1. GENERAL TERMS AND CONDITIONS
2. WHAT SERVICE DOES EYECARELIVE PROVIDE?
3. TERRITORIAL RESTRICTIONS
4. REGISTRATION
5. ACCESS RIGHTS
6. PROVIDER LICENSE
7. EYECARELIVE STANDARD OF CARE GUIDELINES
8. PARTICIPATING PATIENTS
9. FEES
10. CONSULTATION TYPES OR AREAS OF EYE CARE
11. TECHNOLOGY USE
12. CHARTING REQUIREMENTS
13. SERVICE LEVEL AGREEMENT
14. TERM AND TERMINATION
15. PRIVACY
16. OWNERSHIP
17. DISCLAIMER
18. COPYRIGHT INFRINGEMENT/DMCA NOTICE
If you believe that any content on our Website violates your copyright, and you wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to 17 U.S.C. § 512(c) (“DMCA Takedown Notice”) must be provided to our designated Copyright Agent. It is our policy to terminate the accounts of repeat infringers.
- Your physical or electronic signature;
- Identification of the copyrighted work(s) that you claim to have been infringed;
- Identification of the material on our services that you claim is infringing and that you request us to remove;
- Sufficient information to permit us to locate such material;
- Your address, telephone number, and e-mail address;
- A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and
- A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.
The EyecareLive’s Copyright Agent to receive the DMCA Takedown Notices is Raj Ramchandani, EyecareLive, Inc. Attn: DMCA Notice, 5201 Great America Pkwy, Suite 320, Santa Clara, CA, 95054. You acknowledge that for us to be authorized to take down any content, your DMCA takedown notice must comply with all the requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by us in connection with the written notification and allegation of copyright infringement.
19. LIMITATION OF LIABILITY
EXCEPT FOR FRAUD, GROSS NEGLIGENCE, WILLFUL MISCONDUCT, PERSONAL INJURY, DEATH, OR A PARTY’S INDEMNIFICATION OBLIGATIONS , IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE ARISING OUT OF THIS AGREEMENT, OR THE USE OF, OR THE INABILITY TO USE, OUR SERVICE, INCLUDING, WITHOUT LIMITATION, ANY INFORMATION MADE AVAILABLE THROUGH OUR SERVICE OR ANY SERVICES PERFORMED BY ANY HEALTHCARE PROVIDERS YOU CONNECT WITH VIA OUR SERVICE (INCLUDING CLAIMS OF MEDICAL MALPRACTICE), EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN THE EVENT THE FOREGOING LIMITATION OF LIABILITY IS DETERMINED BY A COURT OF COMPETENT JURISDICTION TO BE UNENFORCEABLE, THEN THE MAXIMUM LIABILITY FOR ALL CLAIMS OF EVERY KIND WILL NOT EXCEED ONE HUNDRED DOLLARS (U.S. $100.00). THE FOREGOING LIMITATION OF LIABILITY WILL COVER, WITHOUT LIMITATION, ANY TECHNICAL MALFUNCTION, COMPUTER ERROR OR LOSS OF DATA, AND ANY OTHER INJURY ARISING FROM THE USE OF OUR SERVICE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. TO THE EXTENT THAT WE MAY NOT DISCLAIM ANY IMPLIED WARRANTY OR LIMIT ITS LIABILITIES, THE SCOPE AND DURATION OF SUCH WARRANTY AND THE EXTENT OF OUR LIABILITY WILL BE THE MINIMUM PERMITTED UNDER APPLICABLE LAW.
20. INDEMNIFICATION
You agree to indemnify and hold harmless EyecareLive, its parents, principals, subsidiaries, affiliates, licensors, and suppliers, and the officers, directors, employees, consultants, and agents of each, from and against any and all third-party claims, liabilities, damages, losses, costs, expenses and fees (including reasonable attorneys’ fees and court costs) that such parties may incur as a result of or arising from your use of our Service, your violation of this Terms of Service, your violation of any rights of any other person or entity, or any misdiagnosis or mistreatment by you of any patient, including any Participating Patient. We reserve the right to control the defense of any claim for which we are entitled to indemnification, and you agree to provide us with such cooperation as is reasonably requested by us.
21. RELATIONSHIP OF PARTIES
EyecareLive operates as a marketing services and lead generator. The parties hereto are independent contractors, and nothing contained herein shall be interpreted as creating any relationship other than that of independent contracting parties. The parties shall not be construed as being partners, joint ventures, shareholders, employer/employee, or agent/servant. You have no power or authority to bind EyecareLive to any obligation, agreement, debt or liability. You shall not hold itself out as an agent or representative of EyecareLive.
22. GOVERNING LAW
This Agreement shall be governed by the law of the State of Delaware, without respect to its conflict of laws principles. Each of the parties to this Agreement consents to the exclusive jurisdiction and venue of the state and federal courts located in Santa Clara County, California, for any actions not subject to Dispute Resolution and Arbitration provisions as set forth in Section 23.
