Terms and conditions
WELCH ALLYN HOME® CLINICAL PORTAL
AND
HILLROM™ CONNEX® CLINICAL PORTAL
TERMS OF USE
REVISED MAY 19, 2020
THE TERMS AND CONDITIONS SET FORTH BELOW (“TERMS OF USE”) ARE A BINDING AGREEMENT BETWEEN YOU (YOU PERSONALLY OR YOU ON BEHALF OF A LEGAL ENTITY) (“YOU” AND “YOUR”) AND WELCH ALLYN, INC. (“WELCH ALLYN,” “WE,” “US,” AND “OUR”), AND GOVERN YOUR AND YOUR AUTHORIZED USERS’ ACCESS AND USE OF THE WELCH ALLYN HOME® CLINICAL PORTAL AND HILLROM™ CONNEX CLINICAL PORTAL (TOGETHER, THE “PORTAL”). THE PORTAL INCLUDES ANY UPDATES THERETO, AND ALL ASSOCIATED DOCUMENTATION.
WELCH ALLYN LICENSES THE PORTAL SOLELY ON THESE TERMS OF USE AND ON THE CONDITION THAT YOU ACCEPT AND COMPLY WITH THEM. BY CLICKING THE "AGREE" BUTTON BELOW YOU: (A) HAVE READ AND UNDERSTAND THESE TERMS OF USE; (B) ACCEPT THESE TERMS OF USE AND AGREE THAT YOU AND YOUR AUTHORIZED USERS ARE LEGALLY BOUND BY THEM; AND (C) REPRESENT AND WARRANT THAT (I) YOU ARE OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT, AND (II) IF YOU ARE ACCEPTING AND AGREEING ON BEHALF OF A LEGAL ENTITY, YOU HAVE THE RIGHT, POWER AND AUTHORITY TO ENTER INTO THESE TERMS AND CONDITIONS ON BEHALF OF SUCH LEGAL ENTITY AND TO BIND SUCH LEGAL ENTITY AND ITS AUTHORIZED USERS TO THESE TERMS OF USE. IF YOU DO NOT AGREE TO THESE TERMS OF USE, WELCH ALLYN WILL NOT AND DOES NOT LICENSE THE PORTAL TO YOU AND YOU MUST NOT ACCESS OR USE THE PORTAL.
BY AGREEING TO AND ACCEPTING THE TERMS AND CONDITIONS OF THESE TERMS OF USE YOU AGREE TO AND ACCEPT THE TERMS AND CONDITIONS OF THE BUSINESS ASSOCIATE ADDENDUM IN EXHIBIT 1.
Definitions.
- App means the Welch Allyn Home® mobile software application (the “Welch Allyn Home App”) and/or the Hillrom™ Connex® mobile software application (the “Hillrom Connex App”).
- Authorized Users means Your employees or independent contractors authorized by You to access the Portal and view and use Patient Information.
- Patient Information means Your patients’ individually identifiable information such as name, email address, and health and biometric data submitted by them via the App and Your patients’ individually identifiable information such as name, gender, date of birth and health information input by You or Your Authorized Users in the course of setting up and administering patients’ accounts in the Portal.
- Your Information means Your facility or practice name, primary contact information, national provider identifier and any other information about You or Your Authorized Users provided by You or Your Authorized Users in the course of accessing and using the Portal.
License Grant. Subject to these Terms of Use, Welch Allyn grants You and Your Authorized Users a limited, non-exclusive and nontransferable license to access and use the Portal solely for Your internal business purposes.
License Restrictions. You agree that You and Your Authorized Users will not:
- copy the Portal, except as expressly permitted by this license;
- modify, translate, adapt, or otherwise create derivative works or improvements of the Portal;
- reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code of the Portal or any part thereof;
- remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from the Portal, including any copy thereof;
- rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the Portal, or any functionality or feature of the Portal, to any third party for any reason, including by making the Portal available on a network where it is capable of being accessed by more than one device at any time; or
- remove, disable, circumvent, or otherwise create or implement any workaround to any copy protection, rights management, or security features in or protecting the Portal.
