CoverMyMeds Terms of Service

Last Modified: August 23, 2016

Your use of covermymeds.com (this “Website”), including prior authorization (“PA”) and related services and any ancillary services provided by CoverMyMeds, and any updates, new features and enhancements to these services (collectively, “Services”), is governed by the terms and conditions below, including any addenda (“Terms of Service”). These Terms of Service constitute a legally binding agreement between you and CoverMyMeds LLC (“CoverMyMeds” “we” or “us”).

In order to use the Services, you must be a licensed health care provider with the intent to prescribe or dispense a prescription, or an employee of such a licensed health care provider. If you are an employee of an organization, you warrant that you are authorized to agree to these Terms of Service on behalf of the organization. No other person or entity, including any hub, consulting company, other reimbursement support service provider, or pharmaceutical company, is permitted to agree to these Terms of Service or to access the Services through these Terms of Service. Notwithstanding the foregoing, pharmaceutical sales representatives may create a user account solely for demonstration purposes, provided that such representatives identify themselves accordingly during account set up. Any user in violation of this provision is subject to immediate account termination as set forth in the Website Administration section below.

By clicking the “I AGREE” button on the Terms of Service screen, you agree that you have read, understand, and agree to be bound by these Terms of Service. If you do not agree with any of these Terms of Service, do not use the Services.

CoverMyMeds, located at 22901 Millcreek Blvd., Suite 240, Highland Hills, Ohio 44122, U.S.A and at 2 Miranova Pl., Columbus, Ohio 43215, U.S.A., is a limited liability company organized under the laws of the State of Delaware. Reference to CoverMyMeds herein will include any subsidiaries or affiliates of CoverMyMeds involved with providing the Services offered by CoverMyMeds. The servers that host this Website are located in the United States, and any Protected Health Information, as defined in 45 CFR § 160.103 (“PHI”), provided to us will be processed by CoverMyMeds in the United States.

What are the privacy obligations of CoverMyMeds?

CoverMyMeds provides its Services as a business associate to health care providers. Therefore, to use the CoverMyMeds Services, you must read and agree to the Business Associate Agreement, which is part of these Terms of Service. The Business Associate Agreement requires CoverMyMeds to protect your PHI and specifies the purposes for which it may be lawfully used and disclosed by CoverMyMeds. Use of the Services constitutes acceptance of the terms of the Business Associate Agreement. CoverMyMeds may use subcontractors to assist in performing some of its Services. When these subcontractors have access to PHI, they are required to enter into business associate agreements with CoverMyMeds. The Services are provided to you at no cost, dependent upon CoverMyMeds’ ability to share User Content as permitted by law.

What are your obligations when using CoverMyMeds?

Use of the Services constitutes a representation and warranty that all consents and authorizations required to provide PHI to CoverMyMeds, and for CoverMyMeds to use and disclose the PHI to provide its Services and as otherwise provided herein or in the Business Associate Agreement, have been obtained. In addition, you represent and warrant that you have provided all notices necessary to comply with applicable federal and state laws and regulations relating in any way to medical and/or health privacy including, but not limited to a notice of privacy practices.

You must provide current, complete, and accurate information when you create an account to use our Services. Although CoverMyMeds disclaims any legal duty to verify the accuracy of any data that you provide to us when creating an account, if CoverMyMeds believes that any information you provide is not current, complete, and accurate, we have the right to refuse access to the Website or any of our Services, and to terminate or suspend your account. You are entirely responsible for maintaining the confidentiality of your password and account as well as for any and all activities that occur by use of your account. You agree to immediately notify CoverMyMeds of any unauthorized use of your account or any other breach of security related to your account. CoverMyMeds will not be liable for any loss that you may incur as a result of someone else using your password or account with or without your knowledge. However, you could be held liable for losses incurred by CoverMyMeds or another party as a result of someone else using your account or password. You may not use anyone else’s account at any time.

