The Terms of Service for your organization may be different than the standard agreement below. Please ask your administrator for a copy of your ReferralMD agreement.
THIS IS A LEGALLY BINDING AGREEMENT between ReferralMD, a service of Electronic Referral Manager Inc., a Delaware Corporation (“we” or “us”) and “you”, as a user of our online healthcare referral and collaboration system through which certain health records for your patients may be transmitted (the “System”). BY CLICKING “SIGN UP” OR THROUGH THE CONTINUED USE OF THE SYSTEM, YOU ARE UNDERTAKING LEGAL OBLIGATIONS AND CONFERRING LEGAL RIGHTS. Please read this agreement carefully, and do not click “Sign up” or continue use of the System unless you agree fully with its terms. You and we are collectively referred to as the “Parties.”
ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS NOTICE OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, OR TO YOUR USE OF THIS SITE OR THE SYSTEMS OR INFORMATION TO WHICH IT GIVES ACCESS, SHALL BE DETERMINED BY ARBITRATION IN MOUNT PLEASANT, SOUTH CAROLINA, BEFORE A SINGLE ARBITRATOR. THE ARBITRATION SHALL BE ADMINISTERED BY JAMS PURSUANT TO ITS COMPREHENSIVE ARBITRATION RULES AND PROCEDURES. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE PARTIES FROM SEEKING PROVISIONAL REMEDIES IN AID OF ARBITRATION FROM A COURT OF APPROPRIATE JURISDICTION. THE PARTIES WAIVE ANY RIGHT TO A JURY TRIAL AND AGREE THAT ANY DISPUTE SHALL BE BROUGHT SOLELY IN AN INDIVIDUAL CAPACITY AND NOT AS PART OF A CLASS ACTION. NOTHING HEREIN PREVENTS EITHER PARTY FROM BRINGING AN ACTION IN SMALL CLAIMS COURT.
1. Definitions
For the purposes of this Agreement, the terms set forth in this section shall have the meanings assigned to them below. Terms not defined below (whether or not capitalized) shall have the definitions given them in HIPAA, unless the context requires otherwise:
“Authorized Workforce” means those members of your Workforce who are individually authorized by you and us to have access to the System to assist you in healthcare referrals for your patients, and to whom we have assigned a unique identifier for access to the System.
“Electronic Referrals” means the feature of the System through which we make your Patient Health Information available to other users of the System with your consent or make Health Information of other users of the System available to you with their consent.
“Confidential Information” means any information concerning our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by us as confidential or proprietary or would reasonably be viewed as confidential or as having value to our competitors. Confidential Information shall not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you. Confidential Information does not include individuals’ health information.
“De-Identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule, and “De-Identify,” with respect to health information, means make it into De-Identified Health Information.
“De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.
“De-Identified Personal Information” means personal information from which a user’s name and other unique identifiers have been removed, and from which the user cannot reasonably be identified; and “De-Identify,” with respect to Personal Information, means to make it into De-Identified Personal Information.
“Enterprise” means an organization that has signed up for a user-based subscription or entered into a separate Enterprise License Agreement with us.
“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule.
“HITECH Act” means the Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.
“Patient Health Information” means Protected Health Information that you or your Workforce enter into the System.
“Personal Information” means information that identifies you personally as a user of the System, and all information concerning you and your use of the System that is not Protected Health Information.
“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the System, as changed from time to time and as posted electronically on our Internet web site.
“Practice” means an organization that has signed up for a free account and responsible for paying for premium services.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.
“Protected Health Information” has the meaning given it in the Privacy Rule and includes all individually identifiable health information concerning your patients that you provide to the System.
“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 160 and part 164, subparts A and C.
“Services” means the licensed services to which you have been granted access, which may include the Electronic Referral Management service, Reporting service, Patient Portal service and other services.
“System” means the electronic communication network operated by us, including all licensed Services, all hardware provided by us, all software used or provided by us, and all such hardware and software installed at or accessed from your site, and all documentation provided by us in connection with the System, paper or electronic.
“Term” means the period during which you maintain an active account or continue to access or use the Service.
“User” means you and all internal named providers, locations/departments without named providers (i.e., imaging, home health, etc.) and staff members with access to the System.
“User ID” means a unique user identification assigned to Users pursuant to Section 3.7.
“Workforce” means employees, agents, and independent contractors.
“Your Site” means the location you provided us upon registration, and such other location or locations as we may approve from time to time.
2. Grant of Right to Use Services
2.1 We grant to you and you accept a non-exclusive, personal, nontransferable, limited right to have access to and to use the System, and a non-exclusive, personal, nontransferable, limited license to use any computer software furnished by us for access to or use of the System, for so long as you maintain an active account or use the Services, subject to your full compliance with the terms and conditions set forth in this Agreement and with our Policies and Procedures. You shall not: (a) use the System for time-sharing, rental or service bureau purposes; (b) make the System, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the System, in whole or in part, or otherwise attempt to discover the source code to the software used in the System; or (d) modify the Services or the System or associated software or combine the Services or the System with any other software or services not provided or approved by us. You shall obtain no rights to the System except for the limited rights to use the System expressly granted by this Agreement.
