We'll be at HIMSS in Orlando on March 9-13. Book a meeting with us.
Terms of Use

User Agreement (Effective May 15, 2017)

THIS IS A LEGALLY BINDING AGREEMENT between Health Gorilla, Inc., a Delaware Corporation (“we” or “us”) and you, as a user of our on-line diagnostic test system (the “System”). BY CLICKING “SIGN UP” OR THROUGH THE CONTINUED USE OF THE SYSTEM, YOU ARE UNDERTAKING LEGAL OBLIGATIONS AND CONFERRING LEGAL RIGHTS. Please read this agreement carefully, and do not click “Sign up” or continue use of the System unless you agree fully with its terms. You and we are collectively referred to as the “Parties.”

1. Definitions

For the purposes of this Agreement, the terms set forth in this section have the meanings assigned to them below. Terms not defined below (whether or not capitalized) have the definitions given them in HIPAA, unless the context requires otherwise:

“Authorized Workforce” means those members of your Workforce who are individually authorized by you and us to have access to the System to assist you in providing treatment and obtaining payment for treatment, and to whom we have assigned a unique identifier for access to the System.

“Record Share” means the feature of the System through which we make Your Health Information available to other users of the System with your consent, or make Health Information of other users of the System available to you with their consent.

“Confidential Information” means any information concerning our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. Confidential Information shall not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you. Confidential Information does not include individuals’ health information.

“De-identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule, and “De-Identify,” with respect to health information, means make it into De Identified Health Information.

“De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.

“De-Identified Personal Information” means personal information from which a user’s name and other unique identifiers have been removed, and from which the user cannot reasonably be identified; and “De-Identify,” with respect to Personal Information, means to make it into De-Identified Personal Information.

“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule.

“HITECH Act” means the Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

“Personal Information” means information that identifies you personally as a user of the System, and all information concerning you and your use of the System that is not Protected Health Information.

“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the System, as changed from time to time and as posted electronically on our Internet web site.

“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.

“Protected Health Information” has the meaning given it in the Privacy Rule and includes all individually identifiable health information concerning your patients that you provide to the System.

“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 160 and part 164, subparts A and C.

“Services” means the services to which you have been granted access.

“System” means the electronic communication network from time to time operated by us, including all hardware provided by us, all software used or provided by us, and all such hardware and software installed at or accessed from your site, and all documentation provided by us in connection with the System, paper or electronic.

“Term” means the initial term and all renewal terms of this Agreement as provided in Section 16.

“User” means you and any other user of the System.

“User ID” means a unique user identification assigned to an individual User pursuant to Section 3.7.

“Workforce” means employees, agents and independent contractors.

“Your Health Information” means Protected Health Information that you or your Workforce enter into the System.

“Your Site” means the location you provided us upon registration, and such other location or locations as we may approve from time to time.

2. Grant of Right to Use Services

2.1 We grant to you and you accept a non-exclusive, personal, nontransferable, limited right to have access to and to use the System, and a non-exclusive, personal, nontransferable, limited license to use any computer software furnished by us for access to or use of the System, for the purpose of obtaining the Services during the Term, subject to your full compliance with the terms and conditions set forth in this Agreement and with our Policies and Procedures. You will not: (a) use the System for time-sharing, rental or service bureau purposes; (b) make the System, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the System, in whole or in part, or otherwise attempt to discover the source code to the software used in the System; or (d) modify the Services or the System or associated software or combine the Services or the System with any other software or services not provided or approved by us. You will obtain no rights to the System except for the limited rights to use the System expressly granted by this Agreement.

2.2 The System includes certain third-party software and services, which may require that you enter into separate subscription or licensing agreements with third-party vendors. We may also make available optional services provided by third parties, such as billing, electronic ordering and clinical laboratory reporting services. You agree to comply with, and upon request to execute, such agreements as may be required for the use of such software or services, and to comply with the terms of any license or other agreement relating to third-party products included in the System or made accessible to you through the System. Your use of the System or of such third-party products or services will constitute your agreement to be bound by the terms of all licensing, subscription and similar agreements relating to such use.

3. Access to the System

3.1 Verification. You agree that your use of the System is subject to verification by us of your identity and credentials as a health care practitioner, and to your ongoing qualification as such. You agree that we may use and disclose your Personal Information for such purposes, including (without limitation) making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. You agree that we may terminate your access to or use of the System at any time if we are unable at any time to determine or verify your qualifications or credentials.

3.2 Permitted Uses. Subject to the terms of this Agreement, you may use Your Health Information for any purpose expressly permitted by applicable law. If you are granted access rights to another users Protected Health Information, you may use such information for treatment and for obtaining payment for treatment; provided that, except as expressly authorized in our Policies and Procedures, (i) you may access only information pertaining to individuals with whom you have a treatment relationship or for whom a provider who has a treatment relationship with the individual has requested a professional consultation from you, or from whom you have received authorization to use their health information; and (ii) you may use only the minimum necessary information for payment purposes. You agree that you will not access the System or use the Services for any other purposes. In particular:

3.2.1.1 You will not reproduce, publish, or distribute content in connection with the System that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;

3.2.1.2 You will comply with all applicable laws, including laws relating to maintenance of privacy, security, and confidentiality of patient and other health information and the prohibition on the use of telecommunications facilities to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;

3.2.1.3 You will not: (a) abuse or misuse the System or the Services, including gaining or attempting to gain unauthorized access to the System, or altering or destroying information in the System except in accordance with accepted practices; (b) using the System or Services in a manner that interferes with other Users’ use of the System; or (c) using the System or the Services in any manner that violates our Policies and Procedures; (d) or use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the System or the Service.

3.3 Clinical Support Information. We may provide information to assist you in clinical decision-making. This may include information and reminders concerning lab test results, drug interactions, allergies, dosages, as well as general health-care related information and resources. We may also provide forums for our users to exchange information. The information and materials available through this site are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed on our Internet site by us and by third parties beyond our control. We are not responsible for the accuracy or completeness of information available from or through our site. You are not permitted to use our site to advise, diagnose, or otherwise treat users of this site. You assume full risk and responsibility for the use of information you obtain from or through this site, and you agree that Health Gorilla,  Inc. is not responsible or liable for any claim, loss, or liability arising from the use of the information. We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them. You agree to review the definitions, functionality, and limitations of the System, and to make an independent determination of their suitability for your use. We and our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the System for any purpose.

3.4 Safeguards.

3.4.1 You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the System from access, use or alteration from Your Site or using a User ID assigned to you or a member of your Workforce. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the System.

3.4.2 You will immediately notify us of any breach or suspected breach of the security of the System of which you become aware, or any unauthorized use or disclosure of information within or obtained from the System, and you will take such action to mitigate the breach or suspected breach as we may direct, and will cooperate with us in investigating and mitigating the breach.

3.5 Location of Access. You and your Authorized Workforce are authorized to access the System solely from Your Site, and from other sites from which you have received approval from us to access the System.

3.6 Compliance. You will comply with the terms of this Agreement, our Policies and Procedures, and all applicable laws and regulations. You will be solely responsible for the use of the System by you and your Workforce, and shall indemnify us and hold us harmless from any claim, cost or liability arising from such use, including reasonable attorneys’ fees.

3.7 User Identification. We authorize you and your Authorized Workforce to use the User IDs assigned to you by us. You acquire no ownership rights in any User ID, and User IDs may be revoked or changed at any time in our sole discretion. You will adopt and maintain reasonable and appropriate security precautions for User IDs to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce shall have and use a unique identifier. You will use your best efforts to ensure that no member of your Workforce uses a User ID assigned to another person.

3.8 No Third-Party Access. Except as required by law, you will not permit any third party (other than your Authorized Workforce) to have access to the System or to use the Services without our prior written agreement. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the System. You will cooperate fully with us in connection with any such demand.

3.9 Your Workforce.

3.9.1 You may permit your Authorized Workforce to use the System and the Services on your behalf, subject to the terms of this Agreement. You will

3.9.1.1 obtain a unique User ID from us for each member of your Authorized Workforce;

3.9.1.2 train all members of your Authorized Workforce in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the System and the Services, and ensure that they comply with such requirements;

3.9.1.3 take appropriate disciplinary action against any member of your workforce who violates the terms of this Agreement or the Policies and Procedures;

3.9.1.4 ensure that only you and your Authorized Workforce access the System from Your Site;

3.9.1.5 immediately notify us of the termination of employment of any member of your Authorized Workforce, or of your withdrawal of authorization for any such person to access the System.

3.10 Patient Portal. You may make health information available to your patients through our Patient portal. You are solely responsible for the information that you make available through the Patient portal, for granting access rights to your patients, and for revoking access rights. You agree that you will not use the Patient portal to make available the health information of any person under the age of 18 years. You acknowledge and agree that, if a patient of yours authorizes the disclosure of his or her health information to Health Gorilla  Inc. for inclusion in his or her personal health record, Health Gorilla may, from time to time for as long as the authorization is in effect, transfer the patients health information from the health record Health Gorilla maintains for you to a personal health record maintained separately by Health Gorilla for the patient. Information in the separate personal health record is distinct from your patient health record, and is not subject to this User Agreement, or to our obligations to you as your business associate. Personal health record information of patients who do not authorize the disclosure of their health information to Health Gorilla for inclusion in a separate personal health record will be held as part of the health record that Health Gorilla maintains for you, and will be subject to the terms of this User Agreement and our business associate obligations.

3.11 Forums. We may offer forums for the exchange of information among our users. You agree to comply with all applicable forum rules. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of such forums. You acknowledge that any information you post in a forum or discussion group is available to the public, and may result in your receiving communications from others outside our site. You are responsible for safeguarding the privacy of your and your patients’ personal information when you participate in forums, discussion groups and the like. You agree not to disclose individually identifiable health information through such forums.

3.12 Compliance with Law. Subject to the provisions of section 17, you are solely responsible for ensuring that your use of the System and the Services (including making health information available through the System) complies with applicable law. You will not undertake or permit any unlawful use of the System, or take any action that would render the operation or use of the System by us or any other User unlawful. We offer no assurance that your use of the System and the Services under the terms of this Agreement will not violate any law or regulation applicable to you.

3.13 Professional Responsibility. You will be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information in the System, or concerning the qualifications or competence of individuals who placed it there. We have no liability for the consequences to you or your patients of your use of the System or the Services.

3.14 Cooperation. You will cooperate with us in the administration of the System, including providing reasonable assistance in evaluating the System and collecting and reporting data requested by us for purposes of administering the System.

3.15 Indemnification. You agree to indemnify, defend, and hold harmless us and other Users, and our and their affiliates, officers, directors, and agents, from and against any claim, cost or liability, including reasonable attorneys’ fees, arising out of: (a) the use of the System by you or your Workforce; (b) any breach by you or your Workforce of any representations, warranties or agreements contained in this Agreement; (c) the actions of any person gaining access to the System under a User ID assigned to you or a member of your Workforce; (d) the actions of anyone using a User ID, password or other unique identifier assigned to you or any member of your Workforce that adversely affects the System or any information accessed through the System; and (e) your negligent or willful misconduct, or that of any member of your Workforce.

4. Use of Information

4.1 Purpose of System. The purpose of the System is to facilitate the ordering of lab tests and the viewing and analysis of the results, the analysis of data from other health monitoring and other devices and other data as integrated from time to time, and (i) to make it available to you and your Authorized Workforce; (ii) to facilitate the sharing of individuals’ health information among Users, and (iii) to make health information available to your patients through the Patient portal. You may make Your Health Information accessible to other Users and to your patients through the System for these purposes. You authorize us, as your business associate, to use and disclose Your Health Information as follows, subject to the recipient’s agreement to comply with our Policies and Procedures and with applicable laws and regulations relating to the use and disclosure of health information, and subject also to the provisions of section 9:

4.1.1 We will permit unrestricted access to Your Health Information to you and your Authorized Workforce.

4.1.2 We will permit access to Your Health Information to your patients to whom you have agreed to grant access through our Patient portal.

4.1.3 We will permit access to Your Health Information by health care providers and their business associates to whom you have consented to provide access for treatment and payment through the sharing/referral features of the System. We will obtain your consent before we make Your Health Information available to other providers. You acknowledge that once we have granted access rights to another provider, we have no control over the uses and disclosures that the provider makes of Your Health Information.

4.1.4 We may disclose or permit access to Your Health Information to health plans, health care clearinghouses, medical groups, independent practice associations and other parties responsible for payment and their business associates for the purpose of obtaining payment for services you provide, unless you advise us in writing that the patient has paid out of pocket in full for the service to which the Health Information relates, and has requested that it not be disclosed to his or her health plan.

4.1.5 We may De-Identify Your Health Information and Your Personal Information, and use and disclose De-Indentified Information as provided by Section 5 and Section 7.2.

4.1.6 We may create limited data sets from Your Health Information, and disclose them for any purpose for which you may disclose a limited data set; and you hereby authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable law and regulation.

4.1.7 We may use Your Health Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the System makes available, in order to render these reports to You. Such reporting will be done in a manner that does not make any disclosure of Your Health Information that you would not be permitted to make.

4.1.8 We may use Your Health Information for the proper management and administration of the System and our business, and to carry out our legal responsibilities. We may also disclose Your Health Information for such purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.

4.1.9 We may use Your Health Information to contact your patients on your behalf for any purpose for which you would be permitted to contact them, including, without limitation:

(a) For treatment, including sending appointment and requisition reminders;

(b) For case management and care coordination, or to direct or recommend alternative treatments, therapies, health care providers or settings of care;

(c) To request authorization on your behalf from your patients to use or disclose their health information for any purpose for which use or disclosure may be made with an appropriate authorization, including marketing purposes. You agree that we may also use and disclose your patient’s health information as permitted by any such authorization; and

(d) To provide information about health-related products or services that you provide, or that we provide on your behalf as your business associate.

4.1.10 We may use or disclose Your Health Information for other purposes, as from time to time described in our Policies and Procedures; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate. Except as provided in subsection 4.1.7 and subsection 4.1.8, and notwithstanding any other provision of this section, we will not use or disclose Your Health Information in any manner that would violate the requirements of the Privacy Rule if done by you.

4.2 Responsibility for Misuse by Other Users. You acknowledge that in granting access to the System for the purposes set forth in section 4.1, we will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the system, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the System will contain certain technical safeguards against misuse of the System, it will rely to a substantial extent on the representations and undertakings of Users. You agree that we will not be responsible for any unlawful access to or use of Your Health Information by any User resulting from the User’s misrepresentation to us, or breach of the User’s user agreement or our Policies and Procedures.

