PLEASE READ THESE TERMS AND CONDITIONS FOR SERVICES CAREFULLY. BY CLICKING “I ACCEPT” OR BY ACCESSING OR USING THE SERVICES, YOU AGREE TO BE BOUND BY THESE TERMS OF USE AND ALL TERMS INCORPORATED BY REFERENCE, INCLUDING OUR BUSINESS ASSOCIATE AGREEMENT AND PRIVACY POLICY. IF YOU DO NOT AGREE TO ALL OF THESE TERMS, DO NOT ACCESS OR USE THE SERVICES.
These Standard Terms and Conditions for Services are incorporated into and constitute a material part of the Service Provider Agreement between M3 and Customer. M3 and Customer hereby agree as follows:
Whenever used in this Agreement with initial letters capitalized, the following terms will have the following meanings:
“Activation Date” is the date that Customer receives its activation credentials.
“Authorized User” means any individual authorized by Customer to access and use the M3 Services pursuant to this Agreement including, without limitation, Primary Care Physicians, Patients, administrators, nurses, employees or affiliated physicians or specialists of Customer.
“Confidential Information” means any information that is proprietary or confidential to the Discloser or that the Discloser is obligated to keep confidential (e.g., pursuant to a contractual or other obligation owing to a third party). Confidential Information may be of a technical, business or other nature (including, but not limited to, information which relates to the Discloser’s technology, research, development, products, services, pricing of products and services, customers, Patients, employees, contractors, marketing plans, finances, contracts, legal affairs, or business affairs). However, Confidential Information does not include any information that: (a) was known to the Recipient prior to receiving the same from the Discloser in connection with this Agreement; (b) is independently developed by the Recipient; (c) is acquired by the Recipient from another source without restriction as to use or disclosure; or (d) is or becomes publicly available through no fault or action of the Recipient or any third party.
“Customer Data” means all data pertaining to the access and use of the M3 Services by Customer and any Authorized User, including, without limitation, information, responses or other data input into the M3 Services by an Authorized User and any output generated by the M3 Services, including, without limitation, the mental health risk assessment and any data related to the same being sent to the Primary Care Physician’s electronic file.
“De-identified Data” “De-identified Data” shall mean the standard for de-identification of protected health information as provided in Section 164.514(a) of the HIPAA Privacy Rule.
“Discloser” means a party that discloses any of its Confidential Information to the other party.
“Documentation” means the user manuals, online documentation and other materials relating to the M3 Services provided by M3 to Customer.
“Enhancement” means any correction, modification, enhancement, improvement, update, upgrade, bug fixes or new release of the M3 Services. Enhancements do not include upgrades, data migration or custom work and reports specific to Customer.
“Licensed Software” means all components of the M3 Clinician software, including but not limited to the software source code and related logic, design, data entry checklist, scoring algorithm, patient customized assessment forms and all other related information.
“M3 Materials” means the Trademarks of M3, the M3 Site, Documentation and M3 Technology.
“M3 Services” means the web based mental health screening tool located at the M3 Site that that allows Authorized Users to administer or take a Screen. Upon completion, the M3 Service generates a risk assessment that is automatically sent to a designated electronic file.
“M3 Site” means the M3 Web sites (and all Enhancements thereto) located at www.M3Clinician.com, together with such other Web sites owned or maintained by M3 and its affiliates from time to time.
“M3 Technology” means any know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, techniques, methods, applications, computer programs, user manuals, online documentation, products or other technology and materials of any kind, or any Enhancement thereto, used by M3 in connection with the performance of the M3 Services or made available by M3 to Customer, any Authorized User or any third party.
“Patient” means an individual who is seeking or receiving medical (including mental) health consultation or treatment from Customer or a care provider employed or contracted by Customer.
“Primary Care Physician” means a duly qualified and licensed physician who provides primary medical care to a Patient and who administers or cause to be administered, a Screen.
“Proprietary Rights” means any patent, copyright, trademark, service mark, trade name, trade secret, know-how, moral right or other intellectual property right under the laws of any jurisdiction, whether registered, unregistered, statutory, common law or otherwise (including any rights to sue, recover damages or obtain relief for any past infringement, and any rights under any application, assignment, license, legal opinion or search).
“Recipient” means a party that receives any Confidential Information of the other party.
“Screen” means a single use of the M3 Services by an Authorized User to serve a single Patient that results in the M3 Services generating a mental health risk assessment for such Patient.
“Service Commencement Date” means the date on which M3 notifies Customer that the M3 Services are available for Customer use.
“Term” means the period of time specified in Section 7.1.
“Trademarks” means any trademarks, service marks, trade dress, trade names, corporate names, proprietary logos or indicia and other source or business identifiers.
“User Identification” means the unique user identification name and password issued or otherwise assigned to Customer for Authorized Users to access and use the M3 Services.
2.1 Services. Subject to the restrictions and limitations set forth in this Section 2 and elsewhere in this Agreement, M3 will: (a) host and maintain the M3 Site; (b) enable Authorized Users to access and use the M3 Services through the M3 Site, solely for the Customer’s internal use in the regular course of its business; and (c) use the Documentation as reasonably required in connection with the exercise of Customer’s rights granted under (a) and (b) of this paragraph.