If you are creating an account as an employee of a health care provider, you understand and agree that your account is specific to that health care provider and therefore, if your employment with that health care provider ends or is terminated for any reason, you are no longer permitted to access our Services through that account, and must immediately notify CoverMyMeds at privacy@covermymeds.com so we may disable that account.

Does CoverMyMeds offer medical advice?

CoverMyMeds does not offer medical advice, does not determine medical necessity, insurance coverage or copays and does not otherwise engage in the practice of medicine. The content accessed through the Website is for informational purposes only, and is not intended to address every possible use, direction, precaution, drug interaction, or adverse effect. CoverMyMeds is not a substitute for a health care providers’ professional medical judgment, or for individual patient assessments and examinations. The content of this Website should not be used during a medical emergency or for the diagnosis or treatment of any medical condition. Reliance on any of the information provided by CoverMyMeds or provided on or by the Website is solely at the user’s and the health care provider’s own risk. CoverMyMeds does not recommend or endorse any specific products, services, physicians, tests, procedures, opinions, or other information that may be available on this Website.

While we attempt to ensure that the information available through our Website is as complete and accurate as possible, we make no warranties that it is correct, complete, or current. Further, some information available through the Website is entered by other health care providers or their staff. CoverMyMeds does not review this content for completeness or accuracy or screen it in any way. You acknowledge and agree that CoverMyMeds is not responsible for the content of any materials or information posted to or otherwise available on the Website, whether provided by CoverMyMeds, you, or another user. Any reliance on such materials is at your own risk.

How may we contact you, your patients or others on your behalf?

Your Information and Updates

It is your obligation to provide and maintain current, complete and accurate information on your CoverMyMeds account in order to use the Services (see “What are Your Obligations when Using CoverMyMeds?” above). You agree to indemnify us, as described in “What About Indemnification” below, for any third-party claims arising from our reliance on such information and your failure to provide and maintain current, complete and accurate information on your CoverMyMeds account.

Consent to Phone, Fax and Email

You agree that we may contact you by phone, fax, and/or email so long as our contact is reasonable and appropriate. You acknowledge that you have an Established Business Relationship with CoverMyMeds under applicable law, including the Telephone Consumer Protection Act and the Junk Fax Prevention Act. We may also send, by fax, and/or email, promotional information on features and benefits available to CoverMyMeds users.

By clicking the “I AGREE” button below, you represent and warrant:

(1) that you are authorized to give this consent on behalf of your company, practice or organization,

(2) that your company, practice or organization agrees that CoverMyMeds and its partners may send your company, practice or organization information via phone and/or fax in connection with PA requests and other Services, and promotional or advertising material regarding CoverMyMeds or its partners, to the fax number(s) you may from time to time provide to CoverMyMeds, and

(3) that your company, practice or organization agrees that CoverMyMeds and its partners may send your company, practice or organization information via email in connection with PA requests, other Services and promotional or advertising material regarding CoverMyMeds or its partners, to the email address(es) you provided when you registered as a CoverMyMeds user. You may be charged by your carrier for such communications.

You agree we may substitute a fax number provided by you and submitted with a PA request for submission by us to health plans, PBMs or other payors on your behalf with a CoverMyMeds fax number so that the PA determination will be faxed to us and delivered as part of the Services. This substitution helps CoverMyMeds enhance the Services provided to you, your patient and other authorized providers. You agree that we may contact health plans, PBMs and other payors on your behalf in connection with PA requests and/or other Services.

We may also contact your patients in order to perform our Services, which may include notifying them of the outcome of a PA request. You agree that, for this purpose, we may use the contact information for your patients that you have provided to us. If we wish to contact your patients for purposes other than as provided in these Terms of Service, we will obtain your consent prior to doing so.

CoverMyMeds may accept other communications that are unrelated to the PAs that you have submitted using the Services via the substituted CoverMyMeds fax number that a health plan, PBM or other payor may send to you. CoverMyMeds will make commercially reasonable efforts to forward such unrelated communications to you if we are able to determine, with reasonable certainty, that they are intended for you. However, CoverMyMeds disclaims any responsibility for failure to deliver to you any communications which a health plan, PBM or other payor transmits to us that are unrelated to the PA requests you submit while using the Services and which CoverMyMeds has delivered on your behalf.

