1. Accepting the agreement
By clicking the "EXECUTE CONTRACT" button displayed as a part of the online registration process, you are indicating that you expressly accept the following terms and conditions in this legal agreement (the "Agreement") between you and any organization you represent (collectively, "you" or the "Customer") and Demandforce, Inc. ("Demandforce") governing your use of Demandforce's online service and any related software you may install on your computer (the "Service"). If you are entering into this Agreement, you represent that you are authorized to accept the terms of this Agreement on behalf of yourself or the organization you represent. If you do not have such authority, or if you do not agree with the terms and conditions of this Agreement, you must not click on the "EXECUTE CONTRACT" button and must close the Electronic Contract, and may not use the Service.
2. License grant & restrictions
Demandforce hereby grants the Customer, during the terms of this Agreement, the non-exclusive, non-transferable, worldwide right to use the Service, solely for the Customer's own internal business purposes, subject to the terms and conditions of this Agreement. All rights not expressly granted to the Customer are reserved by Demandforce and its third party licensors or suppliers (collectively, the "Licensors").
The Customer shall not (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the Service or the content provided by or on behalf of Demandforce through the Service (the content) in any way; (ii) modify or make derivative works based upon the Service or the Content; (iii) create Internet "links" to the Service or "frame" or "mirror" any Content on any other server or wireless or Internet-based device; or (iv) reverse engineer or access the Service in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the Service, or (c) copy any ideas, features, functions or graphics of the Service.
Customer agrees that Demandforce may publish, modify and amend any and all content appearing within demandforce.com, demandforced3.com, and all other internet domains or content feeds owned, managed, or controlled by Demandforce, including content consisting of promotions, advertisements and listings for non-competing local businesses, or products and services offered by Demandforce.
3. Ownership of intellectual property rights and Customer Data
The parties acknowledge and agree that, subject to the license grants contained in this Agreement, Licensor, retains all right, title and interest, including all related intellectual property rights, in and to the Demandforce technology, the Content and the Service and any suggestions, ideas, enhancement requests, feedback, recommendations (collectively, Feedback) or other information provided by the Customer or any other party relating to the Service. Customer retains all right, title and interest to any and all patient or customer data including consumer review data captured by the Demandforce system ("Customer Data") provided to Demandforce, subject to Demandforce's right to use such Customer Data to provide the Service to Customer. This Agreement is not a sale and does not convey any rights of ownership in or related to the Demandforce Service, Demandforce technology, Demandforce Content, or Demandforce intellectual property to the Customer except for the limited licenses granted to the Customer under this Agreement. Any and all software, algorithms, applications, source codes, structures, sequences, routines, sub-routines and related programming, engineering or technological matter developed or created by Demandforce or its Licensors (and all copyrights, patents, trademarks and other proprietary rights related thereto) shall remain the sole, exclusive and perpetual property of Demandforce or its Licensors.
The trademarks, trade names, service names or logos associated with the Service (collectively, the "Marks") are trademarks of Demandforce or its Licensors, and no right or license is granted to use them. Customer hereby acknowledges Demandforce or its Licensors' perpetual and exclusive ownership of and title to the Marks and the goodwill attaching thereto. Customer agrees not to use or attempt to register any Mark that is confusingly or deceptively similar to the Marks.
4. Customer responsibility and passwords; Third-party software
You are responsible for all activity occurring under your User accounts and shall abide by all applicable local, state, national and foreign laws, treaties and regulations in connection with your use of the Service, including those related to data privacy, international communications and the transmission of technical or personal data. You also will choose a password and a user name. You are entirely responsible for maintaining the confidentiality of your password and account. Furthermore, you are entirely responsible for any and all activities that occur under your account. You agree to notify Demandforce immediately of any unauthorized use of your account or any other breach of security. Demandforce will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. Customer warrants and represents that: (i) the content to be transmitted by or on behalf of Customer does not constitute SPAM; (ii) the content to be transmitted by or on behalf of Customer is not illegal, threatening, hateful, vulgar, obscene, libelous or defamatory and does not and will not infringe upon any trademark, patent, copyright, trade secret or other proprietary, publicity or privacy right of any third party; and (iii) Customer has complied and will comply with all applicable laws respecting its execution and performance of this Agreement.