4.3 Specially Protected Information. We apply the standards of the Privacy Rule in permitting access to the System. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in section 4.1, subject only to the restrictions of the Privacy Rule. In particular, you will:

4.3.1 not make available through the System any information subject to any restriction on use or disclosure (whether arising from your agreement with the individual or under law), other than the general restrictions contained in the Privacy Rule;

4.3.2 obtain any necessary consents, authorizations or releases from individuals required for making their health information available through the System for the purpose set forth in section 4.1;

4.3.3 include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the System;

4.3.4 not place in the System any information that the you know or have reason to believe is false or materially inaccurate.

4.4 Share. With your consent, we will make your on-line heath record for any patient you designate accessible to any other user of the System whom you approve. You may revoke your consent with respect to any other user at any time. While your consent is in effect, an approved user may view and edit any health record you have designated for his or her use. If you revoke your consent, the approved user will continue to have the ability to view to the health record in the form in which it existed at the time you revoked your consent, but will not be able to view changes made to the record thereafter, and will not be able to edit the record. The same rules apply to your use of another user’s record who approves access for you. You and your Workforce are fully responsible for the information in any chart that you share. You and/or your Workforce should not share patient information that violates any state and/or federal laws, such as a positive HIV test result. In the future, Health Gorilla may allow you to share only subsections of a patient chart or may allow a referee to share the patient chart with others, in either case, Health Gorilla will obtain your consent before using allowing the use of such features. In any event, but especially in cases of potential fraud, misuse and/or abuse of the System, Health Gorilla reserves the right, in its sole judgment, to revoke, remove, cancel or deny continued access to any health record or any Share request.

5. Providing Physician Data to Payers.

Without limiting the provisions of Section 7.2, you agree that we may provide De-Identified Health Information and other information (including Your Personal Information and information concerning your practice to any medical group, independent practice association of physicians, health plan or other organization with which you have a contract to provide medical services, or to whose members or enrollees you provide medical services. Such information may identify you, but will not identify any individual to whom you provide services. Such information may include (without limitation) aggregate data concerning your patients, diagnoses, procedures, orders and the like.

6. Product and Service Notifications.

As expressly permitted by this Agreement or by our Policies and Procedures, unless we obtain your consent, we will not disclose to any third party any information that identifies you to enable the third party to market products or services to you directly.

7. Intellectual Property Rights

7.1 Individually Identifiable Health Information. Except as provided in Section 7.2 (De-Identified Information), you retain all rights with regard to your Protected Health Information.

7.2 De-Identified Information. In consideration of our provision of the Services, you hereby transfer and assign to us all right, title and interest in and to all De-Identified Information that we make from Your Health Information or Your Personal Information pursuant to Section 4.1.5. You agree that we may use, disclose, market, license and sell De-Identified Information for any purpose without restriction, and that you have no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. You acknowledge that the rights conferred by this section are the principal consideration for the provision of the Services, without which we would not enter into this Agreement.

7.3 Other Works and Information. You agree that any information, material or work product you provide to this site, other than Protected Health Information and Personal Information which has not been De-Identified, is the exclusive property of Health Gorilla, and by submitting such content or material you assign to Health Gorilla, all intellectual property rights in such content or material. You agree that we may use, disclose, market, license and sell such information and works, including derivative products, without restriction. This includes, for example, custom templates that you create using the System, and information (other than Protected Health Information or Personal Information which has not been De-Identified) that you contribute to forums, discussion groups and the like. You may provide content or material to this site by participating in forums, discussion groups and the like, or by using the site to create custom templates and the like. Furthermore, you agree that Health Gorilla may use, disclose, market, license and sell such material or content, and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material you provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law.

8. Individuals’ Rights.

You shall be solely responsible for affording individuals their rights with respect to Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the System other than Your Health Information.

9. Business Associate Provisions.

In maintaining, using and affording access to Your Health Information in accordance with this Agreement, we will:

9.1 Not use or further disclose the information except as permitted or required by this Agreement or as required by law;

9.2 Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information;

9.3 Report to you any use or disclosure of the information not provided for by this Agreement of which we become aware, or any security incident as a result of which we determines that unauthorized access has been obtained to Your Health Information;

9.4 Ensure that any of our agents or subcontractors to whom we provide Your Health Information for purposes of assisting us in providing the System or the Services, agrees to the same restrictions and conditions that apply to us with respect to such information, including the obligation to implement reasonable and appropriate safeguards to protect it (it being understood that other Users of the System are not our agents or subcontractors);

9.5 Make available protected health information in accordance with § 164.524 of the Privacy Rule;

9.6 Make available protected health information for amendment and incorporate any amendments to protected health information in accordance with Sect 164.526 of the Privacy Rule;

9.7 Make available the information required to provide an accounting of disclosures in accordance with Sect; 164.528 of the Privacy Rule;

9.8 Make our internal practices, books, and records relating to the use and disclosure of protected health information received from, or created or received by us on your behalf available to the Secretary of the United States Department of Health and Human Services for purposes of determining your compliance with the Privacy Rule; and

9.9 At termination of this Agreement we will provide you with a copy of Your Health Information in an electronic form that is accessible through commercially available hardware and software. You may have to purchase such hardware and software from third parties in order to access your data, and you may have to configure your systems in order to use your data in your practice. Upon termination we will, if feasible, return or destroy all protected health information received from, or created or received by us on your behalf that we still maintain in any form, and retain no copies of such information; or, if such return or destruction is not feasible, extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. You acknowledge that it will likely be infeasible to segregate Your Health Information for removal from the System, and that if you have approved another user to have access to any of your on-line records through Universal Chart or Record Share, we will maintain a version of those records through the time you withdraw your approval, and we will continue to make those records available to the approved (or formerly approved) user. You acknowledge that you may have to purchase proprietary software in order to access such information.

9.10 HITECH Act. As required by the HITECH Act:

(a) We will comply with the provisions of the HIPAA Security Rule that are made applicable to business associates by section 13401(a) of the HITECH Act, with the additional provisions of the HITECH Act relating to security that are made applicable to business associates and incorporated into business associate contracts by section 13401(a) of the HITECH Act, and with the additional provisions of the HITECH Act relating to privacy that are made applicable to business associates and incorporated into business associate contracts by section 13404(a) of the HITECH Act.

(b) We will report to you the discovery of any breach of unsecured Protected Health Information that we access, maintain, retain, modify, record, store destroy or otherwise hold, use or disclose on your behalf, in compliance with the requirements of Section 13402 of the HITECH Act and the regulations promulgated thereunder (45 CFR Parts 160 and 164, Subpart D), and we will cooperate reasonably with you to investigate and mitigate any such breach, and to provide you with information you need to make any legally required notification to individuals.

10. Computer Systems

10.1 Your Systems. You will acquire, install, configure and maintain all hardware, software and communications systems necessary to access the System (your “Implementation”). Your Implementation will comply with the specifications from time to time established by us. You will ensure that your Implementation is compatible with the System and Services. If we notify you that your Implementation is incompatible with the System, you will eliminate the incompatibility, and we may suspend Services to you until you do so.

10.2 Assistance. Upon request, we may provide goods or services in connection with your Implementation. You will pay our then standard charges for such assistance, and our out-of-pocket costs.

11. Third-Party Sites and Service Providers.

11.1 Third-Party Sites. The System may contain hyperlinks to Internet web sites operated by third parties, or to materials or information made available by third parties. Such third parties may offer goods or services for sale to you. Such links do not constitute or imply our endorsement of such third parties, or of the content of their sites, the quality or efficacy of their goods or services, or their information privacy or security practices, and we have no responsibility for information, goods or services offered or provided by such third parties, or for the manner in which they conduct their operations. Your use of third-party sites and the materials, goods and services offered by them is entirely at your own risk, and is subject to the terms of use of the third parties operating or providing them. You should assume that any Internet page or other material that does not bear the Health Gorilla logo is provided by a third party.

11.2 Health Gorilla.

11.2.1 Access and Uses.  Health Gorilla facilitates the transmission of electronic ordering information between participants in the Health Gorilla Clinical Network, through which requisition benefit and history information, including eligibility, insurance coverage, and other information, is transmitted electronically between participants in the Health Gorilla Marketplace from a Data Source (as described below) to a practitioner at the point of ordering, and through which ordering messages are routed electronically from a practitioner to the vendor of a patient’s choice. Practitioner hereby agrees and acknowledges that Health Gorilla will use the services of Health Gorilla to facilitate various features in the Product. Furthermore, Practitioner agrees to access and utilize the Health Gorilla network only in accordance with the terms and conditions of this Agreement and in addition to the terms and conditions set forth in this section. Data Source shall mean (a) health benefit payor or ACO Group Administrator, or other similar entity which has entered into a written agreement with Health Gorilla to allow access through the Health Gorilla Clinical Network to information in its possession; and (b) a diagnostic laboratory, diagnostic laboratory chain, an entity that has contracted with Health Gorilla to become either a vendor or practitioner aggregator and is designated as such by Health Gorilla  or other similar entity which has entered into a written agreement with Health Gorilla to allow access through the Health Gorilla Clinical Network to information in its possession.

11.2.2 Confidentiality. You agree to keep confidential any and all of Health Gorilla confidential information, as well as the confidential information of all entities that have contracted with Health Gorilla to become either a vendor or practitioner aggregator and is designated as such by Health Gorilla (certified aggregators), entities that have been designated by Health Gorilla as a value-added reseller of the Health Gorilla Services and connectivity to other entities that aggregate practitioners and/or vendors (certified VAR), Data Sources, practitioners, health care providers, or facilities, technology vendors, and other entities or individuals that have entered into a written agreement with Health Gorilla either directly or indirectly, in order to access, provide, or communicate through the Health Gorilla Clinical Network, whether explicitly marked confidential or reasonably believed to be confidential.

11.2.3 Compliance with Applicable Law. You are required to and must certify that you have obtained any and all necessary patient consents and authorizations required by applicable law including, without limitation, all federal, state, local, common law, rules, regulations, directives, and guidelines prior to using any of Health Gorilla services, including, without limitation, its electronic ordering service. You hereby agree and provide assurances that all messages transmitted via the Health Gorilla network originate from legally authorized locations. Health Gorilla reserves the right to terminate use of the Health Gorilla Clinical Network for any reason with or without notice.

11.2.4 Disclaimer.  HEALTH GORILLA MAKES NO REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY THROUGH THE HEALTH GORILLA CLINICAL NETWORK OF ANY PARTICULAR DATA SOURCE OR OTHER PARTICIPANT IN THE HEALTH GORILLA CLINICAL NETWORK AT ANY TIME, DATA SOURCES AND OTHER PARTICIPANTS IN THE HEALTH GORILLA CLINICAL NETWORK AY BE ADDED OR DELETED WITHOUT PRIOR NOTICE. YOU ACKNOWLEDGE AND AGREE THAT AT ANY TIME AND WITHOUT PRIOR NOTICE, A DATA SOURCE (AS DESCRIBED ABOVE) MAY ELECT NOT TO RECEIVE REQUISITIONS AND/OR OTHER MESSAGES. YOU FURTHER AGREE THAT AS THE TREATING PHYSICIAN OR OTHER HEALTH CARE PROVIDER, YOU HAVE VERIFIED REQUISITION BENEFIT OR REQUISITION HISTORY INFORMATION WITH EACH PATIENT AND/OR THE PATIENT’S REPRESENTATIVES BEFORE SUCH INFORMATION IS RELIED UPON OR UTILIZED IN DIAGNOSING OR TREATING THE PATIENT. HEALTH GORILLA DOES NOT AND CANNOT INDEPENDENTLY VERIFY OR REVIEW THE INFORMATION TRANSMITTED THROUGH THE HEALTH GORILLA CLINICAL NETWORK FOR ACCURACY AND COMPLETENESS. THE HEALTH GORILLA CLINICAL NETWORK IS NOT INTENDED TO SERVE AS A REPLACEMENT FOR A WRITTEN REQUISITION WHERE NOT APPROVED AS SUCH BY THE APPROPRIATE GOVERNMENTAL AUTHORITIES OR WHERE SUCH WRITTEN REQUISITION IS REQUIRED FOR RECORD KEEPING PURPOSES, OR APPLICABLE REQUISITION DOCUMENTATION. USE OF THE HEALTH GORILLA CLINICAL NETWORK IS NOT A SUBSTITUTE FOR A HEATLH CARE PROVIDER’S STANDARD PRACTICE OR PROFESSIONAL JUDGMENT. ANY DECISION WITH REGARD TO THE APPROPRIATENESS OF TREATMENT, OR THE VALIDITY OR RELIABILITY OF INFORMATION, IS SOLELY YOUR RESPONSIBILITY.

11.2.5 No Warranty. THE HEALTH GORILLA MARKETPLACE IS PROVIDED “AS IS” AND WITHOUT WARRANTIES, EXCEPT AS SET FORTH BELOW. ALL OTHER WARRANTIES AND REPRESENTATIONS OF ANY KIND WITH REGARD TO THE HEALTH GORILLA CLINICAL NETWORK ARE HEREBY DISCLAIMED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. HEALTH GORILLA DOES NOT WARRANT THAT ITS NETWORK WILL MEET ANY REQUIREMENTS OR THAT IT WILL OPERATE WITHOUT INTERRUPTION OR BE ERROR FREE. Health Gorilla agrees to use commercially reasonable efforts at all times to provide prompt and efficient service and to maintain its own equipment, proprietary systems and programs; Health Gorilla however, makes no warranties or representations regarding the Health Gorilla Clinical Network except as specifically stated in this Section 11.2. Health Gorilla shall use all due care in processing all work submitted to it by Health Gorilla and agrees that it will, at its expense, use commercially reasonable efforts to correct, as promptly as practicable, any errors to the extent that such errors are due to the malfunction of Health Gorilla computers, operating systems, or programs or errors by Health Gorilla employees or agents. Correction shall be limited to identifying errors and retransmitting the message or messages affected by any errors. Health Gorilla shall not be responsible in any manner for errors or failures of proprietary systems and programs of third parties, nor shall Health Gorilla be liable for errors or failures of Health Gorilla’s software or operational systems not caused by the Health Gorilla Marketplace. Should there be any failure in performance or errors or omissions with respect to the information being transmitted, Health Gorilla responsibility shall be limited to using commercially reasonable efforts to correct such failure in performance or errors or omissions.

