Terms of Use

updated as of February 18, 2021

 

1.      Agreement

These Terms of Service (the Terms of Service) set forth the terms of service between you (Practice) whether an individual or entity, and Data Momma, LLC dba PCIHIPAA (PROVIDER), with its principal place of business at 2601 Ocean Park Boulevard Suite 303, Santa Monica, California 90405. These Terms of Service include the terms and conditions set forth below and the terms and conditions set forth in the Authorization and Set Up Form (the Authorization) delivered to Practice, and any policies, guidelines, and amendments that may be incorporated by reference into these Terms of Service from time to time (collectively with these Terms of Service and the Authorization, the Agreement). By executing and delivering the Authorization to PROVIDER, or by otherwise accessing or using any Services or PROVIDERs website, Practice agrees that the Agreement governs the Services (as defined below).

2.      Services

PROVIDER provides the following services that are included in its Compliance Package: (a) Payment Card Industry Data Security Standard (PCI DSS) compliance, and administrative services; (b) data breach protection insurance; (c) Health Insurance Portability and Accountability Act (HIPAA) compliance and administrative services, and breach protection services; (d) Data Backup Services; (e) E-mail Encryption Services; (f) Occupational Safety and Health Act (OSHA) compliance and administrative services, and (g) Other Related Services (clauses (a)-(g) collectively defined as Services). By its execution and delivery of the Authorization to PROVIDER, or by Practice otherwise accessing or using any Services or PROVIDERs website, Practice appoints PROVIDER as the exclusive provider of the Services to Practice. If Practices usage of the Services or data storage requirements exceeds the maximum allowable under the Authorization, the Services shall be increased to the next level of service and Practice agrees to pay PROVIDER’s then-current Fees (as defined below) for such additional Services.

3.      Third Party Vendors

Practice acknowledges and agrees that PROVIDER may utilize one or more third party vendors (each a Third-Party Vendor) in providing the Services. Practice acknowledges and agrees that (a) PROVIDER may delegate its duties to provide the Services, in whole or in part, to any Third-Party Vendor(s) it designates, and (b) such Third Party Vendor(s) may have their own terms of use, privacy policy or provisions that apply to Practice. To the extent that the Services utilized by Practice are provided by a Third-Party Vendor, Practice acknowledges and agrees that it will be bound by, and accepts, such Third-Party Vendors terms of use, privacy policy or provisions, even if inconsistent with these Terms of Use.

4.      Fees

Practice agrees to pay for those Services identified or selected on the Authorization, as the same may be amended, supplemented or changed from time to time in PROVIDER’s sole discretion and without prior notice to Practice (the Fees), including but not limited to changes or adjustments to reflect increased costs incurred by PROVIDER in providing the Services or price changes by Third Party Vendors. Except as set forth in the Authorization, the Fees are due monthly based upon the then-current pricing schedule. Fees are non-refundable once paid. Practice is obligated to pay all taxes and other charges imposed by any government authority on the Services provided under the Agreement. Practice may be charged the market rate per gigabyte (GB) used in excess of the amount of GB provided in Practices particular Compliance Package.

5.      Early Termination-Related Fees

(a) If Practice cancels the Services prior to the end of any Term (as defined herein), the monthly Fees already paid by Practice shall be non-refundable and any remaining fees will be billable as an early termination fee. Practice agrees that any such early termination fee is reasonable.

(b)  If Practice participates in the PROVIDER’s Merchant Card Processing Account (as described below) and the Practice terminates the Agreement at any time before the end of the Initial Term, Practice will pay a termination fee of $299.00 in addition to the fee identified in 5(a) above. [To the extent that this termination fee exceeds the maximum termination fee permitted at law, then the termination fee assessed will be the maximum fee permitted by such law.] In addition, if Practice has accepted point of sale terminal equipment for use without any obligation to pay a purchase price or monthly lease amount, then Practice agrees to return such equipment in good working order within 30 days of the expiration or termination of the Merchant Card Processing Agreement. If such equipment is not returned as required, then Practice will pay a separate non-return fee of $299.00.

6.      PCI DSS Compliance Administrative Services

If Practice engages PROVIDER’s PCI DSS compliance administration services as part of the Services, then PROVIDER shall provide Practice Cyber Breach Liability Insurance as described in Section 7. PROVIDER shall charge and Practice shall pay an additional fee in the amount of seventy-five dollars ($75.00) for remediation on PCI DSS compliance in the event of failure.