The Demandforce Service receives data from third-party software systems, which will be designated by Customer in the process of setting up the Demandforce Service. If Customer elects to change, upgrade or materially alter the third party software system from which Demandforce receives data, Demandforce does not guarantee that all Customer Data or Service functionality will be preserved. Customer is responsible for communicating any changes in data structure, management system, or hardware upgrades that may impact Demandforce's ability to receive and process Customer Data. In addition, Customer is responsible for providing Demandforce with accurate instructions and information regarding the third party systems and databases that the Service will interface with, and bears all responsibility for incomplete, inaccurate or otherwise faulty information regarding third party systems and Customer databases conveyed to Demandforce in connection with its set up or maintenance of the Service.
5. Client data and account information
Demandforce does not own any Customer Data, information or material that you submit to the Service in the course of using the Service. Except in accordance with Section 19 of this Agreement or as required by law, Customer Data will not be disclosed, sold, assigned, licensed or otherwise disposed of by Demandforce to any third party. You, not Demandforce, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data, and, except as provided in Section 19 of this Agreement or as required by law, Demandforce shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any Customer Data, or for the improper or erroneous upload or extraction of any Customer Data. Demandforce reserves the right to withhold, remove and/or discard Customer Data without notice for any breach, including, without limitation, your non-payment. Upon termination for cause, your right to access or use Customer Data immediately ceases, and, except as set forth in Section 16 below, Demandforce shall have no obligation to maintain or forward any Customer Data.
6. Limited liability
IN NO EVENT SHALL DEMANDFORCE, ITS SUBSIDIARIES, OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS, PARTNERS OR AFFILIATES BE LIABLE FOR: (I) ANY INDIRECT, INCIDENTAL, UNFORESEEABLE, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES; (II) ANY DAMAGES FOR LOSS OF PROFITS, LOSS OF EARNINGS OR LOSS OF BUSINESS OPPORTUNITIES, EVEN IF DEMANDFORCE HAS BEEN ADVISED OR WARNED BY CUSTOMER OF THE POSSIBILITY OF SUCH DAMAGES; (III) COSTS OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES; (IV) LOSS OF DATA OR OTHER CUSTOMER CONTENT RESULTING FROM DELAYS, NON-DELIVERIES, MISDELIVERIES, SECURITY BREACHES TO, SERVICE INTERRUPTIONS TO, OR ERRORS OR OMISSIONS RESPECTING THE SERVICE OR THE OPERATION OF DEMANDFORCE OR ITS LICENSORS' NETWORKS; OR (V) LOSSES OR LIABILITIES DUE IN WHOLE OR IN PART TO INADVERTENT, PREMATURE OR UNAUTHORIZED RELEASE OR DISCLOSURE OF INFORMATION BY CUSTOMER VIA DEMANDFORCE OR ITS LICENSORS' NETWORKS. THE TOTAL CUMULATIVE LIABILITY OF DEMANDFORCE TOGETHER WITH ITS SUBSIDIARIES, OFFICES, DIRECTORS, EMPLOYEES, LICENSORS, PARTNERS AND AFFILIATES TO CUSTOMER OR ANY THIRD PARTIES IN ANY CIRCUMSTANCE ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICE IS LIMITED TO THE AMOUNT OF FEES CUSTOMER PAYS TO DEMANDFORCE IN THE 12 MONTHS PRIOR TO THE ACTION GIVING RISE TO LIABILITY. The foregoing limitations will apply even if Demandforce has been notified of the possibility of such damages and notwithstanding the failure of the essential purpose of any limited remedy. No action or claim relating to this Agreement shall be made against Demandforce or its Licensors, subsidiaries, officers, directors, employees, partners or affiliates by Customer or on Customer's behalf more than 12 months after the event giving rise to such action or claim.
You agree to indemnify and hold Demandforce (including its parent, subsidiaries, affiliates, officers, directors, agents, and employees, contractors, sub-contractors, Licensors, partners and affiliates) harmless from any claim or demand, including reasonable attorney's fees, made by any third party due to or arising out of your breach or alleged breach of this Agreement or the documents it incorporates by reference, or your violation of any law or the rights of a third party (including without limitation any negligent, willful, tortious or illegal conduct by you affecting a third party).
This Agreement will be in force for a term of 12 months beginning on the Subscription Start Date. This Agreement will AUTOMATICALLY RENEW each year for 12-month periods on the anniversary of the Subscription Start Date (“Renewal Date”). If you choose not to renew, you must notify Demandforce in writing at least 30 days prior to the Renewal Date, in which case, you will continue to have access to the Demandforce service and be billed until the end of the then current term.