23. DISPUTE RESOLUTION AND ARBITRATION
PLEASE READ THE FOLLOWING SECTION CAREFULLY BECAUSE IT REQUIRES YOU TO ARBITRATE CERTAIN DISPUTES AND CLAIMS WITH EYECARELIVE AND LIMITS THE MANNER IN WHICH YOU CAN SEEK RELIEF FROM US.
Binding Arbitration
Except for any disputes, claims, suits, actions, causes of action, demands or proceedings (collectively, “Disputes”) in which either party seeks to bring an individual action in small claims court or seeks injunctive or other equitable relief for the alleged unlawful use of intellectual property, including, without limitation, copyrights, trademarks, trade names, logos, trade secrets or patents, you and EyecareLive agree (a) to waive your and EyecareLive’s respective rights to have any and all Disputes arising from or related to this Agreement, use of our Services and Platform, resolved in a court, and (b) to waive your and EyecareLive’s respective rights to a jury trial. Instead, you and EyecareLive agree to arbitrate Disputes through binding arbitration (which is the referral of a Dispute to one or more persons charged with reviewing the Dispute and making a final and binding determination to resolve it instead of having the Dispute decided by a judge or jury in court).
No Class Arbitrations, Class Actions or Representative Actions
You and EyecareLive agree that any Dispute arising out of or related to this Terms of Service or the sites, content or products is personal to you and EyecareLive and that such Dispute will be resolved solely through individual arbitration and will not be brought as a class arbitration, class action or any other type of representative proceeding. You and EyecareLive agree that there will be no class arbitration or arbitration in which an individual attempts to resolve a Dispute as a representative of another individual or group of individuals. Further, you and EyecareLive agree that a Dispute cannot be brought as a class or other type of representative action, whether within or outside of arbitration, or on behalf of any other individual or group of individuals.
Federal Arbitration Act
You and EyecareLive agree that this Terms of Service affect interstate commerce and that the enforceability of this Section shall be both substantively and procedurally governed by and construed and enforced in accordance with the Federal Arbitration Act, 9 U.S.C. § 1 et seq. (the “FAA”), to the maximum extent permitted by applicable law.
Notice; Informal Dispute Resolution
You and EyecareLive agree that each party will notify the other party in writing of any arbitrable or small claims Dispute within thirty (30) days of the date it arises, so that the parties can attempt in good faith to resolve the Dispute informally. Notice to EyecareLive shall be sent by certified mail or courier to EyecareLive, Inc., Attn: Legal, 1010 W Fremont Avenue, Sunnyvale, California, 94087. Your notice must include (a) your name, postal address, telephone number, the email address you use or used for your EyecareLive’s Account and, if different, an email address at which you can be contacted, (b) a description in reasonable detail of the nature or basis of the Dispute, and (c) the specific relief that you are seeking. Our notice to you will be sent electronically in accordance with this Agreement and will include (x) our name, postal address, telephone number and an email address at which we can be contacted with respect to the Dispute, (y) a description in reasonable detail of the nature or basis of the Dispute, and (z) the specific relief that we are seeking. If you and EyecareLive cannot agree on how to resolve the Dispute within thirty (30) days after the date notice is received by the applicable party, then either you or EyecareLive may, as appropriate and in accordance with this Section, commence an arbitration proceeding.
Process
EXCEPT FOR DISPUTES IN WHICH EITHER PARTY SEEKS TO BRING AN INDIVIDUAL ACTION IN SMALL CLAIMS COURT OR SEEKS INJUNCTIVE OR OTHER EQUITABLE RELIEF FOR THE ALLEGED UNLAWFUL USE OF INTELLECTUAL PROPERTY, INCLUDING, WITHOUT LIMITATION, COPYRIGHTS, TRADEMARKS, TRADE NAMES, LOGOS, TRADE SECRETS OR PATENTS, YOU AND EYECARELIVE AGREE THAT ANY DISPUTE MUST BE COMMENCED OR FILED BY YOU OR EYECARELIVE WITHIN ONE (1) YEAR OF THE DATE THE DISPUTE AROSE, OTHERWISE THE UNDERLYING CLAIM IS PERMANENTLY BARRED (WHICH MEANS THAT YOU AND EYECARELIVE WILL NO LONGER HAVE THE RIGHT TO ASSERT SUCH CLAIM REGARDING THE DISPUTE). You and EyecareLive agree that (a) any arbitration will occur in Santa Clara County, California, (b) arbitration will be conducted confidentially by a single arbitrator in accordance with the Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes (the “AAA Rules”) then in effect, except as modified by this “Dispute Resolution” section, and (c) that the state or federal courts of the State of Illinois, have exclusive jurisdiction over any appeals and the enforcement of an arbitration award. You may also litigate a Dispute in the small claims court located in the county of your billing address if the Dispute meets the requirements to be heard in small claims court.