7.      Data Breach Coverage

(a) Cyber Breach Liability Insurance is offered by a third-party provider. There is a $2,500 per incident deductible and certain policy conditions, limitations, exceptions, waiting periods and restrictions apply. This program does not apply to practices domiciled in New York or Indiana. The Cyber Breach Liability Program includes $250,000 in Cyber Breach Insurance. Covered Entities and Business Associates that purchase OfficeSafe 360 or OfficeSafe HIPAA may Opt-Out of the Cyber Breach Liability Insurance. Upon purchase, the cost of the Cyber Breach Liability Insurance will be itemized and billed accordingly. To review the breach liability coverage in New York or Indiana, please click here.

(b)  The terms and provisions of any data breach insurance certificate and/or policy issued to Practice shall supersede any contrary terms set forth in the Agreement,

(c) The terms of the Cyber Breach insurance policy may differ depending on the domicile of Practice.  For practices domiciled in New York and Indiana – please click on the following web page for details.

(d) Certain Practice Requirements to Receive Cyber Breach Liability Insurance
To receive service or support under the Plan, you must maintain:

  1. An active firewall configured at the network perimeter;
  2. Anti-virus scanning software on ALL network workstations;
  3. Network data back-ups stored offsite and updated at least once per week; and
  4. Multi-Factor Authentication for all remote access to owned networks or systems.​

8.      HIPAA Compliance Administrative Services

Practice may be entitled of up to a thirty (30) day free-trial period of PROVIDER’s Office Safe™ Practice Portal (OSPP), which will include a downloaded service from PROVIDER for HIPAA assessment, documents and various other related services. Practice will be billed PROVIDER’S regular charges for OSPP Services following the applicable trial period as defined in Fees above.

Practice may cancel the OSPP Services prior to the end of the applicable trial period by contacting our customer service by email at support@pcihipaa.com, or by phone at (800) 588-0254.

If Practice cancels the OSPP Services during the applicable trial period, Practice will no longer have access to all data and organization of all data made accessible as part of the OSPP Services

PROVIDER reserves the right, in its sole discretion, to deny or cancel the OSPP Services trial, as well as to change the features available during such trial, at any time, for any reason or for no reason, without notice, and with no liability.

9.      OSHA Compliance Administrative Services

Practice may be entitled of up to 60 day free-trial period of PROVIDER’s OSHA Product, OfficeSafe OSHA, which will include a downloaded service from PROVIDER for OSHA compliance requirements, employee training, documents, safety data sheets, and various other related services. In addition, if Practice is (1) audited by OSHA and (2) fined by OSHA in connection with services provided by Provider, Provider shall reimburse Practice for the amount of any fine imposed by OSHA directly related to services provided Practice by Provider in an amount not to exceed $25,000 (“OSHA Reimbursement”). Such OSHA Reimbursement shall not cover any other expenses associated with an OSHA audit or related fine, including without limitation administrative, overhead or legal fees associated therewith. Provided Practice complies with all requirements, including those referenced below, Provider will initiate the reimbursement payments within 48 hours of receiving the confirmation of audit violation and fine. Practice will be billed PROVIDER’S regular charges for OfficeSafe OSHA Services following the applicable trial period as defined in Fees above.

Requirements of Practice to Receive OSHA Reimbursement

To receive service or support under the Plan, you agree to provide (i) your Plan Agreement Number and a copy of your Plan’s original proof of purchase, (ii) a signed agreement with PCIHIPAA, (iii) Bloodborne Pathogens, Hazard Control Plans and Hazard Chemical Ebinder completed, and (iv) documentation that employees have logged into OS and taken their required training.

Limitations on OSHA Reimbursement

Company may restrict the reimbursement payments to the country where the Covered Plan was originally purchased.  Company will not provide reimbursement payments in the following circumstances:

(a) there is not a signed PCIHIPAA agreement between Subscriber and the end customer;

(b) if the Bloodborne Pathogens, Hazard Control Plans, and Hazard Chemical E-binder modules have not been certified as completed;

(c) if the reported event is caused by an employee or employees who have not logged into OS and have not taken their required trainings;

Practice may cancel OfficeSafe OSHA prior to the end of the applicable trial period by contacting our customer service by email at support@pcihipaa.com, or by phone at (800) 588-0254.

If Practice cancels OfficeSafe OSHA at any time, including during the applicable trial period, Practice will no longer have access to all data and organization of all data made accessible as part of OfficeSafe OSHA or created with OfficeSafe OSHA and will not be entitled to recover the OSHA Reimbursement.

Practice may only use the OfficeSafe OSHA trial offer once. PROVIDER reserves the right, in its sole discretion, to deny or cancel the OfficeSafe OSHA trial, as well as to change the features available during such trial, at any time, for any reason or for no reason, without notice, and with no liability.

