HIPAA Business Associate Agreement (BAA)
Effective date: 1st of July 2020
Thank you for using The CareMD Inc! We’re happy You’re here. Please read this Healthcare Insurance Portability and Accountability Act (HIPAA) compliant Business Associate Agreement carefully before signing up. You have indicated Your agreement to this Healthcare Insurance Portability and Accountability Act (HIPAA) Associate Agreement by logging in. By logging in, You agree that You have read, understood, and agree to the terms above on the date you log in.
Because it is such an important Agreement between The CareMD Inc and Our users, We have tried to make it as clear as possible. For Your convenience, We have presented a short non-binding summary of this Agreement followed by the full legal terms. In addition, We have included in each section a "short version" followed by the full legal version.
A list of terms found in this Agreement. This list is an effort to reduce any potential misinterpretation between both parties.
B. Our Responsibilities
What The CareMD Inc can or cannot do, as well as have to do. This section is designed to set clear criteria for You to hold The CareMD Inc accountable.
C. Your Responsibilities
What You can or cannot do, as well as have to do. This section is designed to set clear criteria for The CareMD Inc to hold You accountable.
What happens if either You or The CareMD Inc terminate this Agreement.
E. General Provisions
Legal provisions that dont fall under the previous sections. They apply to both Parties and protect both by giving additional clarity and protection around a number of scenarios that could play out in this Agreement.
This HIPAA Business Associate Agreement (the “Agreement" ) is between The CareMD Inc ("Business Associate") and You ("Covered Entity").
Its purpose is to define how The CareMD Inc will provide Services to You under the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") as set forth in Code of Federal Regulations 45 CFR Parts 160 and 164 and Subparts A through E ("Privacy Rule" and "Security Rules") and the Health Information Technology for Economic and Clinical Health (HITECH), Public Law 111-005.
You and The CareMD Inc (together referred to as the "Parties") will enter into this Agreement as follows.
The “Agreement” refers, collectively, to all the terms, conditions, and notices contained or referenced in this document (the “Business Associate Agreement") and all other terms and policies, available at the bottom of our Website home page.
“Breach” refers to the acquisition, use, or disclosure of Information that compromises the security or privacy of Information as defined by the Code of Federal Regulations 45 CFR 164.402.
"Business Associate" is defined by Code of Federal Regulations 45 CFR 160.103, and in this document will be specified as The CareMD Inc.
"Covered Entity" is defined by Code of Federal Regulations 45 CFR 160.103, and in this document will be referred to as “You”, or “Your”.
"Disclosure" refers to the release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the Information.
“Effective Date” shall mean the date You agree to this Agreement by signing up.
“The CareMD Inc”, “We”, and “Our” refer to The CareMD Inc, as well as our affiliates, directors, subsidiaries, contractors, licensors, officers, agents, and employees.
“HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules as defined by the Code of Federal Regulations 45 CFR Part 160 and Part 164.
“Information” shall mean both “Protected Health Information (PHI)” and "Personal Information".
"Parties" is defined in the Agreement as both You (“Covered Entity”) and The CareMD Inc ("Business Associate").
"Personal Information" is information in addition to Protected Health Information (PHI) about Our users which could, alone or together with other information, be used to identify the individual. Information such as an email and password, a real name, and a photograph are examples of Personal Information. Personal Information does not include aggregated, non-personally identifying information. The CareMD Inc may use aggregated, non-personally identifying information to operate, improve, and optimize our Website and Services.
"Protected Health Information (PHI)" also referred to as Personal Health Information or Electronic Protected Health Information (ePHI) in Our legal documents, is defined by Code of Federal Regulations 45 CFR 160.103 and is both physical and electronic Information that The CareMD Inc receives from You or an individual. It is Information on an individual’s past, present, or future physical or mental health condition, tests, results, provision, or payment, and if it could be used to identify the individual it is called "Personally Identifiable Information (PII)".
The “Service” refers to the applications, software, products, and services provided by The CareMD Inc.
“Unsecured Protected Health Information” is defined by the Code of Federal Regulations 45 CFR 164.402. It is Protected Health Information (PHI) that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons.
