Updated as of February 2024
Terms of Service
Introduction
Thank you for choosing Automaticity, Inc. (“Company”) for your business. The Company provides healthcare tools powered by artificial intelligence (AI). The Company refers to the foregoing products and/or services herein collectively as “Services.”
These Terms of Service (“Agreement,” or “Terms of Service”) and the Business Associate Agreement (“BAA”), attached as an addendum to this Agreement, apply to any use of and access to our Services and/or our websites located at www.automaticity.ai and www.clinicsidekick.com and any additional subdomains (collectively, the “Websites” and each individually, a “Website”) by you and/or your agents (collectively, “you”). When you use our Services, you are agreeing to our terms, so please carefully read the Terms of Service and the Privacy Policy, incorporated herein, as these documents contain important information regarding your legal rights and obligations.
THIS DOCUMENT, THE TERMS OF SERVICE, IS A LEGAL AGREEMENT BETWEEN THE COMPANY AND YOU WHICH GOVERNS YOUR USE OF THE SERVICES AND THE WEBSITE. YOUR USE OF THE SERVICES AND THE WEBSITE CONSTITUTES YOUR ACCEPTANCE OF AND AGREEMENT TO ALL OF THE TERMS AND CONDITIONS IN THESE TERMS OF SERVICE AND THE PRIVACY POLICY INCORPORATED HEREIN; AND YOUR REPRESENTATION THAT YOU ARE AT LEAST 16 YEARS OF AGE OR OLDER. IF YOU OBJECT TO ANYTHING IN THESE TERMS OF SERVICE, YOU ARE NOT PERMITTED TO USE THE SERVICES. If you accept these Terms of Service and use the Services on behalf of a company, organization, or other legal entity, you represent and warrant to the Company that you have full power and authority to do so.
Effective Date. This Agreement is effective (“Effective Date”) on the date you first access or use the Services and/or the Website, whichever is earlier.
Fees. Upon notice to you, the Company may increase any fees specified in connection with its Services. Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”). You are responsible for paying all Taxes associated with purchases and transactions under this Agreement.
You may pay by credit card by way of the Company’s third-party payment processor. You agree not to file a credit or debit card chargeback with regard to any amount of fees charged in connection with the Services. Instead, you agree to abide by the dispute resolution procedures outlined herein, below.
Account. By creating an online account with the Company on its Website ("Account"), you are granted a right to use the Services provided by the Company subject to the restrictions set forth in these Terms of Service and the Privacy Policy, incorporated by reference herein.
Our Account registration process will ask you for information including your name, email and or physical address, phone number, etc. (hereinafter, collectively referred to as “Personal Information,” as previously defined in our Privacy Policy). By registering for an Account, you warrant you are over the age of 16, and further agree to provide true, accurate, current and complete information about yourself as prompted by the registration process. You further agree that you will not knowingly omit or misrepresent any material facts or information, and that you will promptly enter corrected or updated information in your Account, or notify us in writing regarding your corrected or updated information.
We may verify your provided information, as required for your use of and access to the Services. You agree to maintain your Account solely for your own use. You agree that you will not allow another person to use your Account. We reserve the right to suspend or terminate the Account of any User who provides inaccurate, untrue, or incomplete information, or who fails to comply with the account registration requirements.
You are solely and entirely responsible for maintaining the confidentiality of your Account, and for any charges, damages, liabilities or losses incurred or suffered as a result of your failure to do so. Furthermore, you are solely and entirely responsible for any and all activities that occur under your Account, including any charges incurred relating to the Services.
The Company is not liable for any harm caused by or related to the theft of your Account, your disclosure of your Account, or your authorization to allow another person to access or use the Services using your Account. You agree to immediately notify us of any unauthorized use of your Account or any other breach of security known to you. You acknowledge that the complete privacy of your data and messages transmitted while using the Services and/or the Website cannot be guaranteed in the event of breach.
Subscription Services
Access. If you or your company (“Customer”) create an Account and/or sign up for the Clinic Sidekick Subscription Services (“Subscription”), additional terms may be provided in the order form provided to the Customer by the Company (“Order Form”). Use of the Subscription is intended for use by licensed healthcare providers, healthcare systems, and related staff to use the Services for the provision of healthcare services within the United States. Any other use of the Subscription is prohibited. Any use outside of the US is the sole responsibility of the customer. Access to the Subscription will be limited to the number of authorized users identified in the Order Form and is subject to and in compliance with this Agreement. If you are being invited to access the Clinic Sidekick Subscription as set up by Customer, your use of the Subscription is also subject to this Agreement. You may not reverse engineer, decompile, decode, decrypt, disassemble, or in any way derive source code from the Subscription.