10. Billing & pricing
Demandforce charges and collects in advance for use of the Service. No refunds will be available for fees you have paid unless you were billed in error. Demandforce will automatically renew and bill your credit card or issue an invoice to you (a) every month for monthly licenses and fees, (b) every quarter for quarterly licenses and fees, (c) each year on the subsequent anniversary for annual licenses, or in (d) an otherwise mutually agreed upon manner. The renewal charge will be equal to the then-current license fee in effect at the time of renewal. Fees for other services will be charged on an as-quoted basis, including but not limited to:
10.1 Email Finder product.
Demandforce works with a third-party provider to gather email addresses for individuals in your customer database for which you do not currently have email addresses on file. By opting in to use Demandforce's email finder product you will be subject to the recurring monthly service fee once email finder begins for that calendar month; email finder begins once we have passed your data to our third-party provider. The fees are per valid email returned each month from the provider.
10.2 Postcard product.
By opting in to use Demandforce's postcard Product you will be subject to the service fees per printed postcard. You assume full responsibility that any custom content you submit is correct and in the event that you submit incorrect information, misspellings, grammatical errors, or the like, you agree to pay any and all associated fees.
10.3 Listing service.
The Listing Service (defined below) is provided free of charge. Demandforce reserves the right to terminate the Listing Service as to you or any other customer at any time for any reason or no reason. Demandforce's fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and you shall be responsible for payment of all such taxes, levies, or duties, excluding only United States (federal or state) taxes based solely on Demandforce's income.
10.4 Demandforce Connect for Facebook.
Demandforce Connect for Facebook is an add-on service that bears a separate monthly subscription fee, as well as certain installation fees, as quoted on our website, and which are subject to change from time to time. Demandforce Connect for Facebook services require a valid Demandforce subscription to be in place. By electing to subscribe to Demandforce Connect for Facebook, you agree to pay all monthly subscription fees through the remainder of the term of your Demandforce service agreement, billed in accordance with our normal monthly billing procedures. Your subscription to Demandforce Connect for Facebook will automatically renew along with any renewal of your Demandforce subscription, unless you provide us with written notice of cancellation not less than 30 days prior to the end of the then-current term. Demandforce bears no responsibility for, and makes no warranty as to, the content published on your Facebook pages, or any other matter related to your utilization, or that of others, of Facebook, its applications, features and functions.
Unless otherwise stated, Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, "Taxes"). You are responsible for paying all Taxes associated with your purchases or use of Demandforce. If Demandforce has the legal obligation to pay or collect Taxes for which you are responsible under this paragraph, the appropriate amount shall be invoiced to and paid by you, unless You provide Demandforce with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Demandforce is solely responsible for taxes assessable against it based on its income, property and employees.
11. Demandforce guarantee; limitations
Subject to the provisions of this Section, Demandforce shall credit your account an amount equal to the monthly subscription fee paid by you for a given calendar month in the event that you do not receive at least $3 in Program Value (defined below) for every $1 of monthly subscription fee paid by you in such month. Any such credit will apply to the next month (the month following the month for which a refund is requested). To qualify for such credit you must (1) be an existing Demandforce customer in good standing, (2) have at least 250 bona fide customers with valid email addresses entered into the Service, (3) be signed-up for Email Finder, (4) must have executed a custom promotion or newsletter within the past 45 days, (5) have communications and other key product functionality enabled, and (6) complete and submit the Refund Request Form within 15 days of the end of the month in question. Program Value equals the sum of the following amounts for the month in question:
- $1,000 for each new customer/patient that is generated by the Service
- $500 for each lost customer/ or patient visit that is generated through the Service
- Total appointment revenue from a new or existing customer who was contacted via the Service and received service from you within a 60 day time period
- $30 for each customer satisfaction survey completed during such month
- $20 for each existing appointment that is re-confirmed by the customer or patient
- $50 for each referral made during such month whether the referral resulted in an appointment or not
- $30 for each public review completed during such month
12. Credit card authorization
By submitting your credit/debit card ("Bank Card") data to Demandforce, you authorize Demandforce in its complete discretion to submit a financial transaction(s) to your issuing bank for settlement. You agree that once Demandforce has approved or declined your transaction, Demandforce has fully performed under the terms of this Agreement. You agree to contact Demandforce in the event that you desire to cancel any recurring charge, prior to the next billing cycle. Should you fail to contact Demandforce, you agree to indemnify and hold Demandforce harmless from any losses or damages that you suffer as a result of a recurring charge. Demandforce may be contacted at: email@example.com or Demandforce, 22 4th Street, 12th Floor, San Francisco, CA 94103, (415) 904-8080. If you think that there is an error on your account, including an incorrect amount or unauthorized transaction, you agree to contact Demandforce prior to the next billing cycle. Upon proper notification, Demandforce, in its sole discretion may issue a credit to your Bank Card.