2.2 General Restrictions and Limitations. Section 2.1 sets forth the entirety of Customer’s right to access and use the M3 Services and to make the M3 Services available to Authorized Users. Customer may not access the M3 Services if it is M3’s direct competitor, except with M3’s prior written consent. In addition, Customer may not access or use the M3 Services for purposes of monitoring the M3 Services’ availability, performance or functionality, or for any other benchmarking or competitive purposes. Customer’s right to use the M3 Services does not include the right to, and Customer will not directly or indirectly: (a) enable any person or entity other than Authorized Users to access and use the M3 Services; (b) administer a Screen to any person (including a Patient) who is under eighteen (18) years of age; (c) modify or create any derivative work based upon any M3 Material; (d) resell the M3 Services to any third party; (e) grant any sublicense or other rights to the M3 Services; (f) reverse engineer, disassemble or decompile all or any portion of, or attempt to discover or recreate the source code for, any software that is part of the M3 Technology; (g) remove, obscure or alter any Proprietary Rights notice related to the M3 Materials, the M3 Services; (h) engage in or permit any infringing or unlawful activities involving the M3 Services, M3 Materials; or (i) engage in or permit any use, reproduction, distribution, disposition, possession, disclosure or other activity involving the M3 Services, M3 Material that is not expressly authorized under the Agreement or otherwise in writing by M3. Customer will ensure, through proper instructions and enforcement actions, that all access to and use of the M3 Services by Customer or Authorized Users, or otherwise through Customer’s facilities, equipment, identifiers or passwords, will conform to this Agreement and will be made and used solely for proper and legal purposes, and will be conducted in a manner that does not violate any law or regulation, the rights of any third party, court orders or M3’s policies.
2.3 Federal Government End Use Provisions. M3 provides the M3 Services, including related software and technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a need for rights not conveyed under these terms, it must negotiate with M3 to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.
3.1 Equipment, Services and Facilities. Customer is solely responsible for providing, installing and maintaining at its own expense all equipment, facilities and services necessary to access and use the M3 Services, including, without limitation, all computer hardware and software, modems, printers, telephone service and Internet access.
3.2 Password. Customer will issue each Authorized User a User Identification to access and use the M3 Services. Customer is solely responsible for tracking the use of the User Identification by specific Authorized Users and for ensuring the security and confidentiality of the User Identification. Customer acknowledges that it is responsible for all liabilities incurred through the use of the User Identification, to the extent of Customer’s negligence or willful misconduct, but only to the extent that M3 is not negligent or at fault. Customer will immediately notify M3 of any unauthorized use of the User Identification or any other breach of security known to it. Use of the User Identification other than as provided in this Agreement will be considered a breach of this Agreement by Customer.
3.3 Suspension of Services. In the event Customer breaches any of the warranties set forth in Section 9 or elsewhere in the Agreement, or fails to pay any amount under the Agreement when due, in addition to any other remedies available at law or in equity, M3 will have the right, in its sole reasonable discretion, to immediately suspend the M3 Services.
4.1 Support. For support questions, email support@M3information.com.
4.2 Additional Services. In the event Customer may request any additional services or any training and support services, if M3 agrees to provide such additional services, training or support, Customer and M3 will enter into a separate services agreement. M3 will make available to Customer such additional services and any additional training and support services as Customer may request pursuant and subject to the applicable services agreement.
4.3 Modifications. M3 may alter or modify the M3 Services from time to time without notice. Such alterations and modifications may include, without limitation, addition or withdrawal of features, data, information, products, services, software or change in instructions.
5.1 Amount. Customer will pay M3 for the M3 Services in accordance with the fees described in Section 2 of the Agreement.
5.2 Additional Fees. Customer will pay M3 such additional fees, charges, reimbursable expenses and other amounts as may be specified in a separate service agreement in accordance with the payment terms specified therein.
5.3 Payment. Customer has the option to elect to pay by ACH or credit card. After the initial election, Customer can change from one method of payment to the other with thirty (30) day written notice.
5.4 Taxes. Unless otherwise specified in writing, fees and other amounts payable to M3 under this Agreement do not include any taxes, customs, duties, fees or other amounts assessed or imposed by any governmental authority. In the event such taxes are imposed, Customer will pay or reimburse M3 for all such amounts upon demand or provide certificates or other evidence of exemption. This section does not apply to or include taxes imposed on M3’s net income or personal property.
5.5 Records; Audits. Customer will maintain complete and accurate records of all activities relating to this Agreement while this Agreement is in effect and for a period of three (3) years thereafter. Each Party will permit the other Party and/or the other Party’s designee to inspect, review, copy and audit all such records (“Audit”) during normal business hours at the auditing Party’s expense. If as a result of an Audit it is discovered that a Party incorrectly represented any amounts owed hereunder, such Party will promptly pay to the other the amount owed in light of the revised information. If the difference between the amount represented as owed and the amount actually owed is greater than five percent (5%), then the Party that misrepresented the amounts owed will pay or reimburse the other for the costs of the Audit.