2.2 The System includes certain third-party software and services, which may require that you enter into separate subscription or licensing agreements with third-party vendors. We may also make available optional services provided by third parties, such as reporting services. You agree to comply with, and upon request to execute, such agreements as may be required for the use of such software or services, and to comply with the terms of any license or other agreement relating to third-party products included in the System or made accessible to you through the System. Your use of the System or of such third-party products or services shall constitute your agreement to be bound by the terms of all licensing, subscription and similar agreements relating to such use.
2.3 Beta Services
We may offer beta or preview features from time to time. Such features are provided “as is” without warranties and may be modified or discontinued at any time.
3. Access to the System
3.1 Verification. You agree that your use of the System is subject to verification by us of your identity and credentials as a health care practitioner or administrator, and to your ongoing qualification as such. You agree that we may use and disclose your Personal Information for such purposes, including (without limitation) making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. You agree that we may terminate your access to or use of the System at any time if we are unable at any time to determine or verify your qualifications or credentials.
3.2 Permitted Uses. Subject to the terms of this Agreement, we authorize you to access the System and to use the Services for referral management, collaboration and communication between patients and healthcare providers, provided that (i) you access only information pertaining to individuals with whom you have a treatment relationship or for whom a provider who has a treatment relationship with has requested a professional consultation from you, or from whom you have received authorization to use their health information; and (ii) you use only the minimum necessary information for payment purposes. You agree that you shall not access the System or use the Services for any other purposes. In particular:
3.2.1 You shall not reproduce, publish, or distribute content in connection with the System that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;
3.2.2 You shall comply with all applicable laws, including laws relating to maintenance of privacy, security, and confidentiality of patient and other health information and the prohibition on the use of telecommunications facilities to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;
3.2.3 You shall not: (a) abuse or misuse the System or the Services, including gaining or attempting to gain unauthorized access to the System, or altering or destroying information in the System except in accordance with accepted practices; (b) use the System or Services in a manner that interferes with other Users’ use of the System; or (c) using the System or the Services in any manner that violates our Policies and Procedures.
3.2.4 You shall not: (a) access or use the System through automated means, including bots, scrapers, or scripts, except as expressly authorized; (b) interfere with or disrupt the integrity or performance of the System; (c) attempt to gain unauthorized access to the System or related systems; (d) benchmark or test the System for competitive purposes; or (e) circumvent usage limits or security measures.
3.3 Clinical Support Information. We do not provide medical advice. The System is intended solely as a tool to facilitate communication and information exchange among healthcare providers. Health care providers using the System may provide information to assist you in clinical decision-making. This may include information and reminders concerning drug interactions, allergies, dosages, as well as general health-care related information and resources. The System may also have forums for care providers using the System to exchange information. We are not responsible for the accuracy or completeness of information available from or through our site. You agree to indemnify and hold us harmless from the use by you of any information provided through the System. Such information is provided by users of the System or in public forums, and is not information generated by us, but merely conveyed by our System. In addition, you assume full risk and responsibility for the use of information you obtain from or through this site, and you agree that we are not responsible or liable for any claim, loss, or liability arising from the use of the information. We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them. You agree to review the definitions, functionality, and limitations of the System, and to make an independent determination of their suitability for your use. We and our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the System for any purpose. Certain features of the System may utilize automated or artificial intelligence technologies. Outputs generated by such features may be incomplete, inaccurate, or inappropriate and are provided for informational purposes only. You are solely responsible for reviewing and validating all outputs and for any decisions made based on such outputs.
3.4 Safeguards.
3.4.1 You shall implement and maintain appropriate administrative, physical and technical safeguards to protect information within the System from access, use or alteration from Your Site or using a User ID assigned to you or a member of your Workforce. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You shall maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the System.
3.4.2 You shall immediately notify us of any breach or suspected breach of the security of the System of which you become aware, or any unauthorized use or disclosure of information within or obtained from the System, and you shall take such action to mitigate the breach or suspected breach as we may direct, and shall cooperate with us in investigating and mitigating the breach.
3.4.3 We maintain reasonable administrative, physical, and technical safeguards, including backup and disaster recovery processes, designed to protect the availability of the Service. However, you remain responsible for maintaining independent copies of your critical data.
3.5 Location of Access. You and your Authorized Workforce are authorized to access the System solely from Your Site, and from other sites from which you have received approval from us to access the System.
3.6 Compliance. You shall comply with the terms of this Agreement, our Policies and Procedures, and all applicable laws and regulations. You shall be solely responsible for the use of the System by you and your Workforce and shall indemnify us and hold us harmless from any claim, cost or liability arising from such use, including reasonable attorneys’ fees.