Authority of Arbitrator
As limited by the FAA, this Terms of Service and the applicable AAA rules, the arbitrator will have (a) the exclusive authority and jurisdiction to make all procedural and substantive decisions regarding a Dispute, including the determination of whether a Dispute is arbitral, and (b) the authority to grant any remedy that would otherwise be available in court; provided, however, that the arbitrator does not have the authority to conduct a class arbitration or a representative action, which is prohibited by this Terms of Service. The arbitrator may only conduct an individual arbitration and may not consolidate more than one individual’s claims, preside over any type of class or representative proceeding or preside over any proceeding involving more than one individual. Notwithstanding anything to the contrary herein or the applicable AAA rules, discovery in the arbitration shall be limited to one set of interrogatories, one set of requests for admissions, and one set of requests for production of documents.
The arbitrator’s award of damages must be consistent with the terms of the “Limitation of Liability” section above as to the types and amounts of damages for which a party may be held liable. The arbitrator may award declaratory or injunctive relief only in favor of the claimant and only to the extent necessary to provide relief warranted by the claimant’s individual claim. If you prevail in arbitration you will be entitled to an award of attorneys’ fees and expenses, to the extent provided under applicable law. We will not seek, and hereby waive, all rights we may have under applicable law to recover, attorneys’ fees and expenses if it prevails in arbitration.
Rules of AAA
The AAA Rules are available at www.adr.org/rules or by calling the AAA at 1-800-778-7879. By agreeing to be bound by this Terms of Service, you either (a) acknowledge and agree that you have read and understand the rules of AAA, or (b) waive your opportunity to read the rules of AAA and any claim that the rules of AAA are unfair or should not apply for any reason.
Severability
If any term, clause or provision of this Section is held invalid or unenforceable, it will be so held to the minimum extent required by law, and all other terms, clauses and provisions of this Section will remain valid and enforceable. Further, the waivers set forth herein are severable from the other provisions of this Terms of Service and will remain valid and enforceable, except as prohibited by applicable law.
Opt-Out Right
YOU HAVE THE RIGHT TO OPT OUT OF BINDING ARBITRATION WITHIN THIRTY (30) DAYS OF THE DATE YOU FIRST ACCEPTED THE TERMS OF THIS SECTION BY WRITING TO: EYECARELIVE, INC., RE: OPT-OUT, 1010 W FREMONT AVENUE, SUNNYVALE, CALIFORNIA 94087. IN ORDER TO BE EFFECTIVE, THE OPT OUT NOTICE MUST INCLUDE YOUR FULL NAME AND CLEARLY INDICATE YOUR INTENT TO OPT OUT OF BINDING ARBITRATION.
24. MISCELLANEOUS
This Agreement, along with the Privacy Policy, constitutes the entire and final agreement between you and EyecareLive and govern your access to our Service, superseding any prior agreements between us with respect to Terms of Service. The section titles in these Terms of Service are for convenience only and have no legal or contractual effect. You may not assign any of your rights under these Terms of Service, and any such attempt will be null and void. The validity, interpretation, construction and performance of these Terms of Service will be governed by the laws of the State of California, without giving effect to the principles of conflict of laws.
Any dispute arising under or relating to these Terms of Service will be resolved solely and exclusively by final and binding arbitration in Santa Clara County, California, under the rules of the American Arbitration Association, except that either party may bring a claim related to intellectual property rights, or seek specific performance and/or temporary and permanent injunctive relief without the posting of bond or other security.
The parties agree to the sole and exclusive personal and subject matter jurisdiction and sole and exclusive venue of the state and federal courts located in Santa Clara County, California, for any action related to these Terms of Service or the use of our service. You may only resolve disputes with us on an individual basis and not as part of any class, consolidated, multi-party, or representative action. Our failure to enforce any provision of these Terms of Service will not constitute a waiver of such right. If any provision is found to be invalid, the parties agree that the court or arbitrator should endeavor to give effect to the parties’ intentions as reflected in the provision, and that the other provisions of these Terms of Service remain in full force and effect. The parties agree that the provisions of this Agreement will be fairly interpreted without prejudice to either party, including without limitation any strict interpretation against the drafter.
You agree that regardless of any statute or law to the contrary, any claim or cause of action related to these Terms of Service or the use of our service must be filed within one (1) year after such claim arose or be forever barred. You have no authority to act on behalf of or bind EyecareLive in any way.
The parties agree to the use of electronic documents and records in connection with registration, future transactions and communications involving our Service and that all agreements, notices, disclosures and other communications provided by the parties electronically satisfy any legal requirement that such communications be in writing.