“You”, and “Your” refer to the user i.e. individual that has or is using Our Services, and that accesses or uses or directs any part of the Services. A User must be at least 13 years of age.
The “Website” refers to https://The CareMD.com, and all content and Services, provided by The CareMD Inc at or through the Website or any subdomains
Occasionally, Websites owned by The CareMD Inc may provide different or additional User agreements. If those conflict with this Agreement, the more specific terms apply to the relevant page or Service.
B. Our Responsibilities
The CareMD Inc manages Your patients Information in compliance with HIPAA Rules and U.S. Department of Health & Human Services (HSS).
Disclosure of Information
The CareMD Inc will not use or disclose You or Your patients Information in any way not covered in this Agreement or that is prohibited by law.
Securing of Information
The CareMD Inc will secure Your patients Information to prevent unauthorized use or disclosure, including implementing requirements of the HIPAA Rules.
Breach of Information
The CareMD Inc will report to You any breaches of You or Your patients Information that are not covered in this Agreement in accordance to the Code of Federal Regulations 45 CFR Part 164 Subpart D.
Account of Information request
The CareMD Inc will communicate when a patient requests an account of their Information and assist You in responding, completing or denying the request.
The CareMD Inc will ensure that any subcontractors it may engage with that have access to You or Your patients Information will agree to the same restrictions and conditions that apply to The CareMD Inc with respect to You or Your patients Information.
Your HIPAA Rules Obligations
The CareMD Inc will carry out Your obligation under the HIPAA Rules that require The CareMD Inc to comply with the requirements applicable to the obligation.
Your Health & Human Services (HHS) Compliance
The CareMD Inc will make available to the Department of Health and Human Services (HHS) Our internal practices, books, and records relating to the use and disclosure of Protected Health Information (PHI) received from, created, or received by The CareMD Inc on behalf of You, for purposes of Department of Health and Human Services (HHS) determining Your compliance with the HIPAA Rules.
Your Health Information Rights
The health and billing records we maintain are the physical property of the facility The information in it, however, belongs to you. You have the right to:
Request a restriction on certain uses and disclosures of your health information by delivering the request to our office--we are not required to grant the request, but we will comply with any request we do decide to grant;
Obtain a paper copy of the current Notice of Privacy Practices for Protected Health Information (“Notice”) by making a request at our office;
Request that you be allowed to inspect and copy your health record and billing record--you may exercise this right by delivering the request to our office;
Appeal any denial of access to your protected health information, except in certain circumstances;
Request that your health care record be amended to correct incomplete or incorrect information by delivering a request to our office. We may deny your request if you ask to amend information that:
• Was not created by the facility, unless the person or entity that created the information is no longer available to make an amendment;
• Is not part of the health information kept by or for the facility;
• Is not part of the information that you would be permitted to inspect or copy; or,
• Is accurate and complete.
*If your request is denied, you will be informed of the reason for the denial and will have an opportunity to submit a statement of disagreement to be maintained with your records;
Request that communication of your health information be made by alternative means or at an alternative location by delivering the request in writing to our office;
Obtain an accounting of certain disclosures of your health information that we are required to maintain by delivering a request to our office. An accounting will not include uses and disclosures of information for treatment, payment, or operations; disclosures or uses made
to you or made at your request; uses or disclosures made pursuant to an authorization signed by you; uses or disclosures made in a facility directory or to family members or friends relevant to that persons involvement in your care or payment for such care; or, uses or disclosures to notify family or others responsible for your care of your location, condition, or your death.
• Revoke authorizations that you made previously to use or disclose information by delivering a written revocation to our office, except to the extent information or action has already been taken.
To Request Information or File a Complaint
If you have questions, would like additional information, want to report a problem regarding the handling of your information, or want to exercise any of your rights as outlined in this Notice, you may contact us by mail, phone:
750 North St. Paul Street Suite, Dallas, TX 75201
We will inform you of the steps that need to be taken to exercise your rights.
Additionally, if you believe your privacy rights have been violated, you may file a written complaint with our Privacy Officer at the address indicated above.
C. Your Responsibilities
Minimum Information to The CareMD Inc
You are responsible to provide The CareMD Inc only the minimum Personal Information and Organization Information necessary to accomplish the Service.