Customer Data. Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all information, data, and other content, in any form or medium, that is collected or otherwise received, directly or indirectly, from Customer by or through the Subscription (for the avoidance of doubt, Customer Data does not include Aggregated Data) (“Customer Data”). Customer hereby grants Company all such rights and permissions in or relating to Customer Data as are necessary or useful for Company to perform its obligations hereunder.
Fees. In exchange for the Subscription Customer shall pay Company the fees as identified in the Order Form. The Customer may access the Subscription at no cost during any trial, temporary, or free tier as described in the offer on the Website.
Termination. Upon termination or expiration of the Subscription, access will immediately terminate, and Customer will have no further right to access or use any of Service.
Links to Third-Party Accounts. As part of the functionality of the Services, and pursuant to our Privacy Policy, which is incorporated herein, we offer you the option to link your Account with online accounts you may have with third parties such as Google ("Third Party Account") by either: (i) providing your Third Party Account login information through the Services; or (ii) allowing the Company to access your Third Party Account, as is permitted under the applicable terms and conditions that govern your use of each Third Party Account.
You represent that you own and are entitled to disclose your Third Party Account login information to the Company and/or grant the Company access to your Third Party Account (including, but not limited to, for use for the purposes described herein), without breach by you of any of the terms and conditions that govern your use of the applicable Third Party Account. The Company will not pay any fees or be subject to any usage limitations imposed by such third party service providers.
By granting the Company access to any Third Party Accounts, you understand that (i) the Company may access, make available and store (if applicable) any content that you have provided to and stored in your Third Party Account (the "SNS Content") so that it is available on and through the Services via your Account, including without limitation any friend lists, and (ii) the Company may submit and receive additional information to your Third Party Account to the extent you are notified when you link your Account with the Third Party Account. Please note that if a Third Party Account or associated service becomes unavailable or the Company's access to such Third Party Account is terminated by the third party service provider, then SNS Content may no longer be available on and through the Services.
Depending on the Third Party Accounts you choose to link with the Website, and subject to the privacy settings that you have set in the Third Party Accounts, personally identifiable information that you post to your Third Party Accounts may be available on and through your Account on the Website. Depending on your privacy settings, the Company may access your contacts associated with a Third Party Account, solely for the purposes of identifying and informing you of those contacts who have also registered to use the Services and/or Website, unless you expressly tell us not to do so in writing.
Finally, you will have the ability to disable the connection between your Account and your Third Party Accounts at any time. PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD PARTY SERVICE PROVIDERS ASSOCIATED WITH YOUR THIRD PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD PARTY SERVICE PROVIDERS. The Company makes no effort to review SNS Content by any Third Party Accounts for any purpose, including but not limited to, for accuracy, legality or non-infringement, and the Company is not responsible for any SNS Content by Third Party Accounts.
Prohibited Uses. You may use the Services and/or Website only for lawful purposes and in accordance with these Terms of Services. You agree not to use the Services and/or Website:
Termination. The Company reserves the right, in its sole discretion, to terminate your Account or limit your access to the Services if you violate these Terms of Service or for any reason or no reason at any time. We may also suspend your access to the Services and/or Website, and your Account if you: (a) have violated the terms of these Terms of Service, any other agreement you have with the Company; (b) pose an unacceptable credit or fraud risk to us or Users; (c) provide any false, incomplete, inaccurate, or misleading information or otherwise engage in fraudulent or illegal conduct; or (d) for any other reason in the Company's sole discretion.
If your Account is terminated or suspended for any reason or no reason, you agree: (a) to continue to be bound by these Terms of Service; (b) to immediately stop using the Services, (c) that any licenses granted to you under these Terms of Service shall end; (d) that we reserve the right (but have no obligation) to hide or delete all of your information and account data stored on our servers, in accordance with the Privacy Policy; and (e) that the Company shall not be liable to you or any third party for termination or suspension of access to the Services or for deletion or hiding of your information or account data. You agree that the Company may retain and use your information and account data as needed to comply with investigations and applicable law, and as indicated in the Company’s Privacy Policy.
