applicable online materials provided to you by TELERAY. TeleRay support engineers will make commercially reasonable efforts to solve any problem issues with the SOFTWARE. To the extent that implied warranties on the PRODUCTS are disclaimable, they are disclaimed herein below. Some states and jurisdictions do not allow disclaimers of or limitations on the duration of an implied warranty, so the above limitation may not apply to you. To the extent implied warranties may not be entirely disclaimed but implied warranty limitations are allowed by applicable law, implied warranties on the PRODUCTS, if any, are limited to thirty (30) days.
CUSTOMER REMEDIES. TELERAY’S and its suppliers’ entire liability and your exclusive remedy shall be, at TELERAY’S option, replacement of the SOFTWARE that do not meet TELERAY’ Limited Warranty. This Limited Warranty is void if failure of the SOFTWARE has resulted from accident, abuse, or misapplication. Any replacement SOFTWARE will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside of the United States, neither of these remedies nor any product support services offered by TELERAY are available without proof of purchase which includes, but is not limited to, the original SOFTWARE ordering information provided to TELERAY at the time of ordering the SOFTWARE package. This information is required for owner/rights verification.
IN ANY CASE, TELERAY’ ENTIRE LIABILITY UNDER ANY PROVISION OF THIS EULA SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE PRODUCT OR TEN UNITED STATES DOLLARS (U.S. $10.00). BECAUSE SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
This Service Agreement (“Agreement”) and associated Business Associate Agreement (“BAA” – attached hereunder as Appendix A) by and between the following, hereinafter “Party” individually or “Parties” collectively:
www.teleray.com (“TeleRay”) on the one part and Registrant with the name and address provided at the time of registration on TeleRay.com (“Client”) on the other. This Agreement is entered into on the date of TeleRay registration by Client (“Effective Date”)
WHEREAS, Client wishes to retain the Services (as defined below) of TeleRay;
WHEREAS, TeleRay has the skills, qualifications, and expertise required to provide the Services to the Client;
WHEREAS, TeleRay wishes to render such Services to Client.
NOW, therefore, in consideration of the promises and covenants contained herein, as well as other good and valuable consideration (the receipt and sufficiency of which is hereby acknowledged), the Parties do hereby agree as follows:
As used in this Agreement:
Subject to the terms and conditions of this Agreement, Telerayhereby agrees to render the Services to Client, beginning on the Commencement Date and ending on the Completion date, and Client agrees to pay Teleraythe Fees required for the Services.
Teleray will render the Services anywhere Teleray considers appropriate to the type and nature of the work required to complete the Services.
Teleraymay use any staff or employees that Teleray deems fit and capable in the provision of the Services to the Client.
Client agrees to pay TelerayFees for the following Services:
Three options exist for TeleRay Consult billing, being monthly or annual subscription or pay per use. Pricing for these services are published on the Teleray website and the selection of preferred method is made by Client upon site registration. Billing will be made at the selected time interval at the price agreed at that time of registration.
The following terms relate only to invoices raised to Client by Teleray:
During the provision of the Services, the Client hereby agrees to:
In accordance with the terms and conditions of this Agreement, Teleraymay create certain intellectual property (“Created IP”), including, but not limited to, plans, drawing, specifications, reports, advice, analyses, designs, methodologies, code, artwork, or any other intellectual property as required to render the provision of Services to the Client. Unless the Parties otherwise agree, any such Created IP generated by Telerayin connection with the provision of Services to the Client shall belong to TeleRay, but Telerayhereby grants the Client a non-exclusive, irrevocable, royalty-free license use the Created IP for Client’s internal purposes. Client shall not, however, be permitted to copy, modify, disseminate, or otherwise publish the Created IP and shall not allow others to do so.
Any intellectual property provided by the Client to Telerayto assist in the provision of Services, that was not created by Teleraypursuant to this Agreement, shall belong to the Client. Any ancillary intellectual property belonging to TeleRay, provided or shown to the Client in any way, that was not created by Teleraypursuant to this Agreement, shall belong to TeleRay.
Each Party hereby acknowledges and agrees that they and the other party each possess certain non-public Confidential Information (as hereinafter defined) and may also possess Trade Secret Information (as hereinafter defined) (collectively the “Proprietary Information”) regarding their business operations and development. The Parties agree that the Proprietary Information is secret and valuable to each of their respective businesses and the Parties have entered into a business relationship, through which they will each have access to the other party’s Proprietary Information. Each of the Parties desires to maintain the secret and private nature of any Proprietary Information given. “Receiving Party” refers to the Party that is receiving the Proprietary Information and “Disclosing Party” refers to the Party that is disclosing the Proprietary Information.