10.  Practices Obligations

(a) Payment Card Industry Rules.

Practice is responsible for complying with the rules, regulations and terms and conditions between Practice and Visa, MasterCard, Discover, American Express and all other card networks and associations (and related members and third-party providers) as they may apply and as are modified from time to time (the Rules).

(b) PCI DSS Compliance and PCI Data Breach Coverage.

Practice shall comply with the rules, regulations, standards and guidelines set forth by Payment Card Industry Security Standards Council (PCI SSC) and any governing committees or boards thereof, as may be amended from time to time (the PCI DSS Rules). Practice shall comply with any materials, information and instructions that it receives from PROVIDER or Third-Party Vendors regarding the PCI DSS Rules relating to software updates, data back-up account obligations, anti-virus obligations, data breach notification timing, firewalls, and other obligations and requirement necessary to comply with the PCI DSS Rules and PCI data breach coverage. Practice is solely responsible for timely reading and complying with such materials, information and instructions. Practice acknowledges and agrees that the materials, information and instructions from PROVIDER and/or Third-Party Vendors may require Practice to implement new or modify old procedures to comply with the PCI DSS Rules and data breach coverage requirements, which Practice agrees to implement in accordance with this Section.

(c) Network.

Practice is responsible for the functionality of its network environment and the integration and compatibility of the Services with its network environment. Such network environment includes, but is not limited to, any POS systems, software, hardware, credit card data, network security, firewall, and encryption used by Practice in its business. Practice is responsible for remedying inadequacies, failures, weaknesses, incompatibilities, or non-complying aspects in or of Practices network environment revealed by any quarterly PCI DSS scans, annual Self-Assessment Questionnaires (SAQs), or as otherwise noted to Practice by PROVIDER and/or Third-Party Vendor.

(d) Information Requests

PROVIDER and/or Third-Party Vendors may from time to time provide to Practice certain forms or questionnaires to solicit or otherwise request certain information from Practice to facilitate the provision of the Services hereunder (the Requested Information). Such Requested Information may include, but is not limited to: (i) SAQs, SAQ data entry forms, or SAQ submission forms; (ii) questionnaires, forms or requests for information relating to PCI DSS vulnerability scans or quarterly PCI DSS scan requirements; (iii) questionnaires, forms or requests for information from Visa, MasterCard, American Express, Discover or other card networks or associations, or any information relating the provision of services by such parties; (iv) questionnaires, forms or requests for information from Third Party Vendors or any information relating the provision of services by Third Party Vendors, including the insurer providing data breach coverage; (v) questionnaires, forms or requests for information from the PCI SSC; (vi) questionnaires, forms or requests for information relating to any PCI DSS data breaches; and (vii) questionnaires, forms or requests for information relating to fines or penalties incurred by Practice. Practice shall provide the Requested Information in a timely manner to the requesting party, and it shall be true, complete and accurate in all respects. If any of the Requested Information provided to PROVIDER and/or any Third-Party Vendor is or was untrue, incomplete or inaccurate at the time it was made, Practice shall inform PROVIDER and/or Third-Party Vendor of the discrepancy within five (5) days following Practices discovery of the same, and immediately provide the requesting party true, complete and accurate modifications to correct the Requested Information previously provided by Practice. If the Requested Information is pre-populated or prepared by PROVIDER and/or any Third-Party Vendor, Practice is responsible for verifying the veracity, completeness and accuracy of such Requested Information and promptly (but in no event later than five (5) days) informing PROVIDER of any untrue, incomplete or inaccurate statements prepared by PROVIDER and/or any Third-Party Vendor.

(e) Software Use

From time to time PROVIDER may grant Practice a limited, non-exclusive, non-transferrable, non-sublicensable and revocable license to install and integrate certain software (the Designated Software) into Practices office management and/or business systems, solely for the purpose of enabling Practice to access and utilize the Services. Practice acknowledges that (i) PROVIDER and its licensors have all right, title and interest in and to the Designated Software, including but not limited to all intellectual property rights associated with the Designated Software; (ii) the Designated Software is protected by the copyright laws of the United States, international treaties and conventions, and other laws; and (iii) except with respect to the limited license granted herein, Practice has no intellectual property rights in the Designated Software (including but not limited to use of any trademarks, trade names, service marks, logos, domain names, or other distinctive brand features), and PROVIDER reserves all rights not expressly granted to Practice under this Section 9(e). PROVIDER reserves the right at any time to update or modify, or to discontinue, temporarily or permanently, Practices (or any of its customers or patients) access to and/or use of the Designated Software, or any feature or part thereof. PROVIDER may also adopt additional restrictions regarding the use of the Designated Software, or any feature or part thereof. PROVIDER may take such actions with or without notice.