Follow HIPAA Rules
You are responsible for using administrative, physical, and technical safeguards at all times to maintain and ensure the confidentiality, privacy, and security of Information transmitted to The CareMD Inc, in accordance with the standards and requirements of HIPAA Rules.
You must obtain any consent or authorization that may be required by local and national laws and regulations prior to furnishing The CareMD Inc the Information for use and disclosure in accordance with this Agreement.
Disclose Your changes affecting Our compliance with HIPAA Rules
You agree to notify The CareMD Inc of:
any limitations in your notice of privacy practices under 45 CFR 164.520, to the extent that such limitation may affect our use or disclosure of protected health information.
any changes in, or revocation of, permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect our use or disclosure of protected health information.
any restriction on the use or disclosure of protected health information that you have agreed to or are required to abide by under 45 CFR 164.522, to the extent that such restriction may affect our use or disclosure of protected health information.
Requests that violate HIPAA Rules
You cannot request The CareMD Inc to use or disclose Information in any manner that would violate the Code of Federal Regulations 45 CFR Part 164 subpart E.
The term of this Agreement shall commence when You sign up (the Effective Date). This Agreement will terminate in accordance with below.
Violation of this Agreement
If either Party knows of a pattern or practice of the other Party that constitutes a violation of this Agreement, then the non-violating Party shall provide written notice of the violation to the other Party that specifies the nature of the violation. The violating Party must correct the violation on or before thirty (30) days after receipt of the written notice. In the absence of a satisfactory correction to the non-violating Party within the specified timeframe or in the event the violation is reasonably incapable of correction, then the non-violating Party may terminate this Agreement. All Agreements between The CareMD Inc and Our subcontractors are subject to the same termination requirements.
Effect of Termination
Upon termination of this Agreement for any reason, The CareMD Inc shall destroy all Your Information not necessary for The CareMD Inc to continue its proper management and administration or to carry out its legal responsibilities.
The obligations of the Business Associate under this Agreement shall survive the termination of this Agreement and remain in force as long as the Business Associate stores or maintains Protected Health Information (PHI) in any form or format.
E. General Provisions
The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law. In the event of any such amendments, The CareMD Inc will notify You of material changes to this Agreement (e.g. price changes) at least 7 days prior to the change taking effect by posting a notice on our Website. For non-material modifications, Your continued use of the Service constitutes agreement to our revisions of this Agreement. The CareMD Inc reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, our Services.
Limitation of Liability
The CareMD Inc will not be liable for any loss of profits or costs, or for any direct, indirect, special, incidental, or consequential damages, including costs associated with the procurement of substitute services (whether or not The CareMD Inc had been or should have been aware or advised of the possibility of such damage) arising from or associated with any loss, suspension, or interruption of Our Services, termination of this Agreement, or use or misuse of the Service.
If Our other Agreement(s) conflict with this Business Associate Agreement
In the event Our other Agreement(s) conflict with this Agreement, the terms of this Agreement will govern.
No modification of this Agreement or additional obligation assumed by either Party in connection with this Agreement is binding unless it is electronically agreed to by each Party or an authorized representative of each Party.
Choice and Law; Venue
The Parties submit to the jurisdiction of the State of Texas and federal courts in Dallas, and agree that any legal action or proceeding relating to this Agreement may be brought in those courts.
In the event any part or parts of this Agreement are held to be unenforceable, the remainder of this Agreement will continue in effect.
In addition to any other lawful means of execution or delivery, this Agreement may be executed by electronic signatures in the form of an online agreement accepted when You log in.
This Agreement may be executed in any number of counterparts, each of which is enforceable against the parties actually executing such parts, and all of which together constitute one instrument.
Nature of the Parties Relationship
You and The CareMD Inc are and shall remain independent contractors throughout the term. Nothing in this Agreement shall be construed to constitute You and The CareMD Inc as partners, joint ventures, agents, or anything other than independent contractors.
Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits You and The CareMD Inc to comply with the HIPAA Rules.
How You agree to this Agreement
By logging in, You agree You have read, understood, and agree to the terms above on the date you logged in.
Questions about this Agreement? Email us at provider@TheCareMD.com