9.1 Confidential Information refers to any information which is confidential and commercially valuable to either of the Parties. The Confidential Information may be in the form of documents, techniques, methods, practices, tools, specifications, inventions, patents, trademarks, copyrights, equipment, algorithms, models, samples, software, drawings, sketches, plans, programs or other oral or written knowledge and/or secrets and may pertain to, but is not limited to, the fields of research and development, forecasting, marketing, personnel, customers, suppliers, intellectual property and/or finance or any other information which is confidential and commercially valuable to either of the Parties.
Confidential Information may or may not be disclosed as such, through labeling, but is to be considered any information which ought to be treated as confidential under the circumstances through which it was disclosed.
Confidential Information shall not mean any information which:
9.3 Both Parties hereby agree they shall:
Teleray(and/or their employees, agents, representatives) shall be free to provide services or engage in any form of activity (including, but not limited to, any business, investment or financial activities) whether for themselves or on behalf of or to other organizations, companies or individuals who are or are potentially direct or indirect competitors of the Client.
Teleray represents and warrants that its hardware and software will perform the Services to a workable, acceptable degree and that any Services or materials provided by Telerayto the Client under the terms and conditions of this Agreement will not infringe on or violate the intellectual property rights or any other right of any third party.
EXCEPT AS EXPLICITLY SET FORTH HEREIN, TeleraySERVICES ARE DELIVERED “AS IS,” AND TelerayMAKES NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, CONTINUITY OF CELLULAR SERVICE BY CELLULAR PROVIDER, MERCHANTABILITY, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE TeleraySERVICES. TelerayDOES NOT WARRANT THAT THE TeleraySERVICES WILL BE SUITABLE FOR ANY PURPOSE – INCLUDING PATIENT DIAGNOSIS OR RESULTING TREATMENT – OR ARE ERROR-FREE. CLIENT ASSUMES THE SOLE RESPONSIBILITY FOR DETERMINING THE SUITABILITY OF THE TelerayPROPERTY FOR ITS INTENDED USE.
CLIENT IS RESPONSIBLE FOR MONITORING CELLULAR USAGE. TelerayRETAINS THE RIGHT TO CHARGE INCREMENTALLY FOR EXCESSIVE USAGE.
Teleray represents and warrants that TeleRay operates under the “Information Conduit” rule of 45 Code of Federal Regulations §160.103, and, as defined, is referenced in Section 13400 of Subtitle D (‘Privacy’) of the The Health Information Technology for Economic and Clinical Health (HITECH) Act 2009.
Either party’s liability in contract, tort or otherwise arising through or in connection with this Agreement or through or in connection with the completion of obligations under this Agreement shall be limited to the Fees paid by the Client to TeleRay.
Any notice, report or other communication required under this Agreement shall be in writing and shall be delivered personally, sent by facsimile transmission (including e-mail) or sent by U.S. mail, addressed as follows:
If to Client: The Name and Address stated at the head of this agreement if none other stated and/or the email address associated with the account registration
Attn: The representative executing this Agreement (below) if none other stated.
If to Business Associate: Teleray
100 Congress Avenue Suite 2000 Austin, TX, 78701 United States
Attn: Timothy Kelley CEO
The parties shall hereafter notify each other in accordance herewith of any change of address to which notice is required to be sent.
Unless termination is sought by Telerayunder the provisions set out below, the Term of this Agreement is determined by the continued usage of Services by Client.
The Parties hereby acknowledge and agree that nothing in this Agreement shall be deemed to constitute a partnership, joint venture, agency relationship or otherwise between the Parties and that this Agreement is for the sole and express purpose of the rendering of the specific Services by Telerayto the client under the terms and conditions herein.
THIS BUSINESS ASSOCIATE AGREEMENT (the “BAA”) is entered into as of the date of execution of the Agreement to which this BAA is Appendix A (the “Effective Date”) by and between that Agreement’s Client (“Covered Entity”) and Teleray(“Business Associate”).
Covered Entity and Business Associate are parties to the Agreement to which this BAA is attached as Appendix A. In connection with Business Associate’s performance of its duties and obligations under the Agreement, Business Associate may have access to certain Protected Health Information (“PHI”) (as further defined below).