13. Representations & warranties
Each party represents and warrants that it has the power and authority to enter into this Agreement. Demandforce represents and warrants that it will provide the Service in a manner consistent with generally accepted industry standards. Customer represents and warrants that Customer has not falsely identified itself or its corporate entity nor provided any false information to gain access to the Service and that all Bank Card and other billing information that Customer has provided is correct. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE". EXCEPT AS EXPLICITLY SET FORTH ABOVE, DEMANDFORCE IS NOT PROVIDING ANY WARRANTIES AND REPRESENTATIONS REGARDING THE SERVICE, CONTENT OR TECHNOLOGY, AND DEMANDFORCE AND ITS LICENSORS, DISTRIBUTORS, PARTNERS AND AFFILIATES (COLLECTIVELY, THE “AFFILIATES”) DISCLAIM ALL WARRANTIES AND REPRESENTATIONS OF ANY KIND WITH REGARD TO THE SERVICE, CONTENT AND TECHNOLOGY, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, FREEDOM FROM VIRUSES OR OTHER HARMFUL CODE, OR FITNESS FOR ANY PARTICULAR PURPOSE. FURTHER, DEMANDFORCE AND THE AFFILIATES WILL NOT BE LIABLE FOR ANY DELAY, DIFFICULTY IN USE, INACCURACY OF INFORMATION, COMPUTER VIRUSES, MALICIOUS CODE OR OTHER DEFECT IN THE SERVICE, OR FOR ANY OTHER PROBLEMS EXPERIENCED BY THE CUSTOMER DUE TO CAUSES BEYOND DEMANDFORCE'S OR THE AFFILIATES’ CONTROL.
14. Email compliance
Demandforce has worked to achieve email compliance. You agree to comply with all elements of CAN-SPAM and safe sender email practices. This includes but not limited to including unsubscribe links, your full contact information in all correspondence, and not releasing private and/or confidential information. You may only use email services for those customers with which you have an existing business relationship and which have indicated that they accept correspondence from you. You may not attempt to spoof sender domains, send spam or other offending email practices including those covered in Section 4 of this agreement. Because of carrier technologies, Demandforce makes no expressed or implied warranty of individual message receipt. Demandforce is not liable for any issues that arise associated with the content that you provide or unforeseen liabilities of it being delivered.
15. Text message compliance
Demandforce automates text message communications, but you are responsible for ensuring that the recipients of those communications have provided prior express written consent to receive them. The prior express written consent must identify that you may be sending text messages related to your goods and services using automated technology and that your customer affirmatively agrees to receive such messages. The prior express consent must include your customers’ written or electronic acceptance. Specifically, by entering a cell phone number into your management system or the Demandforce system and not opting such cell phone out of the Demandforce text message feature, you are directing Demandforce to automatically send text message reminders and other communications to such cell phone and certifying that the user of such cell phone consents to the receipt of those messages. You are responsible for all liability for any failure to receive consent or failure to opt users out of the text message feature. Additionally, you may not attempt to spoof sender domains, send spam or other offending text message practices including those covered in Section 4 of this Agreement. Demandforce makes no expressed or implied warranty of individual message receipt. Standard text message rates apply for all text message services. Demandforce is not liable for any issues that arise associated with the content that you provide or unforeseen liabilities of it being delivered.
For Canada based businesses:
Demandforce has worked to achieve carrier certification for your text message delivery. To maintain this certification, you agree to adopt the double opt-in process comprising of 1) you may only use text message services for those customers with which you have an existing business relationship and which have indicated that they accept correspondence from you and 2) the customers must reply to an opt-in message from their handset. For reliable delivery, you must adhere to message limitations including length and delivery. You may not attempt to spoof sender domains, send spam or other offending text message practices including those covered in Section 4 of this Agreement. Because of carrier technologies, Demandforce makes no expressed or implied warranty of individual message receipt. Standard text message rates apply for all text message services. Demandforce uses “short code” technology to engage in 2-way sms communication with consumers and does not guarantee delivery to all mobile carriers if short code technology is not accepted. Demandforce is not liable for any issues that arise associated with the content that you provide or unforeseen liabilities of it being delivered.