Any use of third-party software provided in connection with our Service, or any third-party product or service accessed or used in connection with our Service, will be governed by the applicable third-party’s license or terms of use, and not by these Terms of Service. If you access our Service from Apple’s App Store, you acknowledge and agree that Apple, and Apple’s subsidiaries, are third-party beneficiaries of this Agreement, and as such, Apple will have the right to enforce this Agreement. In addition to this Agreement, your use of our Service must comply with all applicable third-party terms of agreement.
Any and all provisions of this Agreement that would reasonably be expected to be performed after the termination of this Agreement shall survive and be enforceable after such termination, including, without limitation, provisions relating to ownership, indemnification, limitation of liability and governing law.
EXHIBIT A
BUSINESS ASSOCIATE AGREEMENT
This Exhibit A is a required document under the Health Information Portability Account Act of 1996 (“HIPAA”). You should become familiar with the requirements of the entire document, but Section 4 in particular sets out your specific obligations. In the event of any conflict between the terms of this Agreement and the EyecareLive, Inc. Terms of Service, the terms of this Agreement shall take precedence.
RECITALS
You (“Doctor”) provide optometric and/or ophthalmological medical services to your patients.
We (“Contractor”) are a company that facilitates doctor-patient interactions and the rendition of professional services through secure electronic means including real time video conferencing (synchronous communications), asynchronous store and forwarding of PHI and secure messaging between the Doctor and patient.
Doctor, as a Covered Entity under HIPAA is required to enter into this Agreement to obtain satisfactory assurances that Contractor, a Business Associate as that term is defined under HIPAA, will appropriately safeguard all Protected Health Information (“PHI“) as defined herein, disclosed, created, maintained or received by Contractor on behalf of Doctor.
Doctor desires to engage Contractor to perform certain functions for, or on behalf of, Doctor, involving the disclosure of PHI by Doctor to Contractor, or the creation, maintenance or use of PHI by Contractor on behalf of Doctor, and Contractor desires to perform such functions.
This Agreement shall be deemed an exhibit to the EyecareLive, Inc. Terms of Service between the parties hereto and shall supersede any prior Business Associate Agreement between these parties.
In consideration of the mutual promises below and the exchange of information pursuant to this Agreement and in order to comply with all legal requirements for the protection of this information, the parties therefore agree as follows:
Article I.
Definitions of Terms
1.01 “Agreement” means this Business Associate Agreement.
1.02 “Business Associate” shall have the meaning given to such term in 45 C.F.R. § 160.103.
1.03 “C.F.R.” shall mean the Code of Federal Regulations.
1.04 “Covered Entity” shall have the meaning given to such term in 45 C.F.R. § 160.103, and in reference to the party to this agreement, shall mean the Doctor.
1.05 “Designated Record Set” shall have the meaning given to such term in 45 C.F.R. § 164.501.
1.06 “Electronic Protected Health Information or Electronic PHI” shall have the meaning given to such term under the Privacy Rule and the Security Rule, including, but not limited to, 45 C.F.R. § 160.103, as applied to the information that Business Associate creates, receives, maintains or transmits from or on behalf of Doctor.
1.07 “HIPAA Rules” shall mean the Privacy, Security, Breach Notification and Enforcement Rules at 45 C.F.R. Parts 160 and 164, as amended from time to time.
1.08 “Individual” shall have the same meaning given to such term in 45 C.F.R. § 160.103 and shall include a person who qualifies as the individual’s personal representative in accordance with 45 C.F.R. § 164.502(g).
1.09 “Privacy Rule” shall mean the Privacy Standards at 45 C.F.R. Part 164, Subpart E.
1.10 “Protected Health Information” (also referred to herein as “PHI”) shall have the meaning given to such term in 45 C.F.R. § 160.103.
1.11 “Required By Law” shall have the same meaning given to such term in 45 C.F.R. § 164.103.
1.12 “Secretary” shall mean the Secretary of Health and Human Services (“HHS”) or his or her designee as provided in 45 C.F.R. § 160.103.
1.13 “Security Incident” shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 164.304.
1.14 “Security Rule” shall mean the Security Standards at 45 C.F.R. Part 164, Subparts A and C.
Article II.
Obligations and Activities of Contractor
2.01 Protected Health Information. Contractor agrees and acknowledges that any individual’s PHI that comes within Contractor’s custody, exposure, possession or knowledge or is created, maintained, retained, transmitted, derived, developed, compiled, prepared or used by Contractor in the course of or in connection with the performance of services under this Agreement, is confidential and shall remain the exclusive property of Doctor and shall be used, disclosed, transmitted and/or maintained solely in accordance with this Agreement and as Required By Law. Contractor agrees to comply with its obligations as a Business Associate and acknowledges that it is subject to and agrees to comply with HIPAA and all applicable guidance and regulations issued by the Secretary to implement HIPAA and all other applicable law.