This BAA is to made to implement the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economical and Clinical Health Act (“HITECH Act”), and the regulations implementing HIPAA and the HITECH Act, including 45 Code of Federal Regulations (“CFR”) Part 160 and Part 164, Subpart E (the “Privacy Rule”), 45 CFR Part 160 and Part 164, Subpart C (the “Security Rule”) and 45 CFR Part 160 and Part 164, Subpart D (the “Breach Rule”), collectively referred to herein as the “HIPAA Rules,” all as amended from time to time. The purpose of this BAA is to govern Business Associate’s obligations regarding the use and disclosure of PHI that Business Associate receives from, or creates, maintains or transmits on behalf of Covered Entity.
If the Business Associate is a financial institution or a creditor that has access to patient account information and is subject to administrative enforcement, this BAA also is made to implement the FTC Red Flags Regulations (see 16 CFR § 681) to ensure that Business Associate is conducting its activities in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides PHI, agrees in writing to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such PHI.
IN CONSIDERATION OF THE FOREGOING, and of the desire of each party to provide or receive services under the Agreement, the parties hereto agree as follows:
“Protected Health Information” (“PHI”) shall have the same meaning as such term as defined in 45 CFR §160.103, except that that PHI subject to this BAA is limited to that PHI that Business Associate receives, creates, maintains or transmits on behalf of Covered Entity.
“Covered Entity Data” includes any data or information that is provided to Business Associate by the Covered Entity (and such data or information in aggregated form or its meta data) or generated expressly for Covered Entity during the use of the Product.
All capitalized terms used in this BAA and not defined herein shall have the same meaning as those terms as used or defined in the HIPAA Rules.
Right and Title to PHI. Business Associate acknowledges that all right, title and interest in and to any PHI vests solely and exclusively with Covered Entity or the Individual to whom such PHI relates.
Obligations of Business Associate with Respect to the Use and Disclosure of Protected Health Information.
Business Associate agrees to comply with the HIPAA Rules that apply to business associates as set forth in the HIPAA Rules. To the extent Business Associate will perform Covered Entity’s obligations under the HIPAA Rules, Business Associate must comply with the requirements applicable to Covered Entity.
Business Associate shall not Use or Disclose PHI except as permitted or required by this BAA or as Required By Law. Subject to the limitations set forth in this BAA, Business Associate may Use and Disclose PHI as necessary to fulfill its duties and obligations in the Agreement.
Except as set forth herein, Business Associate may not Use or Disclose PHI in a manner that would violate the HIPAA Rules if done so by Covered Entity. Subject to the limitations set forth in this BAA, Business Associate may Use PHI as necessary for its proper management and administration or to carry out its legal responsibilities, and may Disclose PHI for such purposes provided that: (i) any such Disclosure is Required By Law; or (ii) Business Associate obtains a written agreement from the person to whom the PHI is Disclosed (the “Recipient”) to assure that Recipient will hold the PHI confidentially and will use or further Disclose the PHI only as Required By Law or for the purpose for which it was Disclosed to the Recipient , and that the Recipient agrees to immediately notify Business Associate of any Use or Disclosure of the PHI in violation of that agreement. Business Associate shall notify Covered Entity of Recipient’s Use or Disclosure of PHI in accordance with Section 5.
Business Associate may not de-identify PHI or Covered Entity Data except as necessary to perform its duties and obligations as described in the Agreement. Business Associate is prohibited from Using or Disclosing such de-identified information for its own purposes without the prior written permission of Covered Entity.
Covered Entity and Business Associate agree to execute amendment(s) to this BAA if there are any applicable changes in, or restrictions to, the permitted Use or Disclosure of PHI.
Business Associate agrees that, to the extent it requests PHI from Covered Entity, or to the extent that Business Associate Uses PHI or Discloses PHI to its affiliates, subsidiaries, agents and subcontractors or other third parties, to limit such request, Use or Disclosure to a Limited Data Set or, if that is not practicable, to the minimum amount of PHI that is necessary to perform or fulfill a specific function required or permitted herein.
Business Associate shall not, directly or indirectly, receive remuneration in exchange for or otherwise sell an Individual’s PHI unless Covered Entity has obtained an authorization from such Individual that complies with the requirements set forth in 45 CFR § 164.508(a)(4) and Covered Entity permits Business Associate to do so in writing.
If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate shall provide to Covered Entity or, at Covered Entity’s direction to an Individual, PHI relating to that Individual held by Business Associate or its agents or subcontractors in a Designated Record Set, in accordance with 45 CFR §164.524. In the event an Individual requests access to his or her PHI directly from Business Associate, Business Associate shall, within five (5) business days of receipt of such request, forward the request to Covered Entity unless the HIPAA Rules require Business Associate to receive and respond to such requests directly, in which case, Business Associate shall respond directly as required by and in accordance with 45 CFR §164.524, and shall send a copy of such response to Covered Entity.