(f) Applicable Laws

Practice is solely responsible for complying with all applicable international, national, state, regional and local laws and regulations applicable to Practice.

(g) Notifications Regarding Changes in Practices Business or Application Information.

Practice must provide PROVIDER with immediate and prior written notice of Practices intent to: (i) transfer or sell any substantial part of its total assets, or liquidate; (ii) change the basic nature of its business, including selling any products or services not related to its current business; (iii) change ownership or transfer control of its business; (iv) enter into any joint venture, partnership or similar business arrangement whereby any person or entity not a party to the Agreement assumes any interest in Practices business; (v) change its address or principal place of business; (vi) voluntarily file for bankruptcy, declare insolvency, appoint a receiver, or make an assignment for the benefit of creditors.

(h) Conduct and Obligations

In connection with the Services and the use of PROVIDER’s website, Practice agrees that it will not: (i) upload, post or otherwise transmit through or to PROVIDER’s website any content that (a) is unlawful, abusive, threatening, harmful, obscene, lewd, offensive, defamatory or otherwise objectionable, (b) might infringe the intellectual property rights, privacy rights, rights of publicity, or other proprietary rights of others, (c) contains any viruses, trojan horses, time bombs, or any other harmful programs or elements; (ii) disrupt, place unreasonable burdens or excessive loads on, interfere with or attempt to gain unauthorized access to any portion of PROVIDERs website, its computer systems, servers or networks; (iii) provide false information about Practice to PROVIDER or any Third Party Vendor; (iv) impersonate any other person, or otherwise attempt to mislead others about Practices identity or the origin of any content, message or other communication; (v) transmit junk mail, chain letters, or other unsolicited bulk e-mail or duplicative messages; (vi) collect information about other visitors to PROVIDER’s website without PROVIDER’s consent or otherwise systematically extract data or data fields, including without limitation any financial data or e-mail addresses; (vii) sell access to or the use of PROVIDER’s website, including any content contained on, downloaded or accessed from such website; (viii) redistribute any content, including financial, legal or other data, provided by PROVIDER or any Third Party Vendor in any manner whatsoever, including by means of printed publication, fax broadcast, Web pages, e-mail, Web newsgroups or forums, or any other electronic or paper-based service or method; or (ix) intentionally alter the format in which financial, legal or other data is provided by PROVIDER or any Third Party Provider, or otherwise circumvent PROVIDER’s or any Third Party Vendors’ regular interfaces to such data.

(i) Merchant Card Processing Account

Practice may establish a merchant card processing account. Practice agrees and acknowledges that such account will require Practice to enter into a separate agreement with a card-processing provider. Practice agrees to abide by all of the terms of such agreement. Practice authorizes PROVIDER to refer card processing providers to Practice for the purpose of Practice obtaining a new or replacement merchant card processing account.

(j) Compliance with PROVIDER directions and recommendations

If Practice transmits, receives or maintains Protected Health Information as defined HIPAA or other personally identifiable information, Practice agrees to comply with all of the directions and recommendations of PROVIDER in order to protect and safeguard against disclosure of such information in accordance with applicable law. Practice will implement and maintain all safeguards recommended by PROVIDER to protect the confidentiality, integrity and availability of all Protected Health Information, personally identifiable information and any and all other confidential information.

11.  Representations, Warranties and Covenants

(a) PROVIDER

PROVIDER represents and warrants to Practice that it shall use reasonable care in the selection of the Third-Party Vendors to provide all or any portion of the Services subscribed for hereunder. If PROVIDER directly provides the Services hereunder, PROVIDER shall use reasonable efforts to ensure that the Services do not contain any viruses or programming routines intended to damage, surreptitiously intercept or expropriate any system, data or personal information of Practice. PROVIDER shall use reasonable efforts to provide the Services and maintain them in an uninterrupted and error-free fashion consistent with its practices in effect as of the date of these Terms of Service set forth above; provided, however, that Practice acknowledges that Services are a computer network-based service which may be subject to outages, data loss and delay occurrences. In such an event, PROVIDER shall use reasonable efforts diligently and promptly to remedy any and all material interruptions. Nonetheless, PROVIDER will not be liable in any manner for any data losses, interruptions, outages, or other delay occurrences relating to the Services provided by PROVIDER or its Third-Party Vendors.