16. Listing services; Intuit Local
Demandforce may offer a complimentary listing service (the "Listing Service") under which your business information and customer reviews (collectively, the "Business Information") are submitted to search engines, indexes and web sites, as well as to the Demandforce service referred to as the "Intuit Local." You agree to participate in the Listing Service, and allow Demandforce to make this data available and provide registration services to the Intuit Local and third party sites. It is up to third party sites to accept the submissions, and Demandforce makes no warranty as to such sites' willingness to do so. For so long as Customer continues to subscribe to the Service, Demandforce will make a good faith attempt to ensure accuracy and confidentiality of the information we provide to third party sites under the Listing Service. We have no control of third party web sites or resources that are provided by companies or persons other than that of Demandforce. Additional tools may be available from the third parties to provide additional updates to your information, but if you use such services, Demandforce is not liable for any claim arising out of the combination of such services with the information provided by the Listing Service. In addition to the terms set forth in this agreement, you agree to abide by the terms set forth in our Public Review Policy, as the same may be amended from time to time by Demandforce, the terms of which are available at www.demandforce.com. Demandforce may terminate your participation in the Listing Service, or this Agreement, at any time in the event that Demandforce determines that you are not in compliance with the Public Review Policy. Upon termination of this Agreement by either party, the Business Information and any consumer reviews may remain in any data feeds provided to third parties under the Listing Service but is subject to removal at any time as determined by Demandforce. You may request explicit removal of the Business Information from such data feeds in writing. Upon request at any time up to 30 days following termination of this agreement, Demandforce will provide you with an electronic copy of your Business Information, including consumer reviews.
Demandforce may terminate your participation in the Listing Service, or this Agreement, at any time in the event that Demandforce determines that you are not in compliance with the Public Review Policy. Upon termination of this Agreement by either party, the Business Information and any consumer reviews may remain in any data feeds provided to third parties under the Listing Service but is subject to removal at any time as determined by Demandforce. You may request explicit removal of the Business Information from such data feeds in writing. Upon request at any time up to 30 days following termination of this agreement, Demandforce will provide you with an electronic copy of your Business Information, including consumer reviews.
17. Governing law; venue; waiver of class action
This Agreement will be interpreted, construed, and enforced in all respects in accordance with the laws of the State of California, without reference to its choice of law principles to the contrary. The Customer will not commence or prosecute any action, suit, proceeding or claim arising under or by reason of this Agreement other than in the state or federal courts located in San Francisco, California. The Customer irrevocably consents to the jurisdiction and venue of the courts identified in the preceding sentence in connection with any action, suit, proceeding, or claim arising under or by reason of this Agreement. To the extent permitted by applicable law, each party agrees that it will not bring or participate in any class action against the other party or its partners or affiliates relating to this Agreement or the Services, and each party hereby waives any rights to bring such claims.
If any provision of this Agreement is found to be invalid or unenforceable, then the remainder of this Agreement will have full force and effect, and the invalid provision will be modified, or partially enforced, to the maximum extent permitted to effectuate the original objective. This Agreement will bind and inure to the transferee of a party’s business, and will be enforceable in the event of a change in ownership or control. This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and merges and supersedes all prior agreements, understandings, negotiations, and discussions. Neither of the parties will be bound by any conditions, definitions, warranties, understandings, or representations with respect to the subject matter hereof other than as expressly provided herein. Failure by either party to enforce any term of this Agreement will not be deemed a waiver of future enforcement of that or any other term in this Agreement or any other agreement that may be in place between the parties. The section headings contained in this Agreement are for reference purposes only and will not affect in any way the meaning or interpretation of this Agreement. This Agreement is not intended to confer any right or benefit on any third party, and no action may be commenced or prosecuted against a party by any third party claiming as a third-party beneficiary of this Agreement or any of the transactions contemplated by this Agreement. No oral explanation or oral information by either party hereto will alter the meaning or interpretation of this Agreement. No amendments or modifications will be effective unless in writing signed by authorized representatives of both parties.
19. Business associate addendum
19.1 Status of the parties.
WHEREAS, the American Recovery and Reinvestment Act (“ARRA“) of 2009 (Pub. L. 111-5), pursuant to Title XIII of Division A and Title IV of Division B, called the “Health Information Technology for Economic and Clinical Health” (“HITECH”) Act, provides modifications to the HIPAA Security and Privacy Rule (hereinafter, all references to the “HIPAA Security and Privacy Rule” are deemed to include all amendments to such rule contained in the HITECH Act, and the HIPAA Final Omnibus Rule of 2013, and any accompanying regulations, and any other subsequently adopted amendments or regulations), and the parties hereby acknowledge and agree that Customer is a covered entity (Covered Entity) and that Demandforce is a business associate of Covered Entity under the HIPAA Privacy Regulations, the HIPAA Security Regulations and the HITECH Standards, defined below.