However, we will not be liable to you for compensation, reimbursement, or damages in connection with your use of the Services, or in connection with any termination or suspension of the Services. Any termination of these Terms of Service does not relieve you of any obligations to pay any Fees or costs accrued prior to the termination and any other amounts owed by you to us, as provided in these Terms of Service.
Fees/Payment Processing. Users of the Website and/or Services will be required to provide their credit card or bank account details to the Company or its designated third-party payment processor(s) (“Third-Party Payment Processors”) to process payment(s). The Company collects, analyzes and relays information to allow the Third-Party Payment Processors to process these payment(s).
You authorize us to process payment(s) for the Services, using the payment information you have supplied. Specifically, you will be required to provide your credit card or bank account details to the Company and/or the Third-Party Payment Processors, and/or register with the Third-Party Payment Processors to process payment(s) for the Services. You agree to provide the Company and/or the Third-Party Payment Processors with accurate and complete information about you and/or your business; and you authorize the Company to share it and any transaction information related to your use of the Services and/or Website with the Third-Party Payment Processors for the purpose of processing payment(s), including but not limited to the service fees owed to Company for the use of the Service.
The Company reserves the right, in its sole discretion (but not the obligation), to: (i) place on hold any payment and out of pocket expenses; and/or (ii) refund, provide credits or arrange for the Third-Party Payment Processors to do so, as necessary.
If you believe a payment has been processed in error, you must provide written notice to the Company within thirty (30) days after the date of payment specifying the nature of the error and the amount in dispute. If notice is not received by the Company within such a thirty (30) day period, the payment will be deemed final and valid.
The Company is not liable for any losses relating to chargebacks, fraudulent charges, or other actions by any User that are deceptive, fraudulent or otherwise invalid. By using the Services, you hereby release the Company from any liability arising from fraudulent actions. You will also use best efforts to promptly notify the Company of any fraudulent actions which may affect the Services. The Company reserves the right, in its sole discretion, to terminate the account of any User that engages in, or enables any other User to engage in, fraudulent actions.
While the Company takes what it believes to be reasonable efforts to ensure secure transmission of your information to the Third-Party Payment Processors that assesses and processes payment(s), the Company is not responsible for any fees or charges assessed by third party service providers, or any errors in the processing of payment(s) by third party service providers, including any errors that result from third-party negligence, improper transmission of payment information, your mistaken submission of payment information, or your submission of erroneous payment information. Your sole recourse is with the Third-Party Payment Processors which processed the payment(s).
You herein agree that you have read and agreed to the Privacy Policies and Terms of Service of the Third-Party Payment Processors linked here and below:
Terms of Service and Privacy Policy of Stripe, located at https://stripe.com/legal/consumer and https://stripe.com/privacy.
Links to Other Websites. As described in the Privacy Policy, incorporated herein, the Services may contain links to third-party websites, such as but not limited to Linkedin.com, Discord.com, Youtube.com, Twitter.com, Github.com, Google.com, Brevo.com, Kinde.com, Fillout.com that are not owned or controlled by the Company. The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party websites. In addition, the Company will not and cannot censor or edit the content of any third-party site. By using the Services, you expressly relieve the Company from any and all liability arising from your use of any third-party website that is referenced or linked on our Website.
Links to this Website. We grant you a limited, non-exclusive, revocable, non-assignable, personal, and non-transferable license to create hyperlinks to the Website and/or Services, so long as: (a) the links only incorporate text, and do not use any trademarks, (b) the links and the content on your website do not suggest any affiliation with the Company or cause any other confusion, and (c) the links and the content on your website do not portray the Company or its products or Services in a false, misleading, derogatory, or otherwise offensive matter, and do not contain content that is unlawful, offensive, obscene, lewd, lascivious, filthy, violent, threatening, harassing, or abusive, or that violate any right of any third party or are otherwise objectionable to the Company. The Company reserves the right to suspend or prohibit linking to the Website and/or Services for any reason, in its sole discretion, without advance notice or any liability of any kind to you or any third party.