3.7 User Identification. Each member of your Authorized Workforce shall have, and use, a unique User ID including all internal named providers, locations/departments without named providers (i.e., imaging, home health, etc.) and staff members with access to the System. We authorize you and your Authorized Workforce to use the User IDs assigned to you by us. You acquire no ownership rights in any User ID, and User IDs may be revoked or changed at any time in our reasonable discretion. You shall adopt and maintain reasonable and appropriate security precautions for User IDs to prevent their disclosure to or use by unauthorized persons. You shall use your best efforts to ensure that no member of your Workforce uses a User ID assigned to another person.
3.8 No Third-Party Access. Except as required by law, you shall not permit any third party (other than your Authorized Workforce) to have access to the System or to use the Services without our prior written agreement. You shall promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the System. You shall cooperate fully with us in connection with any such demand.
3.9 Your Workforce.
3.9.1 You may permit your Authorized Workforce to use the System and the Services on your behalf, subject to the terms of this Agreement. You shall:
3.9.1.1 obtain a unique User ID from us for each member of your Authorized Workforce;
3.9.1.2 train all members of your Authorized Workforce in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the System and the Services, and ensure that they comply with such requirements;
3.9.1.3 take appropriate disciplinary action against any member of your workforce who violates the terms of this Agreement or the Policies and Procedures;
3.9.1.4 ensure that only you and your Authorized Workforce access the System from Your Site;
3.9.1.5 immediately notify us of the termination of employment of any member of your Authorized Workforce, or of your withdrawal of authorization for any such person to access the System.
3.10 Patient Portal. You may make health information available to your patients through our Patient portal. You are solely responsible for the information that you make available through the Patient portal, for granting access rights to your patients, and for revoking access rights.
3.11 Forums. We may offer forums for the exchange of information among our users. You agree to assume all responsibility for your use of such forums. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of such forums. You acknowledge that any information you post in a forum or discussion group is available to the healthcare providers invited to the forum.
3.12 Compliance with Law. You are solely responsible for ensuring that your use of the System and the Services (including making health information available through the System) complies with HIPAA, TCPA, state, federal, and any other applicable law. You shall not undertake or permit any unlawful use of the System or take any action that would render the operation or use of the System by us or any other User unlawful. We offer no assurance that your use of the System and the Services under the terms of this Agreement shall not violate any law or regulation applicable to you. You acknowledge that we are not a healthcare provider and do not provide medical, clinical, or regulatory compliance services. You are solely responsible for ensuring that your use of the Service complies with all applicable laws and for all clinical decisions and patient outcomes. You acknowledge that the System does not make clinical, medical, or legal decisions and that all decisions based on the use of the System are made solely by you.
3.13 Professional Responsibility. You shall be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information in the System, or concerning the qualifications or competence of individuals who placed it there. We shall not be liable for the consequences to you or your patients of your use of the System or the Services.
3.14 Cooperation. You shall cooperate with us in the administration of the System, including providing reasonable assistance in evaluating the System and collecting and reporting data requested by us for purposes of administering the System.
3.15 Indemnification.
You agree to indemnify, defend, and hold harmless us and other Users, and our affiliates, officers, directors, and agents, from and against any claim, cost, liability, or expense (including reasonable attorneys’ fees) arising out of or related to: (a) your use of the System; (b) any violation of applicable law by you or your Workforce; (c) any breach of this Agreement; or (d) any data, content, or information submitted to or transmitted through the System by you or your Workforce.
4. Use of Information
4.1 Purpose of System. The purpose of the System is to facilitate referrals to and from health care providers to assist patients in getting proper and timely care from health care providers to whom and from whom they are referred, store Patient Health Information and (i) to make it available to you and your Authorized Workforce; (ii) to facilitate the sharing of individuals’ health information among Users, and (iii) to make health information available to your patients through the System. You may make Patient Health Information accessible to other Users and to your patients through the System for these purposes. You authorize us, as your business associate, to use and disclose the Patient Health Information as follows, subject to the recipient’s agreement to comply with our Policies and Procedures and with applicable laws and regulations relating to the use and disclosure of health information, and subject also to the provisions of section 9:
4.1.1 We may permit access to Patient Health Information to you and your Authorized Workforce.
4.1.2 We may permit access to Patient Health Information to your patients to whom you have agreed to grant access through the Patient Portal.
4.1.3 We may permit access to Patient Health Information by health care providers and their business associates for treatment through the Electronic Referral feature of the System. We shall obtain your consent before we make Patient Health Information available to other providers. You acknowledge that once we have granted access rights to another provider, we have no control over the uses and disclosures that the provider makes of Patient Health Information.
4.1.4 We may disclose or permit access to Patient Health Information to health plans, health care clearinghouses, medical groups, independent practice associations and other parties responsible for payment and their business associates for the purpose of obtaining payment for services you provide, unless you advise us in writing that the patient has paid out of pocket in full for the service to which the Patient Health Information relates, and has requested that it not be disclosed to his or her health plan.