6.1 Ownership. The M3 Services, the M3 Materials and any Enhancements to the M3 Services or the M3 Material constitute or otherwise involve valuable Proprietary Rights of M3. Customer acknowledges that it obtains only the right to use the M3 Services under this Agreement and any copyrights, patent rights, trade secrets and other intellectual property are the exclusive property of M3. No title to or ownership of the M3 Services, the M3 Materials or any corrections, modifications, customizations, revisions, improvements, upgrades, new releases or other change to the M3 Services, the M3 Material or any Proprietary Rights associated with the M3 Services or M3 Materials is transferred to Customer, any Authorized User or any third party under this Agreement.
6.2 Customer Data. As between the parties, Customer will own all right, title and interest in all Customer Data. Customer grants to M3 and its affiliates a nonexclusive, nontransferable right to transmit and store Customer Data in connection with the performance of the M3 Services. In addition, Customer grants to M3 and its affiliates access to De-identified Data. Both parties will comply with all applicable laws, rules and regulations in connection with the collection, use and disclosure of the Customer Data (including, without limitation, any pertaining to privacy). M3 has implemented commercially reasonable technical and organizational measures designed to secure Customer Data (if any) from accidental loss and from unauthorized access, use, alteration or disclosure. However, M3 cannot guarantee that unauthorized third parties will never be able to defeat those measures or use Customer Data for improper purposes. Customer acknowledges that all Customer Data is provided at Customer’s and its Authorized Users’ own risk.
6.3 M3 Trademarks. As between M3 and Customer, M3 owns all right, title and interest in and to M3’s Trademarks and any goodwill arising out of the use of the M3’s Trademarks will remain with and belong to M3 and its licensors. M3’s Trademarks may not be copied, imitated or used, in whole or in part, without the prior written consent of M3 or the applicable trademark holder. At no time will Customer challenge or assist others to challenge any of M3’s Trademarks or the registration thereof or attempt to use or register any trademarks or trade names confusingly similar to those of M3 or its affiliates. All other trademarks, registered trademarks, product names and M3 names or logos used in connection with the M3 Services are the property of their respective owners. Reference to any products, services, processes or other information, by trade name, trademark, manufacturer, supplier or otherwise does not constitute or imply endorsement, sponsorship or recommendation thereof by M3. Customer hereby grants M3 the right to use Customer’s Trademarks during the Term in marketing materials (including online materials, such as M3’s Web site) solely for the purpose of identifying Customer as a customer of M3 and recipient of the M3 Services under the Agreement.
6.4 Confidential Information. Each party reserves any and all right, title and interest (including, without limitation, any Proprietary Rights) that it may have in or to any Confidential Information that it may disclose to the other Party under this Agreement. The Recipient will protect Confidential Information of the Discloser against any unauthorized use or disclosure to the same extent that the Recipient protects its own Confidential Information of a similar nature against unauthorized use or disclosure, but in no event will use less than a reasonable standard of care to protect such Confidential Information; provided, that the Confidential Information of the Discloser is conspicuously marked or otherwise identified as confidential or proprietary upon receipt by the Recipient or the Recipient otherwise knows or has reason to know that the same is Confidential Information of the Discloser. The Recipient will use any Confidential Information of the Discloser solely for the purposes for which it is provided by the Discloser. This paragraph will not be interpreted or construed to prohibit: (a) any use or disclosure which is necessary or appropriate in connection with the Recipient’s performance of its obligations or exercise of its rights under this Agreement or any other agreement between the parties; (b) any use or disclosure required by applicable law (e.g., pursuant to applicable securities laws or legal process), provided that the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof (e.g., so as to afford the Discloser an opportunity to intervene and seek an order or other appropriate relief for the protection of its Confidential Information from any unauthorized use or disclosure); or (c) any use or disclosure made with the consent of the Discloser. In the event of any breach or threatened breach by the Recipient of its obligations under this paragraph, the Discloser will be entitled to injunctive and other equitable relief to enforce such obligations.
7.1 Term. The Term of this Agreement will commence as of the Activation Date and will continue for a period of one (1) year unless terminated sooner pursuant to Sections 7.2 or 7.3 below.
7.2 Termination for Convenience. Either party may terminate the Term by giving the other party thirty (30) days’ prior written notice of termination prior to the end of the Customer’s then-current Billing Period.
7.3 Termination for Material Breach. If either party commits a material breach of or default under this Agreement, then the other party may give the breaching party written notice of the breach or default (including, but not necessarily limited to, a statement of the facts relating to the breach or default, the provisions of this Agreement that are in breach or default and the action required to cure the breach or default) and that the then-current Term will terminate pursuant to this paragraph if the breach or default is not cured within thirty (30) days after receipt of notice (or such later date as may be specified in the notice). If the breaching party fails to cure the specified breach or default within thirty (30) days after receipt of such notice (or such later date as may be specified in such notice), then the then-current Term will terminate without any further notice or action by the terminating party.