Reservation of Rights. You acknowledge and agree that the Portal is provided under license, and not sold, to You. You do not acquire any ownership interest in the Portal under these Terms of Use, or any other rights thereto other than to use the Portal in accordance with the license granted, and subject to all terms, conditions, and restrictions, under these Terms of Use. We reserve and retain Our entire right, title, and interest in and to the Portal, including all copyrights, trademarks, and other intellectual property rights therein or relating thereto except as expressly granted to You in these Terms of Use.
Patient Information. The App enables Your patients’ mobile device to collect physiological measurements from home monitoring and vital signs devices and transmit them to the Portal. The App also saves and tracks Your patients’ results. Your patients must agree that We may access, collect, store, process, maintain, upload, sync, transmit, share, disclose and use Patient Information as a condition of their download, installation and use of the App. Patients may cease use of the App or delete it from their mobile device at any time. We may, in Our sole discretion and with or without notice, terminate patients’ right to use the App and reserve the right to delete patient accounts where the App has not been used for twelve (12) consecutive months. We have no obligation to store, maintain, recover or provide You a copy of any Patient Information, or offer You the opportunity to retrieve or transfer any Patient Information prior to its destruction.
No Business Associate Relationship with Respect to Patient Information Collected and Transmitted by the Welch Allyn Home App and Accessed and Used Via the Welch Allyn Home Clinical Portal . By providing the Welch Allyn Home Clinical Portal for Your access and use of Patient Information collected and transmitted by the Welch Allyn Home App, We are not creating, receiving, maintaining or transmitting protected health information (as such term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and all implementing regulations (“HIPAA”)) on Your behalf, or on behalf of a business associate (as that term is defined under HIPAA) of Yours. We are providing a service to Your patients as consumers by facilitating Your access and use of Patient Information on their behalf and at their request. Your access and use of the Welch Allyn Home Clinical Portal does not give rise a business associate relationship between You and Us.
Business Associate Relationship with Respect to Patient Information Collected and Transmitted by the Hillrom Connex App and Accessed and Used Via the Hillrom Connex Clinical Portal . By providing the Hillrom Connex Clinical Portal for Your access and use of Patient Information collected and transmitted by the Hillrom Connex App, We are creating, receiving, maintaining or transmitting protected health information on Your behalf, or on behalf of a business associate of Yours. We are providing a service to You as a covered entity (as that term is defined under HIPAA) or You as a business associate of a covered entity by facilitating Your access and use of Patient Information on Your behalf and at Your request. Your access and use of the Hillrom Connex Clinical Portal does give rise a business associate relationship between You and Us, and the Business Associate Addendum in Exhibit 1 governs Your and Our obligations under HIPAA with respect to Patient Information collected and transmitted by the Hillrom Connex App and accessed and used by You via the Hillrom Connex Clinical Portal.
De-identification of Patient Information Collected and Transmitted by the Hillrom Connex App and Accessed and Used Via the Hillrom Connex Clinical Portal . You agree that We may de-identify Patient Information collected and transmitted by the Hillrom Connex App and accessed and used via the Hillrom Connex Clinical Portal, and aggregate, analyze, use, and disclose such de-identified Patient Information, solely for Our own internal business purposes of research and development, product improvement, and quality assurance. We will not disclose or sell such de-identified Patient Information, or any aggregations, analyses, reports, programs, and output based on or including such de-identified Patient Information (“De-identified Work Product”), to any third party. We shall own all right, title, and interest in and to such de-identified Patient Information and any De-identified Work Product, and shall retain all such deidentified Patient Information and any De-identified Work Product after termination of these Terms of Use.
Your Information. You agree that We may access, collect, store, process, maintain, upload, sync, transmit, share, disclose and use Your Information. BY CLICKING THE “AGREE” BUTTON, YOU EXPRESSLY CONSENT TO THE FOREGOING ACCESS, COLLECTION, STORAGE, PROCESSING, MAINTENANCE, UPLOADING, SYNCING, TRANSMITTING, SHARING, DISCLOSURE AND USE OF YOUR INFORMATION. By continuing to access and use the Portal, You indicate Your continued consent to such access, collection, storage, processing, maintenance, uploading, syncing, transmitting, sharing, disclosure and use of Your Information. Our access, collection, storage, processing, maintenance, uploading, syncing, transmitting, sharing, disclosure and use of Your Information is governed by Our Global Privacy Notice, which is incorporated herein by this reference. Our Global Privacy Notice may be viewed at https://hillrom.com/en-us/global-privacy-notice/ .