4.1.5 We may De-Identify Patient Health Information and our Personal Information and use and disclose De-Identified Information as provided by Section 5 and Section 7.2.
4.1.6 We may create limited data sets from Patient Health Information and disclose them for any purpose for which You authorize disclosure of a limited data set; and you hereby authorize us to enter into data use agreements on your behalf for the use of such limited data sets, in accordance with applicable law and regulation.
4.1.7 We may aggregate de-identified Patient Health Information with that of other users and share such aggregated information among Users.
4.1.8 We may use Patient Health Information for the proper management and administration of the System and our business, and to carry out our legal responsibilities. We may also disclose Patient Health Information for such purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that it shall be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.
4.1.9 We may use or disclose Patient Health Information for other purposes in order to provide Services to you, as from time to time described in our Policies and Procedures; provided that we shall not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate. Except as provided in Subsections 4.1.7 and 4.1.8, and notwithstanding any other provision of this Section, we shall not use or disclose Patient Health Information in any manner that would violate the requirements of the Privacy Rule if done by you.
4.2 Responsibility for Misuse by Other Users. You acknowledge that in granting access to the System for the purposes set forth in Section 4.1, we shall rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the system, and (iii) the nature and extent of the information to which they shall have access. You acknowledge that, while the System shall contain certain technical safeguards against misuse of the System, it shall rely to a substantial extent on the representations and undertakings of Users. You agree that we shall not be responsible for any unlawful access to or use of Patient Health Information by any User resulting from the User’s misrepresentation to us, or breach of the User’s user agreement or our Policies and Procedures.
4.3 Specially Protected Information. We apply the standards of the Privacy Rule in permitting access to the System. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Patient Health Information may properly be disclosed for the purposes set forth in Section 4.1, subject only to the restrictions of the Privacy Rule. In particular, you shall:
4.3.1 not make available through the System any information subject to any restriction on use or disclosure (whether arising from your agreement with the individual or under law), other than the general restrictions contained in the Privacy Rule;
4.3.2 obtain any necessary consents, authorizations or releases from individuals required for making their health information available through the System for the purpose set forth in Section 4.1;
4.3.3 include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the System;
4.3.4 not place in the System any information that you know or have reason to believe is false or materially inaccurate.
4.4 Electronic Referrals. With your consent, we shall make Patient Health Information for any patient you designate accessible to any other user of the System whom you approve. You may revoke your consent with respect to any other user at any time. While your consent is in effect, an approved user may view and edit any health record you have designated for his or her use. If you revoke your consent, the approved user shall continue to have the ability to view the health record in the form in which it existed at the time you revoked your consent but shall not be able to view changes made to the record thereafter and shall not be able to edit the record. The same rules apply to your use of another user’s record who approves access for you. You and your Workforce are fully responsible for the information in any chart that you share. You and/or your Workforce should not share patient information that violates any state and/or federal laws, such as a positive HIV test result. In the future, we may allow you to share only subsections of a patient chart or may allow a referee to share the patient chart with others, in either case, we shall obtain your consent before allowing the use of such features. In any event, but especially in cases of potential fraud, misuse and/or abuse of the System, we reserve the right, in its sole judgment, to revoke, remove, cancel or deny continued access to any health record or any Electronic Referral request.
4.5 Communications and Consent
You are solely responsible for obtaining and maintaining all necessary consents, authorizations, and permissions required under applicable law for communications initiated through the System, including without limitation voice calls (including AI-generated or automated calls), text messages, and email messages. You represent and warrant that you have obtained all required consents under applicable laws, including but not limited to the Telephone Consumer Protection Act (TCPA) and applicable state laws. We shall have no liability for your failure to obtain such consents.
5. Providing Physician Data to Payers
Without limiting the provisions of Section 7.2, you agree that we may provide De-Identified Health Information and other information, including your Personal Information and information concerning your practice, to any medical group, independent practice association of physicians, health plan or other organization with which you have a contract to provide medical services, or to whose members or enrollees you provide medical services. Such information may identify you but shall not identify any individual to whom you provide services. Such information may include (without limitation) aggregate data concerning your patients, diagnoses, procedures, orders and the like.
6. Product and Service Notifications
We may place advertisements concerning the products and services of third parties on the System, so that you see them when you use the System. We may receive remuneration from the suppliers of these products and services for placing their advertisements. We may use computerized processes to tailor the advertisements to you or to your use of the system. However, except as expressly permitted by this Agreement or by our Policies and Procedures, unless we obtain your consent, we shall not disclose to any third party any information that identifies you or enables the third party to market products or services to you directly. This Section applies only to Practice accounts and does not apply to Enterprise customers unless expressly agreed in writing.
7. Intellectual Property Rights
7.1 Individually Identifiable Health Information. Except as provided in Section 7.2 (De-Identified Information), you retain all rights with regard to your Patient Health Information.