2.02 Use of Protected Health Information. Contractor shall not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law.
2.03 Forwarding Requests for Disclosure from Government to Doctor. Contractor shall forward all requests for the disclosure of PHI from a law enforcement or government official, or pursuant to a subpoena, other legal request or court or administrative order, to Doctor as soon as possible before making the requested disclosure, but no later than five (5) business days following its receipt of such request or order.
2.04 Assisting Doctor to Respond to Requests for Disclosure from Government. Contractor shall provide to Doctor all PHI necessary to respond to a request for the disclosure of PHI by a law enforcement or government official, or pursuant to a subpoena, other legal request, or court or administrative order as soon as possible, but no later than two (2) business days following its receipt of such written request from Doctor.
2.05 Restrictions on Use and/or Disclosure of Protected Health Information. Contractor shall comply with all granted restrictions on the use and/or disclosure of PHI, pursuant to 45 C.F.R. § 164.522(a), upon notice from Doctor. Contractor shall forward to Doctor any requests for restriction on the use and/or disclosure of PHI within five (5) business days of receipt.
2.06 Requests for Confidential Communication of PHI. Contractor shall comply with all granted requests for confidential communication of PHI, pursuant to 45 C.F.R. § 164.522(b), upon notice from Doctor. Contractor shall forward to Doctor any requests for confidential communication of PHI within ten (10) business days of receipt.
2.07 Appropriate Safeguards. Contractor shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI that it creates, receives, maintains, or transmits on behalf of the Doctor, as required by the Security Rule.
2.08 Duty to Mitigate. Contractor shall take immediate steps to mitigate, to the extent practicable or as reasonably directed by Doctor, any harmful effect that is known to Contractor of a use or disclosure of PHI by Contractor in violation of the requirements of this Agreement, the Privacy Rule or the Security Rule, such as obtaining the recipient’s satisfactory assurances that the information will not be further used or disclosed (through a confidentiality agreement or similar means) or will be destroyed.
2.09 Reporting of Unauthorized Uses or Disclosures. Contractor shall report to Doctor any use or disclosure of the PHI not provided for by this Agreement, the Privacy Rule or the Security Rule, including breaches of unsecured PHI, as required at 45 C.F.R. § 164.410, and any security incident of which it becomes aware, as soon as possible, but no later than five (5) business days after discovery, stating (to the extent known by Contractor) the nature of such use or disclosure, the names and addresses of the individuals who are the subject of such PHI and the names of the individuals who made or engaged in such use or disclosure and any other available information that the Doctor is required to include in notifications to the affected individuals.
2.10 Subcontractors, Consultants, Agents and Other Third Parties. Contractor shall in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2) ensure that any subcontractor, consultant, agent, or other third party that creates, receives, maintains, or transmits PHI on behalf of Contractor agrees to the same restrictions, conditions, and requirements that apply to Contractor with regard to its creation, use, and disclosure of PHI. Contractor shall, upon request from Doctor, provide Doctor with a list of all such third parties. Contractor shall ensure that any subcontractor, consultant, agent, or other third party to whom it provides Electronic PHI agrees to implement reasonable and appropriate safeguards to protect such information. Contractor must terminate its agreement with any subcontractor, consultant, agent or other third party, and obtain all PHI provided to such subcontractor, consultant, agent or other third party, if Contractor becomes aware that the subcontractor, consultant, agent or other third party has breached its contractual duties relating to HIPAA or this agreement. If any subcontractor, consultant, agent, or other third party of Contractor are not subject to the jurisdiction or laws of the United States, or if any use or disclosure of PHI in performing services under the Agreement will be outside of the jurisdiction of the United States, such entities must agree by written contract with the Contractor to be subject to the jurisdiction of the Secretary, the laws and the courts of the United States, and waive any available jurisdictional defenses as they pertain to the parties’ obligations under this Agreement, the Privacy Rule or the Security Rule.
2.11 Books and Records. Contractor shall make internal practices, books, and records relating to PHI received from, or created or received by Contractor, on behalf of Doctor, available to Doctor, or at the request of Doctor to the Secretary, for purposes of the Secretary determining Doctor’s compliance with the Privacy Rule.
2.12 Documenting Disclosures. Contractor shall document such disclosures of PHI and information related to such disclosures as would be required for Doctor to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528.
2.13 Accounting for Disclosures. Contractor shall provide to Doctor, upon request and in the time and manner required by 45 C.F.R. § 164.528(c)(1), an accounting of disclosures of an Individual’s PHI, collected in accordance with Section 2.11 of this Agreement, to permit Doctor to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.
2.14 Minimum Necessary. Contractor acknowledges that it shall request from the Doctor and so disclose to its affiliates, subsidiaries, agents, subcontractors or other third parties, only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder. Contractor acknowledges that the Secretary is required by the Health Information Technology for Economic and Clinical Health “HITECH Act” to issue guidance on what constitutes “minimum necessary” for purposes of the Privacy Standards. Contractor agrees to comply with the guidance, once issued by the Secretary, and to only request, use or disclose the minimum amount of PHI as described in such guidance.