Intellectual Property Rights. As discussed in the Company’s Privacy Policy, incorporated herein, the Company owns all right, title and interest in and to the Services, the Company data and Aggregated Data, including, without limitation, all intellectual property rights therein. Subject to the limited rights expressly granted to you under this Agreement and the Privacy Policy, the Company reserves all rights, title and interest in and to the Services, the Company data and Aggregated Data, including, without limitation, all related intellectual property rights. The Company’s service marks, logos and product and service names are owned by the Company. You agree not to display or use any of the Company marks in any manner without the Company’s express prior written permission.
In addition, any trademarks, service marks and logos associated with a third party offering may be the property of the third-party provider, and you should consult with their trademark guidelines before using any of their marks.
Any information and data that you submit to the Website or in connection with the Services must not violate the intellectual property rights of third parties.
Company may be permitted to identify Customer health care system or organiztation name as a customer for marketing purposes, however, Company shall not disclose the proprietary business processes of Customer. Publicity represents a value to Company that is reflected in the Fees hereunder.
Feedback. By engaging with our Services, including but not limited to troubleshooting, customer support interactions, providing feedback, or through any other means of communication with the Company, you agree that any ideas, feedback, suggestions, documents, and/or proposals ("Contributions") shared with the Company through these channels may be used by the Company without any obligation to compensate you. This includes, without limitation, the right for the Company to copy, publish, distribute, modify, and otherwise utilize such Contributions in any format or context the Company sees fit, for the purpose of enhancing our services, developing new products, marketing, and for any other business purpose.
You hereby grant the Company a perpetual, irrevocable, non-exclusive, royalty-free, worldwide license to use, reproduce, create derivative works from, distribute, perform, and display such Contributions in any manner and for any purpose, including without limitation, commercial purposes, and to authorize others to do so.
Furthermore, you represent and warrant that all Contributions provided by you are original to you or that you have all necessary rights to submit such Contributions and grant the licenses herein, and that your Contributions do not infringe upon any rights of any third party, including intellectual property rights, privacy, or publicity rights.
By submitting any Contributions, you also acknowledge that your Contributions will not be treated as confidential or proprietary and waive any rights to be recognized as the originator of the ideas or concepts contained therein. The Company reserves the right to use or disregard any Contributions as it deems appropriate at its sole discretion.
This provision shall survive the termination of your use of the Services or any agreement with the Company.
DMCA Notice. The Company will respond appropriately to notices of alleged copyright infringement that comply with the U.S. Digital Millennium Copyright Act ("DMCA"), as set forth below. If you own a copyright in a work (or represent such a copyright owner) and believe that your (or such owner's) copyright in that work has been infringed by an improper posting or distribution of it via the Service, then you may send us a written notice that includes all of the following:
(i) a legend or subject line that says: "DMCA Copyright Infringement Notice";
(ii) a description of the copyrighted work that you claim has been infringed or, if multiple copyrighted works are covered by a single notification, a representative list of such works;
(iii) a description of where the material that you claim is infringing or is the subject of infringing activity is located that is reasonably sufficient to permit us to locate the material (please include the URL of the Website on which the material appears);
(iv) your full name, address, telephone number, and e-mail address;
(v) a statement by you that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law;
(vi) a statement by you, made under penalty of perjury, that all the information in your notice is accurate, and that you are the copyright owner (or, if you are not the copyright owner, then your statement must indicate that you are authorized to act on the behalf of the owner of an exclusive right that is allegedly infringed); and
(vii) your electronic or physical signature.
The Company will only respond to DMCA Notices that it receives by mail, e-mail, or facsimile at the addresses set forth in the “Notice” section of this Agreement.
It is often difficult to determine if your copyright has been infringed. The Company may elect to not respond to DMCA Notices that do not substantially comply with all of the foregoing requirements, and the Company may elect to remove allegedly infringing material that comes to its attention via notices that do not substantially comply with the DMCA.
Please note that the DMCA provides that any person who knowingly materially misrepresents that material or activity is infringing may be subject to liability.
We may send the information that you provide in your notice to the person who provided the allegedly infringing work. That person may elect to send us a DMCA Counter-Notification. Without limiting the Company's other rights, the Company may, in appropriate circumstances, terminate a repeat infringer's access to the Services, Website, and/or any other website owned or operated by the Company.
