PRIVACY POLICY

HIPAA Business Associate Agreement (BAA)

Effective date: 1st of July 2020

Thank you for using The CareMD Inc! We’re happy You’re here. Please read this Healthcare Insurance Portability and Accountability Act (HIPAA) compliant Business Associate Agreement carefully before signing up. You have indicated Your agreement to this Healthcare Insurance Portability and Accountability Act (HIPAA) Associate Agreement by logging in. By logging in, You agree that You have read, understood, and agree to the terms above on the date you log in.

Because it is such an important Agreement between The CareMD Inc and Our users, We have tried to make it as clear as possible. For Your convenience, We have presented a short non-binding summary of this Agreement followed by the full legal terms. In addition, We have included in each section a "short version" followed by the full legal version.

Summary

A. Definitions

A list of terms found in this Agreement. This list is an effort to reduce any potential misinterpretation between both parties. 

B. Our Responsibilities

What The CareMD Inc can or cannot do, as well as have to do. This section is designed to set clear criteria for You to hold The CareMD Inc accountable. 

C. Your Responsibilities

What You can or cannot do, as well as have to do. This section is designed to set clear criteria for The CareMD Inc to hold You accountable. 

D. Termination

What happens if either You or The CareMD Inc terminate this Agreement.

E. General Provisions

Legal provisions that dont fall under the previous sections. They apply to both Parties and protect both by giving additional clarity and protection around a number of scenarios that could play out in this Agreement. 

This HIPAA Business Associate Agreement (the “Agreement" ) is between The CareMD Inc ("Business Associate") and You ("Covered Entity").

Its purpose is to define how The CareMD Inc will provide Services to You under the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") as set forth in Code of Federal Regulations 45 CFR Parts 160 and 164 and Subparts A through E ("Privacy Rule" and "Security Rules") and the Health Information Technology for Economic and Clinical Health (HITECH), Public Law 111-005.

You and The CareMD Inc (together referred to as the "Parties") will enter into this Agreement as follows.

A. Definitions

  • The “Agreement” refers, collectively, to all the terms, conditions, and notices contained or referenced in this document (the “Business Associate Agreement") and all other terms and policies, available at the bottom of our Website home page. 

  • “Breach” refers to the acquisition, use, or disclosure of Information that compromises the security or privacy of Information as defined by the Code of Federal Regulations 45 CFR 164.402.

  • "Business Associate" is defined by Code of Federal Regulations 45 CFR 160.103, and in this document will be specified as The CareMD Inc.

  • "Covered Entity" is defined by Code of Federal Regulations 45 CFR 160.103, and in this document will be referred to as “You”, or “Your”.

  • "Disclosure" refers to the release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the Information. 

  • “Effective Date” shall mean the date You agree to this Agreement by signing up.

  • “The CareMD Inc”, “We”, and “Our” refer to The CareMD Inc, as well as our affiliates, directors, subsidiaries, contractors, licensors, officers, agents, and employees.

  • “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules as defined by the Code of Federal Regulations 45 CFR Part 160 and Part 164.

  • “Information” shall mean both “Protected Health Information (PHI)” and "Personal Information".

  • "Parties" is defined in the Agreement as both You (“Covered Entity”) and The CareMD Inc ("Business Associate").

  • "Personal Information" is information in addition to Protected Health Information (PHI) about Our users which could, alone or together with other information, be used to identify the individual. Information such as an email and password, a real name, and a photograph are examples of Personal Information. Personal Information does not include aggregated, non-personally identifying information. The CareMD Inc may use aggregated, non-personally identifying information to operate, improve, and optimize our Website and Services.

  • "Protected Health Information (PHI)" also referred to as Personal Health Information or Electronic Protected Health Information (ePHI) in Our legal documents, is defined by Code of Federal Regulations 45 CFR 160.103 and is both physical and electronic Information that The CareMD Inc receives from You or an individual. It is Information on an individual’s past, present, or future physical or mental health condition, tests, results, provision, or payment, and if it could be used to identify the individual it is called "Personally Identifiable Information (PII)".

  • The “Service” refers to the applications, software, products, and services provided by The CareMD Inc.

  • “Unsecured Protected Health Information” is defined by the Code of Federal Regulations 45 CFR 164.402. It is Protected Health Information (PHI) that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons.

  • “You”, and “Your” refer to the user i.e. individual that has or is using Our Services, and that accesses or uses or directs any part of the Services. A User must be at least 13 years of age.