(b) Practice

Practice represents and warrants to PROVIDER that it has all the necessary legal authority to enter into, and to perform its obligations under, the Agreement. Practice is in compliance with all international, national, state, regional and local laws and regulations applicable to Practice. Practice further represents, warrants and covenants to PROVIDER that it shall only use the Services for lawful purposes and will not use the Services in a manner that would constitute a civil or criminal offense.

12.  Independent Contractors

The Agreement shall not be construed as a partnership or joint venture, and PROVIDER shall not be liable for any obligation incurred by Practice. The relationship between PROVIDER and Practice is that of independent contractors. Neither Practice nor Practices employees, consultants, contractors or agents are agents, employees, partners or joint venturers of PROVIDER, nor do they have any authority to bind PROVIDER by contract or otherwise to any obligation.

13.  Term and Termination

The initial term of the Agreement shall be for a period of one (1) year, commencing on the date the executed Authorization is delivered to PROVIDER or the date on which Practice first accesses or uses the Services or PROVIDER’s Office Safe™ Practice Portal, whichever comes first. Thereafter, the term shall be automatically renewed for additional terms of one (1) year each unless and until either party provides written notice of termination to the other party no later than thirty (30) days prior to the end of the then-current term (collectively, the Term). Notwithstanding the foregoing to the contrary, and subject to Section 20 of these Terms of Use, PROVIDER may terminate the Agreement and the Services either (i) upon seven (7) days notice to Practice for convenience at any time for any reason, or no reason at all (Termination for Convenience), or (ii) without prior notice if Practice breaches the terms of the Agreement (Termination for Breach). In the event of a Termination for Convenience, Practice shall not be responsible for any Fees beyond the date on which PROVIDER terminated the Agreement and Services. In the event of a Termination for Breach, all Fees paid shall be non-refundable and Practice shall remain liable for all unpaid or agreed upon Fees for the remainder of the applicable Term. Practice hereby authorizes PROVIDER to debit any charges due by Practice under the Agreement or any other agreement between Practice and PROVIDER or its affiliates from any checking, savings, credit card or any other type of account provided by Practice to PROVIDER.

14.  Website Use

By visiting or using PROVIDERs website, any visitor to the website (User) consents to these Terms of Service and PROVIDERs Privacy Policy with respect to site use. User agrees not to interfere with PROVIDERs website or use it for an illegal or improper purpose. User acknowledges that PROVIDER is protected by copyrights, trademarks, service marks, patents and other proprietary rights and laws. Trademarks, service marks, logos, and copyrighted works appearing in PROVIDERs website are the property of PROVIDER or the party that provided them, who retain all rights with respect to them. Nothing in the Agreement shall be construed to confer a license or right, by implication, estoppel or otherwise, under copyright or other intellectual property rights. PROVIDER reserves the right, in its sole discretion, to terminate a Users access to any or all of PROVIDERs websites and the related services or any portion thereof at any time, without notice and for any reason. Links on a PROVIDER website are not under the control of PROVIDER, and PROVIDER is not responsible for the contents of any linked website or any link contained in a linked site, or any changes to such sites.

15.  Account Access Password

(a) If Practice receives a user identification name or password from PROVIDER to access PROVIDERs database or use services offered by PROVIDER, Practice will: (i) keep the user identification name and password confidential; (ii) not allow any other entity or person to use the user identification name or password or gain access to PROVIDERs database or services; (iii) be liable for all action taken by any user of the user identification name or password; and (iv) promptly notify PROVIDER if Practice believes the user identification name or password have been used inappropriately or the confidentiality of the information made available through such use has been compromised.

(b) Practice agrees that any loss incurred by PROVIDER as a result of any party gaining access to Practices account or PROVIDERs website using information which that party was not authorized to obtain or using such information in a manner not permitted by the Agreement (including but not limited to improper or unauthorized use of Practices ID number and PIN) shall be the responsibility of Practice.

16.  Disclaimer of Warranties and Limitation of Liability

(a) EXCEPT AS PROVIDED IN SECTION 10 (A) OF THESE TERMS OF SERVICE, THE SERVICES ARE PROVIDED ON AN AS IS BASIS WITHOUT ANY WARRANTY WHATSOEVER. PROVIDER DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, TO PRACTICE AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD-PARTY RIGHTS. PROVIDER FURTHER DISCLAIMS ANY WARRANTY INSURING THAT THE SERVICES WILL (I) BE SECURE, UNINTERRUPTED, TIMELY, OR FREE FROM DEFECTS, ERRORS, OMISSIONS, INTERRUPTIONS, DELAYS OR OTHER LOSSES, (II) BE COMPATIBLE OR OPERATE IN COMBINATION WITH ANY SPECIFIC HARDWARE, SOFTWARE SYSTEMS, OR DATA OF PRACTICE, AND (III) FREE OF VIRUSES AND OTHER HARMFUL COMPONENTS. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY PROVIDER OR ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF PROVIDERS OBLIGATIONS.