2.15 Training. Contractor shall provide training as to the Privacy Rule and the Doctor’s Privacy Policy to all of its employees who will handle or be responsible for handling PHI on the Doctor’s behalf.
2.16 Independent Contractor. Notwithstanding any other agreement to the contrary, the relationship of the Contractor with Doctor shall be one of independent contractor, and not an employee or agent, actual or ostensible, of Doctor. At no time shall Contractor hold out to any third party that it is an agent, associate, or employee of Doctor.
2.17 Securing PHI. Contractor will comply with Section II.B of the April 27, 2009 HHS guidance (74 Fed. Reg. 19006 at 19009-19010) setting forth the technologies and methodologies for rendering PHI unusable, unreadable, or indecipherable to unauthorized individuals such that breach notification is not required. Contractor shall insure that any subcontractor, consultant, agent, vendor, or other third party to whom it provides PHI will implement, in a reasonable and appropriate manner, the technologies and methodologies the HITECH Act and HHS guidance specifies with respect to rendering Doctor’s PHI unusable, unreadable or indecipherable to unauthorized individuals.
2.18 Breach Notification. Notwithstanding paragraph 2.17 above, if any PHI in the possession, custody or control of Contractor remains or becomes unsecured, Contractor shall, following discovery of a breach (as such term is defined in 45 C.F.R. § 164.402) of such unsecured PHI, provide the notifications to individuals, the media and the Secretary, as set forth in 45 C.F.R. §§ 164.404 through 164.408.
2.19 Timeliness of Notifications. Except where a law enforcement official states to Doctor or Contractor that a notification would impede a criminal investigation or cause damage to national security, all notifications shall be made without unreasonable delay and in no case later than 60 calendar days from discovery of the breach.
2.20 Indemnification. Contractor shall defend, indemnify and hold harmless the Doctor from and against any or all cost (including but not limited to any and all costs incurred by Covered Entity in complying with the breach notification requirements of 45 C.F.R. Part 164, Subpart D), loss, interest, damage, liability, claim, legal action or demand by third parties, (including costs, expenses and reasonable attorney fees on account thereof) arising out of Contractor’s activities under the Agreement, including but not limited to, any breach of unsecured PHI by the Contractor or failure by the Contractor to provide the breach notifications required by 45 C.F.R. §§ 164.404 through 164.408, except to the extent that such loss, interest, damage, liability, claim, legal action or demand was incurred as a result of the negligence or willful misconduct of Doctor. As a condition precedent to the Contractor’s obligation to indemnify Doctor under this Agreement, Doctor must notify Contractor within a reasonable amount of time upon learning of any claim or liability in order to give Contractor an opportunity to present any appropriate defense on behalf of Doctor and Contractor. Doctor shall have the right, but not the obligation, to participate in any defense at its own cost and with its own counsel. The provisions of this paragraph 2.20 will survive the termination of this Agreement.
2.21 Application of Privacy Rule to Contractor. Where provided, the standards, requirements, and implementation specifications adopted under 45 C.F.R. Part 164, Subpart E, apply to Contractor with respect to the PHI of Doctor.
2.22 Fundraising. Contractor agrees to clearly and conspicuously provide any recipient of fundraising communications the opportunity to opt out of receiving any further such solicitations.
2.23 Sale of PHI. Contractor shall, except pursuant to and in compliance with 45 C.F.R. § 164.508(a)(4), not engage in the sale of PHI.
2.24 Compliance and Enforcement. Contractor is subject to the compliance, enforcement and civil monetary penalties provisions under 45 C.F.R., Part 160, Subparts C and D.
2.25 Individual’s Access to PHI. Contractor shall cooperate with Doctor on a timely basis, consistent with 45 C.F.R. § 164.524(b)(2), to fulfill all requests by individuals for access to the Individual’s PHI that are approved by Doctor. Contractor shall make available PHI in a designated record set to Doctor as necessary to satisfy Doctor’s obligations under 45 C.F.R. § 164.524(c). Contractor further agrees that to the extent Contractor maintains PHI of Individual in an electronic health record (“EHR”), Doctor must comply with patients’ requests for access to their PHI by giving them, or any entity that they designate clearly, conspicuously and specifically, the information in an electronic format, and must not charge the requestor more than the labor costs in responding to the request for the copy (or summary or explanation).