How to Opt Out of Certain Communications

You can contact us at our toll-free number 1-866-452-5017, or send a toll-free fax to 1-844-865-3740, at any time if you wish to disable CoverMyMeds’ substitution of its fax number for yours on PA requests that you create for submission to a health plan, PBM or other payor. You must identify to us the fax number for which you are revoking consent.

You may also contact us at our toll-free number 1-866-452-5017, or send a toll-free fax to (844) 865-3740, or an e-mail to privacy@covermymeds.com at any time if you wish to revoke your consent for us to contact you via phone, email or fax. Your revocation of consent will only be valid if: (1) it identifies the telephone number(s), fax numbers or e-mail addresses for which you do not want to receive communications, (2) you do not, subsequent to making the request, expressly provide us (in writing or otherwise) with permission to contact you at that number or e-mail address, and (3) you send or make the request to the telephone number or fax number listed above.

Who Can See My Information and My Patients' Information?

A comprehensive and easy to understand Privacy Policy is available on our Website at www.covermymeds.com/main/about/privacy/.

Who owns the website and its user content, and are there limits of use?

Ownership

CoverMyMeds and its licensors, if any, own all proprietary rights to the Website and Services, including without limitation all text, images, data, information, and other content (collectively, “CoverMyMeds Content”), and all intellectual property rights therein, displayed, available, or appearing on the Website. The software coding and the look and feel of the Service provided by CoverMyMeds are copyrighted by, and the property of, CoverMyMeds LLC, and all rights are reserved by CoverMyMeds. You should assume that everything you see on this Website is copyrighted, unless otherwise noted, and may not be used without permission, except as otherwise provided in these Terms of Service. You may not duplicate, copy, or reuse any portion of the HTML/CSS, JavaScript, visual design elements, or concepts without express written permission from CoverMyMeds. Any reproduction, redistribution, retransmission, or display of the CoverMyMeds Content available on the Website, or any portion of such CoverMyMeds Content, not in accordance with these Terms of Service is expressly prohibited.

CoverMyMeds uses certain documents from other companies, including but not limited to forms provided by health plans, PBMs, other payors, or their business partners. Copyright of these documents is retained by their respective owners, and CoverMyMeds claims no ownership of such material. CoverMyMeds uses such material under fair-use provisions of copyright law or by written consent of the owner.

Provided you are not in default of any of your obligations hereunder, CoverMyMeds gives you a limited, revocable, non-assignable, and non-exclusive license to use the Website and the Services within the United States in accordance with these Terms of Service. You agree not to infringe upon any intellectual property rights or remove or modify related proprietary notices contained in this Website.

User Content

When you create, transmit, or display information while using the Website, you may only provide information that you own or have the right and legal authority to use and disclose. Except for PHI, which is governed by the Business Associate Agreement, any content or information that you submit to this Website or to CoverMyMeds (“User Content”), such as sample forms not otherwise available on the Website, user tips and tricks, or requests for new features, will be deemed to be non-confidential and may be disclosed through this Website for browsing, downloading, printing, and other uses by other persons or entities, such as your browser licensor or internet service provider. You agree not to submit User Content to this Website or CoverMyMeds that you do not have full authority to submit, and to only submit User Content that does not infringe upon any third party’s intellectual property rights in connection with such submission. It is your obligation to determine the extent to which User Content you submit is protected by applicable intellectual property laws. You agree that CoverMyMeds will have, and hereby grant to CoverMyMeds, a worldwide, royalty-free, perpetual, irrevocable, sub-licensable, non-exclusive right and license to use, translate, reproduce, sell, publish, distribute, modify, adapt, display, perform, promote, and link to, in any form or media, any User Content. CoverMyMeds does not endorse any User Content that may appear on this Website. Nothing in these Terms of Service will obligate CoverMyMeds to use any User Content or permit the posting of such User Content on this Website.