(b) TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT AS OTHERWISE PROVIDED IN THE AGREEMENT, PROVIDER DISCLAIMS ANY AND ALL LIABILITY ARISING FROM ACTIONS OR OMISSIONS OF THIRD-PARTY VENDORS PROVIDING ALL OR ANY PART OF THE SERVICES SUBSCRIBED FOR HEREUNDER.

(c) NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR TO ANY OTHER THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO THE AGREEMENT OR THE SERVICES, INCLUDING BUT NOT LIMITED TO THOSE PROVIDED BY THIRD PARTY VENDORS, WHETHER FORESEEABLE OR UNFORESEEABLE, AND WHETHER BASED ON BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHER CAUSE OF ACTION, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES SHALL PROVIDERS TOTAL LIABILITY TO PRACTICE OR ANY THIRD PARTY ARISING OUT OF OR RELATED TO THE AGREEMENT EXCEED ONE THOUSAND ($1,000.00) DOLLARS, REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON WARRANTY, CONTRACT, TORT OR OTHERWISE.

(d) WITHOUT LIMITING THE FOREGOING, PROVIDER SPECIFICALLY DISCLAIMS ANY WARRANTY (I) THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, (II) THAT ALL NON-COMPLIANT INFORMATION WILL BE FOUND, AND (III) REGARDING CORRECTNESS, ACCURACY OR RELIABILITY. ALL INFORMATION ASSESSED IS ONLY AS ACCURATE AS THE INFORMATION PRACTICE PROVIDES TO PROVIDER.

17.  Indemnification

Practice agrees to indemnify, defend, and hold harmless PROVIDER, its employees, officers, directors, managers, members, shareholders, referral partners and agents from and against any loss, liability, damage, penalty or expense (including attorney’s fees, expert witness fees and cost of defense) that each may suffer or incur as a result of claims arising from: (i) any breach by Practice or any officer, director, manager, member, shareholder, employee, subcontractor, agent or affiliate of Practice of the terms of the Agreement, including, without limitation, Practices failure to comply with its obligations set forth in the Agreement, (ii) any representation or warranty made by Practice being false or misleading, (iii) the Requested Information, (iv) any representation or warranty made by Practice or any employee or agent of Practice to any third person other than as specifically authorized by the Agreement, (v) any negligent act or omission of Practice or its officers, directors, managers, members, shareholders, employees, subcontractors, agents or affiliates, (vi) any alleged or actual violations by Practice or its officers, directors, managers, members, shareholders, employees, subcontractors, agents or affiliates of any laws, regulations or the Rules, or (vii) any claims made by any customers or patients of Practice, or any third party vendors of Practice.

18.  Miscellaneous

(a) Successors and Assigns

The Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Practice may not assign its rights or obligations set forth in the Agreement without the written consent of PROVIDER, which consent shall be in PROVIDERs sole discretion. PROVIDER may assign its rights and/or obligations the Agreement in its sole discretion without the written consent of Practice.

(b) Entire Agreement

The Agreement sets forth the entire agreement and understanding of the parties hereto in respect of the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party to the Agreement.

(c) Choice of Law; Forum

The parties agree that all performances and transactions under the Agreement will be deemed to have occurred in California and Practices entry into and performance of the Agreement will be deemed to be the transaction of business within the State of California. The Agreement will be governed by California law, without regard to its conflicts-of-law principles, and applicable federal law. Subject to Section 18 below: (i) the parties hereby knowingly, intelligently and voluntarily consent to the exclusive jurisdiction and venue for any action relating to the subject matter of the Agreement in either the applicable state court located in Los Angeles, California, or the United States District Court for the District of California ii) the parties consent to the jurisdiction of such courts and agree that process may be served in the manner allowed by the laws of the State of California or United States federal law: (iii) the parties hereby knowingly, voluntarily and intelligently waive any claim or defense in any such legal action, suit or proceeding commenced in any of the above-referenced courts asserting that it is not subject personally to the jurisdiction of such court, that service upon it as herein above set forth is invalid, that its property is immune or exempt from attachment or execution, that the legal action, suit or proceeding is brought in an inconvenient forum, that the venue of the legal action, suit or proceeding is improper or that the Agreement, or the subject matter hereof, may not be enforced in or by such court.