7.2 De-Identified Information. In consideration of our provision of the Services, you hereby transfer and assign to us all right, title and interest in and to all de-Identified derivative Information that we make from Patient Health Information or your Personal Information pursuant to Section 4.1.5 created for the purposes of creating data models, application and data functions, and features of the application. You agree that we may use, disclose, market, license and sell the derivative de-identified information for any purpose without restriction, and that you have no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. You acknowledge that the rights conferred by this Section are the principal consideration for the provision of the Services, without which we would not enter into this Agreement. We may use De-Identified Information to develop, train, and improve our Services, including artificial intelligence and machine learning models.
7.3 Other Works and Information.
You agree that any suggestions, feedback, or non-confidential information you provide to us regarding the System may be used by us without restriction. This Section does not apply to Patient Health Information, Personal Information, or Customer Data.
7.4 Customer Data
As between the Parties, you retain all right, title, and interest in and to all data submitted to the System by you, excluding De-Identified Information. Subject to this Agreement, you grant us a limited, non-exclusive right to use such data solely to provide, maintain, and improve the Services and to comply with applicable law.
8. Individuals’ Rights
You shall be solely responsible for affording individuals their rights with respect to Patient Health Information, such as the rights of access and amendment. You shall not undertake to afford an individual any rights with respect to any information in the System other than Patient Health Information.
9. Business Associate Provisions
In maintaining, using and affording access to Patient Health Information in accordance with this Agreement, we shall:
9.1 Not use or further disclose the information except as permitted or required by this Agreement or as required by law;
9.2 Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information;
9.3 Report to you any use or disclosure of the information not provided for by this Agreement of which we become aware, or any security incident as a result of which we determine that unauthorized access has been obtained to Patient Health Information;
9.4 Ensure that any of our agents or subcontractors to whom we provide Patient Health Information for purposes of assisting us in providing the System or the Services, agrees to the same restrictions and conditions that apply to us with respect to such information, including the obligation to implement reasonable and appropriate safeguards to protect it (it being understood that other Users of the System are not our agents or subcontractors);
9.5 Make available protected health information in accordance with § 164.524 of the Privacy Rule;
9.6 Make available protected health information for amendment and incorporate any amendments to protected health information in accordance with § 164.526 of the Privacy Rule;
9.7 Make available the information required to provide an accounting of disclosures in accordance with § 164.528 of the Privacy Rule;
9.8 Make our internal practices, books, and records relating to the use and disclosure of protected health information received from, or created or received by us on your behalf available to the Secretary of the United States Department of Health and Human Services for purposes of determining your compliance with the Privacy Rule; and
9.9 At termination of this Agreement we shall provide you with a copy of Patient Health Information in an electronic form that is accessible through commercially available hardware and software. You may have to purchase such hardware and software from third parties in order to access your data, and you may have to configure your systems in order to use your data in your practice. Upon termination we shall, if feasible, return or destroy all protected health information received from, or created or received by us on your behalf that we still maintain in any form, and retain no copies of such information; or, if such return or destruction is not feasible, extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. You acknowledge that it shall likely be infeasible to segregate Patient Health Information for removal from the System, and that if you have approved another user to have access to any of your online records through Electronic Referrals, we shall maintain a version of those records through the time you withdraw your approval, and we shall continue to make those records available to the approved (or formerly approved) user. You acknowledge that you may have to purchase proprietary software in order to access such information.
9.10 HITECH Act. As required by the HITECH Act
(a) We shall comply with the provisions of the HIPAA Security Rule that are made applicable to business associates by Section 13401(a) of the HITECH Act, with the additional provisions of the HITECH Act relating to security that are made applicable to business associates and incorporated into business associate contracts by Section 13401(a) of the HITECH Act, and with the additional provisions of the HITECH Act relating to privacy that are made applicable to business associates and incorporated into business associate contracts by Section 13404(a) of the HITECH Act.
(b) We shall report to you the discovery of any breach of unsecured Protected Health Information that we access, maintain, retain, modify, record, store destroy or otherwise hold, use or disclose on your behalf, in compliance with the requirements of Section 13402 of the HITECH Act and the regulations promulgated there under (45 CFR Parts 160 and 164, Subpart D).
9.11 Data Retention and Deletion
We will retain Patient Health Information and other Customer Data for the duration of this Agreement and for a reasonable period thereafter as necessary to comply with legal obligations and enforce this Agreement. To the extent feasible, we will delete or de-identify such data following termination. Where deletion is not feasible, including due to system architecture, legal requirements, or continued access by other authorized users, we will continue to protect such data in accordance with this Agreement and limit further use and disclosure.
9.12 Security Incidents
A “Security Incident” means unauthorized access to or use of Patient Health Information. We will notify you of any confirmed Security Incident without unreasonable delay and, in any event, no later than thirty (30) days following discovery, unless a shorter period is required by applicable law.
9.13 Subcontractors
We may use subcontractors to provide the Services. We will require such subcontractors to maintain appropriate safeguards consistent with this Agreement.
9.14 We do not use Patient Health Information to train or improve artificial intelligence or machine learning models except as expressly permitted under this Agreement or required by applicable law.