19.2 Privacy and confidentiality.
The parties acknowledge that in carrying out its obligations under the Agreement, Demandforce and its subcontractors, employees, affiliates, agents, or representatives may have reason to access, use, create, maintain or transmit PHI, as defined below, for or on behalf of Covered Entity. Certain PHI may be transmitted by or maintained in electronic media as Electronic PHI. Both parties agree to comply with any applicable federal or state law governing the privacy and security of the PHI and Electronic PHI including, without limitation, the HIPAA Privacy Regulations, HIPAA Security Regulations, and the HITECH Standards, each as defined below.
a. "Breach" shall mean the acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted under 45 C.F.R. Part 164, Subpart E (the HIPAA Privacy Rule) which compromises the security or privacy of the Protected Health Information. "Breach" shall not include: (1) Any unintentional acquisition, access, or use of Protected Health Information by a workforce member or person acting under the authority of the Covered Entity or Demandforce, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted under the HIPAA Privacy Rule; or (2) Any inadvertent disclosure by a person who is authorized to access Protected Health Information at the Covered Entity or Demandforce to another person authorized to access Protected Health Information at the Covered Entity or Demandforce, respectively, or organized health care arrangement in which the Covered Entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under the HIPAA Privacy Rule; or (3) A disclosure of Protected Health Information where the Covered Entity or Demandforce has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.
b. "Electronic Protected Health Information" or "Electronic PHI" means Protected Health Information that is transmitted by or maintained in electronic media as defined in the HIPAA Security Regulations.
c. "HIPAA" means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
d. "HIPAA Privacy Regulations" means the regulations promulgated under HIPAA by the United States Department of Health and Human Services to protect the privacy of Protected Health Information, including, but not limited to, 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subpart A and Subpart E.
e. "HIPAA Security Regulations" means the regulations promulgated under HIPAA by the United States Department of Health and Human Services to protect the security of Electronic Protected Health Information, including, but not limited to, 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subpart A and Subpart C.
f. "HITECH Standards" means the privacy, security and security breach notification provisions applicable to a Business Associate under Subtitle D of the Health Information Technology for Economic and Clinical Health Act ("HITECH), which is Title XIII of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), and any regulations promulgated thereunder.
g. "Individually Identifiable Health Information" means information that is a subset of health information, including demographic information collected from an individual, that is; (1) created or received by a health care provider, health plan, employer, or health care clearinghouse; and (2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (a) that identifies the individual; or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
h. "Protected Health Information" or "PHI" means Individually Identifiable Health Information transmitted or maintained in any form or medium that (i) is received by Demandforce from Covered Entity, (ii) Demandforce creates for its own purposes from Individually Identifiable Health Information that Demandforce received from Covered Entity, or (iii) is created, received, transmitted or maintained by Demandforce on behalf of Covered Entity. Protected Health Information excludes Individually Identifiable Health Information in education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. §1232g, records described at 20 U.S.C. §1232g(a)(4)(B)(iv), and employment records held by the Covered Entity in its role as employer.
i. "Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
j. Any terms capitalized, but not otherwise defined, in this Addendum shall have the same meaning as those terms have under HIPAA, the HIPAA Privacy Regulations, the HIPAA Security Regulations, and the HITECH Standards.
a. Use or Disclosure. Demandforce agrees to not use or further disclose Protected Health Information other than as expressly permitted or required by this Addendum or as required by law.
b. Safeguards. Demandforce agrees to use appropriate safeguards to prevent any use or disclosure of the Protected Health Information other than uses and disclosures expressly provided for by this Addendum. Demandforce further agrees to use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of any Electronic Protected Health Information in accordance with the HIPAA Security Regulations.
c. Mitigation. Demandforce agrees to mitigate, to the extent practicable, any harmful effect that is known to Demandforce of a use or disclosure of Protected Health Information by Demandforce in violation of the requirements of this Addendum.
d. Reporting. Demandforce agrees to report to Covered Entity any use or disclosure of Protected Health Information in violation of this Addendum by Demandforce or by a third party to which Demandforce disclosed Protected Health Information pursuant to Section 3.e of this Addendum (Subcontractors and Agents), of which it becomes aware, in the time and manner reasonably designated by Covered Entity. Demandforce further agrees to report to Covered Entity any Security Incident of which it becomes aware. In addition, Demandforce shall report to Covered Entity any Breach consistent with the regulations promulgated under HITECH by the United States Department of Health and Human Services at 45 C.F.R. Part 164, Subpart D.