11.2.6 Indemnification. Except to the extent arising solely from the gross negligence or willful misconduct of Health Gorilla  and subject to the limitations set forth below, you shall indemnify and save harmless Health Gorilla from and against any and all loss, damage, or expense (or claims of damage or liability) asserted against Health Gorilla by third parties and arising directly out of any breach of this Agreement, any loss of connectivity to the Health Gorilla Clinical Network due to acts or omissions inconsistent with the terms and conditions hereof, or information provided to Health Gorilla, you or to other third persons.

11.2.7 Force Majeure. Neither Party shall be liable or deemed in default for failure to fulfill any obligation under this Agreement due to causes beyond its reasonable control. Such causes or conditions shall include, but shall not be limited to, acts of God or of the public enemy, acts of the Government in either its sovereign or contractual capacity, fires, floods, epidemics, quarantine restrictions, strikes, shortages of labor or materials, freight embargoes, unusually severe weather, electrical power failures, telecommunication or internet backbone outages, failure of an internet access provider or other similar causes beyond the Parties’ control, and neither Party shall be liable for losses, expenses or damages, ordinary, special or consequential, resulting directly or indirectly from such causes.

11.2.8 Audit. You authorize Health Gorilla to access, inspect, and/or audit your records relating to the use of the Health Gorilla Clinical Network, Health Gorilla data, and data or information provided by you.

11.2.9 Survey. By using Health Gorilla and/or consenting to its terms, You authorize Health Gorilla to contact you for survey and/or statistical purposes. You also agree that Health Gorilla shall be entitled to disclose information received from You for the purpose of (and only to the extent necessary for) operating Health Gorilla business and providing the Health Gorilla services, including, without limitation, sharing Your information and/or data with other Data Sources to the extent necessary to fulfill the terms of this Agreement, but only in accordance with all applicable law, or pursuant to a valid order issued by a duly authorized court or Government authority.

11.2.10 HIPAA Compliance.  Health Gorilla may utilize, transfer, or disclose aggregated information, including, but not limited to, summary statistics, which has been de-identified in accordance with HIPAA at 45 CFR 164.514 such that it does not identify an individual and cannot be used to identify an individual for any purpose. Notwithstanding the foregoing, Health Gorilla’s use of de-identified data shall be in accordance with its Notice of Privacy Policy at www.healthgorilla.com.

12. Fees and Charges

12.1 Service Fees. You will pay us a Service Fee for the use of our System, as described in Plans and Pricing section of this website.. You also agree to pay, at our then current rates, for all goods or services that you request from us and that are not included in our standard services (“Miscellaneous Charges”). We will notify you of the Service Fee when you are granted access to a service, and we will notify you of the applicable Miscellaneous Charges before performing services to which a Miscellaneous Charge will apply. The Service Fee and Miscellaneous Charges may change from time to time.

12.2 Payment. The Service Fee and any Miscellaneous Charges shall be paid on receipt or within twenty (20) days of date of invoice at the address set forth under our name below, or such other address as may be set forth in our Policies and Procedures.

12.3 Late Charges. Fees not paid within ten (10) business days of the due date are subject to a late charge of five percent (5%) of the amount owing and interest thereafter at the rate of one and one-half percent (1/2%) per month on the outstanding balance, or the highest amount permitted by law, whichever is lower. Failure to pay fees within ten (10) days of the due date may result in termination of access to the System without notice. A reconnection fee equal to one (1) month’s Service Fee shall be assessed to re-establish connection after termination due to non-payment.

12.4 Taxes. All charges and fees shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and you agree to pay any tax (excluding taxes on our net income) that we may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services purchased under this Agreement.

12.5 Other Charges. You are responsible for any charges you incur to use the System, such as telephone and equipment charges, and fees charged by third-party vendors of products and services.

13. Confidential Information

13.1 You may not disclose our Confidential Information to any other person, and you may not use any Confidential Information except for the purpose of this Agreement. Except as otherwise provided in this Agreement, you may not, without our prior written consent, at any time, during or after the Term of this Agreement, directly or indirectly, divulge or disclose Confidential Information for any purpose or use Confidential Information for its own benefit or for the purposes or benefit of any other person. You agree to hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You will disclose Confidential Information only to members of your Workforce who have a need to use it for the purposes of this Agreement. You will inform all such recipients of the confidential nature of Confidential Information and will instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You will promptly advise us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to your attention.

13.2 You agree that we will suffer irreparable harm if you fail to comply with its obligations set forth in this Section 13, and you further agree that monetary damages will be inadequate to compensate us for any such breach. Accordingly, you agree that we will, in addition to any other remedies available to us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.

13.3 This Section 13 will survive the termination or expiration of this Agreement for any reason.

14. Disclaimer, Exclusion of Warranties, and Limitation of Liability

14.1 Carrier Lines. YOU ACKNOWLEDGE THAT ACCESS TO THE SYSTEM WILL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION WILL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, “CARRIER LINES”) OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR OR RELATING TO THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.

14.2 No Warranties. ACCESS TO THE SYSTEM AND THE INFORMATION CONTAINED ON THE SYSTEM IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SYSTEM OR THE INFORMATION IN THE SYSTEM, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OCCURRING. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SYSTEM.

14.3 Conditions for Breach. We will not be deemed to be in violation of this Agreement unless you have first have given us written notice specifying the nature of the default, and we have failed within thirty (30) days of receipt of the notice either to cure the default or, if cure within such period is not practicable, to be diligently proceeding to cure the default.

14.4 Other Users. YOU ACKNOWLEDGE THAT OTHER USERS HAVE ACCESS TO THE SYSTEM AND ARE RECEIVING OUR SERVICES. SUCH OTHER USERS HAVE COMMITTED TO COMPLY WITH OUR POLICIES AND PROCEDURES CONCERNING USE OF THE SYSTEM; HOWEVER, THE ACTIONS OF SUCH OTHER USERS ARE BEYOND OUR CONTROL. ACCORDINGLY, WE DO NOT ASSUME ANY LIABILITY FOR OR RELATING TO ANY IMPAIRMENT OF THE PRIVACY, SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, OR RESTRICTED USE OF ANY INFORMATION ON THE SYSTEM RESULTING FROM ANY USER’S ACTIONS OR FAILURES TO ACT.

14.5 Unauthorized Access; Lost or Corrupt Data. WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY INDIVIDUALS OR ENTITIES USING THE SYSTEM OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SYSTEM, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES, INCLUDING ROUTINE BACKUP PROCEDURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM PROGRAMMING ERROR, OPERATOR ERROR, EQUIPMENT OR SOFTWARE MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE CONTENT OF ANY INFORMATION TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THE SERVICES.

14.6 Limitation of Liability. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, OUR AGGREGATE LIABILITY UNDER THIS AGREEMENT, REGARDLESS OF THEORY OF LIABILITY, SHALL BE LIMITED TO THE AGGREGATE FEES ACTUALLY PAID BY YOU UNDER THIS AGREEMENT FOR THE SIX (6) MONTH PERIOD PRECEDING THE EVENT FIRST GIVING RISE TO THE CLAIM.

15. Insurance.

You will obtain and maintain such policies of general liability, errors and omissions, and professional liability insurance with reputable insurance companies as is usually carried by persons engaged in your business covering the Term of this Agreement.

16. Term; Modification; Suspension; Termination

16.1 Term. The initial term of this Agreement shall commence on the Effective Date and continue for a period of one (1) year, and thereafter until terminated as provided in this Section.

16.2 Termination upon Notice. We or you may terminate this Agreement at any time without cause upon thirty (30) days prior written notice to the other Party.

16.3 Modification. We may update or change the Services and/or the terms set forth in this Agreement from time to time and recommend that you review the Agreement on a regular basis. You understand and agree that your continued use of the Services after the Agreement has been updated or changed constitutes your acceptance of the revised Agreement. Without limiting the foregoing, if we make a change to the Agreement that materially affects your use of the Services, we may post notice or notify you via email or our website(s) of any such change.

16.4 Termination, Suspension or Amendment as a Result of Government Regulation. Notwithstanding anything to the contrary in this Agreement, we have the right, on notice to you, immediately to terminate, suspend, or amend this Agreement, without liability: (a) to comply with any order issued or proposed to be issued by any governmental agency; (b) to comply with any provision of law, any standard of participation in any reimbursement program, or any accreditation standard; or (c) if performance of any term of this Agreement by either Party would cause it to be in violation of law, or would jeopardize its tax-exempt status.

16.5 Judicial or Administrative Procedures; Credentialing. We may terminate this Agreement immediately upon notice to you: (a) if you are named as a defendant in a criminal proceeding for a violation of federal or state law; (b) if a finding or stipulation is made or entered into that you have violated any standard or requirement of federal or state law relating to the privacy or security of health information is made in any administrative or civil proceeding; (c) you are excluded from participation in a federal or state health care program or (d) you cease to be qualified to provide services as a health care professional, or we are unable to verify your qualifications as such.

16.6 Suspension of Access. We may suspend access to the System or the Services by you or any member of your Workforce immediately pending your cure of any breach of this Agreement, or in the event we determine in our sole discretion that access to or use of the System by you or the member of your Workforce may jeopardize the System or the confidentiality, privacy, security, integrity or availability of information within the System, or that you or the member of your Workforce has violated or may violate this Agreement or our Policies and Procedures, or has jeopardized or may jeopardize the rights of any third party, or that any person is or may be making unauthorized use of the System with any User ID assigned to you or a member of your Workforce. We may terminate the access of any member of your Authorized Workforce upon termination or change in status of his or employment with you. Our election to suspend the Services shall not waive or affect our rights to terminate this Agreement as permitted under this Agreement.

16.7 Obligations After Termination. Upon termination of this Agreement, you will cease to use the System and we may terminate your access to the System. You will pay to us the Access Fee for the balance of the Term upon termination. Upon termination for any reason, you will remove all software provided under this Agreement from your computer systems, you will cease to have access to the System, and you will return to us all hardware, software and documentation provided by or on behalf of us.

17. Applicable Law.

The interpretation of this Agreement and the resolution of any disputes arising under this Agreement shall be governed by the laws of the State of California. If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in the City and County of San Francisco, California.

18. ARBITRATION.

ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS NOTICE OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, OR TO YOUR USE OF THIS SITE OR THE SYSTEMS OR INFORMATION TO WHICH IT GIVES ACCESS, SHALL BE DETERMINED BY ARBITRATION IN SAN FRANCISCO, CALIFORNIA, BEFORE A SINGLE ARBITRATOR. THE ARBITRATION SHALL BE ADMINISTERED BY JAMS PURSUANT TO ITS COMPREHENSIVE ARBITRATION RULES AND PROCEDURES. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE PARTIES FROM SEEKING PROVISIONAL REMEDIES IN AID OF ARBITRATION FROM A COURT OF APPROPRIATE JURISDICTION.

19. Non-Assignability.

This Agreement may not be assigned or transferred by you without our prior written consent.

20. Supervening Circumstances.

No Party to this Agreement shall be deemed in violation of this Agreement if it is prevented from performing any of the obligations under this Agreement by reason of: (a) severe weather and storms; (b) earthquakes or other natural occurrences; (c) strikes or other labor unrest; (d) power failures; (e) nuclear or other civil or military emergencies; (f) acts of legislative, judicial, executive, or administrative authorities; or (g) any other circumstances that are not within its reasonable control.

21. Severability.

Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of this Agreement, and such other provisions shall remain in full force and effect.

22. Notices.

Any and all notices required or permitted under this Agreement shall be sent by United States mail or fax transmission to the address provided below or to such other and different addresses as the Parties may designate in writing. If you supply us with an electronic mail address, we may give notice by email message addressed to such address; provided that if we receive notice that the email message was not delivered, we will give the notice by United States mail or fax.

To us: Health Gorilla, Inc., 185 N Wolfe Rd., Sunnyvale, CA 94085

23. Waiver.

No term of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.

24. Complete Understanding.

This Agreement contains the entire understanding of the Parties, and there are no other written or oral understandings or promises between the Parties with respect to the subject matter of this Agreement other than those contained or referenced in this Agreement. Except as otherwise provided in this Agreement (including Section 16.3), all modifications or amendments to this Agreement shall be in writing and signed by all Parties.

25. No Third-Party Beneficiaries.

Nothing express or implied in this Agreement is intended to confer, nor shall confer, upon any person or entity other than the parties and their respective successors or assigns any rights, remedies, obligations, or liabilities whatsoever.

26. Advice of Counsel.

Each Party acknowledges: (a) having fully read this Agreement in its entirety; (b) having had full opportunity to study and review this Agreement; (c) having been advised that counsel for us has acted solely on our behalf in connection with the negotiation, preparation, and execution of this Agreement; (d) having been advised that all parties have the right to consult and should consult independent counsel respecting their rights and duties under this Agreement; and (e) having had access to all such information as has been requested.

27. Authority.

The individuals entering into this Agreement represent and warrant that they are competent and capable of entering into a binding contract, and that they are authorized to enter into this Agreement on behalf of the Parties.

Health Gorilla Privacy Policy

Effective: May 15, 2017

Introduction

Our mission is to drive better and more affordable healthcare through innovative software and information solutions for providers throughout the care continuum, their patients, and health researchers. Our solutions include our electronic health record, patient health records software, medical organizations health records software, our care coordination, and clinical data transmission services. Health Gorilla is dedicated to protecting the privacy of the users of any of our products or services and of the individuals whose health information is stored or transmitted by our system. The Health Gorilla Clinical Network is developed for the highest levels of security and performance.

This Privacy Policy (this “Policy”) applies to the software and information services we offer through our website located at www.healthgorilla.com, our cloud-based electronic health record and medical organizations management solutions, and web-enabled emails and in-app notifications sent as part of, in connection with, or relating to such software and information services (collectively, our “Services”). This Policy does not apply to any other services.

Maintaining your trust is important to us, and we strongly encourage you to read this Policy in full.

The purpose of this Policy is to describe how we and our partners collect, use, and share information about you. This Policy may incidentally describe how our Services gather and use information about other individuals or information about you that may be submitted by another user. This Privacy Policy, however, only applies to how we and our partners collect, use, and share information about you with respect to the Services covered by our Health Gorilla Terms of Use or our Healthcare Provider User Agreement (“User Agreement”), and not to any other service we may offer to any other individual or customer.

Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). When we store, process or transmit “individually identifiable health information” (as defined by HIPAA) on behalf of a healthcare provider who has entered into a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, we cannot use or disclose individually identifiable health information in a way that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store and process on behalf of such providers. For the purpose of this Policy, the term “healthcare provider” means any user who is a “health care provider” (as defined by HIPAA) or any user who is a member of such health care provider’s “workforce” (as also defined by HIPAA). For additional information regarding our business associate obligations, please see Sections 4.1.8 and 9 of our Healthcare Provider User Agreement.

REVISIONS, CHANGES, AND UPDATES

Health Gorilla may revise and update the Privacy Policy at any time, without notice to you. We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you.

USERS PERSONAL INFORMATION

We understand the importance of protecting you from the unauthorized use of information you provide in the course of doing business with us. Except as disclosed in this policy or our User Agreement, we will not give away, sell or otherwise disclose any information that personally identifies you. We may, however, obtain, use and disclose personal information about you for the purpose of verifying your identity and practice credentials, and we may provide personal information to payers with which you contract to provide health care services. We may also disclose personal information about you if we are compelled to do so by law or by valid legal process. We may disclose personal information if we have your express permission to do so, or the disclosure is to our service providers to assist us in providing our services, or for user verification purposes. We may also use IP addresses to analyze trends, administer the site and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. We have the right to remove personal identifiers from your personal information so that it cannot reasonably be used to identify you.

PROTECTED HEALTH INFORMATION

Our User Agreement sets forth our obligations as our users’ business associate under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (HIPAA), and under the privacy and security provisions of the Technology for Economic and Clinical Health Act of 2009 (the HITECH Act). We will comply with the business associate provisions of our User Agreement. We will also comply with provisions of the HIPAA Security Rule that apply to business associates under the HITECH Act, and the privacy and security provisions of the HITECH Act that are applicable to business associates.

PERMITTED USES OF PROTECTED HEALTH INFORMATION

The User Agreement sets forth the ways in which we may use or disclose protected health information we receive from you or create or receive on your behalf. Among other permitted uses, we may:

  • Allow access to your health information to you and your workforce for whatever purpose you require it.
  • Allow access to your health information by other health care providers and their business associates for treatment. This includes disclosing health information for related applications that you select, such as clinical laboratory reporting, billing, and e-prescribing, as well as to other health care providers to whom you agree to give access to your protected health information for treatment. You agree to be bound by the terms of any licensing and other agreements relating to such third-party products and services.
  • Allow access to health information to your patients through our patient portal. You control which of your patients have access to their health records, and what kind of information they can see.
  • De-identify your health information. In the User Agreement, you transfer and assign to us all right, title and interest in and to all de-identified information that we make from your health information, and you agree that we may use, disclose, market, license and sell such de-Identified information for any purpose without restriction, and that you have no interest in such de-identified information, or in the proceeds of any sale, license, or other commercialization thereof. We will, however, maintain the confidentiality and security of the original health information as required by the User Agreement.
  • Create limited data sets from your health information, and disclose them for any purpose for which you may disclose a limited data set. In the User Agreement, you authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable state and federal law and regulation.
  • Aggregate your health information with that of other users, and share aggregated information in accordance with applicable state and federal law.
  • Use your health information for the proper management and administration of our business, and to carry out our legal responsibilities. We may also disclose your health information for these purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which the User is aware in which the confidentiality of the information has been breached. For example, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.

APPLE HEALTH, HEALTHKIT

  • Health Gorilla will not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the HealthKit API, Motion and Fitness, or health-related human subject research—for advertising or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission.
  • Health Gorilla will not write false or inaccurate data into HealthKit or any other medical research or health management apps, and may not store personal health information in iCloud.

YOUR OBLIGATIONS

You agree that you will use other persons’ information available on or through this site (whether or not protected health information) strictly in accordance with applicable laws and regulations, and you will ensure that others under your control who have access to such information also comply with applicable laws and regulations. You are solely responsible for obtaining and maintaining all patient consents and authorizations necessary for your use of the site and the systems to which it provides access.

ACCOUNT ACCESS

To access your account, you must provide the identifier we provided you. With this information, we can verify your identity and permit you to view data in our system. We log and audit system use in order to ensure that users are using the system appropriately. If we have questions about your use of the system, we may contact you. We may also disclose your identity to others to assist in the investigation of suspected misuse of our systems, and otherwise to ensure the proper operation of our systems.

SURVEYS, QUESTIONNAIRES, AND POLLS

Health Gorilla may ask you to participate in use surveys, questionnaires, or polls, to facilitate feedback and input from our users. When you respond to surveys, questionnaires or polls related to our site, this information is collected only as anonymous, aggregated information and is used for statistical purposes.

INTERNET COOKIES

Each time you visit one of the Sites, Health Gorilla collects the limited information that your browser makes available whenever you visit any website. Additionally, Health Gorilla may place internet “cookies” on the computer hard drives of visitors to this website. Information we obtain from cookies helps us to tailor our site to be more helpful and efficient for our visitors. The cookie consists of a unique identifier that does not contain information about you or your health history. We use two types of cookies, “session” cookies and “persistent” cookies.

  • A session cookie is temporary and expires after you end a session and close your web browser. We use session cookies to help customize your experience on our site and maintain your signed-on status as you navigate through the features.
  • Persistent cookies remain on your hard drive after you’ve exited from our site until you erase them or they expire. Persistent cookies will not contain any personal information about you.

MARKETING PRODUCTS AND SERVICES

We will NOT place advertisements of any type on the interface to our services and we will NOT use or disclose to any third party any information that identifies you to enable the third party to market products or services to you directly.

SECURITY

Portions of this site require a valid user name, e-mail address, code or password (or a combination of the foregoing) to access and use services or materials on the site. You are solely responsible for (1) maintaining the strict confidentiality of any user name, e-mail address, code or password (collectively, “User IDs”) assigned to you, (2) not allowing another person to use your User IDs to access the site, (3) any damages or losses that may be incurred or suffered as a result of your failure to maintain the strict confidentiality of your User IDs, and (4) promptly informing Health Gorilla in writing of any need to deactivate a User ID due to potential or actual security breaches. Health Gorilla is not liable for any harm related to the theft of your IDs, your disclosure of your User IDs, or your authorization to allow another person or entity to access and use the site using your User IDs. You agree to immediately notify Health Gorilla in writing of any unauthorized use of any of your User IDs.

USER FORUMS

We may offer forums for the exchange of information among our users. You agree to assume all responsibility for your use of such forums. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of our forums. You agree not to disclose individually identifiable health information through our forums.

CLINICAL SUPPORT

We may provide information to assist you in clinical decision-making. This may include information and reminders concerning lab tests, drug interactions, allergies, dosages, as well as general health-care related information and resources. We may also provide forums for our users to exchange information. The information and materials available through this site are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed on this site by Health Gorilla and by third parties beyond the control of Health Gorilla. Health Gorilla is not responsible for the accuracy or completeness of information available from or through this site. You assume full risk and responsibility for the use of information you obtain from or through this site, and you agree that Health Gorilla, Inc. is not responsible or liable for any claim, loss, or liability arising from the use of the information. Health Gorilla does not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them.

ADDITIONAL MATERIAL

You may provide content or material to this site by participating in forums, discussion groups and the like, or by using the site to create custom templates and the like. You agree that any information, material or work product you provide to this site, other than protected health information that identifies a patient or personal information that identifies you, is the exclusive property of Health Gorilla, Inc., and by submitting such content or material you assign to Health Gorilla, Inc., all intellectual property rights in such content or material. Furthermore, you agree that Health Gorilla may use, disclose, market, license and sell such material or content and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material you provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law. You should bear in mind that any information you post in a forum or discussion group is available to the public, and may result in your receiving communications from others outside this site. You are responsible for safeguarding the privacy of your and your patients’ personal information when you participate in forums, discussion groups and the like.

LINKS TO OTHER MATERIALS

This site may provide links to sites operated by third parties. Health Gorilla, Inc. has no control over the content of such linked sites and is not responsible for it, or for the effect of your accessing a site through a link on our site. You should assume that any information that does not bear the Health Gorilla logo is operated by a third party, and you should read the site’s privacy notice before using it.

APPLICABLE LAW

Any claim relating to the use of this site or the systems or information to which it gives access shall be governed by the internal substantive laws of the State of California.

OTHER MATTERS

We have no intention of accepting any information from individuals under the age of 18. If you are not yet 18 years of age, please leave this site immediately. Parents are urged to monitor and supervise their children’s on-line activity. We reserve the right to make changes to our privacy policy at any time without prior notice and to apply the changes to information received by us prior to the effective date of the change. Please be sure to check this page periodically for updates to this policy.

QUESTIONS, COMPLAINTS, AND CONTACTS

If you have any questions about this Privacy Statement, our policies and practice, your rights under this statement, send an email to support@healthgorilla.com, or by U.S. mail at the address below:

Health Gorilla, Inc.
Attn:  Privacy Officer
185 N Wolfe Rd.
Sunnyvale, CA 94085

Patient Portal User Agreement

Introduction

Health Gorilla, Inc. (“we” “our” or “us”) provides a personal health record service (the “Patient Portal”) as a service to patients (and their personal representatives), on behalf of the doctors within our Clinical Network, and other healthcare service providers (“Providers”). This Patient Portal User Agreement (this “Agreement”) applies to your use of the Patient Portal. By signing up for, or otherwise obtaining, an account, or by accessing or using the Patient Portal, you are entering into this Agreement and agreeing to be bound by its terms. Please read this Agreement carefully, and do not sign up for an account or use the Patient Portal if you are unwilling or unable to be bound by this Agreement. The Patient Portal is made available on our https://www.healthgorilla.com website, the use of which is governed by our Terms of Use and Privacy Policy. Please review each carefully. In the event of a conflict between the terms of this Agreement and of the Terms of Use or Privacy Policy, the terms of this Agreement control.

The Patient Portal

The Patient Portal is an internet-based portal that allows your Provider(s) to make certain health information available to you. In addition to your health information, if you have the authority under applicable law to access the health information of another individual, such as your child, that individual’s Provider(s) may, in his or her discretion, grant you access privileges for that individual’s health information through the Patient Portal.

You can request you information through healthgorilla.com and we will forward your request to your selected providers. Access to the Patient Portal may or may not be granted to you by Provider(s) you had selected on healthgorilla.com. Your Providers may also invite you to access Patient Portal. Once invited, you will receive an email inviting you to register an account. To register, you will need to satisfy our identity verification and certification procedures and select a user ID and password. You should safeguard your user ID(s), password(s) and other logon information carefully, and not share them with anyone else. If you believe someone has had unauthorized access to the Patient Portal, please contact us at support@healthgorilla.com.

Your Provider(s) (or the Provider of an individual with respect to whom you are authorized to access his/her health information) is responsible for the information made available to you through the Patient Portal. Because the Patient Portal includes information created by your Provider, such information may contain typographical errors, inaccuracies or omissions. In addition, although the Patient Portal displays certain information from your medical records, it does not necessarily display all information in the health records retained by your Provider. If you think that your medical information displayed in the Patient Portal is inaccurate or incomplete, or if you would like to request a complete copy of your medical record, please contact your Provider directly. Because your Patient Portal includes information that is part of your Provider’s health record about you, you cannot delete such information. You may, however, terminate your access to the Patient Portal by contacting Health Gorilla or your Provider directly. Your Provider also retains the ability to revoke your access to the Patient Portal.

Applicable Fees

You may be required to pay a non-refundable Processing Fee for each request for information using the Patient Portal. The Processing Fee is charged per each request you make to an individual provider on the Patient Portal. You may elect not to pay the Processing Fee; in this case we will not deliver the information request to the selected Provider. Based on state regulations in which your Provider’s resides, your Provider may charge you an additional Processing Fee. We will notify you in the case additional Processing Fee is required. You may decide not to pay this additional Processing Fee; in this case your records will not be delivered to the Patient Portal. Any additional Processing Fees will be delivered by us directly to the Provider.

Regulations Concerning Information Included in the Patient Portal

We do not control your Provider’s use or disclosure of your health information. Your Provider should give you a notice of privacy practices that describes how he or she uses and discloses health information about you. Your Provider’s ability to disclose your health information for these and similar purposes is restricted by applicable laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. If you wish to restrict the disclosures that your Provider makes of your health information, please contact your Provider directly.

We, like your Provider, are also subject to laws and regulations, including HIPAA, which govern the use and disclosure of certain personal and health information. We make your Patient Portal available to you on behalf of your Provider, as a “business associate” (as defined by HIPAA) of your Provider, pursuant to our Healthcare Provider User Agreement. Under this agreement, we are prohibited from, among other things, using individually identifiable health information in a manner that your Provider may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of your Providers. To see our Healthcare Provider User Agreement click here, and to specifically review our business associate obligations to Providers who agree to our Healthcare Provider User Agreement, please review Sections 4 and 9 of that agreement.

Other Services on HealthGorilla.com

Although the Patient Portal is made available on our https://www.healthgorilla.com website, this Agreement only applies to the Patient Portal. All other services made available on https://www.healthgorilla.com are covered by our Terms of Use and/or a separate User Agreement (as such term is defined by our Terms of Use).

Incorporation by Reference

Without limiting the generality of the foregoing, this Agreement incorporates by reference the following provisions of our Terms of Use with all references to the phrase “our Services” (as such term is defined therein) referring to and including the phrase “the Patient Portal” (as such term is defined in this Agreement): Sections 1.2 through 1.5 and Sections 4.2 through 4.14.

Arbitration

  1. EXCEPT FOR CLAIMS BY EITHER PARTY UNDER ANY OF SECTIONS OF THE TERMS OF USE LISTED IN PARAGRAPH 2 BELOW, ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, SHALL BE SUBJECT TO FINAL AND BINDING ARBITRATION GOVERNED BY THE FEDERAL ARBITRATION ACT (9 U.S.C. § 1 ET SEQ.). THE ARBITRATION SHALL BE CONDUCTED BEFORE A SINGLE ARBITRATOR IN ACCORDANCE WITH THE COMMERCIAL DISPUTE RESOLUTION PROCEDURES AND THE SUPPLEMENTARY PROCEDURES FOR CONSUMER RELATED DISPUTES OF THE AMERICAN ARBITRATION ASSOCIATION (THE “AAA”) THEN IN EFFECT, AS MODIFIED BY THIS AGREEMENT, AND WILL BE ADMINISTERED BY THE AAA. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE EITHER PARTY FROM SEEKING TEMPORARY OR PRELIMINARY INJUNCTIVE RELIEF IN CONNECTION WITH AN ARBITRABLE CONTRVERSY, BUT ONLY UPON THE GROUND THAT THE AWARD TO WHICH THAT PARTY MAY BE ENTITLED MAY BE RENDERED INEFFECTUAL WITHOUT SUCH PROVISIONAL RELIEF.