10. Computer Systems
10.1 Your Systems. You shall acquire, install, configure and maintain all hardware, software and communications systems necessary to access the System (your “Implementation”). Your Implementation shall comply with the specifications from time to time established by us. You shall ensure that your Implementation is compatible with the System and Services. If we notify you that your Implementation is incompatible with the System, you shall eliminate the incompatibility, and we may suspend Services to you until you do so.
10.2 Assistance. Upon request, we may provide goods or services in connection with your Implementation. You shall pay our then standard charges for such assistance, and our out-of-pocket costs.
11. Third-Party Sites and Service Providers
The System may contain hyperlinks (including hyperlinked advertisements) to Internet web sites operated by third parties, or to materials or information made available by third parties. Such third parties may offer goods or services for sale to you. Such links do not constitute or imply our endorsement of such third parties, or of the content of their sites, the quality or efficacy of their goods or services, or their information privacy or security practices, and we have no responsibility for information, goods or services offered or provided by such third parties, or for the manner in which they conduct their operations. Your use of third-party sites and the materials, goods and services offered by them is entirely at your own risk and is subject to the terms of use of the third parties operating or providing them. You should assume that any Internet page or other material that does not bear our logo is provided by a third party.
12. Fees and Charges
Enterprise and Practice accounts are subject to different pricing and billing structures as set forth in this Section. The provisions applicable to each account type apply exclusively to that account type.
12.1 Enterprise Fees. You shall pay to us our software subscription fee (“System Fee”) and services fee (“Services Fee”) for the System to which you have access. You also agree to pay, at our then current rates, for all goods or services that you request from us and that are not included in our standard services (“Ancillary Fees”). We shall notify you of the System Fee when you are granted access to the System, and we shall notify you of the applicable Services Fee and Ancillary Fees before performing services. The System Fee, Services Fee, and Ancillary Fees may be modified by us upon at least thirty (30) days’ prior notice. Any such changes will apply prospectively and will not affect fees already paid. Current fees and charges may be obtained by calling 415-841-2727 or emailing accounting@referralmd.com.
12.2 Enterprise Usage Caps. System Fee shall include unlimited referrals. For faxing, System Fee shall include an allocation of a certain number of fax pages per user per month for all inbound and outbound faxes which may or may not include OCR/AI functionality. Beyond that allocation, you shall pay a fee per page. For text messages, System Fee shall include an allocation of text message segments per user per month. Beyond that allocation, you shall pay a fee per text message segment. One text message may have one or more segments and the segmentation is determined at the time the message is sent by the respective carrier. For patient intake forms, System Fee shall include an allocation of patient intake forms per user per month. Beyond that allocation, you shall pay a fee per intake form sent to patients. All allocations, fees, and usage caps shall be published on our web site during sign up, or agreed upon in an Enterprise License Agreement executed between the Parties. We may alter the fees, allocations, and usage caps with thirty (30) day’s notice, or upon the expiration or renewal of an Enterprise License Agreement.
12.3 Enterprise Payments. Enterprise accounts shall require payment prior to initial access to the System or as specified in an Enterprise License Agreement. Fees shall be billed and must be paid in full based on the payment terms in the Enterprise License Agreement prior to gaining access to the System and before any Services are rendered.
12.4 Practice Fees. Practice accounts shall be paid in advance and auto-reload as usage occurs. The Service shall automatically charge for premium services in your free account including faxing, texting, intake forms and voice AI services. All Fees shall be published to you when signing up for a Practice account.
12.5 Practice Payments. The System shall automatically charge your credit card when your account balance falls below the minimum balance as defined by you in the System. The System shall automatically withdraw funds from your account balance to pay for the premium services outlined in 12.4.
12.6 Taxes. All charges and fees shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and you agree to pay any tax (excluding taxes on our net income) that we may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services purchased under this Agreement.
12.7 Other Charges. You are responsible for any charges you incur to use the System, such as Internet and equipment charges, and fees charged by third-party vendors of products and services.
12.8 Payment Failure
If any payment is past due, we may suspend or terminate access to the Service upon notice. You remain responsible for all fees incurred prior to suspension or termination.
12.9 Late Payments
Past due amounts may accrue interest at the rate of 1.5% per month (or the maximum permitted by law, if less). You shall be responsible for all reasonable costs of collection, including attorneys’ fees.
12.10 Usage Measurement
We may monitor and measure usage of the Service to verify compliance with this Agreement and to calculate applicable fees. Our measurements shall be final absent manifest error.
13. Confidential Information
13.1 You may not disclose our Confidential Information to any other person, and you may not use any Confidential Information except for the purpose of this Agreement. Except as otherwise provided in this Agreement, you may not, without our prior written consent, at any time, during or after the Term of this Agreement, directly or indirectly, divulge or disclose Confidential Information for any purpose or use Confidential Information for your own benefit or for the purposes or benefit of any other person. You agree to hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You shall disclose Confidential Information only to members of your Workforce who have a need to use it for the purposes of this Agreement. You shall inform all such recipients of the confidential nature of Confidential Information and shall instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You shall promptly advise us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to your attention.