(d) No Waiver

The failure of either party to object to or to take affirmative action with respect to any conduct of the other which is in violation of the terms of the Agreement, shall not be construed as a waiver of that conduct or any future breach or subsequent wrongful conduct.

(e) Severability

If any part, term or provision of the Agreement is declared and determined by any court or arbitrator to be illegal or invalid, such declaration and determination shall not affect the validity of the remaining parts, terms or provisions thereof.

(f) Heading

The various headings in the Agreement are inserted for convenience only and shall not affect the Agreement or any portion thereof.

(g) PRACTICE HEREBY AUTHORIZES PROVIDER TO SEND, AND PRACTICE CONSENTS TO THE RECEIPT OF, SMS TEXT ALERTS AND ARTIFICIAL OR PRERECORDED VOICE ALERTS FOR THE FOLLOWING DESIGNATED PURPOSES: (I) TO NOTIFY PRACTICE WHEN ITS AUTHORIZATION IS APPROVED OR ACTIVATED; (II) TO NOTIFY PRACTICE THAT PROVIDER NEEDS ADDITIONAL REQUIRED INFORMATION; (III) TO NOTIFY PRACTICE OF NEW PRODUCTS OR FEATURES OFFERED BY PROVIDER; (IV) TO NOTIFY PRACTICE THAT PROVIDER IS TRYING TO REACH IT; (V) TO NOTIFY PRACTICE OF CUSTOMER SERVICE ISSUES; (VI) TO NOTIFY PRACTICE OF SERVICE OUTAGES; (VII) TO PROVIDE PRACTICE WITH INFORMATION REGARDING ACCOUNT BALANCES, TRANSACTIONS, AND SIMILAR MATTERS; AND (VIII) TO NOTIFY PRACTICE OF ANY MATTERS RELATING TO ITS ACCOUNT. PRACTICE UNDERSTANDS THAT IT WILL RECEIVE FUTURE SMS TEXT ALERTS AND/OR ARTIFICIAL OR PRERECORDED VOICE ALERTS FOR THE AFOREMENTIONED PURPOSES BY OR ON BEHALF OF PROVIDER TO THE TELEPHONE NUMBER DESIGNATED IN THE AUTHORIZATION AND, HAVING RECEIVED AND REVIEWED THESE DISCLOSURES, PRACTICE UNAMBIGUOUSLY AUTHORIZES PROVIDER TO DELIVER, OR CAUSE TO BE DELIVERED, AND AGREES TO RECEIVE, SUCH ALERTS THROUGH THE USE OF AN AUTOMATIC TELEPHONE DIALING SYSTEM AND/OR AN ARTIFICIAL OR PRERECORDED VOICE. PRACTICE ACKNOWLEDGES THAT THE TELEPHONE NUMBER PROVIDED IS IN THE NAME OF AND CONTROLLED BY PRACTICE, THAT PRACTICES CONSENT IS VOLUNTARY AND NOT REQUIRED (DIRECTLY OR INDIRECTLY) AS A CONDITION TO ITS RECEIVING SERVICES FROM PROVIDER OR ITS AFFILIATED COMPANIES IN ACCORDANCE WITH THE AGREEMENT, AND THAT PRACTICE HAS THE RIGHT TO WITHDRAW THIS CONSENT AT ANY TIME BY PROVIDING PROVIDER WITH WRITTEN NOTICE OF SUCH WITHDRAWAL IN ACCORDANCE WITH SECTION 23 BELOW. THIS CONSENT IS BEING PROVIDED ELECTRONICALLY IN ACCORDANCE WITH SECTION 25 BELOW.

19.  Dispute Resolution

PROVIDER and Practice each acknowledge and agree that any controversy, disagreement, dispute or claim arising out of or relating to the Services or the Agreement, or any breach in connection therewith or herewith (each, a Dispute), will be settled by following the procedures set forth below:

(a) PROVIDER, on the one hand, and Practice, on the other hand, agree first to contact the other to advise of any such Dispute. The party alleging, asserting and/or initiating the Dispute shall contact the other party or parties who is or are alleged to be liable or responsible for such Dispute, and provide a written description of the Dispute, all relevant documents/information and the proposed resolution (the Claim Notice). Practice agrees to contact PROVIDER as contemplated above by calling or writing to: [PROVIDER, Claims Administrator, 2601 Ocean Park Boulevard Suite 303, Santa Monica, California 90405 Tel. No. 800-588-0254.