  2. THIS AGREEMENT TO ARBITRATE SHALL NOT APPLY TO CLAIMS BY ANY PARTY BROUGHT UNDER AND TO ENFORCE ANY ONE OR MORE OF THE FOLLOWING SECTIONS OF THE TERMS OF USE INCORPORATED BY REFERENCE INTO THIS AGREEMENT: 1.2, 1.3, 4.2, 4.3 or 4.5.

  3. THE PARTIES AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF, CLASS MEMBER, OR PRIVATE ATTORNEY GENERAL IN ANY PURPORTED CLASS, REPRESENTATIVE, OR PRIVATE-ATTORNEY-GENERAL PROCEEDING. BY ENTERING INTO THIS AGREEMENT, YOU AND WE ARE EACH WAIVING THE RIGHT TO A JURY TRIAL OR TO PARTICIPATE IN A CLASS ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIM WITH YOUR CLAIMS OR OUR CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY REPRESENTATIVE, CLASS, OR PRIVATE-ATTORNEY-GENERAL PROCEEDING. THE ARBITRATOR MAY AWARD DECLARATORY OR INJUNCTIVE RELIEF ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF WARRANTED BY THAT PARTY’S INDIVIDUAL CLAIM.

  4. Any part of this agreement to arbitrate that shall prove to be invalid, void, or illegal shall in no way affect, impair, or invalidate any other provision of this agreement to arbitrate, and such other provisions shall remain in full force and effect.

Healthcare Provider User Agreement

This Healthcare Provider User Agreement only applies to users of Health Gorilla Clinical Network for Providers and related Services.

THIS IS A LEGALLY BINDING AGREEMENT between Health Gorilla, Inc., a Delaware corporation (together with its subsidiaries, “Health Gorilla,” “we” or “us”), and you. BY CLICKING “I AGREE,” OR BY OTHERWISE SIGNING-UP OR FOR AN ACCOUNT, OR BY ACCESSING OR USING THE SERVICES (DEFINED BELOW), YOU ARE ENTERING INTO THIS HEALTHCARE PROVIDER USER AGREEMENT (THIS “AGREEMENT”) AND YOU AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. Please read this Agreement carefully, and do not sign-up for an account or use the Services if you are unwilling or unable to be bound by this Agreement. You and we are collectively referred to as the “Parties.”

1. Definitions

For the purposes of this Agreement, the terms set forth in this Section 1 have the meanings assigned to them below. Terms not defined below or in the body of this Agreement (whether or not capitalized) have the definitions given to them in HIPAA.

“Administrative Rights” means the rights to administer and direct the use of a Provider’s account, including the authority to provide, request, issue, administer and limit the access rights to other User accounts issued to such Provider’s Authorized Workforce, as well as the rights to integrate, connect, or otherwise share Your Information with, or receive Protected Health Information from, third parties through the Services.

“Authorized Workforce” means those natural persons who are members of your Workforce who you have identified (by their legal names, and the legal names of their employers) in your account as authorized to access the Services on your behalf.

“Universal Chart” means the feature of the Services through which we make Your Health Information available to other users of the Services with your Consent, or make Protected Health Information of other users of the Services available to you with their Consent.

“Clinical Data Exchange” means the exchange, with your Consent, of Protected Health Information (and Your Personal Information as necessary) between You and covered entities (and their business associates) for any permitted purpose, including, to the extent applicable, care coordination, performance or quality measurement programs (such as HEDIS), and risk adjustment, and other treatment, payment or health care operations purposes.

“Confidential Information” means any information relating to our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. “Confidential Information” does not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you. “Confidential Information” does not include individuals’ health information.

“Consent” means consent or authorization by a user of the Services allowing us to take actions described under this Agreement, which the user of the Services may give in an electronic communication to us or by use of the features of the Services (such as “share,” “transmit,” “refer,” “authorize,” “opt-in,” “agree” or toggling or selecting an action through a settings or activation page located within the Service, and the like).  Such Consent may apply to an individual case or situation, or may apply globally or programmatically based on variables that apply to an overall situation or circumstance (whether through a settings or preference page, a global “opt-in” or otherwise).

“Credentials” means any unique identifier, password, token, credential, any combination thereof, or other means we may utilize from time to time for authorizing access to all, or any portion of, the Services.

“De-Identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule.

“De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.

“De-Identified Personal Information” means Personal Information from which all identifiers that could reasonably be anticipated to identify an individual by an anticipated recipient – such an individual’s name, contact information, or government identifiers – have been removed.

“De-Identify,” means (i) with respect to Personal Information, to make such information into De-Identified Personal Information, and (ii) with respect to health information, means to make such health information into De-Identified Health Information.

“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.

“HITECH Act” means the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

“Personal Information” means information that includes an individual’s name, contact information, government identifiers, or includes identifiers that could reasonably be anticipated to identify an individual personally by an anticipated recipient.

“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the Services, as changed from time to time and as posted electronically on our Internet website.

“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.

“Protected Health Information” has the meaning given it in the Privacy Rule.

“Provider” has the same meaning as “health care provider” given in 45 CFR §160.103.

“Provider of Record” has the meaning given in Section 3.1.1.

“Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C, as amended.

“Services” means our electronic health record services, including our electronic medical record services, universal charts, medical services ordering, messaging and other operations workflow solutions and other services provided by us to you.

“Term” means the initial term and all renewal terms of this Agreement as provided in Section 16.1.

“User” (capitalized) means a natural person who has been authorized, pursuant to this Agreement, to access the Services on your behalf; a “user” (un-capitalized) shall mean any user of the Services.

“Workforce” means a Provider’s employees, volunteers, trainees, and other persons whose conduct, in the performance of work for Provider, is under the direct control of such Provider, whether or not they are paid by the Provider.

“Your Health Information” means Protected Health Information that you or your Workforce input or upload onto the Services, or that we receive on your behalf from your patients, authorized service providers, or our third party partners pursuant to this Agreement (including Section 4.1.10).

“Your Information” means information that you or your Workforce input or upload onto the Services, including Your Personal Information and Your Health Information.

“Your Personal Information” means Personal Information that you or your Workforce enter or upload onto the Services.

In addition, the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation.” The word “will” shall be construed to have the same meaning and effect as the word “shall.” The word “or” shall be construed to have the same meaning and effect as “and/or.” The words “herein,” “hereof” and “hereunder,” and words of similar import, shall be construed to refer to these Terms of Use. The headings used in this Agreement are used for convenience only and are not to be considered in construing or interpreting this Agreement.

2. Grant of Right to Use the Services

2.1  We grant to you and you accept a non-exclusive, personal, non-transferable (except as expressly permitted in Section 19.2), limited right to access and use the Services, and a non-exclusive, personal, non-transferable, limited license to use any computer software or data furnished by us for access to or use of or in connection with the Services during the Term, subject to your full compliance with the terms and conditions set forth in this Agreement and with our Policies and Procedures. You will not: (a) use the Services for time-sharing, rental or service bureau purposes; (b) make the Services, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the Services, in whole or in part, or otherwise attempt to discover the source code to the software used by the Services; or (d) modify, combine, integrate, render interoperable, or otherwise access for purposes of automating data conversion or transfer, the Services or associated software with any other software or services not provided or approved by us. You will obtain no rights to the Services except for the limited rights to use the Services expressly granted by this Agreement.

2.2  The Services include certain third-party software, services, data or applications that may require that you enter into separate agreements with third parties. We may also make available optional services, either directly or through integrations with the Services, provided by third parties, such as billing, electronic prescribing, and clinical laboratory reporting services. You will comply with and, upon request, execute, any agreements or acknowledgments that may be required for the use of such software or services, and hereby agree to comply with the terms of any license or other agreement relating to third-party products included in the Services or made accessible to you through the Services. Additionally, your use of the Services or of such third-party products or services will constitute your agreement to be bound by the terms of all licensing, subscription and similar agreements relating to such use.

3. Access to the Services

3.1 Access Rights of Providers and their Authorized Workforce.

3.1.1  Provider of Record. We offer the Services to Providers and to natural persons who are members of such Providers’ Authorized Workforce, as more fully described in this Section 3.1. All persons who sign up for an account on behalf of a Provider must furnish, among other things, that Provider’s full legal name and fictitious business name(s) (i.e., trade name, d/b/a or “doing business as”) as part of the sign-up process. We treat the Provider in whose name the account is established as the owner of all User accounts associated with such Provider, and we call this Provider the “Provider of Record.” The Provider of Record may be changed in accordance with Section 19.1.

The Provider of Record is a party to this Agreement for all purposes and shall be subject to all of the provisions that are applicable to the person addressed as “you” in this Agreement.  Although a member of a Provider of Record’s Authorized Workforce may have signed-up for an account or electronically entered into this Agreement, or may continue to administer Administrative Rights on the Provider of Record’s behalf, only the Provider of Record is entitled to any of the rights, remedies or benefits under this Agreement and control over the Administrative Rights. The Provider of Record is likewise subject to, and we may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, waivers and releases included in this Agreement. The Provider of Record may delegate Administrative Rights to one or more members of the Provider of Record’s Authorized Workforce, but the Provider of Record remains responsible for all activity occurring thereunder.

(a)  Incomplete or Inaccurate Registration Information. A Provider that has failed to complete the registration information sufficient to establish itself as the Provider of Record may not be able to access all of the Services. In addition, until such Provider completes such registration information, such Provider agrees and acknowledges that it is subject to, and we may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, waivers and releases set forth in this Agreement that are applicable to the person addressed as “you” in this Agreement, and such Provider hereby grants and makes all rights, waivers and releases set forth in this Agreement that are granted and made by the person addressed as “you” in this Agreement, but such Provider is entitled to none of, and hereby waives and agrees not to assert any of, the rights, remedies or benefits under this Agreement (other than our assurances and obligations under Section 9 below, which such Provider shall have the right to enforce). Once a Provider’s registration has been submitted sufficient to establish its status as the Provider of Record, this provision shall cease to apply.

3.1.2  Authorized Representatives. An authorized representative of a Provider may obtain an account on behalf of such Provider, and may have administrative privileges on the account. We call the person(s) authorized to act on behalf of a Provider the “Authorized Representative(s)” of such Provider. The Provider and Authorized Representative may be the same person. If you are establishing an account or taking any action with respect to a Provider’s account, you represent and warrant that (a) you have the authority to act on such Provider’s behalf either as owner/principal or as a member of such Provider’s Authorized Workforce, (b) the information you submit is complete and accurate, and (c) you have the authority to enter into this Agreement on behalf of such Provider and bind such Provider to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in this Agreement. If you are an Authorized Representative, you recognize that you have no personal rights with respect to such Provider’s account, and that such Provider may change the Authorized Representative at any time, for any or no reason, with or without notice.

3.1.3  Authorized Workforce. If you are a member of a Provider’s Authorized Workforce, and such Provider has authorized you to access the Services on its behalf by authorizing a Credential for you, then you are authorized under this Agreement to access the Services solely on behalf and at the direction of such Provider. As such, you may sign in and use the functionality of the Services solely on behalf and at the direction of such Provider. You consent to and authorize the disclosure to such Provider any content related to, or otherwise generated by your use of the Services, including secure messages. You hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in this Agreement that are applicable to the person addressed as “you” in this Agreement, and you hereby grant and make all rights, waivers and releases set forth in this Agreement that are granted and made by the person addressed as “you” in this Agreement, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under this Agreement other than the limited, non-exclusive, non-transferable, personal right under this Section 3.1.3 to sign in and use the functionality of the Services solely on behalf and direction of such Provider. Notwithstanding the applicable provisions at Section 16, you acknowledge that your access to the Services may be terminated by the Provider or us at any time, for any reason or no reason at all, with or without notice. By (i) accessing any of the Services under a Provider’s account(s), or (ii) contacting us by any means and requesting or directing us to take any action with respect to any Provider’s account(s) or data held by such account(s), or (iii) asserting any right or authority with respect to such account(s) or data, you represent and warrant that you have the authority to act on such Provider’s behalf and that you are not using the Services, or otherwise engaging in the activities described in clauses (i) through (iii) above, for the benefit or at the direction, of any person or entity other than such Provider, including yourself.

3.2 Trial Use.

We also offer the Services on a limited basis to trial users under this Section 3.2. If you have signed-up for an account for the purpose of evaluating the Services or to use the Services for academic coursework (collectively, “Trial Use”), you may use the Services only in connection with such Trial Use. As such, you hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in this Agreement that are applicable to the person addressed as “you” in this Agreement, and you hereby grant and make all rights, waivers and release set forth in this Agreement that are granted and made by the person addressed as “you” in this Agreement, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under this Agreement other than the limited, non-exclusive, non-transferable, personal right under this Section 3.2 to sign-in and make Trial Use of the functionality of the Services. Notwithstanding the applicable provisions at Section 16, you acknowledge that your access to the Services may be terminated by us at any time, for any reason or no reason at all, with or without notice. You also hereby acknowledge and agree that in the event that you at any time use the Services in the course of providing healthcare services to any individual or you enter any health information of any Individual, (a) your Trial Use license will immediately convert, without further action by either Party, to the relevant license described in Section 3.1 if the circumstances described in Section 3.1.1, Section 3.1.2 or Section 3.1.3 apply, or (b) if none of those sections applies, you are not authorized to access or use the Services, and must immediately cease such access or use.

3.3 Verification.

You agree that your use of the Services, or certain features or functionality of the Services, may be subject to verification by us of your identity and credentials as a health care provider or health care professional, and to your ongoing qualification as such. You agree that we may use and disclose Your Personal Information for such purposes, including making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. Notwithstanding the applicable provisions at Section 16, you agree that we may terminate your access to or use of the Services at any time if we are unable at any time to determine or verify your identity, qualifications or credentials.

3.4  Permitted Uses.

3.4.1  Subject to the terms of this Agreement, you may use Your Health Information for any purpose expressly permitted by applicable law, including treatment, payment and health care operations.

3.4.2  If you are granted access rights to another user of the Services’ Protected Health Information through Instant Message or Universal Chart or another component of the Service, you may use such information for treatment and for obtaining payment for treatment; provided that, except as expressly authorized in our Policies and Procedures, (i) you may access only information pertaining to individuals with whom you have a treatment relationship or for whom a provider who has a treatment relationship with the individual has requested a professional consultation from you, or from whom you have received authorization to use their health information; and (ii) you may use only the minimum necessary information for payment purposes.