Compliance with the Digital Millenium Copyright Act

CoverMyMeds respects the rights of all copyright holders and in this regard, we have adopted and implemented a policy that provides for the termination, in appropriate circumstances, of access to this Website by users who infringe upon the rights of copyright holders. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide our Copyright Agent with the following information required by the Digital Millennium Copyright Act, 17 U.S.C. Section 512:

a) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;

b) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works are covered by a single notification, a representative list of such works;

c) Identification of the copyrighted content that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and the information reasonably sufficient to permit CoverMyMeds to locate the copyrighted content;

d) Information reasonably sufficient to permit CoverMyMeds to contact the complaining party;

e) A statement that the complaining party has a good faith belief that the use of the copyrighted content in the manner complained of is not authorized by the copyright owner, its agent, or the law;

f) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

For copyright inquiries under the Digital Millennium Copyright Act, please contact CoverMyMeds’ Copyright Agent at:

Email: privacy@covermymeds.com
Phone: 1-614-668-2289
Copyright Agent
CoverMyMeds LLC
2 Miranova Pl.
Columbus, Ohio 43215

Authorized and Prohibited Uses

Use of the CoverMyMeds Services must comply with all applicable laws, regulations and ordinances, including, but not limited to, those pertaining to privacy, intellectual property, the export of data or software, coding, billing, and payment.

You may not access the CoverMyMeds Services outside of the interfaces we provide, nor may you interfere with or disrupt the proper operation of our Services. You will only submit User Content and material that is functionally and technically compatible with this Website. You will not engage in any conduct or submit to this Website any content or other material that is illegal, inaccurate, misleading, misappropriated, dilutive, defamatory, obscene, offensive, or otherwise objectionable, or submit any promotional (for advertising or marketing purposes) content or material (collectively “Wrongful Use”). You will not attempt to and will not damage, corrupt, tamper with or infect this Website or any information or telecommunication system of CoverMyMeds with a virus or other malicious computer program. You may not reverse engineer, disassemble, or decompile any software code or proprietary elements of the Website or CoverMyMeds’ Services.

Use of this Website is provided for the permitted purposes stated in these Terms of Service, and Wrongful Use is precluded with respect to this Website. Without limiting the generality of the foregoing, you agree that you will not undertake any activity which may adversely affect the use of this Website by any person. You are prohibited from using any of our Services to compromise security or tamper with system resources and/or accounts. The use or distribution of tools designed for compromising security (e.g., password guessing programs, cracking tools, or network probing tools) is strictly prohibited. Integrating with, automating, “spidering,” or “scraping” are all prohibited, in violation of CoverMyMeds’ Terms of Service, and may be illegal. Only human users using the Website manually are permitted. If you become involved in any violation of system security, CoverMyMeds reserves the right to release your details to system administrators at other sites and law enforcement authorities in order to assist them in resolving security incidents.

Referencing the covermymeds.com Website in an “iframe” or otherwise making it appear that the Website is part of a third party site is prohibited. We do, however, encourage linking to the Website. All such links must be direct links to the top page of the Website (www.covermymeds.com) without framing. If CoverMyMeds detects, and determines at its sole discretion, inappropriate linking practices, we may require removal or modification of the link, as well as compliance with any and all requirements of CoverMyMeds relating thereto.

Third parties that provide financial support to CoverMyMeds programs may be permitted to use and access certain of our Services. This includes health care provider information contained in the Website, for performance evaluation of our programs and the third party’s business impact, provided that such use of the Services is consistent with these Terms of Service and all applicable laws and regulations. For more information, please contact sales@covermymeds.com.