Geographic Restrictions. The Portal is provided for access and use only by persons located in the United States. You acknowledge that You or Your Authorized Users may not be able to access or use all or some of the Portal outside of the United States and that access or use of the Portal by certain persons or in certain countries may not be legal. If You or Your Authorized Users access or use the Portal outside the United States, You or Your Authorized Users are responsible for compliance with all local laws.
Updates; Limits. We may change the Portal, including without limitation making improvements or alterations to functionalities, adding or removing features, and providing bug fixes and patches, with or without notice to You. You agree that all updates will be deemed part of the Portal and be subject to these Terms of Use. We also reserve the right to establish limits on the nature or size of storage available to You or on Your continued ability to access or use Patient Information, and to impose other limitations at any time, with or without notice to You.
Revisions to Terms of Use. We may revise these Terms of Use with or without notice to You. Revised Terms of Use supersede all earlier versions. We encourage You periodically to read these Terms of Use to see if We have made revisions to Our policies that may affect You. Your continued use of the Portal will signify Your continued agreement to these Terms of Use as they may be revised.
Term and Termination. The term of these Terms of Use will commence upon Your acceptance of these Terms of Use and will continue in effect until terminated as set forth in this section.
- We may terminate these Terms of Use in Our sole discretion at any time, with or without notice to You. In addition, these Terms of Use will terminate immediately and automatically without any notice to You if You or Your Authorized Users violate any of these Terms of Use. Upon termination Your account will be deleted and all rights granted to you under these Terms of Use will end.
- We reserve the right to delete Your account if You haven’t used the Portal for twelve (12) consecutive months.
- Termination will not limit any of Our rights or remedies at law or in equity.
Login and Password. To protect Your Information, access to the Portal requires submission of login and password information and/or other authentication tokens or codes to create a user account (collectively and individually “Login and Password”). The Login and Password are for Your and Your Authorized Users’ personal use only and are not transferable. Neither You nor Your Authorized Users may share Your or their Login or Password with any other person or entity. You agree that You and Your Authorized Users will be responsible for maintaining Your and their Login and Password as confidential and for any activity that occurs as a result of Your or Your Authorized Users enabling or permitting another person or entity to use Your or their Login and Password. You agree immediately to notify Us in the event that Your or any of Your Authorized Users’ Login and Password is lost or stolen or You or any of Your Authorized Users become aware of any unauthorized use of Your or their Login and Password or of any other breach of security related to the Portal.
NO MEDICAL ADVICE. THE APP AND THE PORTAL ARE INTENDED ONLY TO TRANSMIT AND STORE PATIENT INFORMATION. NEITHER THE APP NOR THE PORTAL IS INTENDED AS A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE OR CARE, AND NEITHER THE APP NOR THE PORTAL IS INTENDED TO DIRECT OR INFLUENCE YOUR PROFESSIONAL MEDICAL JUDGMENT. PATIENTS USING THE APP ARE INSTRUCTED TO CONTACT THEIR DOCTOR OR OTHER QUALIFIED HEALTH CARE PROVIDER IMMEDIATELY IF THEY SUSPECT THEY HAVE A MEDICAL PROBLEM OR CONDITION, AND TO CALL FOR EMERGENCY MEDICAL HELP IMMEDIATELY IF THEY ARE EXPERIENCING A MEDICAL EMERGENCY. NEITHER THE APP NOR THE PORTAL IS NOT INTENDED FOR EMERGENCY OR REAL-TIME MONITORING.