3.4.3  You will not use the Services for any purposes other than those described in Section 3.4.1 or Section 3.4.2. In particular, you will not:

(a)  reproduce, publish, or distribute content in connection with the Services that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right; nor

(b)  use the Services to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material.

In addition, to further safeguard the confidentiality, integrity and availability of the information and other elements housed in the Services, as well as the stability of the Services, you agree you will not, nor attempt to, or authorize anyone to, or attempt to:

(c)  (i) Abuse or misuse the Services, including gaining or attempting to gain unauthorized access to the Services, or altering or destroying information housed in the Services; (ii) use the Services in a manner that interferes with other users’ use of the Services; (iii) use the Services in any manner that violates our Policies and Procedures; or (iv) use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the Services;

(d)  Circumvent any technical measures we have put in place to safeguard the Services or the confidentiality, integrity or accessibility of any information housed thereon, or any technical measures we have put in place to restrict access to the Services solely to the class of persons expressly so authorized pursuant to Sections 3.1.1 through 3.1.3; and

(e)  Access any portion of the Services other than with a commercial browser (such as Internet Explorer, Mozilla Firefox, Safari or Chrome) or mobile applications developed and operated by us.

3.5 Clinical Support Information; Information Exchange.

We may provide information to assist you in clinical decision-making. This may include information and reminders concerning drug interactions, allergies, dosages, as well as general health-care related information and resources. You agree that the information and materials available through the Services are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed in the Services by us and by third parties beyond our control, including by funding sources of such information. We are not responsible for the accuracy or completeness of information available from or through the Services. You assume full risk and responsibility for the use of information you obtain from or through the Services, and neither we nor any of our licensors or data providers are responsible or liable for any claim, loss, or liability arising from use of the information. We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials in the Services relating to any such products, items or services is not an endorsement or recommendation of them. You will review the definitions, functionality, and limitations of the Services, and to make an independent determination of their suitability for your use. We and our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the Services for any purpose.

3.6 Safeguards.

3.6.1  You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Services. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the Services.

3.6.2  You will immediately notify us of any breach or suspected breach of the security of the Services of which you become aware, or any unauthorized use or disclosure of information within or obtained from the Services, and you will take such actions to mitigate the breach, suspected breach, or unauthorized use or disclosure of information within or obtained from the Services as we may direct, and will cooperate with us in investigating and mitigating the same.

3.7 User Identification.

We authorize you and your Authorized Workforce to use the Credentials uniquely assigned to, or selected by, each such individual User. You acquire no ownership rights in any such Credentials, and such Credentials may be revoked, reset or changed at any time in the discretion of us or the Provider of Record. You will adopt and maintain reasonable and appropriate security precautions for your Credentials to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce shall have and use a unique identifier. You will ensure that no member of your Workforce uses Credentials assigned to another Workforce member.

3.8 No Third-Party Access.

Except as required by law, you will not permit any third party (other than persons who satisfy the definition of Authorized Workforce and meet the requirements of Section 3.1.3) to use or access the Services without our prior written agreement. Nor will you authorize or assist any person or entity in accessing, or attempting to access, any portion of the Services via any means other than a commercial browser (such as Internet Explorer, Mozilla Firefox, Safari or Chrome) or a mobile app that we have authored and provided to you. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the Services. You will cooperate fully with us in connection with any such demand. You will also notify us in the event that any person or entity, whether or not a member of your Authorized Workforce, (a) attempts to access the Services by any means other than a commercial browser, (b) claims to offer a service or system that “integrates with” our Services or (c) requests to use your Credentials or requests that you obtain Credentials in order to access the Services in a manner that would violate this Agreement if you engaged in such activity.

3.9 Your Workforce.

You may permit your Authorized Workforce to use the Services on your behalf, subject to the terms of this Agreement. You will:

3.9.1  require each member of your Authorized Workforce to have unique Credentials, and will provide the legal name(s) of each such member for which you are seeking Credentials;

3.9.2  train all members of your Authorized Workforce in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the Services, and ensure that they comply with such requirements;

3.9.3  take appropriate disciplinary action against any member of your Workforce who violates the terms of this Agreement or the Policies and Procedures;

3.9.4  ensure that only the person to whom a specific set of Credentials have been assigned accesses the Services with such Credentials; and

3.9.5  immediately notify us of the termination of employment of any member of your Authorized Workforce, or of your withdrawal of authorization for any such person to access the Services.

3.10 Personal Health Record.

You may make available to your patients portions of their medical records through a web-based or mobile application personal health record portal that we operate on your behalf (a “Patient Portal”). You are responsible for granting Patient Portal access privileges to your patients, either on an individual basis or for your entire patient population. You are solely responsible for the information that you make available through a Patient Portal. Health information included in Patient Portal will be held and administered by us on your behalf subject to the terms of this Agreement and our business associate obligations stated in Section 9.

3.11 Compliance with Law.

You are solely responsible for ensuring that your use of the Services complies with applicable law, including laws relating to the maintenance of the privacy, security, and confidentiality of patient and other health information. You will not grant any user, including members of your Authorized Workforce, any rights to access or use our Services that they would not be allowed to have under applicable laws. We offer no assurance that your use of the Services under the terms of this Agreement will not violate any law or regulation applicable to you. You acknowledge that we may share Your Information with third parties if we determine in good faith that disclosure of Your Information is necessary to (i) comply with a court order, warrant or other legal process, (ii) protect the rights, property or safety of Health Gorilla or others, (iii) investigate or enforce suspected breaches of this Agreement, or (iv) allow our third-party partners to comply with their obligations under federal or state law.

3.12 Professional Responsibility.

You will be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information in the Services, or concerning the qualifications or competence of persons who placed it there. We have no liability for the consequences to you or your patients of your use of the Services.

3.13 Cooperation.

You will cooperate with us in the administration of the Services, including providing reasonable assistance in evaluating the Services and collecting and reporting data requested by us for purposes of administering the Services.

3.14 Indemnification.

You hereby agree to indemnify, defend, and hold harmless us and other users, and our and their respective affiliates, officers, directors, employees and agents, from and against any claim, cost or liability, including reasonable attorneys’ fees, arising out of or relating to: (a) the use of the Services by you or your Workforce; (b) any breach by you or your Workforce of any representations, warranties or agreements contained in this Agreement; (c) the actions of any person gaining access to the Services under Credentials assigned to you or a member of your Workforce; (d) the actions of anyone using Credentials assigned to you or any member of your Workforce that adversely affects the Services or any information accessed through the Services; and (e) your negligent or willful misconduct, or that of any member of your Workforce. Your indemnification obligations in this Agreement (including this Section 3.14) are cumulative, and are not intended to, nor do they, limit your indemnification obligations elsewhere in this Agreement or at law, even if such obligations arise or are occasioned or triggered by a single assertion, claim, circumstance, action, event or transaction.

4. Use of Information

4.1 Purpose of Services.

The purpose of the Services is to store Your Health Information and (i) to make it available to you and your Authorized Workforce for any legal purpose, including treatment, payment and health care operations; (ii) to facilitate the sharing of individuals’ health information among users and other parties with whom you or your Authorized Workforce members elect to share such information, (iii) to make health information available to your patients through the Patient Portal. You may make Your Health Information accessible to other users of the Services, other individuals and entities, or to your patients through the Services for these purposes. You authorize us, as your business associate, to use and disclose Your Information as follows:

4.1.1  We will permit unrestricted access to Your Health Information to you and your Authorized Workforce. You are responsible for ensuring that your use of Your Health Information is consistent with the relevant legal restrictions.

4.1.2  We will permit access to Your Health Information to your patients to whom you have enabled to receive access through our Patient Portal.

4.1.3  We will permit access to Your Information by health care providers, covered entities and their business associates to whom you have Consented to provide access to the Services and who have otherwise agreed to integrate with our systems. We will obtain your Consent before we make Your Health Information available to other providers, covered entities and their respective business associates. You acknowledge that once we have granted access rights to another provider or covered entity (or their respective business associates), we have no control over the uses and disclosures that such person or entity makes of Your Health Information, and the recipient may be subject to its own legal or regulatory obligations (including HIPAA) to retain such information and make such information available to patients, governmental authorities and others as required by applicable law or regulation.

4.1.4  We may disclose or permit access to Your Information to entities such as, but not limited to, health plans, medical groups, independent practice associations, accountable care organizations, health information exchanges, your authorized service providers and other parties responsible for data exchange and their business associates.

4.1.5  We may De-Identify Your Information, and use and disclose De-Identified Information for any purpose whatsoever, including as provided by Section 5 and Section 7.2.

4.1.6  We may create limited data sets from Your Health Information, and disclose them for any purpose for which you may disclose a limited data set; and you hereby authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable law and regulation.

4.1.7  We may use Your Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the Services makes available, in order to render these reports to You or for any of the purposes described in our Privacy Policy. Preparation of such analyses and reports may include the use of data aggregation services relating to your treatment and health care operations, which we may perform using Your Health Information. Such reporting will be done in a manner that does not make any disclosure of Your Health Information that you would not be permitted to make.

4.1.8  We may use Your Information for the proper management and administration of the Services and our business, and to carry out our legal responsibilities, which may include us disclosing such information to one of our business associates that has entered into a business associate agreement in accordance with Section 9.4 below. We may also disclose Your Information for such purposes if the disclosure is required by law (as such term is defined in 45 CFR §164.103), or we obtain reasonable assurances (as such term is interpreted or applicable in connection with or under HIPAA) from the recipient that it will be held confidentially and used or further disclosed only (a) as required by law (as such term is defined in 45 CFR §164.103), or (b) for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.

4.1.9  We may use Your Health Information and Directory Information (defined below) to contact your patients on your behalf for any purpose for which you would be permitted to contact them, including:

(a)  For treatment and health care operations messages, including sending appointment notifications (such as appointment requests, confirmations, reminders, cancellations and the like) and messages about currently prescribed medications (including refill reminders), or post-visit treatment satisfaction surveys, invitations and administrative messages concerning Patient Portal access, and the like;

(b)  With your Consent, to request an authorization on your behalf from your patients to use or disclose their health information for any purpose for which use or disclosure may be made with an appropriate authorization, including marketing and research purposes. You agree that we may also use and disclose your patients’ health information as permitted by any such authorization; and

(c)  To provide information about health-related products or services that you provide, or that we provide on your behalf as your business associate.

4.1.10  From time to time we may incorporate information we receive from your authorized service providers (including Third-Party Applications as discussed in Section 11.2), our third party partners, or covered entities (and their business associates) who are providing or paying for medical services for one or more of your patients, into the Services we provide to you. Such information may include, without limitation, clinical information such as lab results, imaging results, eligibility information, prior authorizations and prescription history; and shall, upon incorporation into the Services, be treated as “Your Health Information” for all purposes hereunder. You hereby authorize us to request and receive such information on your behalf from such authorized service providers or our third party partners.

4.1.11  We may use or disclose Your Health Information for other purposes, as from time to time described in our Policies and Procedures; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate.

4.1.12  We may use Your Information to provide you with notifications regarding Your patients’ potential eligibility for certain programs, including savings programs, coupons, sampling, educational, safety, adherence or treatment support materials or other programs which you may choose to share with your patients (“Patient Support Programs”) as well as to administer the Support and Assessment Resources more fully described in Section 6 below. These notifications and materials are not a substitute for your professional medical judgment pertaining to the appropriateness of any such program for a given patient and you should discuss any such programs or materials with your patients directly. We may receive remuneration from the funding sources or sponsors for presenting you with Support and Assessment Resources or displaying their advertisements. In connection with offering or operating such Patient Support Programs or Support and Assessment Resources, we may share personally identifiable information about you for the purposes of program administration, and for assessing program eligibility, effectiveness or performance. We will only share such information with partners who are subject to confidentiality obligations. Additionally, we may disclose Personal Information about you to administrators of the Patient Support Programs or Support and Assessment Resources for recordkeeping, corporate integrity or regulatory reporting purposes.

4.2 Responsibility for Misuse by Other Users.

You acknowledge that in granting access to the Services for the purposes set forth in Section 4.1, we will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the system, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the Services will contain certain technical safeguards against misuse of the Services, it will rely to a substantial extent on the representations and undertakings of users of the Services. You agree that we will not be responsible for any unlawful access to or use of Your Health Information by any user resulting from the user’s misrepresentation to us, or breach of the user’s user agreement or our Policies and Procedures.

4.3 Specially Protected Information.

We apply the standards of the Privacy Rule in permitting access to the Services. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in Section 4.1, subject to the restrictions of the Privacy Rule and applicable law, including those laws that may be more restrictive than the Privacy Rule. In particular, you will:

4.3.1  not make available to other users through the Services any information in violation of any restriction on use or disclosure (whether arising from your agreement with such users or under law);

4.3.2  obtain all necessary consents, authorizations or releases from individuals required for making their health information available through the Services for the purposes set forth in Section 4.1;

4.3.3  include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the Services; and

4.3.4  not place in the Services any information that you know or have reason to believe is false or materially inaccurate.

4.4 Universal Chart.

With your Consent, we will make your online heath record for any patient you designate accessible to any other user of the Services or any third party whom you approve. We may, from time to time, identify Your patient who may have a Universal Chart available, whereby You may elect to join Your patient’s health record into Universal Chart. You may revoke your Consent with respect to any other user at any time. While your Consent is in effect, an approved user may view, edit or otherwise alter any health record you have designated for his or her use. If you revoke your Consent, the approved user will continue to have the ability to view the health record in the form in which it existed at the time you revoked your Consent, but will not be able to view changes made to the record thereafter, and will not be able to edit the record. The same rules apply to your use of another user’s record who approves access by you. You and your Workforce are fully responsible for the information in any chart that you share. You or your Workforce should not share patient information that violates any state or federal laws. In any event, but especially in cases of potential fraud, misuse or abuse of the Services, we reserve the right, in our sole judgment, to revoke, remove, cancel or deny continued access to any health record or any Universal Chart request.