Good Samaritan Policy

It is our policy not to tolerate any acts of intellectual property infringement or violations of federal or state law. If we become aware of any Wrongful Use, we will, in good faith, use our reasonable efforts to remove, disable, or restrict access to the availability of User Content on the Website that, in our sole discretion, constitutes Wrongful Use, whether or not such material is constitutionally protected. This provision does not impose upon CoverMyMeds any contractual obligation to undertake, or refrain from undertaking, any particular course of conduct, or to monitor the Website.

If you believe that someone has violated this policy, we ask you to promptly notify us by email at privacy@covermymeds.com and provide as detailed a description of the alleged violation as possible. Use of this email address will ensure that the complaint is received by the appropriate party who is responsible for investigating alleged violations of this policy.

Website Administration

We reserve the right to deny access to any user at any time for any reason. CoverMyMeds may limit, modify, suspend, or terminate your use of this Website at any time without liability or prior notice, and may suspend or terminate your use of our Services if you fail to comply with these Terms of Service. THIS SUSPENSION OR TERMINATION MAY DELETE YOUR ACCOUNT, INFORMATION, FILES, AND OTHER PREVIOUSLY AVAILABLE CONTENT, AND COVERMYMEDS SHALL HAVE NO RESPONSIBILITY TO BACKUP OR PRESERVE ANY SUCH MATERIALS OR DATA.

Modifications To The Terms Of Service

These Terms of Service are subject to change from time to time and will be effective upon posting. Change notices will be displayed on the site to provide you the opportunity to click on the associated “I AGREE” box which will be required in order to continue accessing the Services. The most current Terms of Service will always be available at www.covermymeds.com/main/about/tos. If you do not agree to the modified Terms of Service, you should delete your account with us. For information on how to do so, contact us at privacy@covermymeds.com.

What about Indemnification?

You agree to indemnify, defend, and hold harmless CoverMyMeds and its affiliates, officers, directors, employees, contractors, and licensors from any demands, claims, damages, liabilities, expenses, or harms (including attorneys’ fees) arising out of or related to your use of our Services or breach of these Terms of Service. You will not settle any indemnified claim without our written consent.

Does CoverMyMeds warrant its service?

YOU UNDERSTAND AND AGREE THAT OUR SERVICE IS AVAILABLE SOLELY ON AN “AS IS” AND “AS AVAILABLE” BASIS. NEITHER COVERMYMEDS NOR ANY OF COVERMYMEDS’ LICENSORS MAKE ANY EXPRESS WARRANTIES, AND EACH OF THEM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, RESULTS, COMPLETENESS, ACCESSIBILITY, COMPATIBILITY, SECURITY, AND FREEDOM FROM COMPUTER VIRUS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER COVERMYMEDS NOR ANY OF COVERMYMEDS’ LICENSORS MAKE ANY WARRANTY THAT THE CONTENT OF THE WEBSITE SATISFIES GOVERNMENT REGULATIONS REQUIRING DISCLOSURE OF INFORMATION ON PRESCRIPTION DRUG PRODUCTS. IN NO EVENT SHALL COVERMYMEDS BE LIABLE FOR ANY LOSS OR DAMAGE, DELAY IN PERFORMANCE, OR NONPERFORMANCE CAUSED BY EQUIPMENT MALFUNCTION OR BREAKDOWN, NETWORK OR PIPELINE DISRUPTION, SEVERE WEATHER CONDITIONS, INFORMATION UNAVAILABILITY, STRIKES OR OTHER LABOR DISPUTES, RIOTS, FIRE, INSURRECTION, WAR, FAILURE OF CARRIERS, ACCIDENTS, ACTS OF GOD, OR ANY OTHER CAUSES BEYOND COVERMYMEDS’ REASONABLE CONTROL. IF ANY APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF SOME OR ALL OF THE ABOVE IMPLIED WARRANTIES TO APPLY TO YOU, THE ABOVE EXCLUSIONS WILL APPLY TO YOU TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

It is intended that only United States residents use our Services on a computer located in the United States. Accordingly, any use of our Services by anyone other than United States residents, or use of our Services on a computer located outside of the United States, is strictly prohibited and constitutes a breach of the Terms of Service. NEITHER COVERMYMEDS NOR ANY OF COVERMYMEDS’ LICENSORS MAKE ANY REPRESENTATION CONCERNING THIS WEBSITE, THE SERVICES, OR ANY CONTENT WHEN USED IN ANY OTHER COUNTRY. No software may be downloaded or otherwise exported into any countries that are subject to United States export/import control restrictions or other national security restrictions.