NO WARRANTY. THE PORTAL IS PROVIDED “AS IS” AND WITHOUT WARRANTY OF ANY KIND WHATSOEVER, EITHER EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE SPECIFICALLY DISCLAIM AND EXCLUDE ANY AND ALL WARRANTIES, EXPRESSED, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSES, NON-INFRINGEMENT OR QUALITY AND/OR PERFORMANCE. WE DO NOT WARRANT THAT THE PORTAL WILL MEET YOUR REQUIREMENTS, THAT THE PORTAL’S OPERATION WILL BE ERROR-FREE OR UNINTERRUPTED, THAT THE INTERNET WILL BE AVAILABLE, THAT ERRORS IN THE PORTAL WILL BE CORRECTED OR THAT YOUR COMMUNICATIONS WILL BE SECURE OR DELIVERED TO YOUR RECIPIENTS, WHETHER THEY ARE YOUR INTENDED RECIPIENTS OR OTHERWISE, OR THAT YOUR INFORMATION STORED AND/OR ARCHIVED IN THE PORTAL OR ON OUR SERVERS WILL BE AVAILABLE, ACCESSIBLE, SECURE AND/OR ACCURATE. THE ENTIRE RISK ARISING OUT OF THE USE OR PERFORMANCE OF THE PORTAL REMAINS WITH YOU, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
DISCLAIMER OF LIABILITY. TO THE FULLEST EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF ANY KIND (INCLUDING, WITHOUT LIMITATION, FOR ANY LOSS OR DISCLOSURE OF PATIENT INFORMATION OR YOUR INFORMATION, ANY FAILURE TO MAKE PATIENT INFORMATION OR YOUR INFORMATION AVAILABLE TO YOU, INTERRUPTION OF SERVICE, COMPUTER OR MOBILE DEVICE FAILURE, DATA USAGE CHARGES, OR PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PORTAL, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE) OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOU UNDERSTAND AND ACKNOWLEDGE THAT YOUR SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY DEFECT IN OR DISSATISFACTION WITH THE PORTAL IS TO CEASE USE OF THE PORTAL. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL OUR TOTAL LIABILITY TO YOU FOR ANY AND ALL DAMAGES EXCEED THE AMOUNT OF FIFTY DOLLARS ($50.00).
Export Regulation. The Portal may be subject to United States export control laws, including the Export Administration Act and its associated regulations. Neither You nor Your Authorized Users shall, directly or indirectly, export, re-export, or release the Portal to, or make the Portal accessible from, any jurisdiction or country to which export, re-export, or release is prohibited by law, rule, or regulation. You and Your Authorized Users shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Portal available outside the United States.
Governing Law. These Terms of Use are governed by and construed in accordance with the internal laws of the State of New York without giving effect to any choice or conflict of law provision or rule. Any legal suit, action, or proceeding arising out of or related to these Terms of Use or the Portal shall be instituted exclusively in the federal courts of the United States or the courts of the State of New York, in each case located in the City of Syracuse and the County of Onondaga. You waive any and all objections to the exercise of jurisdiction over You by such courts and to venue in such courts.
Limitation of Time to File Claims. ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR THE PORTAL MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION OR CLAIM ACCRUES OTHERWISE SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.
Entire Agreement. These Terms of Use and Our Privacy Policy constitute the entire agreement between You and Us with respect to the Portal and supersede all prior or contemporaneous understandings and agreements, whether written or oral, with respect to the Portal.
Waiver. No failure to exercise, and no delay in exercising, on the part of either party, any right or any remedy hereunder shall operate as a waiver thereof, nor shall any single or partial exercise of any right or remedy hereunder preclude further exercise of that or any other right or remedy hereunder. In the event of a conflict between these Terms of Use and any applicable purchase or other terms, these Terms of Use shall govern.
PLEASE CONTACT US IF YOU HAVE ANY QUESTIONS ABOUT THESE TERMS OF USE.
Welch Allyn, Inc.
P.O. Box 220
4341 State Street Road
Skaneateles Falls, New York 13153
Exhibit 1
BY AGREEING TO AND ACCEPTING THE TERMS AND CONDITIONS OF THE TERMS OF USE YOU AGREE TO AND ACCEPT THE TERMS AND CONDITIONS OF THIS BUSINESS ASSOCIATE ADDENDUM.