4.5 Provider Directories.

We may include your Directory Information (defined below) in our “Provider Directories,” which are electronic directories for patients and the general public, other members of the healthcare community. Provider Directories may be made available in various electronic formats, including searchable databases, Provider landing pages, interactive reference tools, reference lists, and integrated look-up features, among others. They may also incorporate information designed to help users, such as integrated maps, and licensure confirmation tools, among others. Provider Directories may include a “contact” feature that allows users to contact other users directly through the Services. Our Provider Directory may be made available to public search engines to aid Provider discovery. Listing in the Provider Directories is subject to eligibility criteria.  A Provider’s “Directory Information” includes the Provider’s name, name(s) of physicians or other healthcare professionals associated with a Provider, associated specialties, Provider’s business telephone number(s) and physical address(es), National Provider Identifiers (or NPI), State license(s) and the Provider’s available appointment slots, as each is indicated from information a Provider has inputted or imported into the Services or we imported from public databases such as NPI. The Directory Information may include additional information you input or upload into profile tools we make available in the Services (such as a profile photograph, accepted insurance, available office hours, a front desk email address, and the like), as and when such tools are available.

4.6 Care Coordination and Clinical Data Exchange.

We will enable Clinical Data Exchange between You and your business associate(s) or those covered entities (and their respective business associates), including health systems, Independent Practice Associations, Accountable Care Organizations, and payers, who desire to transmit such data to you with respect to patients they have a treatment or payment relationship or with whom you have Consented to provide such data (all third parties collectively referred herein as “Transmission Partner”). While such transmission integrations are in effect, such Transmission Partner may send and receive clinical data to and from your account on a routine and recurring basis. You may disable an integration with any Transmission Partner by contacting us, but any clinical data already received by such Transmission Partner will remain in its possession, subject to the terms of your independent agreements with such Transmission Partner, if any. You are solely responsible for ensuring that You have all necessary consents from Your patients applicable to the sharing of any of Your Health Information under applicable law with respect to each Transmission Partner with whom you have Consented to share any information under this Section 4.6.

5. Providing Physician Data to Payers and Others

Without limiting the provisions of Section 7.2, you agree that we may provide De-Identified Health Information and other information (including Your Personal Information and information concerning your practice) to any medical group, independent practice association of physicians, health plan or other organization with which you have a contract to provide medical services, or to whose members or enrollees you provide medical services. Such information may identify you, but will not identify any individual to whom you provide services. Such information may include aggregated data concerning your patients, diagnoses, procedures, orders and the like.

6. Support and Assessment Resources; Advertising

We may also present to you, through the Services or through the use of Your Information, the opportunity to utilize or engage in clinical decision support or assessment resources or informational programs (“Support and Assessment Resources,” which may also include, for the avoidance of doubt, Patient Support Programs (as previously described in Section 4.1.12)). We may also place advertisements concerning the products and services of third parties throughout the Services, so that you see them when you use the Services. Such Support or Assessment Resources or advertisements may be funded or sponsored by third parties, and may include branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources. They may also include opportunities to participate in informational surveys or studies, or to discuss with your patients potential clinical trials or other research programs. We may receive remuneration from the funding sources or sponsors for presenting you with Support and Assessment Resources or displaying their advertisements. In connection with offering or operating such Support and Assessment Resources or delivering advertising, we may share personally identifiable information about you for the purposes of assessing program eligibility, effectiveness or performance with partners who are subject to confidentiality obligations. Additionally, if you choose to engage or utilize one of the Support and Assessment Resources, you may be asked to provide personal information that may be used to supplement Your Information as well as information gathered as part of the program itself (e.g., responses to surveys). This information will be used to provide the content or services described in the Support and Assessment Resources or provide you with any gift or honoraria associated with the program. If you receive remuneration for participating in a sponsored survey, for example, we may be required to provide the funding source or sponsor with information about you for its recordkeeping, regulatory reporting or measurement purposes.

7. Intellectual Property Rights

7.1 Individually Identifiable Health Information.

You retain all rights with regard to Your Health Information, and we will only use such information as expressly permitted in this Agreement.

7.2 De-Identified Information.

In consideration of our provision of the Services, you hereby transfer and assign to us all right, title and interest in and to all De-Identified Information that we make from Your Information pursuant to Section 4.1.5. You agree that we may use, disclose, market, license and sell such De-Identified Information for any purpose without restriction, and that you have no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. You acknowledge that the rights conferred by this Section are the principal consideration for the provision of the Services, without which we would not enter into this Agreement.

7.3 Other Works and Information.

You hereby grant to us a nonexclusive, royalty-free, fully paid-up, perpetual, irrevocable, worldwide and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display any information, material or work product – other than Your Information that has not been De-Identified – you provide to this site or the Services. You agree that we may use, disclose, market, license, and sell such information and works, including derivative products, without restriction. This includes, for example, custom templates that you create using the Services, and information (other than Your Information that has not been De-Identified) that you contribute to forums, discussion groups and the like. You may provide content or material to this site by participating in forums, discussion groups and the like, or by using the site to create custom templates and the like. Furthermore, you agree that we may use, disclose, market, license and sell such material or content, and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material you provide will not infringe or otherwise violate the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law.

8. Individuals’ Rights

You are solely responsible for affording individuals their rights with respect to relevant portions of Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the Services other than Your Health Information.

9. Business Associate Provisions

In maintaining, using and affording access to Your Health Information in accordance with this Agreement, we will, in accordance with the requirements of HIPAA, as such requirements are informed by the guidance given by the United Stated Department of Health and Human Services (or any office, department or agency operating thereunder, “HHS”):

9.1  Not use or disclose such information except as permitted or required by this Agreement or as required by law (as such term is defined in 45 CFR §164.103);

9.2  Use appropriate safeguards consistent with the requirements of the Security Rule with respect to Your Health Information to prevent the use or disclosure of such information in a manner inconsistent with the provisions of this Agreement;

9.3  Report to you any use or disclosure of Your Health Information not provided for by this Agreement of which we become aware, including breaches of Your Health Information that meets the definition of “unsecured protected health information” under HIPAA, in each case as required by §164.410 of HIPAA, and any security incident (as defined by HIPAA) involving Your Health Information of which we become aware;

9.4  In accordance with §§164.502(e)(1)(ii) and 164.308(b)(2) of HIPAA, as applicable, ensure that any subcontractors that create, receive, maintain or transmit Your Health Information on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information (as such requirement is interpreted or applicable in connection with or under HIPAA); and we obtain satisfactory assurances (as such term is interpreted or applicable in connection with or under HIPAA) that such subcontractors will appropriately safeguard such information (it being understood, for the avoidance of doubt, that other users of the Services are not our subcontractors);

9.5  Make available to you Your Health Information in furtherance of your obligations under §164.524 of the Privacy Rule;

9.6  Make available to you Your Health Information in furtherance of your obligations to amend and incorporate any amendments to such information in accordance with §164.526 of the Privacy Rule;

9.7  Maintain and make available Your Health Information to provide an accounting of disclosures in accordance with §164.528 of the Privacy Rule;

9.8  To the extent that we are to carry out your obligations under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to you in the performance of such obligations;

9.9  Make our internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by us on your behalf, available to the Secretary of HHS for purposes of determining your compliance with the Privacy Rule; and

9.10  At termination of this Agreement we will provide the Provider of Record with a copy of Your Health Information in an electronic form that is accessible through commercially available hardware and software. You may have to purchase such hardware and software from third parties in order to access your data, and you may have to configure your systems in order to use your data in your practice. Upon termination we will, if feasible, return or destroy all Protected Health Information received from, or created or received by us on your behalf that we still maintain in any form, and retain no copies of such information; or, if such return or destruction is not feasible (whether for technical, legal, regulatory or operational reasons), extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. You acknowledge that if you have approved, in accordance with the terms of this Agreement, other users of our Services (such as your patients or other providers) or their respective business associates, we will continue to make such information and data available to such users pursuant to the terms of the agreements we have with them.

10. Computer Systems

You agree and acknowledge that you will be required to acquire, install, configure and maintain all hardware, software and communications systems necessary to access the Services (your “Implementation”). Your Implementation will comply with the specifications from time to time established by us. You will ensure that your Implementation is compatible with the Services. If we notify you that your Implementation is incompatible with the Services, you will eliminate the incompatibility, and we may suspend Services to you until you do so.

11. Third-Party Services

11.1  We may also present to you, through the Services (including via emails, displays or advertisements) or through the use of Your Information, the opportunity to learn about, access, integrate with, or otherwise use services operated by third parties (each a “Third-Party Service”). If you choose to sign-up for or utilize a Third-Party Service, that Third-Party Service may be able to access Your Information. Additionally, we may allow you to access the Third-Party Services, or integrate the Services you receive from us with such Third-Party Services using your Credentials that allow you to receive services or information from such Third-Party Services. Although we may receive remuneration from the operators or sponsors of these Third-Party Services, we do not endorse any Third-Party Services and you are responsible for evaluating any Third-Party Services prior to signing-up for, accessing, or integrating them (including any information) with the Services you receive from us.

11.2  We are not responsible for the quality or efficacy of any Third-Party Services, or their information privacy or security practices, and we have no responsibility for the information, goods or services offered or provided by the operators of such Third-Party Services, or for the manner in which they conduct their operations. Your use of Third-Party Services and the materials, information, goods and services offered by them is entirely at your own risk, and is subject to the terms of use of the third parties operating or providing them, if any. You should assume that any Internet page or other material that does not bear the official Health Gorilla logo is provided by a third party. You should review the applicable terms of any agreement, terms of use and privacy policies of any Third-Party Services, since they are subject only to the agreements you have with the operators of such Third-Party Services, and not covered by this Agreement. Further, the Third-Party Services may use Your Information in a way that we would not. You further acknowledge that your use of any Third-Party Services is on an “as-is” basis. Please see our Privacy Policy for further information regarding Third-Party Services.

12. Fees and Charges

12.1 Service Fees.

We reserve the right to charge you a service fee (the “Service Fee”) for the Services to which you have access during the Term of this Agreement. Current Service Fee plans and subscriptions are available here. You also agree to pay, at our then current rates, for all goods, services, or features that you utilize, or otherwise request from us and that are not included in our standard services (“Miscellaneous Charges”). We will notify you of the Service Fee when you are granted access to a service, and we will notify you of the applicable Miscellaneous Charges before performing services or enabling features to which a Miscellaneous Charge will apply. We reserve the right to change the Service Fee and Miscellaneous Charges, or to add new fees or charges. In that event, we will give you notice in advance of any such changes, and an opportunity to cancel.

12.2 Payment.

The Service Fees and any Miscellaneous Charges shall be paid within twenty (20) days of date of invoice at the address set forth in the invoice, or such other address as may be set forth in our Policies and Procedures.

12.3 Late Charges.

Fees not paid within ten (10) business days of the due date are subject to a late charge of five percent (5%) of the amount owing and interest thereafter at the rate of one and one-half percent (1½%) per month on the outstanding balance, or the highest amount permitted by law, whichever is lower. Failure to pay fees within ten (10) days of the due date may result in termination of access to the Services without notice. A reconnection fee equal to one (1) month’s Service Fee shall be assessed to re-establish connection after termination due to non-payment.

12.4 Taxes.

All charges and fees shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and you agree to pay any tax (excluding taxes on our net income) that we may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services purchased under this Agreement. The amount we charge you for a Service may include certain taxes or charges applicable thereto your purchase. If any tax or charge applicable is not charged by us, you acknowledge that you are solely responsible for paying such tax or other charge.

12.5 Other Charges.

You are responsible for any charges you incur to use the Services, such as telephone and equipment charges, and fees charged by third-party vendors of products and services.

12.6 Payment Information; Method of Payment.

By providing payment information to us, you hereby represent and warrant that you are authorized to use the payment method you provide, that such information is accurate, and that we are authorized to charge you for the applicable Services using the established payment method and the information you provided. You are solely responsible for notifying us of any changes to your payment information.

13. Confidential Information

13.1  You may not disclose our Confidential Information to any other person, and you may not use any Confidential Information except for the purpose of this Agreement. Except as otherwise provided in this Agreement, you may not, without our prior written consent, at any time, during or after the Term of this Agreement, directly or indirectly, divulge or disclose Confidential Information for any purpose. In addition, except for the purposes of using the Services, you will not use Confidential Information for any other purposes. You will hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You will disclose Confidential Information only to members of your Workforce who have a need to use it for the purposes of this Agreement. You will inform all such recipients of the confidential nature of Confidential Information and will instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You will promptly advise us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to your attention.

13.2  You agree that we will suffer irreparable harm if you fail to comply with your obligations set forth in Section 13.1, and you further agree that monetary damages will be inadequate to compensate us for any such breach. Accordingly, you agree that we will, in addition to any other remedies available to us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.

14. Disclaimer, Exclusion of Warranties, and Limitation of Liability

14.1 Carrier Lines.

YOU ACKNOWLEDGE THAT ACCESS TO THE SERVICES WILL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION WILL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, “CARRIER LINES”) OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR, OR RELATING TO, THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.

14.2 No Warranties.

ACCESS TO THE SERVICES AND THE INFORMATION CONTAINED ON THE SERVICES IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, AND WE DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SERVICES OR THE INFORMATION IN THE SERVICES, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SERVICES.

14.3 Conditions for Breach.

We will not be deemed to be in violation of this Agreement unless you have first given us written notice specifying the nature of the default, and we have failed within thirty (30) days of receipt of the notice either to cure the default or, if cure within such period is not practicable, to be diligently proceeding to cure the default.

14.4 Other Users.

YOU ACKNOWLEDGE THAT OTHER USERS HAVE ACCESS TO AND ARE USING OUR SERVICES AND THE ACTIONS OF SUCH OTHER USERS ARE BEYOND OUR CONTROL. ACCORDINGLY, WE DO NOT ASSUME ANY LIABILITY FOR OR RELATING TO ANY IMPAIRMENT OF THE PRIVACY, SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, OR RESTRICTED USE OF ANY INFORMATION ON THE SERVICES RESULTING FROM ANY USER’S ACTIONS OR FAILURES TO ACT.

14.5 Unauthorized Access; Lost or Corrupt Data.

WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY PERSONS USING THE SERVICES OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SERVICES, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM PROGRAMMING ERROR, OPERATOR ERROR, EQUIPMENT OR SOFTWARE MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE CONTENT OF ANY INFORMATION TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THE SERVICES.

14.6 Limitation of Liability.

NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, OUR AGGREGATE LIABILITY UNDER THIS AGREEMENT, REGARDLESS OF THEORY OF LIABILITY, SHALL BE LIMITED TO THE AGGREGATE FEES ACTUALLY PAID BY YOU UNDER THIS AGREEMENT FOR THE SIX (6) MONTH PERIOD PRECEDING THE EVENT FIRST GIVING RISE TO THE CLAIM.

15. Insurance

You will obtain and maintain such policies of general liability, errors and omissions, and professional liability insurance with reputable insurance companies as is usually carried by persons engaged in your business covering the term of this Agreement.