What are the limits on liability?

IF YOU ARE DISSATISFIED WITH OUR SERVICES OR ANY OF COVERMYMEDS’ TERMS, CONDITIONS, RULES, POLICIES, GUIDELINES, OR PRACTICES, OR OTHERWISE HAVE A DISPUTE WITH COVERMYMEDS, YOUR SOLE AND EXCLUSIVE REMEDY IS TO TERMINATE THIS AGREEMENT AND DISCONTINUE USE OF OUR SERVICES. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER COVERMYMEDS NOR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING FROM YOUR USE OF OUR SERVICES OR THIS WEBSITE, OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF OUR SERVICES OR REGISTRATION ON OUR WEBSITE, EVEN IF WE KNOW OR SHOULD KNOW THAT OTHER DAMAGES ARE POSSIBLE OR THAT DIRECT DAMAGES ARE NOT A SATISFACTORY REMEDY. THE LIMITATIONS IN THIS SECTION APPLY ONLY TO THE EXTENT THEY ARE LAWFUL IN YOUR JURISDICTION. NEITHER YOU NOR COVERMYMEDS OR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN \$1,000; PROVIDED, HOWEVER, THAT THE LIMITATIONS OF LIABILITY DESCRIBED ABOVE DO NOT APPLY TO BREACHES OF INTELLECTUAL PROPERTY PROVISIONS OR INDEMNIFICATION OBLIGATIONS DESCRIBED IN THESE TERMS OF SERVICE.

What are the general legal terms?

These Terms of Service, including the Business Associate Agreement, constitute the entire agreement between you and CoverMyMeds relating to the Website and CoverMyMeds’ Services. If there is any conflict between these Terms of Service and a signed written agreement between your company, practice, or organization and CoverMyMeds, the signed written agreement will control. Failure to enforce any provision will not constitute a waiver of that provision. If any provision is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision’s essential purpose. The headings contained in these Terms of Service are for convenience of reference only and will not affect or alter the meaning or effect of any provision hereof.

CoverMyMeds has no obligation to become involved in any dispute between a user of our Services and any other person. Our Services and these Terms of Service will be governed by and construed in accordance with the laws of the State of Ohio, excluding Ohio’s conflict of law rules. The exclusive venue for any dispute arising under or relating to this Agreement or our Services is Franklin County, Ohio, and the Parties consent to the exclusive personal jurisdiction of state and federal courts located in this county. Nothing in these Terms of Service limits either party’s ability to seek equitable relief.

How can I ask questions or contact CoverMyMeds?

We are happy to address questions about our Terms of Service or this Website. Please send your questions to privacy@covermymeds.com. Alternatively, you may write to us at:

Privacy Matters
CoverMyMeds LLC
2 Miranova Pl.
Columbus, Ohio 43215

Addendum: CoverMyMeds Business Associate Agreement

Last Modified: October 20, 2017

THIS BUSINESS ASSOCIATE AGREEMENT (the “Agreement”) is entered into between you (“Covered Entity”) and CoverMyMeds LLC, a Delaware limited liability company (“Business Associate”), and is effective as of the date that you click the “I AGREE” button on the Terms of Service screen (the “Effective Date”).

WHEREAS, the U.S. Department of Health and Human Services issued regulations on “Standards for Privacy of Individually Identifiable Health Information” comprising 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Standards”), “Security Standards for the Protection of Electronic Protected Health Information” comprising 45 C.F.R. Parts 160 and 164, Subpart C (the “Security Standards”), and “Standards for Notification in the Case of Breach of Unsecured Protected Health Information” comprising 45 C.F.R. Parts 160 and 164, Subpart D (the “Breach Notification Standards”), promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and as modified by the Health Information Technology For Economic and Clinical Health Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (“HITECH Act”) (the Privacy Standards, the Security Standards and the Breach Notification Standards are collectively referred to herein as the “HIPAA Standards”).