If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate agrees to make any requested amendment(s) to PHI held by it or any agent or subcontractor of Business Associate in a Designated Record Set in accordance with 45 CFR §164.526. In the event an Individual requests an amendment to his or her PHI directly from Business Associate, Business Associate shall within five (5) business days of receipt of such request, forward such request to Covered Entity.
If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate shall make available to Covered Entity, or, at Covered Entity’s direction to an Individual, such information required to be included in an accounting in 45 C.F.R.§164.528. In the event an Individual requests an accounting of his or her PHI directly from Business Associate, Business Associate shall, within five (5) business days of receipt of such request, forward the request to Covered Entity.
In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors of the Business Associate that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
Safeguards for the Protection of Protected Health Information.
Business Associate and any subcontractors of the Business Associate shall maintain, and by this BAA warrants that it has implemented, such appropriate safeguards necessary to ensure that PHI is not Used or Disclosed by Business Associate except as provided in this BAA or Required by Law.
Business Associate and any subcontractors of the Business Associate shall maintain, and by this BAA warrants that it has implemented, such appropriate administrative, physical, and technical safeguards, including the use of secure coding practices, as required by the HIPAA Rules, necessary to ensure the protection, confidentiality, integrity, and availability of the PHI it receives, creates, maintains or transmits on behalf of Covered Entity.
Business Associate and any subcontractors of the Business Associate will continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information for as long as the Business Associate and any subcontractors of the Business Associate retains the protected health information.
Business Associate and any subcontractors of the Business Associate shall train Workforce members regarding their responsibilities under HIPAA, including the responsibilities to safeguard PHI and the consequences for failing to do so.
Business Associate may not maintain PHI on a portable electronic device, or transmit PHI over the Internet or any other unsecure or open communication channel, unless the PHI is encrypted in accordance with guidance issued by the Secretary of Health and Human Services under section 13404(h)(2) of Public Law 111-5.
Business Associate acknowledges that Covered Entity is the sole owner of Covered Entity Data. Business Associate represents and warrants that, during the term of the Agreement, any Covered Entity Data will be available to the Covered Entity either through the program without charge to the Covered Entity at any time, or, if special access is needed, a separate agreement or order form will be executed at a mutually agreed rate. Business Associate will use commercially reasonable efforts to maintain and back up Covered Entity Data that are designed to mitigate any disruption in software or services or loss of Covered Entity Data.
Unauthorized Uses and Disclosures and Security Incidents.
Business Associate shall, within five (5) business days, report any Successful Unauthorized Use or Disclosure of PHI of which Business Associate becomes aware that is not permitted under this BAA.
To the extent that Business Associate creates, receives, maintains or transmits Electronic PHI, Business Associate shall report to Covered Entity any Successful Security Incident, without unreasonable delay and in no event later than five (5) business days after Business Associate or any of its employees, agents, or subcontractors learns of the Successful Security Incident. Business Associate and Covered Entity acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and Covered Entity acknowledges and agrees that no additional notification to Covered Entity of such unsuccessful Security Incidents is required. However, to the extent that Business Associate becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, Business Associate shall notify Covered Entity of these attempts and provide the name, if available, of said party. At the request of Covered Entity, Business Associate shall identify the date of the Security Incident, the scope of the Security Incident, Business Associate’s response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known.
Business Associate shall maintain systems to monitor and detect a Breach of Unsecured PHI. Following Business Associate’s discovery of a Breach of Unsecured PHI, Business Associate shall notify Covered Entity of the Breach without unreasonable delay and in no event later than five (5) business days after Business Associate, or any of its employees, agents, or subcontractors learns of the Breach. The notice shall include the identification of each Individual whose Unsecured PHI was, or is reasonably believed to have been, accessed, acquired, used or disclosed as a result of the Breach and any other information known to Business Associate, including but not limited to, the circumstances surrounding the Breach, and all other information which is required to be included in the notification of the Breach provided to the Individual in accordance with 45 CFR §164.404(c). Following the notice, Business Associate shall conduct such further investigation and analysis as is reasonably required, and shall promptly advise Covered Entity of additional information pertinent to the Breach which Business Associate obtains as a result of its investigation. Covered Entity is responsible for determining whether notice will be provided to Individuals, the Department of Health and Human Services, and the media, as applicable. Notwithstanding the foregoing, if Business Associate (or one of its subcontractors, vendors or agents) is responsible for a Breach of Unsecured PHI, Covered Entity may, at its option, require Business Associate to provide any of the notifications required by 45 C.F.R. § 164.404 at Business Associate’s expense.