BUSINESS ASSOCIATE ADDENDUM
This Business Associate Addendum (the “BAA”) is entered into by and between a Covered Entity or Business Associate (“You” and “Your”) and Welch Allyn, Inc. (“Welch Allyn”) as a Business Associate of Yours.
RECITALS
WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) that protects the confidentiality of health information;
WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services (“HHS”) promulgated Breach Notification Standards, Privacy Standards, and Security Standards (collectively, the “HIPAA Standards”), each as defined below, governing confidential health information;
WHEREAS, Welch Allyn licenses the Hillrom™ Connex Clinical Portal (the “Portal”) under the Welch Allyn Home® Clinical Portal and Hillrom™ Connex® Clinical Portal Terms of Use (“Terms of Use”);
WHEREAS, Your use of the Portal under the Terms of Use requires Welch Allyn to create, receive, maintain, or transmit Protected Health Information on Your behalf; and
WHEREAS, in order to comply with the Business Associate requirements of HIPAA and its implementing regulations, You and Welch Allyn must enter into an agreement that governs the Uses and Disclosures of such Protected Health Information by Welch Allyn.
NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Welch Allyn and You agree as follows:
-
DEFINITIONS For purposes of this BAA, the following words shall have the following meanings.
- "Breach” shall have the meaning set forth in 45 C.F.R. § 164.402; with respect to all other uses of the word “breach” in this BAA, the word shall have its ordinary contract meaning.
- “Breach Notification Standards” shall mean the Breach Notification for Unsecured Protected Health Information Rule, 45 C.F.R. Parts 160 and 164, Subparts A and D, as currently in effect.
- “Business Associate” shall have the meaning set forth in 45 C.F.R. § 160.103. For purposes of this BAA, Welch Allyn is a Business Associate of Yours.
- “Covered Entity” shall have the meaning set forth in 45 C.F.R. § 160.103.
- “Electronic Health Record” shall have the meaning set forth in Section 13400(5) of the HITECH Act, i.e., an electronic record of health-related information on an Individual that is created, gathered, managed and consulted by health care clinicians and staff.
- “HITECH Act” shall mean the Health Information Technology for Economic and Clinical Health Act, found in Title XIII of the American Recovery and Reinvestment Act of 2009, effective February 17, 2009.
- “Individual” shall have the meaning as set forth in 45 C.F.R. § 160.103, i.e., the person who is the subject of Protected Health Information, and shall include a personal representative in accordance with 45 C.F.R. § 164.502(g).
- “Privacy Standards” shall mean the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and E, as currently in effect.
- “Protected Health Information” or “PHI” shall have the meaning set forth at 45 C.F.R. § 160.103 for “protected health information” except that, for purposes of this BAA, Protected Health Information and all variations of the term (including Electronic Protected Health Information, PHI and Unsecured Protected Health Information) shall be limited to information that Welch Allyn creates, receives, maintains, or transmits on Your behalf.
- “Secretary” shall mean the Secretary of the HHS or any office or person within the HHS to which/whom the Secretary has delegated his or her authority to administer the HIPAA Standards, such as the Director of the Office for Civil Rights.
- “Security Standards” shall mean the Security Standards for the Protection of Electronic Protected Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and C.
- Capitalized terms used but not defined herein shall have the meanings ascribed to them in the HIPAA Standards.
- "Breach” shall have the meaning set forth in 45 C.F.R. § 164.402; with respect to all other uses of the word “breach” in this BAA, the word shall have its ordinary contract meaning.
-
WELCH ALLYN’S OBLIGATIONS AS YOUR BUSINESS ASSOCIATE. Welch Allyn shall comply with the following terms of this BAA:
-
Permitted Uses and Disclosures.
- Except as otherwise provided in this BAA, Welch Allyn may Use and make Disclosures of PHI as necessary to fulfill its responsibilities under the Terms of Use and as otherwise specifically requested by You, so long as such Use or Disclosure would not violate the Privacy Standards if done by You, and provided that Welch Allyn is notified in writing by You of additional limitations on Uses or Disclosures.