Counter-Notification. If access on the Website to a work that you submitted to the Company is disabled or the work is removed as a result of a DMCA Notice, and if you believe that the disabled access or removal is the result of mistake or misidentification, then you may send us a DMCA Counter-Notification to the addresses above. Your DMCA Counter-Notification should contain the following information:
(i) a legend or subject line that says: "DMCA Counter-Notification";
(ii) a description of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled (please include the URL of the Website from which the material was removed or access to it disabled);
(iii) a statement under penalty of perjury that you have a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled;
(iv) your full name, address, telephone number, e-mail address, and the username of your account;
(v) a statement that you consent to the jurisdiction of the Federal District Court for the judicial district in which your address is located (or, if the address is located outside the U.S.A., to the jurisdiction of the United States District Court for the Central District of California), and that you will accept service of process from the person who provided DMCA notification to us or an agent of such person; and
(vi) your electronic or physical signature.
Please note that the DMCA provides that any person who knowingly materially misrepresents that material or activity was removed or disabled by mistake or misidentification may be subject to liability.
If we receive a DMCA Counter-Notification, then we may replace the material that we removed (or stop disabling access to it) in not less than ten (10) and not more than fourteen (14) business days following receipt of the DMCA Counter-Notification. However, we will not do this if we first receive notice at the addresses above that the party who sent us the DMCA Copyright Infringement Notice has filed a lawsuit asking a court for an order restraining the person who provided the material from engaging in infringing activity relating to the material on the Service. You should also be aware that we may forward the Counter-Notification to the party who sent us the DMCA Copyright Infringement Notice.
Data Ownership and Usage. As specified in the Company’s Privacy Policy, incorporated herein, we will own all Aggregated Data, and the Privacy Policy will govern how we collect and use Personal Information that is submitted through the Services. By accessing or using the Services, you agree that you have read and accept our Privacy Policy.
As explained in our Privacy Policy, we have controls in place to prevent outside parties from stealing or accessing your data and Personal Information, but they are not foolproof. Please exercise caution when disclosing any Personal Information while using our Website. We will notify one another if either of us becomes aware that your data and/or Personal Information has been compromised.
You are solely responsible for resolving disputes regarding ownership or access to your data, including those involving any current or former owners, co-owners, employees or contractors of your business. You acknowledge and agree that the Company has no obligation whatsoever to resolve or intervene in such disputes.
Personal Information. As outlined in the Company’s Privacy Policy, incorporated herein, we will protect your Personal Information and disclose it only in a limited number of circumstances. We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, or disclosure. However, we cannot guarantee that unauthorized third parties will never be able to thwart those measures, or use your Personal Information for improper purposes. You acknowledge that you provide your Personal Information at your own risk.
HIPAA. Health Insurance Portability and Accountability Act (“HIPAA”) imposes rules to protect certain personal health information. You should not share any protected health information, or any information that relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual. Prior to creating an Account, the Services and this Website are not intended to be used to communicate protected health information, nor comply with HIPAA. If you do share any protected health information through our general contact page, you do so at your own risk.
Disclaimer/No Warranties. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICES AND/OR THIS WEBSITE.
THE COMPANY DOES NOT WARRANT THAT YOUR USE OF THE SERVICES AND/OR THIS WEBSITE WILL BE SECURE, TIMELY, ERROR-FREE OR UNINTERRUPTED, OR THAT THE SERVICES ARE OR WILL REMAIN UPDATED, COMPLETE OR CORRECT, OR THAT THE SERVICES AND/OR WEBSITE WILL MEET YOUR REQUIREMENTS OR THAT THE SYSTEMS THAT MAKE THE SERVICES AVAILABLE (INCLUDING WITHOUT LIMITATION THE INTERNET, OTHER TRANSMISSION NETWORKS, AND YOUR LOCAL NETWORK AND EQUIPMENT) WILL BE UNINTERRUPTED OR FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTS.
THE SERVICES AND ANY PRODUCTS AND THIRD PARTY MATERIALS ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND SOLELY FOR YOUR USE IN ACCORDANCE WITH THIS AGREEMENT.
ALL DISCLAIMERS OF ANY KIND (INCLUDING IN THIS SECTION AND ELSEWHERE IN THIS AGREEMENT) ARE MADE ON BEHALF OF BOTH THE COMPANY AND ITS AFFILIATES AND THEIR RESPECTIVE SHAREHOLDERS, DIRECTORS, OFFICERS, EMPLOYEES, AFFILIATES, AGENTS, REPRESENTATIVES, CONTRACTORS, LICENSORS, SUPPLIERS AND SERVICE PROVIDERS (COLLECTIVELY, THE “COMPANY PARTIES”).