Subject to the Business Associate’s cyber insurance policy limits (“Limitations”), Business Associate will reimburse Covered Entity for any reasonable expenses Covered Entity incurs in notifying Individuals of a Breach caused by Business Associate or Business Associate’s employees, subcontractors, vendors or agents, or any person or entity under Business Associate’s control, and for reasonable expenses Covered Entity incurs in mitigating harm to those Individuals. In accordance with Section 10 below and subject to the Limitations, Business Associate shall indemnify and defend Covered Entity against all claims and actual costs associated with such Breach, including actual and reasonable costs of notification, which are the result of the actions of the Business Associate or its employees, subcontractors, vendors or agents, or any person or entity under Business Associate’s control.
Business Associate will mitigate, to the maximum extent practicable, any deleterious effect from its or its employees’, subcontractors’, vendors’ or agents’ Use or Disclosure of PHI in a manner that violates this BAA.
Business Associate agrees to make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of the United States Department of Health and Human Services (the “Secretary”) or her/his designees or other government authorities in a time and manner designated by the Secretary or such governmental authorities, for the purposes of determining compliance with the provisions of this BAA and the HIPAA Rules.
Business Associate will make its relevant servers, processors, controls and records available for audit/inspection by Covered Entity during normal business hours. Each party will bear its own expenses for such an audit. If the audit demonstrates that Business Associate is not in compliance with this BAA, Business Associate will immediately submit a plan of action to remediate the non-compliance at its own cost within fifteen (15) days.
Term. The term of this BAA shall commence on the Effective Date and shall terminate concurrently with the Agreement or earlier as provided below.
Termination for Cause. Upon either party’s knowledge of a material breach of this BAA by the other party the party not in breach shall send written notice describing the breach to the party in breach.
The notice shall provide an opportunity for the party in breach to cure the breach or end the violation within fifteen (15) business days after receipt of written notice; provided, however, the party not in breach may terminate this BAA if the party in breach does not cure the breach or end the violation within the time specified; or
Immediately terminate this BAA if the party in breach has breached a material term of this BAA and cure is not possible.
Business Associate shall ensure that it maintains the termination rights in this Section in any agreement it enters into with a subcontractor.
Except as provided in paragraph (ii) of this Subsection (c), upon termination of this BAA, for any reason, Business Associate shall return or destroy all PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall not retain copies of PHI.
In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make the return or destruction not feasible and the measures that Business Associate will take for assuring the continued confidentiality and security of the PHI. Covered Entity promptly will notify Business Associate of whether it agrees that the return or destruction of PHI is infeasible. If Covered Entity agrees that return or destruction of PHI is infeasible, Business Associate may keep the PHI but will extend all protections, limitations and restrictions of this BAA to Business Associate’s Use or Disclosure of PHI retained after termination of this BAA and will limit further Uses or Disclosures to those purposes that make the return or destruction of the PHI infeasible. Business Associate will also ensure that any such extended protections, limitations and restrictions apply to its subcontractors for whom return or destruction of PHI is determined by Covered Entity to be infeasible. If Covered Entity does not agree that the return or destruction of PHI from Business Associate or its subcontractors is infeasible, Covered Entity will provide Business Associate with written notice of its decision, and Business Associate and its Subcontractors will proceed with the return or destruction of the PHI pursuant to the terms of this Section within 30 days of the date of Covered Entity’s notice.
Disclaimer. COVERED ENTITY MAKES NO WARRANTY OR REPRESENTATION THAT COMPLIANCE BY BUSINESS ASSOCIATE WITH THIS BAA OR THE HIPAA RULES WILL BE ADEQUATE OR SATISFACTORY FOR BUSINESS ASSOCIATE’S OWN PURPOSES. COVERED ENTITY MAKES NO WARRANTY OR REPRESENTATION THAT ANY INFORMATION IN BUSINESS ASSOCIATE’S POSSESSION OR CONTROL, OR TRANSMITTED OR RECEIVED BY BUSINESS ASSOCIATE, IS OR WILL BE SECURE FROM UNAUTHORIZED USE OR DISCLOSURE. NOR SHALL COVERED ENTITY BE LIABLE TO BUSINESS ASSOCIATE FOR ANY CLAIM, LOSS OR DAMAGE RELATED TO THE UNAUTHORIZED USE OR DISCLOSURE OF ANY INFORMATION RECEIVED BY BUSINESS ASSOCIATE FROM COVERED ENTITY. BUSINESS ASSOCIATE IS SOLELY RESPONSIBLE FOR ALL DECISIONS MADE BY BUSINESS ASSOCIATE REGARDING THE SAFEGUARDING OF PROTECTED HEALTH INFORMATION.