- Except as otherwise provided in this BAA, Welch Allyn may Use PHI for its proper management and administration, to fulfill its legal responsibilities, or as Required by Law. Welch Allyn may make Disclosures of PHI in its possession to third parties for its proper management and administration or to fulfill any of its legal responsibilities, but only if (i) the Disclosure is Required by Law, or (ii) Welch Allyn has received written assurances from the third party that the PHI will be held confidentially and Used or made subject to further Disclosure only as Required by Law or for the purpose for which it was disclosed to the third party and that the third party will notify Welch Allyn of any instances of which it is aware in which the confidentiality of the PHI has been breached.
- Welch Allyn may Use PHI to create de-identified information consistent with the standards of 45 C.F.R. §164.514(a)-(c), and may Use and make Disclosures of such de-identified information solely for Welch Allyn’s own internal business purposes of research and development, product improvement, and quality assurance. Welch Allyn will not disclose or sell such de-identified information, or any aggregations, analyses, reports, programs, and output based on or including such de-identified information (“De-identified Work Product”), to any third party. Welch Allyn shall own all right, title, and interest in and to such de-identified information and any De-identified Work Product, and shall retain all such de-identified information and any De-identified Work Product after any expiration or termination of this BAA.
- Welch Allyn may Use PHI in its possession to provide Data Aggregation services relating to Your Health Care Operations or, if You are a Business Associate, for the Covered Entity on whose behalf You are acting.
- Consistent with the requirements of 45 C.F.R. § 164.502(j)(1), Welch Allyn may make Disclosures of PHI to report conduct that is unlawful or otherwise violates professional or clinical standards, or that care, services, or conditions potentially endangers one or more patients, workers, or the public.
- Welch Allyn agrees to make reasonable efforts to limit the Use and/or Disclosure of PHI to the minimum necessary to accomplish the intended purpose of the Use, Disclosure, or request in accordance with 45 C.F.R. §§ 164.502(b) and 164.514(d) and any guidance issued by the Secretary.
- Welch Allyn will not Use or make Disclosures of PHI other than as permitted or required by this BAA or as Required by Law.
- Except as otherwise provided in this BAA, Welch Allyn may Use and make Disclosures of PHI as necessary to fulfill its responsibilities under the Terms of Use and as otherwise specifically requested by You, so long as such Use or Disclosure would not violate the Privacy Standards if done by You, and provided that Welch Allyn is notified in writing by You of additional limitations on Uses or Disclosures.
-
Disclosures to Subcontractors. Welch Allyn shall ensure that any Subcontractors that create, receive, maintain, or transmit PHI on Welch Allyn’s behalf have entered into an agreement containing the same terms and conditions set forth in this BAA, including the obligation to comply with the applicable requirements of the Security Standards.
-
Appropriate Safeguards. Welch Allyn shall implement appropriate administrative, technical, and physical safeguards to prevent any Use or Disclosure of PHI not authorized by this BAA.
- Compliance with Security Standards. Welch Allyn shall comply with the applicable requirements of the Security Standards.
- Reporting of Illegal, Unauthorized, or Improper Uses or Disclosures and Remedial Actions. Welch Allyn shall report to You any illegal, unauthorized, or improper Use or Disclosure of PHI, Security Incident, or Breach of Unsecured PHI (collectively, “Identified Event”) by it within fifteen (15) days of obtaining knowledge of such Identified Event. In the case of a Breach of Unsecured PHI, the initial notice will contain all relevant information available to Welch Allyn at the time such notice is provided. Without unreasonable delay and within thirty (30) days following discovery of any Breach of Unsecured PHI by Welch Allyn, Welch Allyn shall provide You a notice containing all information required to be included in such notice pursuant to 45 C.F.R. § 164.410(c). Welch Allyn shall take commercially reasonable actions to mitigate the negative impact of any Identified Event and adopt additional or improve existing safeguards to prevent recurrence. Welch Allyn and You agree and acknowledge that, to the extent Welch Allyn transmits PHI on Your behalf, Welch Allyn shall have no obligation to report any impermissible Use or Disclosure by the recipient of PHI unless the recipient is acting on Welch Allyn’s behalf. Notwithstanding the preceding, Welch Allyn and You acknowledge and agree that this section constitutes notice by Welch Allyn to You of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (defined below) for which no additional notice to You shall be required. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Welch Allyn’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, Use or Disclosure of PHI.