WHEREAS, in conformity with the HIPAA Standards, Business Associate has and/or will have access to, create and/or receive certain Protected Health Information (“PHI”) to perform its Services as provided under the Terms of Service entered into by and between Covered Entity and Business Associate (the “Terms of Service”).

WHEREAS, Covered Entity is required by the HIPAA Standards to obtain satisfactory assurances that Business Associate will appropriately safeguard all PHI disclosed by or created or received by Business Associate on behalf of Covered Entity.

WHEREAS, the parties hereto desire to enter into this Agreement to memorialize their obligations with respect to PHI pursuant to the requirements of the HIPAA Standards.

NOW, THEREFORE, Covered Entity and Business Associate agree as follows:

Section 1: Definitions

Except as otherwise specified herein, capitalized terms used but not defined in this Agreement shall have the same meaning as those terms as defined in the Terms of Service or HIPAA Standards.

(a) Protected Health Information (“PHI”) has the same meaning as the term "Protected Health Information" as defined in 45 C.F.R. § 160.103, and includes electronic PHI (“ePHI”) limited, however, to such information created or received by Business Associate in a business associate capacity on behalf of Covered Entity.

(b) Secretary means the Secretary of the Department of Health and Human Services or his/her designee.

Section 2: Obligations and Activities of Business Associate.

(a) Business Associate agrees to not use or further disclose PHI other than as permitted or required by this Agreement, the Services Agreement, or as permitted or Required by Law.

(b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement.

(c) In accordance with the HIPAA Standards, Business Associate shall implement Administrative, Physical and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of the Covered Entity. Specifically, Business Associate shall comply with the Security Standards.

(d) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware. Additionally, Business Associate shall report to Covered Entity any Security Incident resulting in an unauthorized use or disclosure of ePHI of which Business Associate becomes aware within twenty (20) business days. The parties acknowledge and agree that this Section 2(d) constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

(e) Business Associate agrees to notify Covered Entity of any Breach of Unsecured Protected Health Information within twenty (20) business days of the date Business Associate learns of the Breach. Business Associate shall provide such information to Covered Entity as required by the HIPAA Standards.

(f) Business Associate will enter into a written agreement with any agent or subcontractor that creates, receives, maintains or transmits PHI on behalf of Business Associate for services provided to Covered Entity, providing that the agent agrees to restrictions and conditions that are no less restrictive than those that apply through this Agreement to Business Associate with respect to such PHI.

(g) Business Associate will cooperate with Covered Entity’s efforts to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement.

(h) To the extent Business Associate agrees in the Terms of Service to maintain any PHI in a Designated Record Set, upon the written request of Covered Entity, within twenty (20) business days, Business Associate agrees to provide Covered Entity with access to PHI in a Designated Record Set, as defined in 45 C.F.R. § 164.501, for Covered Entity to comply with the requirements under 45 C.F.R. § 164.524. Business Associate further agrees, within twenty (20) business days of Covered Entity’s written request, to make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in accordance with 45 C.F.R. § 164.526. If Business Associate provides copies or summaries of PHI to an Individual it may impose a reasonable, cost-based fee in accordance with 45 C.F.R. § 164.524(c)(4).

(i) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI relating to the use and disclosure of PHI created or received by Business Associate on behalf of Covered Entity available, at the request of the Covered Entity, to the Secretary, for purposes of determining Covered Entity's compliance with the HIPAA Standards.

(j) Business Associate agrees to document those disclosures of PHI, and information related to such disclosures, as required to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. Business Associate further agrees to provide Covered Entity such information within twenty (20) business days of its written request to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI, in accordance with 45 C.F.R. § 164.528.