7.4 Effect of Termination. If the Term is terminated pursuant to and in accordance with this Section 7, then, unless otherwise specifically provided for in writing by the parties, the following will apply: (a) the parties will cooperate to effect an orderly, efficient, effective and expeditious termination of the party’s respective activities under this Agreement; (b) the rights granted to Customer with respect to the M3 Services, the M3 Materials will terminate effective as of the effective date of the termination; (c) Customer will return to M3 any and all Confidential Information of M3 in the possession or control of Customer; (d) M3 will return to Customer any and all Confidential Information of Customer in its possession or control and make available Customer Data for download for a period of six (6) months after termination, after which time the Customer Data will be permanently deleted; (e) unless otherwise agreed upon by the parties, M3 will have no obligation to provide the M3 Services to Customer or Authorized Users after the effective date of the termination; (f) Customer will pay to M3 any amounts payable for Customer’s and Authorized User’s use of the M3 Services prior to the effective date of the termination; (g) any and all liabilities accrued prior to the effective date of the termination will survive; and (h) the parties’ respective rights and obligations under Section 2.2, and Sections 6, 7, 8, 9, 10 and 11 of this Agreement will survive.
8.1 THE M3 SERVICES (INCLUDING THE M3 SITE), AND ANY RESULTS, REPORTS, ASSESSMENTS OR ANALYSIS GENERATED OR OBTAINED THROUGH THE M3 SERVICES ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, M3 AND ITS AFFILIATES, LICENSORS, SUPPLIERS, ADVERTISERS, SPONSORS AND AGENTS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. FURTHER M3 AND ITS AFFILIATES, LICENSORS, SUPPLIERS, ADVERTISERS, SPONSORS AND AGENTS DO NOT WARRANT AND HEREBY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, THAT YOUR USE OF THE SITE OR THE M3 SERVICE WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SITE OR THE SERVER(S) ON WHICH THE SITE IS HOSTED ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
8.2 Customer Materials. M3 MAKES NO WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, WITH RESPECT TO ANY CUSTOMER MATERIALS.
8.3 Medical or Professional Services. M3 is not engaged in rendering medical or other professional services, and the availability or use of the M3 Services is not intended to create, and does not create, any medical or other professional services relationship. Use of the M3 Service is not an adequate substitute for obtaining medical or other professional advice from a licensed provider in the applicable jurisdiction, nor is it a substitute for any medical services provider using his or her knowledge, expertise and judgment in diagnosing and treating symptoms, illnesses or other medical (including mental) health issues of Patients.
9.1 Warranty. In addition to any warranties set forth elsewhere in the Agreement, Customer warrants to M3 that the performance of Customer’s obligations and Customer and Authorized User’s access to and use of the M3 Services will not violate any third party rights or any applicable laws, rules or regulations.
9.2 Indemnification. Customer will defend, indemnify and hold harmless M3, and its directors, officers, employees, owners and agents from and against any and all claims, costs, losses, damages, judgments and expenses (including reasonable attorneys’ fees) arising out of or in connection with (a) any claim alleging any breach of any of the foregoing warranties or any other provision of this Agreement; (b) any damage arising from causes beyond the control or without the fault or negligence of M3; (c) any use by Customer or Authorized Users of the M3 Services or any other software, services or other items provided under this Agreement.
9.3 Indemnification Process. In the event of any claim described in Section 9.2, M3 will have the right to approve the counsel selected by Customer for defense of any such claim, which approval will not be unreasonably withheld. M3 will provide Customer prompt written notice of any such claim and such information and assistance as Customer may reasonably request to help Customer defend such claims; provided that Customer pays or reimburses all of the costs and expenses reasonably incurred by M3 in connection with any assistance requested by Customer under this Section 9.3. Customer will not have any right to settle any such claim without M3’s written consent, if such settlement arises from or is part of any criminal action, suit or proceeding or contains a stipulation to or admission or acknowledgment of, any liability or wrongdoing (whether in contract, tort or otherwise) on the part of M3 or its affiliates or otherwise requires M3 or its affiliates to take or refrain from taking any material action (such as the payment of fees).
10.1 Force Majeure. Neither party will be liable for, or be considered to be in breach of or default under this Agreement on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond such party’s reasonable control (including, without limitation, any act or failure to act by the other party). This paragraph will not apply to any payment obligation of either party.
10.2 No Consequential Damages. NEITHER PARTY NOR ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OWNERS, SUPPLIERS AND THE PROVIDERS OF THIRD PARTY CONTENT WILL BE LIABLE TO THE OTHER PARTY, FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR ANY LOSS OF PROFIT, REVENUE, DATA, BUSINESS OR USE) EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING FROM OR RELATED TO ANY PROVISION OF THIS AGREEMENT, THE M3 SERVICES, THE M3 MATERIALS OR ANY SOFTWARE, SERVICES OR OTHER ITEMS PROVIDED IN CONNECTION THEREWITH.
10.3 Limitation of Liability. IN NO EVENT WILL THE AGGREGATE LIABILITY OF EITHER PARTY WITH REGARD TO THE M3 SERVICES, THE M3 MATERIALS AND ANY SOFTWARE, SERVICES OR OTHER ITEMS PROVIDED OR FAILED TO BE PROVIDED UNDER THIS AGREEMENT EXCEED THE COMPENSATION PAID BY CUSTOMER TO M3 UNDER THIS AGREEMENT. CUSTOMER’S RIGHT TO MONETARY DAMAGES UP TO THAT AMOUNT WILL BE IN LIEU OF ALL OTHER REMEDIES THAT CUSTOMER OR ANY AUTHORIZED USERS MAY HAVE AGAINST M3 OR ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OWNERS, SUPPLIERS AND THE PROVIDERS OF THIRD PARTY CONTENT.