2.26 Implement Information Security Program. Contractor shall implement a documented information security program that includes administrative, technical and physical safeguards designed to prevent the accidental or otherwise unauthorized use or disclosure of PHI, and the integrity and availability of electronic PHI it creates, receives, maintains or transmits on behalf of Doctor. The security program shall include reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, and other requirements of the HIPAA Security Rule. In addition, Contractor agrees to (1) maintain written documentation of its policies and procedures, and any action, activity or assessment which the HIPAA Security Rule requires to be documented, (2) retain this documentation for 6 years from the date of its creation or the date when it last was in effect, whichever is later, (3) make this documentation available to those persons responsible for implementing the procedures to which the documentation pertains, and (4) review this documentation periodically, and update it as needed in response to environmental or operational changes affecting the security of the electronic PHI. Contractor agrees to encrypt all electronic PHI and destroy all paper PHI such that it is unusable, unreadable, or indecipherable to unauthorized users. Upon request, Contractor shall make available Contractor’s security program, including the most recent electronic PHI risk analysis, policies, procedures, security incidents and responses and evidence of training.
2.27 Amendments to PHI. Contractor shall make any amendment(s) to PHI in a designated record set as directed or agreed to by Doctor pursuant to 45 C.F.R. § 164.526, or take other measures as necessary to satisfy Doctor’s obligations under 45 C.F.R. § 164.526. Contractor must act on an Individual’s request for an amendment in a manner and within the time period set forth in 45 C.F.R. § 164.526(b)(2).
2.28 Marketing. Contractor shall not use or disclose PHI for marketing purposes without the Individual’s authorization, except as provided in 45 C.F.R. §§ 164.508(a)(3)(i)(A) and (B).
Article III.
Permitted Uses and Disclosures by Contractor
3.01 General Use and Disclosure. Except as otherwise limited in this Agreement, Contractor may use or disclose PHI only to perform its obligations and services to Doctor or as Required By Law, provided that such use or disclosure would not violate the Privacy or Security Rule if done by Doctor.
3.02 Specific Use and Disclosure Provisions.
3.02.1 Management and Administration of Contractor. Except as otherwise limited in this Agreement, Contractor may use PHI for the proper management and administration of the Contractor or to carry out the legal responsibilities of the Contractor.
3.02.2 Other Uses and Disclosures. Except as otherwise limited in this Agreement, and notwithstanding Section 3.01 above, Contractor may disclose PHI for the proper management and administration of the Contractor, provided that disclosures are Required by Law, or Contractor obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies the Contractor of any instances of which it is aware in which the confidentiality of the information has been breached.
3.02.3 Data Aggregation Services. Contractor may use PHI to provide data aggregation services to Doctor as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B).
3.02.4 Reporting Violations of the Law. Contractor may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.51(f).
3.02.5. Reporting to Health Plan. Contractor will not disclose PHI to a health plan if the Individual to whom the PHI pertains has so requested and (1) the disclosure would be for the purposes of payment or health care operations, and not for the purposes of treatment, (2) the PHI at issue pertains to a health care item or service for which the Individual pays out-of-pocket and in full and (3) the disclosure is not Required By Law.
3.02.6 Minimum Necessary. Contractor will, in the performance of its obligations and services to Doctor make reasonable efforts to use, disclose and request only the minimum amount of Doctor’s PHI reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except as set forth in 45 C.F.R. § 164.502(b)(2).
Article IV.
Obligations of Doctor
4.01 Provisions for Doctor to Inform Contractor of Privacy Practices and Restrictions.
4.01.1 Upon Contractor’s request, Doctor shall provide Contractor with the notice of privacy practices that Doctor produces in accordance with 45 C.F.R. § 164.520, as well as any changes to that notice.
4.01.2 Doctor shall provide Contractor with any changes in, or revocation of, authorization by an Individual to use or disclose PHI, if such changes affect Contractor’s permitted or required uses and disclosures.
4.01.3 Doctor shall notify Contractor, in writing, of any restriction to the use or disclosure of PHI that Doctor has agreed to in accordance with 45 C.F.R. § 164.522, and Contractor agrees to conform to any such restriction.
4.01.4 Doctor acknowledges that it shall provide to, or request from, the Contractor only the minimum PHI necessary for Contractor to perform or fulfill a specific function required or permitted hereunder.
4.01.5 Doctor shall take immediate steps to mitigate an impermissible use or disclosure of PHI from Contractor to Doctor, including its staff, employees and agents who send and receive PHI to and from Contractor in the course and scope of their employment, such as obtaining the recipient’s satisfactory assurances that the information will not be further used or disclosed (through a confidentiality agreement or similar means between Doctor and its staff, employees and agents) or will be destroyed.
4.02 Permissible Requests by Doctor. Doctor represents and warrants that it has the right and authority to disclose PHI to Contractor for Contractor to perform its obligations and provide services to Doctor. Doctor shall not request Contractor to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Doctor.