Indemnification. You agree to indemnify, defend, and hold harmless the Company from and against any and all third party claims alleged or asserted against any of the Company, and all related charges, damages and expenses (including, but not limited to, reasonable attorneys' fees and costs) arising from or relating to: (a) any actual or alleged breach of any provisions of this Agreement; (b) any actual or alleged violation by you, an affiliate, or end user of the intellectual property, privacy or other rights of the Company or a third party; and (c) any dispute between you and another party regarding ownership of or access to your data or Personal Information submitted to the Company via its Website.
No Liability. THE COMPANY EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY AND WILL NOT BE RESPONSIBLE FOR ANY DAMAGES OR LOSS CAUSED, OR ALLEGED TO BE CAUSED, BY THE TRANSMISSION OF CARDHOLDER DATA PRIOR TO ITS ENCRYPTION AND RECEIPT BY SERVER(S) OWNED OR CONTROLLED BY THE COMPANY. THE EXCLUDED DAMAGES WILL INCLUDE, WITHOUT LIMITATION, DAMAGES RESULTING FROM FRAUD, EMBEZZLEMENT, THEFT, IDENTITY THEFT, OR INVASION OF PRIVACY.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE COMPANY PARTIES’ AGGREGATE LIABILITY, COLLECTIVELY, FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED THE FEES PAID PRECEDING THE DATE OF THE INCIDENT. ALL LIMITATIONS OF LIABILITY OF ANY KIND (INCLUDING IN THIS SECTION AND ELSEWHERE IN THIS AGREEMENT) APPLY WITH RESPECT TO BOTH THE COMPANY AND THE COMPANY PARTIES.
IN NO EVENT WILL THE COMPANY HAVE ANY LIABILITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, DATA OR OPPORTUNITIES, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICES OR THIRD PARTY OFFERINGS, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE COMPANY, ITS LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
THE COMPANY EXPRESSLY DISCLAIMS ANY LIABILITY THAT MAY ARISE BETWEEN USERS RELATED TO OR ARISING FROM USE OF THE SERVICES. YOU HEREBY RELEASE AND FOREVER DISCHARGE THE COMPANY AND ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS AND LICENSORS FROM ANY AND ALL CLAIMS, DEMANDS, DAMAGES (ACTUAL OR CONSEQUENTIAL) OF EVERY KIND AND NATURE, WHETHER KNOWN OR UNKNOWN, CONTINGENT OR LIQUIDATED, ARISING FROM OR RELATED TO ANY DISPUTE OR INTERACTIONS WITH ANY OTHER USER, WHETHER ONLINE OR IN PERSON, WHETHER RELATED TO THE PROVISION OF SERVICES OR OTHERWISE.
THE FOREGOING EXCLUSIONS OR LIMITATIONS MAY NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
Choice of Law. These Terms of Service and the relationship between you and the Company shall be governed by the laws of the State of Delaware without regard to its conflict of law provisions.
Dispute Resolution.
Miscellaneous Provisions
I HEREBY ACKNOWLEDGE THAT I HAVE READ AND UNDERSTAND THE FOREGOING TERMS OF SERVICE, INCLUDING THE COMPANY'S PRIVACY POLICY, AND AGREE THAT MY USE OF THE SERVICES IS AN ACKNOWLEDGMENT OF MY AGREEMENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THESE TERMS OF SERVICE AND THE COMPANY’S PRIVACY POLICY INCORPORATED HEREIN.
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (“BAA”) is by and between Automaticity, Inc. (“Business Associate”) and you, the Covered Entity, as specified in the Notices Section below (“Covered Entity”) and is effective on the first date Covered Entity transmits PHI to Business Associate and Business Associate receives PHI from Covered Entity pursuant to Services Agreement and Terms of Use (the “Effective Date”).
WHEREAS, the parties have entered into, or will enter into, one or more agreements in which Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information (“PHI”);
WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to all federal and state laws, including, without limitation, the Provider Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR § 160 and § 164 (the “HIPAA Rules”), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”), in each case as amended from time to time; and,
WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, and other applicable federal and state laws, as the same may be amended from time to time.
NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:
1. Definitions.
Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in 45 CFR Parts 160, 162 and 164, or the HITECH Act.