11.1 Compliance with Laws. In performance of their respective obligations under this Agreement, each party will comply with all applicable laws, rules, regulations, orders and other requirements, now or hereafter in effect, of governmental authorities having jurisdiction.
11.2 Independent Contractors. Each party is an independent contractor and not a partner or agent of the other. This Agreement will not be interpreted or construed as creating or evidencing any partnership or agency between the parties or as imposing any partnership or agency obligations or liability upon either party. Further, neither party is authorized to, and will not, enter into or incur any agreement, contract, commitment, obligation or liability in the name of or otherwise on behalf of the other party.
11.3 Notices. Any notice or other communication under this Agreement given by either party to the other party will be deemed to be properly given if given in writing and delivered in person, sent via email, overnight courier or mailed via registered mail, properly addressed and stamped with the required postage, to the intended recipient. Notice will be effective upon receipt. Either party may from time to time change its address for purposes of this paragraph by giving the other party notice of the change in accordance with this paragraph. Notices must be delivered to the following addresses or at such other address as may be designated:
Customer Attn: Any notice to Customer will use the name and address from the Practice Information Profile e-mail: (From Practice Information Profile)
M-3 Information, LLC
Attn: Michael Byer
155 Gibbs Street, Suite 522
Rockville, MD 20850
email: michael@m3information.com
11.4 Assignment. Neither party will assign this Agreement without the prior written consent of the other party; provided, however, M3 may assign this Agreement without such consent to any subsidiary or parent of M3 or to any successor by way of any merger, consolidation or other corporate reorganization of M3 or sale of all or substantially all of the assets of M3. No assignment, with or without such consent, will relieve any party from its obligations under this Agreement. Subject to the foregoing, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by the parties and their respective successors and assigns.
11.5 Nonwaiver. The failure of either party to insist upon or enforce performance by the other party of any provision of this Agreement, or to exercise any right or remedy under this Agreement or otherwise by law, will not be construed as a waiver or relinquishment of such party’s right to assert or rely upon the provision, right, or remedy in that or any other instance; rather the provision, right or remedy will be and remain in full force and effect.
11.6 Severability. This Agreement will be enforced to the fullest extent permitted by applicable law. If any provision of this Agreement is held to be invalid or unenforceable to any extent, then (a) such provision will be interpreted, construed and reformed to the extent reasonably required to render the same valid, enforceable and consistent with the original intent underlying such provision and (b) such invalidity or unenforceability will not affect any other provision of this Agreement.
11.7 Entire Agreement. This Agreement constitutes the entire agreement, and supersedes any and all prior agreements (whether written or oral), Web site terms, comments or information, and any and all other representations or information made by M3 or any third party, between M3 and Customer with respect to the subject matter of this Agreement. This Agreement can be amended only in a writing signed by an authorized representative of each party.
11.8 Applicable Law; Jurisdiction and Venue. This Agreement will be interpreted, construed and enforced in all respects in accordance with the laws of the State of Maryland, U.S.A., without reference to its choice of law principles to the contrary. Customer hereby consents to the jurisdiction and venue of the state and federal courts located in Montgomery County, State of Maryland, U.S.A. with respect to any claim arising under or by reason of this Agreement. Customer will not prosecute any action, suit, proceeding or claim arising under or by reason of this Agreement except in such courts.
WHEREAS, Covered Entity is a covered entity as such term is defined under HIPAA and as such is required to comply with the requirements thereof regarding the confidentiality and privacy of Protected Health Information; and
WHEREAS, Business Associate has entered or may enter into a Service Provider Agreement with Covered Entity (“Service Agreement”) pursuant to which Business Associate will render services to, for or on behalf of Covered Entity; and
WHEREAS, by providing the services according to the Service Agreement, Business Associate shall become a business associate of Covered Entity as such term is defined at 45 CFR § 160.103;
NOW THEREFORE, in consideration of the mutual covenants, promises and agreements contained herein, the Parties hereto agree as follows:
I. Definitions.
For the purposes of this Agreement, the following capitalized terms shall have the meanings ascribed to them below:
A. “Designated Record Set” or “DRS” shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 CFR § 164.501.B. “Information” shall mean any “health information” as defined in 45 CFR § 160.103.
B. “Electronic PHI” shall have the meaning found in the Security Rule, 45 C.F.R. § 160.103.
C. “Individual” shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 CFR §§ 160.103 and 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).
D. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, “Protected Health Information” shall have the meaning ascribed to this term in 45 CFR §§ 164.501 and 160.103, and is the information created or received by Business Associate from or on behalf of Covered Entity.
E. “Required by Law” shall have the meaning ascribed to this term in 45 CFR §§ 164.501 and 160.103.
F. “Secretary” shall have the meaning ascribed to this term in 45 CFR § 160.103.
G. “Security Rule” shall mean the Security Standards for the Protection of Electronic Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.
II. Confidentiality and HIPAA.
The Parties shall comply with all federal and state laws governing the confidentiality and privacy of health information including, without limitation, the Privacy Standards promulgated pursuant to HIPAA.