- Internal Practices, Books, and Records. Welch Allyn shall make its internal practices, books, and records relating to the Use and Disclosure of PHI created, received, maintained, or transmitted by Welch Allyn on Your behalf available to the Secretary, or the Secretary’s designees, for purposes of determining Welch Allyn’s and Your compliance with the Privacy Standards. Nothing in this Section shall be construed as a waiver of any legal privilege or of any protections for trade secrets or confidential commercial information by Welch Allyn.
- Access to PHI. To the extent PHI in Welch Allyn’s possession constitutes a Designated Record Set, within fifteen (15) days of Your written request Welch Allyn shall make available to You PHI in a Designated Record Set as necessary to satisfy Your obligations under 45 CFR § 164.524, and, if requested by You, shall provide or send a hard or soft copy to a designated third party. Welch Allyn will not respond directly to an Individual’s request for access to PHI in a Designated Record Set and will direct such Individual to You so that You may timely respond to such Individual’s request.
- Amendments to PHI. To the extent PHI in Welch Allyn’s possession constitutes a Designated Record Set, within fifteen (15) days of Your written request Welch Allyn shall make any amendment(s) to PHI in a Designated Record Set as necessary to satisfy Your obligations under 45 CFR § 164.526. Welch Allyn will not respond directly to an Individual’s request for an amendment of PHI in a Designated Record Set and will direct such Individual to You so that You may timely respond to such Individual’s request.
- Accounting of Disclosures. To the extent applicable, Welch Allyn shall document and, within fifteen (15) days of Your written request, provide You with an accounting of all Disclosures of PHI as necessary to satisfy Your obligations under 45 C.F.R. § 164.528. Welch Allyn will not respond directly to an Individual’s request for an accounting of Disclosures of PHI and will direct such Individual to You so that You may timely respond to such Individual’s request.
- Compliance with Privacy Standards. Welch Allyn shall comply with the requirements of the Privacy Standards applicable to You to the extent that Welch Allyn carries out any of Your obligations under the Privacy Standards.
-
Permitted Uses and Disclosures.
-
YOUR OBLIGATIONS. You shall comply with the following terms of this BAA:
- Notice of Privacy Practices. To the extent that You are a Covered Entity that is required to provide to Individuals a notice of privacy practices pursuant to 45 C.F.R. § 164.520, You shall ensure, throughout the term of this BAA, that such notice adequately describes all the Uses and Disclosures of PHI that Welch Allyn is allowed to make pursuant to this BAA. To the extent that You are a Business Associate, You shall notify Welch Allyn of any applicable limitation(s) of which You are aware in the notice of privacy practices of a Covered Entity under 45 C.F.R. § 164.520 to the extent such limitation(s) may affect Welch Allyn’s Use or Disclosure of PHI under this BAA.
- Individual Permission. You shall notify Welch Allyn of changes in, or revocation of, permission by an Individual to Use or make Disclosures of PHI of which You are aware to the extent such changes affect Welch Allyn’s permitted Uses or Disclosures of PHI under this BAA.
- Impermissible Requests. You shall not request Welch Allyn to Use or Disclose PHI in any manner that would not be permissible under the Privacy Standards if done by You.
- Notice of Privacy Practices. To the extent that You are a Covered Entity that is required to provide to Individuals a notice of privacy practices pursuant to 45 C.F.R. § 164.520, You shall ensure, throughout the term of this BAA, that such notice adequately describes all the Uses and Disclosures of PHI that Welch Allyn is allowed to make pursuant to this BAA. To the extent that You are a Business Associate, You shall notify Welch Allyn of any applicable limitation(s) of which You are aware in the notice of privacy practices of a Covered Entity under 45 C.F.R. § 164.520 to the extent such limitation(s) may affect Welch Allyn’s Use or Disclosure of PHI under this BAA.
-
TERM AND TERMINATION.