  • The “Website” refers to https://The CareMD.com, and all content and Services, provided by The CareMD Inc at or through the Website or any subdomains

Occasionally, Websites owned by The CareMD Inc may provide different or additional User agreements. If those conflict with this Agreement, the more specific terms apply to the relevant page or Service.

B. Our Responsibilities

Short version

The CareMD Inc manages Your patients Information in compliance with HIPAA Rules and U.S. Department of Health & Human Services (HSS).

  1. Disclosure of Information

The CareMD Inc will not use or disclose You or Your patients Information in any way not covered in this Agreement or that is prohibited by law. 

  1. Securing of Information

The CareMD Inc will secure Your patients Information to prevent unauthorized use or disclosure, including implementing requirements of the HIPAA Rules.

  1. Breach of Information

The CareMD Inc will report to You any breaches of You or Your patients Information that are not covered in this Agreement in accordance to the Code of Federal Regulations 45 CFR Part 164 Subpart D.

  1. Account of Information request

The CareMD Inc will communicate when a patient requests an account of their Information and assist You in responding, completing or denying the request. 

  1. Subcontractors Compliance 

The CareMD Inc will ensure that any subcontractors it may engage with that have access to You or Your patients Information will agree to the same restrictions and conditions that apply to The CareMD Inc with respect to You or Your patients Information.

  1. Your HIPAA Rules Obligations 

The CareMD Inc will carry out Your obligation under the HIPAA Rules that require The CareMD Inc to comply with the requirements applicable to the obligation.

  1. Your Health & Human Services (HHS) Compliance

The CareMD Inc will make available to the Department of Health and Human Services (HHS) Our internal practices, books, and records relating to the use and disclosure of Protected Health Information (PHI) received from, created, or received by The CareMD Inc on behalf of You, for purposes of Department of Health and Human Services (HHS) determining Your compliance with the HIPAA Rules.

Your Health Information Rights 

The health and billing records we maintain are the physical property of the facility The information in it, however, belongs to you. You have the right to: 

  • Request a restriction on certain uses and disclosures of your health information by delivering the request to our office--we are not required to grant the request, but we will comply with any request we do decide to grant; 

  • Obtain a paper copy of the current Notice of Privacy Practices for Protected Health Information (“Notice”) by making a request at our office; 

  • Request that you be allowed to inspect and copy your health record and billing record--you may exercise this right by delivering the request to our office; 

  • Appeal any denial of access to your protected health information, except in certain circumstances; 

  • Request that your health care record be amended to correct incomplete or incorrect information by delivering a request to our office. We may deny your request if you ask to amend information that: 

• Was not created by the facility, unless the person or entity that created the information is no longer available to make an amendment; 

• Is not part of the health information kept by or for the facility;

• Is not part of the information that you would be permitted to inspect or copy; or,

• Is accurate and complete.

*If your request is denied, you will be informed of the reason for the denial and will have an opportunity to submit a statement of disagreement to be maintained with your records; 

  • Request that communication of your health information be made by alternative means or at an alternative location by delivering the request in writing to our office; 

  • Obtain an accounting of certain disclosures of your health information that we are required to maintain by delivering a request to our office. An accounting will not include uses and disclosures of information for treatment, payment, or operations; disclosures or uses made
     to you or made at your request; uses or disclosures made pursuant to an authorization signed by you; uses or disclosures made in a facility directory or to family members or friends relevant to that persons involvement in your care or payment for such care; or, uses or disclosures to notify family or others responsible for your care of your location, condition, or your death. 

• Revoke authorizations that you made previously to use or disclose information by delivering a written revocation to our office, except to the extent information or action has already been taken. 

To Request Information or File a Complaint 

If you have questions, would like additional information, want to report a problem regarding the handling of your information, or want to exercise any of your rights as outlined in this Notice, you may contact us by mail, phone:

750 North St. Paul Street Suite, Dallas, TX 75201

Phone: 214-305-2717

Email: provider@TheCareMD.com

We will inform you of the steps that need to be taken to exercise your rights.

Additionally, if you believe your privacy rights have been violated, you may file a written complaint with our Privacy Officer at the address indicated above. 

C. Your Responsibilities

  1. Minimum Information to The CareMD Inc

You are responsible to provide The CareMD Inc only the minimum Personal Information and Organization Information necessary to accomplish the Service.

  1. Follow HIPAA Rules

You are responsible for using administrative, physical, and technical safeguards at all times to maintain and ensure the confidentiality, privacy, and security of Information transmitted to The CareMD Inc, in accordance with the standards and requirements of HIPAA Rules.