4.03 Indemnification. Doctor shall defend, indemnify and hold harmless the Contractor from and against any or all cost (including but not limited to any and all costs incurred by Covered Entity in complying with the breach notification requirements of 45 C.F.R. Part 164, Subpart D), loss, interest, damage, liability, claim, legal action or demand by third parties, (including costs, expenses and reasonable attorney fees on account thereof) arising out of Doctor’s activities under the Agreement, including but not limited to, any breach of unsecured PHI by the Doctor or failure by the Doctor to provide the breach notifications required by 45 C.F.R. §§ 164.404 through 164.408, except to the extent that such loss, interest, damage, liability, claim, legal action or demand was incurred as a result of the negligence or willful misconduct of Contractor. As a condition precedent to the Doctor’s obligation to indemnify Contractor under this Agreement, Contractor must notify Doctor within a reasonable amount of time upon learning of any claim or liability in order to give Doctor an opportunity to present any appropriate defense on behalf of Doctor and Contractor. Contractor shall have the right, but not the obligation, to participate in any defense at its own cost and with its own counsel. The provisions of this paragraph 2.20 will survive the termination of this Agreement.
Article V.
Term and Termination
5.01 Term. The provisions of this Agreement shall take effect upon its execution. Except as otherwise provided herein, the Agreement shall terminate when all of the Protected Health Information provided by Doctor to Contractor, or created or received by Contractor on behalf of Doctor, is destroyed or returned to Doctor.
5.02 Termination for Cause. Upon a Party’s knowledge of a material breach by the other party, the non-breaching Party shall provide an opportunity for the breaching Party to cure the breach or end the violation and terminate this Agreement if the breaching Party does not cure the breach or end the violation within the time specified by the non-breaching Party or immediately terminate this Agreement if cure of such breach is not possible.
5.03 Termination Without Cause. Either party to this Agreement may terminate the Agreement upon provision of sixty (60) days prior written notice.
5.04 Effect of Termination.
5.04.1 Disposal of PHI. Except as provided in paragraph 5.04.02 of this Section, upon termination of this Agreement, for any reason, Contractor shall return or destroy all PHI received from Doctor, or created or received by Contractor on behalf of Doctor, at the direction of Doctor. Contractor shall request, in writing, PHI that is in the possession of subcontractors or agents of Contractor.
5.04.2 In the event the Contractor determines that returning or destroying the PHI is infeasible, Contractor shall provide to Doctor notification of the conditions that make return or destruction infeasible. If return or destruction of PHI is infeasible, Contractor shall extend the protection of this Agreement to such PHI, for so long as Contractor maintains such PHI. Following the termination of this Agreement, Contractor shall not disclose PHI except to Doctor or as required by Law.
Article VI.
Miscellaneous
6.01 Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.
6.02 Amendment. This Agreement may be amended upon the mutual written agreement of the parties. Upon the enactment of any law or regulation affecting the use or disclosure of PHI, or the publication of any decision of a court of the United States or any state relating to any such law or the publication of any interpretive policy or opinion of any governmental agency charged with the enforcement of any such law or regulation, either party may, by written notice to the other party, and by mutual agreement, amend the Agreement in such manner as such party determines necessary to comply with such law, policy, decision or regulation. If the other party disagrees with such amendment, it shall so notify the first party in writing within thirty (30) days of the notice. If the parties are unable to agree on an amendment within thirty (30) days thereafter, then either of the parties may terminate the Agreement on thirty (30) days written notice to the other party.
6.03 Survival. The obligations of Contractor under Section 5.04.2 of this Agreement shall survive the termination of this Agreement.
6.04 Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Doctor to comply with the HIPAA Rules. In the event of any inconsistency or conflict between this Agreement and any other agreement between the parties, the terms, provisions and conditions of this Agreement shall govern and control. In the event of an inconsistency between the provisions of the Agreement and the mandatory terms of the HIPAA Rules, as may be amended from time to time by HHS or as a result of interpretations by HHS, a court, or another regulatory agency with authority over the Parties, the interpretation of HHS, such court or regulatory agency shall prevail. In the event of a conflict among the interpretations of these entities, the conflict shall be resolved in accordance with rules of precedence. Where provisions of this Agreement are different from those mandated by the HIPAA Rules, but are nonetheless permitted by the HIPAA Rules, the provisions of the Agreement shall control.
6.05 No third party beneficiary. Nothing express or implied in this Agreement is intended to confer, and nothing herein shall confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.
6.06 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the state in which Doctor practices. Any disputes relating to this Agreement shall be resolved solely and exclusively by the state or federal courts located in the state and county in which Doctor practices, and Contractor consents to sole and exclusive venue in those courts as proper.
EXHIBIT B
PAYMENT SCHEDULE FOR PARTICIPATING PATIENTS
Dry eye / Pink eye / Garden variety red eye related consultations – $40
Second opinion consultations – $199
Lasik consultation – $0 *
* For Lasik consultations, Participating Patients do not pay EyecareLive, but you will pay a Platform fee of $100 for each Participating Patient that EyecareLive connects you to via the EyecareLive Platform for use of the EyecareLive Services.
EXHIBIT C
PLATFORM PANEL FEE SCHEDULE
The Platform Panel Fee is $99 per month per doctor (collected via Stripe).