2. Obligations of Business Associate.
a. Permitted Uses, Disclosures and Nondisclosure. Business Associate agrees to only Use or Disclose PHI as necessary as permitted under this BAA, or as Required by Law. Business Associate’s may not use or disclose PHI in a manner that would violate the HIPAA Privacy Rule if done by Covered Entity or its Upstream Customers (as defined below) that are Covered Entities, except as provided in this BAA. Business Associate is permitted to collect, receive, use, maintain, create, disclose, transmit, destroy, and otherwise process PHI (i) in connection with performing its obligations and exercising its rights under the services Agreement, (ii) as permitted or required by this BAA, (iii) as Required by Law, (iv) as authorized by an Individual, and (v) as otherwise permitted by applicable law. This includes the right of Business Associate to de-identify any and all PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. 164.514(a)-(c). Business Associate may Use or Disclose such De-identified Data to third parties at its discretion, as such De-identified Data does not constitute PHI and is not subject to the terms of this BAA. Business Associate shall own all right, title and interest in and to such De-identified Data. Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and be used or further disclosed only as Required by Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it becomes aware in which the confidentiality of the PHI has been breached.
b. Safeguards. Business Associate shall use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written and reasonable information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities. Business Associate agrees to take reasonable steps, including providing adequate training to its employees for whom such training is relevant, on its obligations, restrictions, and responsibilities relating to this BAA.
c. Health Care Safeguards and Requirements. To the extent that Covered Entity uses the Business Associates services or discloses product output to be used or disclosed, in connection with any health care activities (including without limitation the practice of medicine, billing, coding, claims processing, or clinical research), Covered Entity will: (i) monitor and test the data input and Business Associate’s services output (“Output”) for accuracy in Customer’s use cases and disclose to upstream business associates, covered entities, agents or subcontractors (“Customers”) or individuals any limitations associated with Output; (ii) ensure that upstream Customers understand and comply with this BAA and all applicable laws and regulations, including by providing appropriate training; and (iii) ensure that only duly trained and qualified individuals who maintain licenses, certifications or other authorizations required to perform such healthcare activities will use or disclose the Outputs in connection with such healthcare activities. Output includes PHI (including healthcare adjacent data) as well as PII (non-PHI).
d. Business Associate’s Agents and Subcontractors. Business Associate shall ensure that any agents or subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.
e. Availability of Information to Covered Entity. Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may request within fifteen (15) days, and in the time and manner designated by Covered Entity to fulfill Covered Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules 45 CFR §§ 164.524 and 164.528. Requests for information must be submitted at least 14 days in advance of the due date.
f. Amendment of PHI. Business Associate shall make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity to fulfill Covered Entity’s obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR § 164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate.
g. Internal Practices. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary of the U.S. Department of Health and Human Services (or his or her designee) (herein, “Secretary”), in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the HIPAA Rules.
h. Documentation of Disclosures for Accounting. Business Associate agrees to document such disclosures of PHI and information related to such disclosures if the nature and manner of the disclosures require accounting pursuant to 45 CFR § 164.528 and as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
i. Access to Documentation for Accounting. Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity information documented in accordance with this Section 2 of this BAA in a time and manner as to permit Covered Entity to respond to a request by an individual (as defined in 45 CFR §§164.501 and 160.130 and includes a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g), hereinafter sometimes identified as “Individual”) for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
j. Reporting of Disclosures and Notification of Breach. During the Term of this BAA, Business Associate shall notify Covered Entity promptly, and within ten (10) days of discovery of any breach of Unsecured PHI. Business Associate will provide such reasonable cooperation as is reasonably requested by Covered Entity in responding to such event and will supplement such initial report with additional information, and in a manner and format to be specified by Covered Entity, including all information reasonably available to Business Associate that is required to be included in notices to affected Individuals, regulators, the media, or other entities as required by HIPAA or applicable state laws, including, but not limited to, Section 13402 of the HITECH Act. The parties agree that notice is hereby deemed given for all attempted, unsuccessful Security Incidents involving trivial and routine incidents such as port scans, attempts to log-in with an invalid password or user name, denial of service attacks that do not result in a server being taken off-line, malware, and pings, or other similar types of events that do not compromise the security or privacy of PHI.
k. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate or its agents or subcontractors in violation of the requirements of this BAA.
l. Minimum Necessary. When using, disclosing, or requesting PHI from the Covered Entity, or in accordance with any provision of this BAA, Business Associate shall use reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request, unless an exception to the minimum necessary requirements under HIPAA applies. Notwithstanding anything to the contrary, the parties acknowledge and agree that all PHI that is transmitted to Business Associate via is the minimum necessary required by Business Associate to perform its obligations and exercise its rights under the Services Agreement.
m. Covered Entity Privacy Rule Obligations. The parties acknowledge and agree that Business Associate is not intended to carry out one or more of Covered Entity’s or any of Upstream Covered Entity’s obligation(s) under the HIPAA Privacy Rule.