  1. Obtain Consent


    You must obtain any consent or authorization that may be required by local and national laws and regulations prior to furnishing The CareMD Inc the Information for use and disclosure in accordance with this Agreement.

  1. Disclose Your changes affecting Our compliance with HIPAA Rules

You agree to notify The CareMD Inc of:

    1. any limitations in your notice of privacy practices under 45 CFR 164.520, to the extent that such limitation may affect our use or disclosure of protected health information.

    2. any changes in, or revocation of, permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect our use or disclosure of protected health information.

    3. any restriction on the use or disclosure of protected health information that you have agreed to or are required to abide by under 45 CFR 164.522, to the extent that such restriction may affect our use or disclosure of protected health information.

  1. Requests that violate HIPAA Rules

You cannot request The CareMD Inc to use or disclose Information in any manner that would violate the Code of Federal Regulations 45 CFR Part 164 subpart E.

D. Termination

  1. Term

The term of this Agreement shall commence when You sign up (the Effective Date). This Agreement will terminate in accordance with below.

  1. Violation of this Agreement

If either Party knows of a pattern or practice of the other Party that constitutes a violation of this Agreement, then the non-violating Party shall provide written notice of the violation to the other Party that specifies the nature of the violation. The violating Party must correct the violation on or before thirty (30) days after receipt of the written notice. In the absence of a satisfactory correction to the non-violating Party within the specified timeframe or in the event the violation is reasonably incapable of correction, then the non-violating Party may terminate this Agreement. All Agreements between The CareMD Inc and Our subcontractors are subject to the same termination requirements. 

  1. Effect of Termination

Upon termination of this Agreement for any reason, The CareMD Inc shall destroy all Your Information not necessary for The CareMD Inc to continue its proper management and administration or to carry out its legal responsibilities.

  1. Survival 

The obligations of the Business Associate under this Agreement shall survive the termination of this Agreement and remain in force as long as the Business Associate stores or maintains Protected Health Information (PHI) in any form or format.

E. General Provisions

  1. Amendments

The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law. In the event of any such amendments, The CareMD Inc will notify You of material changes to this Agreement (e.g. price changes) at least 7 days prior to the change taking effect by posting a notice on our Website. For non-material modifications, Your continued use of the Service constitutes agreement to our revisions of this Agreement. The CareMD Inc reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, our Services.

  1. Limitation of Liability

The CareMD Inc will not be liable for any loss of profits or costs, or for any direct, indirect, special, incidental, or consequential damages, including costs associated with the procurement of substitute services (whether or not The CareMD Inc had been or should have been aware or advised of the possibility of such damage) arising from or associated with any loss, suspension, or interruption of Our Services, termination of this Agreement, or use or misuse of the Service. 

  1. If Our other Agreement(s) conflict with this Business Associate Agreement

In the event Our other Agreement(s) conflict with this Agreement, the terms of this Agreement will govern.

  1. Modifications

No modification of this Agreement or additional obligation assumed by either Party in connection with this Agreement is binding unless it is electronically agreed to by each Party or an authorized representative of each Party.

  1. Choice and Law; Venue

The Parties submit to the jurisdiction of the State of Texas and federal courts in Dallas, and agree that any legal action or proceeding relating to this Agreement may be brought in those courts.

  1. Severability

In the event any part or parts of this Agreement are held to be unenforceable, the remainder of this Agreement will continue in effect.

  1. Electronic Signatures

In addition to any other lawful means of execution or delivery, this Agreement may be executed by electronic signatures in the form of an online agreement accepted when You log in.

  1. Counterparts

This Agreement may be executed in any number of counterparts, each of which is enforceable against the parties actually executing such parts, and all of which together constitute one instrument.

  1. Nature of the Parties Relationship

You and The CareMD Inc are and shall remain independent contractors throughout the term. Nothing in this Agreement shall be construed to constitute You and The CareMD Inc as partners, joint ventures, agents, or anything other than independent contractors.

  1. Interpretation

Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits You and The CareMD Inc to comply with the HIPAA Rules.

  1. How You agree to this Agreement

By logging in, You agree You have read, understood, and agree to the terms above on the date you logged in. 

  1. Questions

Questions about this Agreement? Email us at provider@TheCareMD.com

TheCareMD Clinic

Quick Links

About Us
Terms & Conditions
Privacy Policy
Contact Us
For Pharmacy
Refund Policy
Reviews
Blogs

Subscribe Now

Sign up and be the first to know about our discounted rates.