e. Subcontractors and Agents. Demandforce agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Demandforce on behalf of, Covered Entity, agrees to the same restrictions and conditions that apply through this Addendum to Demandforce with respect to such information.
f. Access. Upon receipt of a written request by Covered Entity for access to Protected Health Information about an individual contained in a Designated Record Set, Demandforce shall make available to Covered Entity such Protected Health Information, in the time and manner reasonably designated by Covered Entity, for so long as such information is maintained in the Designated Record Set. In the event any individual requests access to Protected Health Information directly from Demandforce, Demandforce shall forward such request to Covered Entity in the time and manner reasonably designated by Covered Entity. Any denials of access to the Protected Health Information requested shall be the responsibility of Covered Entity.
g. Amendment. Upon receipt of a written request by or on behalf of Covered Entity for the amendment of an individual's Protected Health Information or record contained in a Designated Record Set (for so long as the Protected Health Information is maintained in the Designated Record Set), Demandforce shall provide such information to Covered Entity for amendment and incorporate any such amendments in the Protected Health Information as required by 45 C.F.R. §164.526, in the time and manner reasonably designated by Covered Entity.
h. Audit and Inspection. Demandforce agrees to make its internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information and the security of Electronic Protected Health Information, available to Covered Entity, or, at the request of Covered Entity, to the Secretary of Health and Human Services (the "Secretary of HHS" or any officer or employee of HHS to whom the Secretary of HHS has delegated such authority for the purposes of the Secretary of HHS determining Covered Entity's compliance with the HIPAA Privacy Regulations and the HIPAA Security Regulations. Such information shall be made available in a time and manner designated by Covered Entity or the Secretary of HHS.
i. Documentation of Disclosures. Demandforce agrees to document such disclosures of Protected Health Information, and such information related to such disclosures, as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. §164.528.
j. Accounting. Upon receipt of written notice by or on behalf of Covered Entity to Demandforce that Covered Entity has received a request for an accounting of disclosures of Protected Health Information, Demandforce shall make available to Covered Entity, in the time and manner reasonably designated by Covered Entity, that information collected in accordance with Section 3.i of this Addendum (Documentation of Disclosures), to permit Covered Entity to respond to the request in accordance with 45 C.F.R. §164.528.
k. Compliance with the HITECH Standards. Notwithstanding any other provision in the Agreement, no later than February 17, 2010, unless a separate effective date is specified by law or the Agreement for a particular requirement (in which case the separate effective date shall be the effective date for that particular requirement), Demandforce shall comply with the HITECH Standards, including, but not limited to: (i) compliance with the requirements regarding minimum necessary under HITECH § 13405(b); (ii) requests for restrictions on use or disclosure to health plans for payment or health care operations purposes when the provider has been paid out of pocket in full consistent with HITECH §13405(a); (iii) the prohibition of sale of PHI without authorization unless an exception under HITECH §13405(d) applies; (iv) the prohibition on receiving remuneration for certain communications that fall within the exceptions to the definition of marketing under 45 C.F.R. §164.501 unless permitted by the Agreement and Section 13406 of HITECH; (v) the requirements relating to the provision of access to certain information in electronic access under HITECH §13405(e); (vi) compliance with each of the Standards and Implementation Specifications of 45 C.F.R. Ё 164.308 (Administrative Safeguards), 164.310 (Physical Safeguards), 164.312 (Technical Safeguards) and 164.316 (Policies and Procedures and Documentation Requirements); and (vii) the requirements regarding accounting of certain disclosures of PHI maintained in an Electronic Health Record under HITECH §13405(c).
19.5 Permitted uses and disclosures by Demandforce.
a. General Use and Disclosure Provisions. Except as otherwise limited in this Addendum, Demandforce may use or disclose Protected Health Information in connection with its performance of the services provided under the Agreement if such use or disclosure of Protected Health Information would not violate HIPAA or the HIPAA Privacy Regulations if done by Covered Entity or such use or disclosure is expressly permitted under Section 4.b of this Addendum (Specific Use and Disclosure Provisions).
b. Specific Use and Disclosure Provisions. Except as otherwise limited in this Addendum, Demandforce may use and disclose Protected Health Information for the proper management and administration of Demandforce or to meet its legal responsibilities; provided, however, that such Protected Health Information may be disclosed for such purposes only if the disclosures are required by law or Demandforce obtains certain reasonable assurances from the person to whom the information is disclosed. The required reasonable assurances are that: (1) the information will remain confidential; (2) the information will be used or further disclosed only as required by law or for the purpose for which the information was disclosed to the person; and (3) the person will notify Demandforce of any instances of which it is aware in which the confidentiality of the information has been breached.