A) Obligations of Business Associate
i.) Use and Disclosure of Protected Health Information
Business Associate warrants that Business Associate, its directors, officers, subcontractors, employees, affiliates, agents, and representatives: (a) shall use or disclose Protected Health Information only in connection with fulfilling its duties and obligations under this Agreement and the Service Agreement; (b) shall not use or disclose Protected Health Information other than as permitted or required by this Agreement or required by law; and (c) shall not use or disclose Protected Health Information in any manner that violates applicable laws or would violate such laws if used or disclosed in such manner by Covered Entity.
Business Associate shall provide adequate training to its employees and subcontractors to ensure compliance with this Section.
Subject to the restrictions set forth in the previous paragraph and throughout this Agreement, Business Associate may use the information received from Covered Entity if necessary for (a) the proper management and administration of Business Associate; or (b) to carry out the legal responsibilities of Business Associate.
Business Associate acknowledges that, as between Business Associate and Covered Entity, all Protected Health Information shall be and remain the sole property of Covered Entity, including any and all forms thereof developed by Business Associate in the course of its fulfillment of its obligations pursuant to the Agreement and Management Services Agreement.
Business Associate further represents that, to the extent Business Associate requests that Covered Entity disclose Protected Health Information to Business Associate, such as request is only for the minimum necessary Protected Health Information for the accomplishment of the Business Associate’s purpose.
ii.) Availability of Books and Records
Business Associate shall permit Covered Entity and Secretary and other regulatory and accreditation authorities to audit Business Associate’s internal practices, books and records at reasonable times as they pertain to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity in order to ensure that Covered Entity and Business Associate are in compliance with the requirements of the Privacy Rule.
iii.) Access of Individuals to Information
In the event Business Associate maintains Protected Health Information in Designated Record Sets, Business Associate shall make available to Covered Entity Designated Record Sets, if any exist, within five (5) business days of a written request by Covered Entity for access to Protected Health Information about an Individual contained in a DRS and shall make available to Covered Entity such Protected Health Information for so long as such information is maintained in the DRS.
In the event any Individual requests access to Protected Health Information directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days. Before forwarding any Protected Health Information to Covered Entity, Business Associate shall indicate in the DRS, any material it deems unavailable to the Individual pursuant to 45 CFR § 164.524.
Any denial of access to Protected Health Information determined by Covered Entity pursuant to 45 CFR § 164.524, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.
Business Associate shall support Covered Entity in a manner that enables Covered Entity to meet its obligations under 45 CFR § 164.524.
iv.) Amendment of Information
In order to allow Covered Entity to respond to a request by an Individual for an amendment pursuant to 45 CFR § 164.526, Business Associate shall, within five (5) business days of a written request by Covered Entity for an amendment to Protected Health Information about an Individual contained in a DRS, make available to Covered Entity such Protected Health Information for so long as such information is maintained in the DRS.
In the event any Individual requests amendment of Protected Health Information directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days. Before forwarding any Protected Health Information, if any, to Covered Entity, Business Associate shall indicate in the Designated Record Set, any material it deems unavailable to the Individual pursuant to 45 CFR § 164.526.
Any denial of amendment to Protected Health Information determined by Covered Entity pursuant to 45 CFR § 164.526, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.
Business Associate shall support Covered Entity in a manner that enables Covered Entity to meet its obligations under 45 CFR § 164.524.
Within ten (10) business days of receipt of a request from Covered Entity to amend an Individual’s Protected Health Information in the Designated Record Set, Business Associate shall incorporate any approved amendments, statements of disagreement, and/or rebuttals into its Designated Record Set as required by 45 CFR § 164.526.
v.) Accounting of Disclosures
In order to allow Covered Entity to respond to a request by an Individual for an accounting pursuant to 45 CFR § 164.528, Business Associate shall, within five (5) business days of a written request by Covered Entity for an accounting of disclosures of Protected Health Information about an Individual, make available to Covered Entity such Protected Health Information.
At a minimum, Business Associate shall provide Covered Entity with the following information; (i) the date of the disclosure; (ii) the name of the entity or person who received the Protected Health Information, and if known, the address of such entity or person; (iii) a brief description of the Protected Health Information disclosed; and (iv) a brief statement of the purpose of such disclosure.
In the event any Individual requests an accounting of disclosure of Protected Health Information directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days.
vi.) Survival
The provisions of this Section A) shall survive the termination of this Agreement.
B) Obligations of Covered Entity
i.) Use and Disclosure of Protected Health Information
Covered Entity warrants that Covered Entity, its directors, officers, subcontractors, employees, affiliates, agents, and representatives (i) shall comply with the Privacy Rule in its use or disclosure of Protected Health Information; (ii) shall not use or disclose Protected Health Information in any manner that violates applicable federal and state laws; (iii) shall not request Business Associate to use or disclose Protected Health Information in any manner that violates applicable federal and state laws if such use or disclosure were done by Covered Entity; and (iv) may request Business Associate to disclose Protected Health Information directly to another party only for the purposes allowed by the Privacy Rule.
ii.) Notification of Unauthorized Use
Covered Entity will immediately notify Business Associate if they become aware of any unauthorized use of Covered Entity’s user identification or any other breach of security.
iii.) Survival
The provisions of this Section B) shall survive the termination of this Agreement.