- Term. The term of this BAA shall commence on and this BAA shall be effective as of the date of Your initial access of the Portal following Your agreement to and acceptance of the terms and conditions of the Terms of Use. This BAA shall be co-terminus with the term of the Terms of Use except as otherwise provided herein.
- Termination for Cause. In the event either party determines that the other has breached a material term of this BAA, including engaging in a pattern of activity or practice that constitutes a material breach of a term of this BAA, and such violation continues for thirty (30) calendar days after written notice of such breach has been provided, notwithstanding anything to the contrary in the Terms of Use, the party claiming a breach shall have the right to terminate the Terms of Use for cause.
- Return or Destruction of PHI; Disposition Because Return or Destruction Is Not Feasible. The parties hereby acknowledge that, upon the termination of this BAA, the return or destruction of PHI created, received, maintained, or transmitted by Welch Allyn on Your behalf is not feasible and that, therefore, Welch Allyn may retain a copy of such PHI. The provisions of this BAA shall continue to apply to any such PHI retained following termination of this BAA, and Welch Allyn shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible for as long as Welch Allyn maintains such PHI.
- Term. The term of this BAA shall commence on and this BAA shall be effective as of the date of Your initial access of the Portal following Your agreement to and acceptance of the terms and conditions of the Terms of Use. This BAA shall be co-terminus with the term of the Terms of Use except as otherwise provided herein.
-
MISCELLANEOUS.
- Regulatory References. A reference in this BAA to a section in HIPAA, the HITECH Act, or the HIPAA Standards shall mean the section as in effect or as amended at the time.
- Survival. The rights and obligations of Welch Allyn under Section 4.3 shall survive the termination of this BAA.
- Interpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Welch Allyn and You to comply with the HIPAA Standards.
- Integration. This BAA is the sole and complete agreement between Welch Allyn and You with respect to the HIPAA Standards as they apply to Your use of the Portal and supersedes any prior agreements between Welch Allyn and You with respect to the HIPAA Standards as they apply to Your use of the Portal. To the extent the terms and conditions of this BAA that relate to the HIPAA Standards are inconsistent with the terms and conditions of the Terms of Use, the terms and conditions of this BAA shall govern. To the extent the terms and conditions of the Terms of Use that do not relate to the HIPAA Standards are inconsistent with the terms and conditions of this BAA, the terms and conditions of the Terms of Use shall govern. For the avoidance of doubt, the terms and conditions of the Terms of Use shall govern all rights and obligations of Welch Allyn and You with respect to the limited license to use the Portal granted by Welch Allyn to You thereunder.
- Amendment. Welch Allyn reserves the right to amend the terms and conditions of this BAA as necessary to comply with any changes in law, including, but not limited to, the promulgation of amendments to the HIPAA Standards required by the HITECH Act or any other future laws, applicable to or affecting the rights, duties, and obligations of Welch Allyn and You under this BAA or the Terms of Use.
- Notices. All notices under this BAA shall be in writing and shall be deemed to have been given when: (i) personally delivered (which notice shall be deemed to have been received upon delivery), (ii) sent by registered mail, postage prepaid (which notice shall be deemed to have been received on the third (3rd) business day following the date on which it is mailed), or (iii) sent overnight by a commercial overnight courier that provides a receipt (which notice shall be deemed to be received on the next business day following the date on which it is sent), to the address for notices set forth in, for Welch Allyn, the Terms of Use, and for You, in Your Information (as that term is defined in the Terms of Use), or such other address a party may provide by giving notice to the other party in compliance with this BAA.
- Governing Law. This BAA will be governed by and interpreted in accordance with the laws of the State of New York without regard to principles of choice of law or conflicts of laws.
- Limitation of Liability. In no event shall either party be liable to the other party for any indirect, consequential, incidental, exemplary, special or punitive damages (including lost profits and lost business), arising out of or in connection with this BAA, even if it has been advised or is aware of the possibility of such damages, and regardless of whether arising in tort (including negligence), contract, or other legal theory.
- Regulatory References. A reference in this BAA to a section in HIPAA, the HITECH Act, or the HIPAA Standards shall mean the section as in effect or as amended at the time.