13.2 You agree that we shall suffer irreparable harm if you fail to comply with its obligations set forth in this Section 13, and you further agree that monetary damages shall be inadequate to compensate us for any such breach. Accordingly, you agree that we shall, in addition to any other remedies available to us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.
13.3 This Section 13 shall survive the termination or expiration of this Agreement for any reason.
14. Disclaimer, Exclusion of Warranties, and Limitation of Liability
14.1 Carrier Lines. YOU ACKNOWLEDGE THAT ACCESS TO THE SYSTEM SHALL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION SHALL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, “CARRIER LINES”) OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR OR RELATING TO THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.
14.2 No Warranties. ACCESS TO THE SYSTEM AND THE INFORMATION CONTAINED ON THE SYSTEM IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SYSTEM OR THE INFORMATION IN THE SYSTEM, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OCCURRING. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SYSTEM.
14.3 Conditions for Breach. We shall not be deemed to be in violation of this Agreement unless you have first given us written notice specifying the nature of the default, and we have failed within thirty (30) days of receipt of the notice either to cure the default or, if cure within such period is not practicable, to be diligently proceeding to cure the default.
14.4 Other Users. YOU ACKNOWLEDGE THAT OTHER USERS HAVE ACCESS TO THE SYSTEM AND ARE RECEIVING OUR SERVICES. SUCH OTHER USERS HAVE COMMITTED TO COMPLY WITH OUR POLICIES AND PROCEDURES CONCERNING USE OF THE SYSTEM; HOWEVER, THE ACTIONS OF SUCH OTHER USERS ARE BEYOND OUR CONTROL. ACCORDINGLY, WE DO NOT ASSUME ANY LIABILITY FOR OR RELATING TO ANY IMPAIRMENT OF THE PRIVACY, SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, OR RESTRICTED USE OF ANY INFORMATION ON THE SYSTEM RESULTING FROM ANY USER’S ACTIONS OR FAILURES TO ACT.
14.5 Unauthorized Access; Lost or Corrupt Data. WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY INDIVIDUALS OR ENTITIES USING THE SYSTEM OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SYSTEM, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM OPERATOR ERROR, EQUIPMENT OR SYSTEM MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE CONTENT OF ANY INFORMATION TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THE SERVICES.
14.6 Limitation of Liability. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, OUR AGGREGATE LIABILITY UNDER THIS AGREEMENT, REGARDLESS OF THEORY OF LIABILITY, SHALL BE LIMITED TO THE AGGREGATE FEES ACTUALLY PAID BY YOU UNDER THIS AGREEMENT FOR THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT FIRST GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATION SHALL NOT APPLY TO (i) EITHER PARTY’S INDEMNIFICATION OBLIGATIONS OR (ii) YOUR BREACH OF CONFIDENTIALITY OBLIGATIONS OR (iii) FINES OR PENALTIES IMPOSED BY A GOVERNMENTAL AUTHORITY TO THE EXTENT ARISING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
14.7 Service Availability
We do not guarantee that the Service will be uninterrupted or error-free. From time to time, the Service may be unavailable due to maintenance, upgrades, or circumstances beyond our control.
14.8 Intellectual Property Indemnification
We will defend you against any third-party claim that the Service infringes a valid U.S. intellectual property right and will indemnify you against any damages finally awarded, provided that you promptly notify us of the claim and allow us to control the defense. We shall have no obligation for claims arising from your data, your use of the Service in violation of this Agreement, or combinations with third-party products not provided by us.
15. Term; Modification; Suspension; Termination
15.1 Term.
This Agreement will remain in effect for as long as the Customer continues to access or use the Service. The Customer may terminate this Agreement at any time by canceling the account in the System or by sending written notification to accounts@getreferralmd.com or the physical address listed in the Notices section. The Company may terminate or suspend access in accordance with this Agreement. Upon termination or expiration of this Agreement for any reason, all rights to access and use the Service will immediately cease. Notwithstanding the foregoing, any provisions that by their nature should survive termination or expiration will survive, including without limitation provisions relating to confidentiality, data protection, payment obligations, intellectual property, limitation of liability, indemnification, and dispute resolution.
15.2 Cancellation.
If you cancel your subscription to the System, your cancellation shall take effect immediately and you shall not be refunded any amount of your prepaid fees or amounts previously paid.
15.3 Suspension and Termination for Breach, Risk, or Compliance
We may suspend or terminate your access to the Service, in whole or in part: (a) immediately, without prior notice where necessary, where we reasonably determine that your use of the Service poses a risk to the security, integrity, or availability of the Service or any data (including Protected Health Information), or where required to comply with applicable law, regulation, or governmental order; or (b) upon notice, if you materially breach this Agreement, including failure to comply with applicable laws, regulations, or our Policies and Procedures, and fail to cure such breach within thirty (30) days where capable of cure. We will use commercially reasonable efforts to limit any suspension to the minimum extent necessary and to restore access promptly once the issue is resolved, where appropriate.