(k) Business Associate acknowledges that in using, disclosing and requesting PHI, it shall comply with the minimum necessary requirements of the Privacy Standards.

(l) If Business Associate conducts any Standard Transactions electronically on behalf of Covered Entity, Business Associate shall comply with the applicable requirements of 45 C.F.R. Part 162.

(m) Except as otherwise permitted by law, Business Associate shall not directly or indirectly receive remuneration in exchange for a disclosure of PHI without the Covered Entity’s authorization.

Section 3: Permitted Uses and Disclosures of PHI by Business Associate.

(a) Business Associate may use or disclose PHI to perform functions, activities, or Services for, or on behalf of, Covered Entity pursuant to the Service Agreement between the parties, provided that such use or disclosure does not violate the HIPAA Standards.

(b) Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, provided that such disclosures are (i) Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. All disclosures will be made in accordance with HIPAA Standards.

(c) Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 C.F.R. §164.504(e)(2)(i)(B) of HIPAA.

(d) Business Associate may use Protected Health Information to de-identify PHI in accordance with 45 C.F.R. § 164.514 of HIPAA, and Business Associate may subsequently use and disclose such de-identified data unless prohibited by applicable law.

Section 4: Term and Termination

(a) Term. The provisions of this Agreement shall commence on the Effective Date and shall terminate upon termination of the Service Agreement except as provided in Section 4(c).

(b) Termination for Cause. Without limiting the termination rights of the parties pursuant to this Agreement and upon Covered Entity's knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall provide a reasonable opportunity of not less than thirty (30) business days for Business Associate to cure the breach or end the violation and, if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity, terminate this Agreement.

(c) Effect of Termination.

(1) Except as provided in paragraph (2) of this section, upon termination of this Agreement for any reason, Business Associate shall return or destroy all PHI received or created by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of Subcontractors of Business Associate.

(2) If Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall, at its sole discretion, extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.

Section 5: Changes to PHI Authorizations

Covered Entity will notify Business Associate fifteen (15) days, if practicable, prior to the effective date of (1) any limitation(s) in its notice of privacy practices in accordance with 45 C.F.R. § 164.520, (2) any changes in, or revocation of, permission by an Individual to use or disclose PHI, or (3) any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522. Covered Entity will make such notification to the extent that such limitation, restriction, or change may affect Business Associate’s use or disclosure of PHI.

Section 6: Notices

Any notices or communications to be given pursuant to this Agreement shall be made, in the case of Covered Entity, to the individual noted in Covered Entity contact appearing in your account set up information and if made to Business Associate, to the address given below:

If to business associate
to: Privacy Officer
2 Miranova Pl.
Columbus, Ohio 43215
privacy@covermymeds.com

Section 5: Miscellaneous

(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Standards means the section then in effect and as of its applicable compliance date.

(b) Amendment. This Agreement may be amended from time to time to ensure compliance with the requirements of the HIPAA Standards and any other applicable law or regulation.

(c) Waiver; Severability. No failure or delay on the part of either Party in exercising any right under this Agreement will operate as a waiver of, or impair, any such right. No waiver of any such right will have effect unless given in a written document signed by the Party waiving such right. If any part of this Agreement is held to be void or unenforceable, such part will be treated as severable, leaving valid the remainder of this Agreement.

(d) Integration; Interpretation. This Agreement supersedes and replaces any and all previous business associate agreements between the parties. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the HIPAA Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.

(e) No Third-Party Beneficiary. Nothing express or implied in this Agreement or in the Terms of Service is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

(f) Survival. The respective rights and obligations of Business Associate under Section 4(c) of this Agreement shall survive the termination of this Agreement for so long as Business Associate retains any PHI.

(g) Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the HIPAA Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.

(h) No Third Party Beneficiary. Nothing express or implied in this Agreement or in the Terms of Service is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

(i) Governing Law. This Agreement shall be governed by and construed in accordance with the same internal laws as that of the Terms of Service.