3. Obligations of Covered Entity.
a. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate.
b. Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.
c. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.
d. Covered Entity shall ensure that there are no limitation(s) in its own notice of privacy practices and that of any Upstream Customer under 45 C.F.R. § 164.520 that may affect Business Associate’s use or disclosure of PHI. Covered Entity shall ensure that Covered Entity and upstream customers of Covered Entity have not agreed to, or are otherwise not required to abide by, any restriction to the use or disclosure of PHI in accordance with 45 CFR § 164.522, that may affect Business Associates use or disclosure of PHI pursuant to services to be rendered by Business Associate under this Agreement or other agreements between Covered Entity and Business Associate.
e. Covered Entity represents that any permissions, authorizations (including authorizations under 45 C.F.R. § 164.508), or consents that may be required for Business Associate to provide services, or to otherwise collect, receive, use, maintain, create, disclose, transmit, destroy, or otherwise process PHI as permitted or required under this BAA, have been obtained and reasonably documented.
f. Covered Entity shall not ask Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Privacy Rule if done by Covered Entity or any Upstream Customer of Covered Entity. Covered Entity shall not request that Business Associate collect, receive, use, maintain, create, disclose, transmit, maintain, destroy, or otherwise process PHI in any manner that violates HIPAA or any other applicable law or regulation
4. Term and Termination.
a. Term. The Term of this BAA shall become effective as of the Effective Date (which is the date you first access or use our Services, whichever is earlier) and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section. The provisions of this BAA shall survive termination of the BAA and continue in full force to the extent necessary for compliance with HIPAA and the HIPAA Rules. Upon termination or expiration of this BAA, Business Associate will, upon Covered Entity’s request, certify that all PHI has been returned or destroyed unless otherwise required by law or exception.
b. Material Breach. A material breach by either party of any provision of this BAA shall constitute a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30) days of receipt of notice describing the material breach.
c. Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other party that constitutes a material breach or violation of the other party’s obligations under the provisions of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation, as applicable, within a period of time which shall in no event exceed thirty (30) days. If the breaching party’s efforts to cure such breach or violation are unsuccessful, the non-breaching party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breaching party’s breach or violation to the Secretary.
d. Judicial or Administrative Proceedings. Either party may terminate the BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined.
e. Effect of Termination.
1. Except as provided in paragraph (e)(2) of this Section or if required by law or regulation to be maintained by Business Associate, upon termination of the BAA for any reason, Business Associate shall return, at Covered Entity’s expense, or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Upon request by Covered Entity, Business Associate will certify such PHI has been returned or destroyed.
2. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. If return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or adequate destruction infeasible, for so long as Business Associate maintains such PHI.
5. Amendment to Comply with Law. The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of the BAA may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall promptly enter into negotiations concerning the terms of an amendment to the BAA embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party may terminate the BAA upon thirty (30) days’ written notice in the event the other party does not promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or does not enter into an amendment to the BAA providing assurances regarding the safeguarding of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI.
6. No Third Party Beneficiaries. Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third party beneficiary of this BAA.
7. Effect on BAA. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and effect.
8. Interpretation. This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.
9. Regulatory References. A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.
10. Notices. All notices, requests and demands or other communications to be given under this BAA to a Party will be made via either first class mail, registered or certified or express courier, or electronic mail to the Party’s address given below. Covered Entity shall keep its contact and contact’s email address current at all times.
If to Business Associate, to:
Attn: Stephanie Murphy
Email: info@automaticity.ai
Automaticity, Inc.
Address: 4250 Martin Way E 105-245
Olympia, Washington 98516
If to Covered Entity, to:
Email: Email address as maintained by Customer within
account holder’s account
11. Amendments and Waiver. This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.