15.4 Modification. We may change the Services and the terms under which they are provided to you (including terms set forth in this Agreement) by providing you not less than thirty (30) days’ notice of a change affecting financial terms, or fifteen (15) days’ notice of any other change. Upon receipt of such a notice, you may terminate this Agreement by giving written notice at accounts@getreferralmd.com to us on or before the effective date of the change. You agree that your failure to give notice of termination prior to the effective date of the change constitutes acceptance of the change, which shall thereupon become part of this Agreement. Any failure to give such notice shall not affect your termination rights as set forth in Section 15.2.
15.5 Termination, Suspension or Amendment as a Result of Government Regulation. Notwithstanding anything to the contrary in this Agreement, we have the right, on notice to you, immediately to terminate, suspend, or amend this Agreement, without liability: (a) to comply with any order issued or proposed to be issued by any governmental agency; (b) to comply with any provision of law, any standard of participation in any reimbursement program, or any accreditation standard; or (c) if performance of any term of this Agreement by either Party would cause it to be in violation of law, or would jeopardize its tax-exempt status.
15.6 Judicial or Administrative Procedures; Credentialing. We may terminate this Agreement immediately upon notice to you: (a) if you are named as a defendant in a criminal proceeding for a violation of federal or state law; (b) if a finding or stipulation is made or entered into that you have violated any standard or requirement of federal or state law relating to the privacy or security of health information is made in any administrative or civil proceeding; (c) you are excluded from participation in a federal or state health care program or (d) you cease to be qualified to provide services as a health care professional, or we are unable to verify your qualifications as such.
15.7 Obligations After Termination. Upon termination of this Agreement, you shall cease to use the System, and we may terminate your access to the System. Upon termination for any reason, you shall remove all software provided under this Agreement from your computer systems, you shall cease to have access to the System, and you shall return to us all hardware, software, and documentation provided by or on behalf of us. Upon written request made within thirty (30) days following termination, we will make Customer Data available for export in a commercially reasonable format. We are not obligated to retain such data beyond such period.
16. Export Compliance
You agree to comply with all applicable export control and economic sanctions laws, including those administered by the U.S. Department of Commerce, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC), and other applicable authorities. You represent that you are not located in, and will not use the Service from, any restricted jurisdiction or in violation of such laws.
17. Applicable Law
The interpretation of this Agreement and the resolution of any disputes arising under this Agreement shall be governed by the laws of the State of South Carolina. If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in the City of Mount Pleasant and County of Charleston, South Carolina.
18. Assignment
Neither party may assign this Agreement without the prior written consent of the other, except that we may assign this Agreement without consent in connection with a merger, acquisition, or sale of assets.
19. Supervening Circumstances
Neither party shall be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including without limitation natural disasters, acts of government, labor disputes, power or internet outages, failures of cloud or hosting providers, cyberattacks, or other force majeure events.
20. Severability
Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of this Agreement, and such other provisions shall remain in full force and effect.
21. Notices
Any and all notices required or permitted under this Agreement shall be sent by U.S. mail to the address provided below or to such other and different addresses as the Parties may designate in writing. If you supply us with an electronic mail address, we may give notice by email message addressed to such address; provided that if we receive notice that the email message was not delivered, we shall give the notice by U.S. mail.
To Us:
Electronic Referral Manager Inc
PO Box 1609, Mt. Pleasant, SC 29465-1609
Main: 415-841-2727
Attention: Customer Support
To you, at the address provided to us when you registered as a user of the System.
22. Waiver
No term of this Agreement shall be deemed waived and no breach excused unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.
23. Complete Understanding
This Agreement contains the entire understanding of the Parties, and there are no other written or oral understandings or promises between the Parties with respect to the subject matter of this Agreement other than those contained or referenced in this Agreement. Except as otherwise provided in this Agreement (including Section 15.3), all modifications or amendments to this Agreement shall be in writing and signed by all Parties.
24. No Third-Party Beneficiaries
Nothing express or implied in this Agreement is intended to confer, nor shall confer, upon any person or entity other than the parties and their respective successors or assigns any rights, remedies, obligations, or liabilities whatsoever.
25. Advice of Counsel
Each Party acknowledges: (a) having fully read this Agreement in its entirety; (b) having had full opportunity to study and review this Agreement; (c) having been advised that counsel for us has acted solely on our behalf in connection with the negotiation, preparation, and execution of this Agreement; (d) having been advised that all parties have the right to consult and should consult independent counsel respecting their rights and duties under this Agreement; and (e) having had access to all such information as has been requested.
26. Authority
The individuals entering into this Agreement represent and warrant that they are competent and capable of entering into a binding contract and that they are authorized to enter into this Agreement on behalf of the Parties.