III. Disclosure to Third Parties.
Business Associate shall obtain and maintain an agreement with each director, officer, subcontractor, employee, affiliate, agent, and representative that has or will have access to Protected Health Information, which is received from, or created or received by, Business Associate on behalf of Covered Entity, pursuant to which agreement such director, officer, subcontractor, employee, affiliate, agent, and representative agrees to be bound by the same restrictions, terms, and conditions that apply to Business Associate pursuant to the Agreement with respect to such Protected Health Information.
Business Associate shall also (i) obtain reasonable assurances from the person to whom the Protected Health Information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed and (ii) obligate such person to notify Business Associate of any instances of which it is aware in which the confidentiality of the Protected Health Information has been breached.
IV. Safeguards.
Business Associate shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Business Associate’s operations, to protect the confidentiality of Protected Health Information and to prevent the use or disclosure of Protected Health Information in any manner inconsistent with the terms of this Agreement.
V. Reporting of Breaches, Improper Disclosures, and Security Incidents
A) Breaches
In the event of a Breach (as hereinafter defined) of any Unsecured (as hereinafter defined) Protected Health Information that Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds or uses on behalf of Covered Entity, Business Associate shall report such Breach to Covered Entity immediately, but in no event more than ten (10) days after discovering the Breach. “Breach” shall mean the unauthorized acquisition, access, use, or disclosure of Protected Health Information which compromises the security or privacy of such information. “Unsecured” shall mean Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary from time to time.
Notice of a Breach shall include, at a minimum: (i) the identification of each individual whose Protected Health Information has been, or is reasonably believed to have been, accessed, acquired, used, or disclosed during the Breach, (ii) the date of the Breach, if known, (iii) the scope of the Breach, including identification of the types of Protected Health Information accessed, acquired, used, or disclosed during the Breach, and (iv) a description of the Business Associate’s response to the Breach.
In the event of a Breach, Business Associate shall, in consultation with Covered Entity, mitigate, to the extent practicable, any harmful effect of such Breach that is known to Business Associate.
B) Improper Disclosures
Business Associate shall track all disclosures of Protected Health Information to third parties, including those made to Business Associate’s directors, officers, subcontractors, employees, affiliates, agents, and representatives, other than those disclosures that meet the exception criteria of 45 CFR § 164.528.
Business Associate shall report to Covered Entity any unauthorized or improper use or disclosure of any Protected Health Information regarding the terms and conditions of this Agreement or applicable federal and state laws as soon as practicable, but in no event later than ten (10) business days of the date on which Business Associate becomes aware of such use or disclosure. In the event of a Breach, Business Associate shall, in consultation with Covered Entity, mitigate, to the extent practicable, any harmful effect of such Breach that is known to Business Associate.
C) Security Incidents
Business Associate shall report to Covered Entity any security incident (as defined in 45 CFR § 164.304) of which it becomes aware within five (5) business days.
VI. Term and Termination.
A) General Term and Termination
This Agreement shall become effective on the Effective Date set forth above and shall terminate upon the termination or expiration of the Service Agreement and when all Protected Health Information provided by either party to the other, or created or received by Business Associate on behalf of Covered Entity is, in accordance with Section VII below, destroyed or returned to Covered Entity or, if it is not feasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the terms of this Agreement.
B) Material breach
Where Covered Entity has knowledge of a material breach by Business Associate, and cure is possible, Covered Entity shall provide Business Associate with an opportunity to cure. Where said breach is not cured within ten (10) business days of Business Associate’s receipt of notice from Covered Entity of said breach, Covered Entity shall terminate this Agreement.
At the expense of Business Associate, Covered Entity shall have the right to cure any breach of Business Associate’s obligations under this Agreement. Covered Entity shall give Business Associate notice of its election to cure any such breach, and Business Associate shall cooperate fully in the efforts by Covered Entity to cure Business Associate’s breach. All requests for payment for such services of Covered Entity shall be paid within thirty (30) business days.
In the event that either Party has knowledge of a material breach of this Agreement by the other Party, and cure is not possible, the non-breaching Party shall terminate the portion of the Service Agreement that is affected by the breach. When neither cure nor termination is feasible, the non-breaching Party shall report the violation to the Secretary.
C) Transition
Following the termination of the Agreement for any reason, Business Associate agrees to provide transition services for the benefit of Covered Entity. This shall include the continued provisions of its services required under the Agreement until notified by Covered Entity that the alternative provider of services is able to take over the provision of such services, and the transfer of the Protected Health Information and other data held by Business Associate related to its services under the Agreement.
D) Equitable remedies
Business Associate acknowledges and agrees that Covered Entity will suffer irreparable damage upon Business Associate’s breach of this Agreement, and that such damages shall be difficult to quantify.
Business Associate acknowledges and agrees that Covered Entity may file an action for an injunction to enforce the terms of this Agreement against Business Associate, in addition to any other remedy Covered Entity may have. Where Covered Entity has knowledge of any material breach by Business Associate, Covered Entity may take proceedings against Business Associate before any Court having jurisdiction to obtain an injunction or any legal proceedings to cure or stop such material breach, without more notice than is set forth in Section VI.B. of this Agreement.