19.6 Obligations of covered entity.
Covered Entity shall not request Demandforce to use or disclose Protected Health Information in any manner that would not be permissible under the HIPAA Privacy Regulations if done by Covered Entity or that is not otherwise expressly permitted under Section 4 of this Addendum (Permitted Uses and Disclosures by Demandforce).
19.7 Term and termination.
a. Term. This Addendum shall be effective as of the date of the execution of the Agreement and shall continue until the Agreement expires or terminates or this Addendum is sooner terminated in accordance with the provisions of Section 6.b (Termination for Cause) or 7.b (Amendment) hereof, whichever shall first occur.
b. Termination for Cause. Upon Covered Entity's knowledge of a material breach by Demandforce, Covered Entity may, in its sole discretion, either (1) provide Demandforce with notice of and an opportunity to cure such breach and then terminate this Addendum if Demandforce does not cure the breach within the time period specified by Covered Entity, or (2) terminate this Addendum immediately. In the event that termination of this Addendum is not feasible, Demandforce acknowledges that Covered Entity has the right to report the breach to the Secretary of HHS. On or after February 17, 2010, upon Demandforce's knowledge of a material breach by the Covered Entity of this Addendum, Demandforce may, in its sole discretion, either (1) provide Covered Entity with notice of and an opportunity to cure such breach and then terminate this Addendum if Covered Entity does not cure the breach within the time period specified by Demandforce, or (2) terminate this Addendum immediately. In the event that termination of this Addendum is not feasible, Covered Entity acknowledges and agrees that Demandforce has the right to report the breach to the Secretary of HHS.
c. Effect of termination. (1) Subject to the following paragraph, upon termination of this Addendum for any reason, Demandforce shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Demandforce on behalf of Covered Entity. This provision shall also apply to Protected Health Information that is in the possession of subcontractors or agents of Demandforce. Demandforce shall retain no copies of the Protected Health Information. (2) Notwithstanding the foregoing, if Demandforce determines that returning or destroying the Protected Health Information is not feasible, Demandforce shall provide Covered Entity notice of the conditions that make return or destruction not feasible. Demandforce shall extend the protections of this Addendum to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction not feasible, for so long as Demandforce maintains such Protected Health Information.
a. Regulatory References. A reference in this Addendum to a section in HIPAA, the HIPAA Privacy Regulations or the HIPAA Security Regulations, or the HITECH Standards means the section as in effect or as amended from time to time, and for which compliance is required.
b. Amendment. Covered Entity and Demandforce agree that amendment of this Addendum may be required to ensure that Covered Entity and Demandforce comply with changes in state and federal laws and regulations relating to the privacy, security and confidentiality of Protected Health Information, including, but not limited to, changes under the HIPAA Privacy Regulations, the HIPAA Security Regulations and the HITECH Standards. Demandforce agrees that Covered Entity may terminate this Addendum upon thirty (30) days written notice in the event that Demandforce does not promptly enter into such amendment.
c. Survival. The respective rights and obligations of Demandforce under Section 6.c of this Addendum (Effect of Termination) shall survive the termination of this Addendum.
d. Interpretation. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with applicable law protecting the privacy, security and confidentiality of Protected Health Information, including, but not limited to, HIPAA, the HIPAA Privacy Regulations, the HIPAA Security Regulations and the HITECH Standards.
e. State Law. Nothing in this Addendum shall be construed to require Demandforce to use or disclose Protected Health Information without a written authorization from an individual who is a subject of the Protected Health Information, or written authorization from any other person, where such authorization would be required under state law for such use or disclosure.
f. No Third Party Beneficiaries. Nothing express or implied in this Addendum is intended or shall be deemed to confer upon any person other than Covered Entity, Demandforce, and their respective successors and assigns, any rights, obligations, remedies or liabilities.
g. Primacy. To the extent that any provisions of this Addendum conflict with the provisions of any other agreement or understanding between the parties, including without limitation the Agreement, this Addendum shall control with respect to the subject matter of this Addendum.
If you have questions regarding this Agreement or wish to obtain additional information, please send an e-mail to firstname.lastname@example.org.
© 2014 Intuit Inc. All rights reserved. December 19, 2013