16. Term; Modification; Suspension; Termination

16.1 Term.

The initial term of this Agreement shall commence on the date you “sign up” for the Services and continue for a period of one (1) year, and thereafter automatically continue until terminated as provided in this Section.

16.2 Termination upon Notice.

Notwithstanding Section 16.1, we or you may terminate this Agreement at any time without cause upon thirty (30) days’ prior written notice to the other Party.

16.3 Modification.

We may update or change the Services or the terms set forth in this Agreement from time to time.  Accordingly, we recommend that you review the Agreement on a regular basis. You understand and agree that your continued use of the Services after the Agreement has been updated or changed constitutes your acceptance of the revised Agreement. Without limiting the foregoing, if we make a change to the Agreement that materially affects your use of the Services, we may post notice or notify you via email or our website(s) of any such change.

16.4 Termination, Suspension or Amendment as a Result of Government Regulation.

Notwithstanding anything to the contrary in this Agreement, we have the right, on notice to you, immediately to terminate, suspend, or amend this Agreement, without liability: (a) to comply with any order issued or proposed to be issued by any governmental agency; (b) to comply with any provision of law, any standard of participation in any reimbursement program, or any accreditation standard; or (c) if performance of any term of this Agreement by either Party would cause it to be in violation of law, or would jeopardize its tax-exempt status.

16.5 Judicial or Administrative Procedures; Credentialing.

We may terminate this Agreement immediately upon notice to you: (a) if you are named as a defendant in a criminal proceeding for a violation of federal or state law; (b) if a finding or stipulation is made or entered into that you have violated any standard or requirement of federal or state law relating to the privacy or security of health information is made in any administrative or civil proceeding; (c) you are excluded from participation in a federal or state health care program; or (d) you cease to be qualified to provide services as a health care professional, or we are unable to verify your qualifications as such.

16.6 Suspension of Access.

We may suspend access to the Services by you or any member of your Workforce immediately pending your cure of any breach of this Agreement, or in the event we determine in our sole discretion that access to or use of the Services by you or the member of your Workforce may jeopardize the Services or the confidentiality, privacy, security, integrity or availability of information within the Services, or that you or the member of your Workforce has violated or may violate this Agreement or our Policies and Procedures, or has jeopardized or may jeopardize the rights of any third party, or that any person is or may be making unauthorized use of the Services with any Credentials assigned to you or a member of your Workforce. We may terminate the access of any member of your Authorized Workforce upon termination or change in status of his or her employment with you. Our election to suspend the Services shall not waive or affect our rights to terminate this Agreement as permitted under this Agreement.

16.7 Obligations after Termination.

Upon termination of this Agreement, you will (i) cease all use of the Services, (ii) pay the outstanding balance of any fees due to us, and (iii) remove all software provided under this Agreement from your computer systems. All provisions of the Agreement which, by their nature, should survive termination shall survive termination, including Sections 1, 3.15, 5, 7, 9.10, 11.2, 12 through 15, 16.7, 17, 18, 19.3, and 20 through 27.

17. Applicable Law

The interpretation of this Agreement and the resolution of any disputes arising under this Agreement shall be governed by the laws of the State of California, without regards to its conflicts of laws provisions. If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in the County of Santa Clara, California.

18. Arbitration

18.1  EXCEPT FOR CLAIMS BY EITHER PARTY UNDER ANY OF THE SECTIONS OF THIS AGREEMENT LISTED IN SECTION 18.2, ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, SHALL BE SUBJECT TO FINAL AND BINDING ARBITRATION GOVERNED BY THE FEDERAL ARBITRATION ACT (9 U.S.C. §§ 1 ET SEQ.). THE ARBITRATION SHALL BE CONDUCTED BEFORE A SINGLE ARBITRATOR IN ACCORDANCE WITH THE COMMERCIAL DISPUTE RESOLUTION PROCEDURES AND THE SUPPLEMENTARY PROCEDURES FOR CONSUMER RELATED DISPUTES OF THE AMERICAN ARBITRATION ASSOCIATION (THE “AAA”) THEN IN EFFECT, AS MODIFIED BY THIS AGREEMENT, AND WILL BE ADMINISTERED BY THE AAA. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE EITHER PARTY FROM SEEKING TEMPORARY OR PRELIMINARY INJUNCTIVE RELIEF IN CONNECTION WITH AN ARBITRABLE CONTRVERSY, BUT ONLY UPON THE GROUND THAT THE AWARD TO WHICH THAT PARTY MAY BE ENTITLED MAY BE RENDERED INEFFECTUAL WITHOUT SUCH PROVISIONAL RELIEF.

18.2  THIS AGREEMENT TO ARBITRATE SHALL NOT APPLY TO CLAIMS BY ANY PARTY BROUGHT UNDER AND TO ENFORCE ANY ONE OR MORE OF THE FOLLOWING SECTIONS OF THIS AGREEMENT: 2.1; 3.1.2; 3.1.3; 3.2; 3.4.3(c), (d), or (e); 3.8; 3.9; or, TO THE EXTENT APPLICABLE TO THE FOREGOING SECTIONS, 16.7.

18.3  THE PARTIES AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF, CLASS MEMBER, OR PRIVATE ATTORNEY GENERAL IN ANY PURPORTED CLASS, REPRESENTATIVE, OR PRIVATE-ATTORNEY-GENERAL PROCEEDING. BY ENTERING INTO THIS AGREEMENT, YOU AND WE ARE EACH WAIVING THE RIGHT TO A JURY TRIAL OR TO PARTICIPATE IN A CLASS ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIM WITH YOUR CLAIMS OR OUR CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY REPRESENTATIVE, CLASS, OR PRIVATE-ATTORNEY-GENERAL PROCEEDING. THE ARBITRATOR MAY AWARD DECLARATORY OR INJUNCTIVE RELIEF ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF WARRANTED BY THAT PARTY’S INDIVIDUAL CLAIM.

18.4  Any part of this agreement to arbitrate that shall prove to be invalid, void, or illegal shall in no way affect, impair, or invalidate any other provision of this agreement to arbitrate, and such other provisions shall remain in full force and effect.

19. Amending Provider Information; Assignability of this Agreement; Assurances

19.1 Amending Provider Information.

If you are a Provider of Record, you are required to submit to us all information necessary to confirm yourself as the Provider of Record, and maintain the accuracy of such information, in a timely fashion, during the term of this Agreement. You are also required to maintain the accuracy of all information associated with each Credential. We shall be entitled to rely on all information you submit to us under this Agreement, including pursuant to Section 3.1 or this Section 19.1. In the event that you contact us and assert that you have authority to act on behalf of a Provider or any of its account(s) or data, you hereby agree to submit to us such written certifications, assurances (which may include a written opinion of your counsel identifying us as beneficiaries entitled to rely on such opinion), instruments or judicial process as we, in our sole discretion, may request.

19.2 Assignments.

This Agreement may be transferred in its entirety by a Provider of Record in connection with the sale, transfer or reorganization of all or substantially all of the practice or business to which this Agreement relates; provided that each of the following conditions are satisfied in full: (a) an authorized representative of the transferor or transferee notifies us in writing of the transfer, the legal name of the transferee, and date of transfer; (b) the transferor or transferee submits to us such written certifications, assurances (which may include a written opinion of your counsel identifying us as beneficiaries entitled to rely on such opinion) or instruments as we, in our sole discretion, may request; and (c) we are satisfied, in our sole discretion, of the validity of the certifications, assurances or instruments submitted pursuant to clause (b). Upon our recognition of a transfer by a Provider of Record, the Administrative Rights and all User accounts of such Provider of Record’s Authorized Workforce shall automatically transfer to such Provider of Record’s recognized transferee. Except as expressly set forth in this Section 19.2, you may not assign or transfer this Agreement, in whole or in part, without our prior written consent, which may be withheld at our sole discretion. We may freely assign this Agreement in connection with a merger, acquisition, or sale of assets, or by operation of law or otherwise.

19.3 Assurances.

By requesting or directing us to take any action described in Section 19.1 or Section 19.2 with respect to any Provider or any account(s) or data held by such account(s), you represent and warrant that (i) you have the authority to act on such Provider’s behalf or to control such account(s) or data, and (ii) your request or direction is not in furtherance of any purpose or action that would violate any provision of this Agreement, applicable law or the rights of any person or entity. YOU HEREBY WAIVE AND UNCONDITIONALLY RELEASE US, OUR AFFILIATES, AND OUR AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS, FROM ANY AND ALL CLAIMS, DEMANDS, DAMAGES, DEBTS, LIABILITIES, EXPENSES, ACTIONS AND CAUSES OF ACTIONS OF EVERY KIND AND NATURE, WHETHER NOW KNOWN OR UNKNOWN, ARISING OUT OF OR IN CONNECTION WITH ANY ACTION WE TAKE OR DO NOT TAKE IN RESPONSE TO ANY REQUEST, DIRECTION, INFORMATION, CERTIFICATION, ASSURANCE OR INSTRUMENTS WE RECEIVE FROM YOU IN ACCORDANCE WITH SECTION 19.1 OR SECTION 19.2. ACCORDINGLY, YOU AGREE TO WAIVE THE BENEFIT OF ANY LAW, INCLUDING, TO THE EXTENT APPLICABLE, CALIFORNIA CIVIL CODE § 1542 (OR SIMILAR PROVISIONS OF THE LAWS OF OTHER STATES), WHICH STATES,

A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM OR HER MUST HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH THE DEBTOR

You hereby agree to indemnify, defend, and hold harmless us and other users, and our and their respective affiliates, officers, directors, employees and agents, from and against any claim, cost or liability, including reasonable attorneys’ fees arising from: (a) any action we take in reliance on any information, certification, assurance or instrument you provide to us, or (b) any action we take that complies with any request or direction you at any time make or made.

20. Supervening Circumstances

No Party to this Agreement shall be deemed in violation of this Agreement if it is prevented from performing any of the obligations under this Agreement by reason of: (a) severe weather and storms; (b) earthquakes or other natural occurrences; (c) strikes or other labor unrest; (d) power failures; (e) nuclear or other civil or military emergencies; (f) acts of legislative, judicial, executive, or administrative authorities; or (g) any other circumstances that are not within its reasonable control.

21. Severability

Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of this Agreement, and such other provisions shall remain in full force and effect.

22. Notices

Any and all notices required or permitted under this Agreement shall be sent by United States mail or fax transmission to the address provided below or to such other and different addresses as the Parties may designate in writing. If you supply us with an electronic mail address, we may give notice by email message addressed to such address; provided that if we receive notice that the email message was not delivered, we will give the notice by United States mail or fax.

To us:

Health Gorilla Inc.

185 N Wolfe Rd

Sunnyvale, CA 94085

To you, at the current contact information on file with us at the time notice is given.

23. Waiver

No term of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.

24. Complete Understanding; Amendments

This Agreement contains the entire understanding of the Parties, and there are no other written or oral understandings or promises between the Parties with respect to the subject matter of this Agreement other than those contained or referenced in this Agreement.

25. No Third-Party Beneficiaries

Except as expressly provided for in Sections 2.2, 3.15, 14 and 19.3, nothing express or implied in this Agreement is intended to confer, nor shall confer, upon any person or entity other than the parties and their respective successors or assigns any rights, remedies, obligations, or liabilities whatsoever.

26. Electronic Transactions

The Services give you the ability to enter into agreements, authorizations, consents and applications; make referrals; order lab tests; prescribe medications; or engage in others transactions electronically. YOU ACKNOWLEDGE THAT YOUR ELECTRONIC SUBMISSIONS VIA THE SERVICES IN CONNECTION WITH SUCH ACTIVITIES CONSTITUTE YOUR ACKNOWLEDGMENT THEREOF AND YOUR AGREEMENT AND INTENT TO BE BOUND BY SUCH AGREEMENTS AND TRANSACTIONS, AND APPLIES TO ALL RECORDS RELATING TO SUCH TRANSACTIONS. You represent and warrant that you have the authority to take such actions.

27. Privacy Policy

The Services are provided by us under this Agreement on our website healthgorilla.com. Your use of our Services are subject to our Privacy Policy. By using the Services, you are consenting to the terms of the Privacy Policy and acknowledge that you have reviewed our Privacy Policy.

HIPAA Compliance

STATEMENT OF HIPAA COMPLIANCE

THIS STATEMENT OF HIPAA COMPLIANCE (“Compliance Statement”) is dated 6.15.2016 by Health Gorilla, Inc. (“Company”).



The Company is committed to protecting the privacy of Protected Health Information in accordance with HIPAA.  The HIPAA regulations applicable to Company include the Standards for the Privacy of Individually Identifiable Health Information (the “Privacy Standards”), the Security Standards for the Protection of Electronic Protected Health Information (the “Security Standards”) and the requirements for Breach Notification for Unsecured Protected Health Information (the “Breach Notification Standards”).  All of these regulations establish requirements with respect to Company’s use and disclosure of Protected Health Information.



HIPAA is not the only law governing Company with respect to patient privacy.  Company’s policy is also to comply with state laws and other federal laws governing patient privacy, to the extent those laws are not preempted by HIPAA and to the extent applicable to Company.



Company has adopted this HIPAA Compliance Program (the “Program”), consisting of approximately thirty one (31) policies and procedures (collectively, the “Privacy Policies”) and an additional and separate forty two (42) policies and procedures relative to security of EPHI (collectively, the “Security Policies”), to assure its compliance with the Privacy Standards, the Security Standards and the Breach Notification Standards and applicable state laws governing privacy, to the extent such state laws are not preempted by HIPAA.  Recognizing that conducting the Program is an evolving process, Company may, from time to time, implement other policies and procedures, and may modify existing policies and procedures, to reflect its commitment to patient privacy and compliance with HIPAA.



The Program is a detailed and specific set of policies and procedures with which all Company personnel who use, disclose or access Protected Health Information must comply.  The Program, and other information pertaining to Company’s protection of patient privacy, may be subject to inspection by the Secretary of HHS for the purpose of monitoring compliance with HIPAA.



Our Workforce members are trained to comply with the Program, will immediately report any potential violation of the Program to the Privacy Officer, and assist other Workforce members and authorized outside personnel to investigate any alleged violations.  Questions about this program should be directed to our Privacy Officer directly via 844.446.7455 or via privacy@healthgorilla.com.



IN WITNESS WHEREOF, the Company has executed this Compliance Statement on the date first set forth above.



HEALTH GORILLA, INC.