VII. Return/Destruction of Protected Health Information Upon Termination.
Upon termination of the Agreement for any reason, Business Associate shall:
A) if feasible, return or destroy all Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity that Business Associate or any of its directors, officers, subcontractors, employees, affiliates, agents, and representatives still maintain in any form, and Business Associate shall retain no copies of such information; or
B) if Covered Entity determines that such return or destruction is not feasible, extend the protections of this Agreement to such information and limit further uses and disclosures to those purposes that make the return or destruction of the Protected Health Information infeasible, in which case Business Associate’s obligations under this Section shall survive the termination of this Agreement.
VIII. Amendment.
If any of the regulations promulgated under HIPAA are amended or interpreted in a manner that renders this Agreement inconsistent therewith, Covered Entity may, on thirty (30) business days written notice to Business Associate, amend this Agreement to the extent necessary to comply with such amendments or interpretations. Business Associate agrees that it will fully comply with all such regulations promulgated under HIPAA, and that it will agree to amend this Agreement to incorporate any material required by such HIPAA regulations.
IX. Indemnification and Insurance.
(A) Business Associate shall indemnify, defend and hold harmless Covered Entity and its directors, officers, subcontractors, employees, affiliates, agents, and representatives from and against any and all third party liabilities, costs, claims, suits, actions, proceedings, demands, losses and liabilities of any kind (including court costs and reasonable attorneys’ fees) brought by a third party, arising from or relating to the acts or omissions of Business Associate or any of its directors, officers, subcontractors, employees, affiliates, agents, and representatives in connection with the Business Associate’s performance under this Agreement or Service Agreement, without regard to any limitation or exclusion of damages provision otherwise set forth in the Agreement. The indemnification provisions of this Section IX shall survive the termination of this Agreement.
(B) Business Associate shall obtain no later than one (1) month from Effective Date of this Agreement and maintain during the term of this Agreement liability insurance covering claims based on a violation of the Privacy Rule or any applicable law or regulation concerning the privacy of a patient information and claims based on its obligations pursuant to this Section in an amount not less than $1,000,000 per claim. Such insurance shall be in the form of occurrence-based coverage.
X. Conflicting Terms.
In the event any terms of this Agreement conflict with any terms of the Service Agreement, the terms of this Agreement shall govern and control.
XI. Governing Law.
This Agreement shall be governed by and construed in accordance with the laws of the State of Maryland.
XII. Notices.
All notices, requests, approvals, demands and other communications required or permitted to be given under this Agreement shall be in writing and delivered either personally, or by certified mail with postage prepaid and return receipt requested, or by overnight courier to the party to be notified. All communications will be deemed given when received. The addresses of the parties shall be as follows; or as otherwise designated by any party through notice to the other party:
If to Covered Entity:
Covered Entity Attn: Any notice to Covered Entity will use the name and address from the Practice Information Profile
If to Business Associate:
M-3 Information, LLC
155 Gibbs Street, Suite 522
Rockville, MD 20850
Attn: Legal Department
XIII. Miscellaneous
A) Regulatory References. A reference in this Agreement to a section in the Privacy or Security Rule means the section as in effect or as amended.
B) Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy and Security Rule.
C) No Third Party Beneficiaries. Except as expressly provided for in the Privacy Rule, there are no third party beneficiaries to this Agreement. Business Associate’s obligations under this Agreement are owed to the Covered Entity only.
Last Updated: January 22, 2014
This Privacy Policy explains how information about you is collected, used and disclosed by M-3 Information, LLC (“M3,” “we” or “us”). This Privacy Policy applies to information we collect when you use our websites, mobile applications and other online products and services that link to this Privacy Policy (collectively, the “Services”) or when you otherwise interact with us.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.
We collect information you provide directly to us. For example, we collect information when you request a demo, create an account, add authorized users, assign patients to clinicians, purchase a subscription, request customer support or otherwise communicate with us. The types of information we collect include:
When you access or use our Services, we automatically log information, including the type of browser you use, access times and pages viewed. We may also use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory that help us to improve our Services and your experience, see which areas and features of our Services are popular and count visits. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. For more information about cookies, and how to disable them, please see “Your Choices” below.
We may also obtain information from other sources and combine that with information we collect through our Services.
We may use information about you for various purposes, including to:
M3 is based in the United States and the information we collect is governed by U.S. law. By accessing or using the Services, you consent to the processing and transfer of information in and to the United States and other countries.
We may share information about you as follows or as otherwise described in this Privacy Policy:
We may also share aggregated or anonymized information that does not directly identify you.
We may allow others to provide analytics services on our behalf. These entities may use cookies, web beacons and other technologies to collect information about your use of the Services and other websites, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by M3 and others to, among other things, analyze and track data, determine the popularity of certain content and better understand your online activity.
M3 takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
You may update or correct information about you at any time emailing us at mail@m3information.com. If you would like to request that we delete information about you, email us at mail@m3information.com but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
You may opt out of receiving promotional emails from M3 by following the instructions in those communications. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.
If you have any questions about this Privacy Policy, please contact us at mail@m3information.com.