Indemnification. Notwithstanding any agreement by the parties to the contrary and subject to the Limitations, Business Associate shall indemnify and hold harmless Covered Entity and its directors, officers, affiliates, agents, volunteers, trustees or employees from and against any claim, cause of action, liability, damage, cost or expense, including reasonable attorney’s fees and court or proceeding costs, arising out of or in connection with Business Associate’s material breach of its obligations under this BAA, as well as the actions of its employees, subcontractors, vendors or agents, or any person or entity under the Business Associate’s control. The Business Associate’s obligation to indemnify Covered Entity will survive expiration or termination of this BAA. Covered Entity may, at its option, conduct its defense or settlement of any such action arising as described herein, and Business Associate shall cooperate with such defense and settlement.
Notice. Any notice, report or other communication required under this BAA shall be in writing and shall be delivered personally, sent by facsimile transmission, or sent by U.S. mail, addressed as follows:
If to Covered Entity: The Name and Address stated at the head of the Agreement if none other stated and/or the email address associated with the account registration
Attn: The representative executing the Agreement if none other stated.
If to Business Associate: Teleray
100 Congress Avenue Suite 2000 Austin, TX, 78701 United States
Attn: Timothy Kelley CEO
The parties shall hereafter notify each other in accordance herewith of any change of address to which notice is required to be sent.
Regulatory References. A reference in this BAA to a section in the HIPAA Rules means the section as in effect, as amended from time to time.
Independent Contractors. In the performance of the work, duties and obligations described in this BAA or under the Agreement, the parties acknowledge and agree that each party is at all times acting and performing as an independent contractor and at no time shall the relationship between the parties be construed as a partnership, joint venture, employment, principal/agent relationship, or master/servant relationship.
No Third Party Beneficiaries: Nothing in this BAA will confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.
Amendment. No change, amendment, or modification of this BAA shall be valid unless set forth in writing and agreed to by both parties. Notwithstanding the foregoing, the parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this BAA may be required to ensure compliance with such developments. The parties specifically agree to take such action as may be necessary from time to time for the parties to comply with the applicable requirements of HIPAA, HITECH, and the HIPAA Rules, all as amended from time to time. Covered Entity shall provide written notice to Business Associate to the extent that any new regulation or amendment to any existing regulation promulgated by the Secretary requires an amendment to this BAA to comply with such regulations. In such event, the parties agree to negotiate an amendment to this BAA in good faith; provided, however, either party may terminate this BAA upon ninety (90) days prior written notice to the other party if the parties are unable to reach an agreement.
Governing Law. The rights, duties and obligations of the parties to this BAA and the validity, interpretation, performance and legal effect of this BAA shall be governed and determined by applicable federal law with respect to the Privacy Rule and the Security Rule and otherwise by the laws of the State of Illinois.
Counterparts. This BAA may be executed in one or more original counterparts and will become operative when each party has executed and delivered at least one counterpart. Each original counterpart will be deemed to be an original for all purposes, and all counterparts will together constitute one instrument.
Signatures. This BAA may be signed electronically and delivered by email, facsimile or similar transmission, and an email, facsimile or similar transmission evidencing execution, including PDF copies of executed counterparts, will be effective as a valid and binding agreement between the Parties for all purposes.
Effect on Agreement. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the Agreement shall remain in force and effect.
Construction. This BAA shall be construed as broadly as necessary to implement and comply with the applicable HIPAA, HITECH and the HIPAA Rules. The parties agree that any ambiguity in this BAA shall be resolved in favor of a meaning that complies with and is consistent with HIPAA, HITECH and the HIPAA Rules.
IN WITNESS THEREOF, each party has caused this BAA to be executed by its duly authorized representative.
ELECTRONIC EXECUTION PERMITTED: Parties agree that by representative of Covered Entity checking the TeleRay Terms of Service box during registration, Covered Entity and Business Associate execute this BA rights in this Section in any agreement it enters into with a subcontractor.