(b) Practice and the Claims Administrator for PROVIDER shall then seek in good faith to resolve the Dispute. As part of this process, each party to the Dispute shall provide a monetary amount that, if paid to the party alleging, asserting and/or initiating the Dispute, would settle the Dispute (the Settlement Amount). If the parties do not agree to a Settlement Amount, or the parties are otherwise unable to settle the Dispute within thirty (30) days of the date of delivery of the Claim Notice, then the parties shall proceed to arbitration, as set forth below.

(c) IN THE ABSENCE OF RESOLVING THE DISPUTE, AND INSTEAD OF SUING IN COURT, PROVIDER AND PRACTICE EACH AGREE TO SETTLE AND RESOLVE FULLY AND FINALLY ALL DISPUTES EXCLUSIVELY BY ARBITRATION, EXCEPT IN THE FOLLOWING LIMITED CIRCUMSTANCES: (I) PROVIDER OR PRACTICE MAY COMMENCE AN INDIVIDUAL ACTION IN SMALL CLAIMS COURT WHERE THE AMOUNT OF THE DISPUTE DOES NOT EXCEED THE JURISDICTIONAL LIMIT OF SUCH COURT; AND (II) PRACTICE MAY FILE A DISPUTE WITH ANY FEDERAL, STATE OR LOCAL GOVERNMENTAL AGENCY THAT CAN, IF THE LAW SO AUTHORIZES, SEEK RELIEF AGAINST PROVIDER ON BEHALF OF PRACTICE. THE AGREEMENT TO HAVE DISPUTES RESOLVED BY ARBITRATION IS MADE WITH THE UNDERSTANDING THAT EACH PARTY IS IRREVOCABLY, KNOWINGLY AND INTELLIGENTLY WAIVING AND RELEASING ITS RIGHT TO LITIGATE DISPUTES THROUGH A COURT AND TO HAVE A JUDGE OR JURY DECIDE DISPUTES. Without limitation, PROVIDER and Practice agree that Disputes, as defined above, shall include the following matters: (a) any Dispute by any party against any agent, employee, successor, or assign of the other party or parties, including to the full extent permitted by applicable law, third parties who are not parties to the Agreement, whether related to the Services or otherwise; (b) any past, present, and future Dispute; and (c) any Dispute as to the scope, validity or applicability of this Dispute Resolution provision, and/or the arbitrability of any Dispute; and (d) any Dispute against PROVIDER, or any other party as stated above, related in any way to the Services, including, but not limited to, the characterization of the transactions referenced in the Agreement, privacy, solicitation, or advertising, even if it arises after the Services have terminated.

(d) The foregoing arbitration shall be administered by the American Arbitration Association (the AAA) in accordance with its Commercial Arbitration Rules in effect when a Claim Notice is duly provided. If any AAA procedure or rule conflicts with the terms of the Agreement, the Agreement will apply.

(e) The arbitration shall be governed by the Federal Arbitration Act (the FAA), 9 U.S.C. Sections 1-16. Any award by the arbitrator may be entered as a judgment in any court having jurisdiction. Any arbitrator’s decision and award is final and binding, subject only to those exceptions under the FAA. PROVIDER and Practice agree the FAAs provisions, not state law, govern all questions of whether a Dispute is subject to arbitration.

(f) Unless PROVIDER and Practice agree otherwise, the foregoing arbitration will be conducted by a single neutral arbitrator selected by utilizing the process provided in the AAAs Commercial Arbitration Rules in effect when Claim Notice is duly filed. The arbitrator shall be a licensed attorney and/or retired judge. Except as otherwise provided below, the arbitration shall be conducted in the county where the principal address of the party against whom the Dispute is initially commenced is located and for any claim against PROVIDER, that address shall be PROVIDER, 2601 Ocean Park Boulevard Suite 303, Santa Monica, California 90405 . The arbitrator shall have no authority to award punitive, consequential or other monetary damages not measured by the prevailing party’s actual damages, except as may be required by statute or as otherwise provided below.

(g) The award of the arbitrator shall be accompanied by a reasoned opinion.

(h) For Disputes of $10,000.00 or less that are initiated by Practice (Small Disputes), the following rules shall apply notwithstanding anything to the contrary in the procedures or rules of the AAA:

(1) The arbitration shall be conducted in accordance with the AAAs Expedited Procedures.

(2) The arbitrator shall include a finding as to whether the initiation of such Dispute was frivolous. If it is determined by the arbitrator not to be frivolous, then PROVIDER shall pay the fees and costs assessed by the AAA in administering the arbitration.

(3) If the arbitrator finds that PROVIDER is liable to Practice for an amount greater than the Settlement Amount presented by PROVIDER prior to the commencement of arbitration (after all offsets and counterclaims are applied), then PROVIDER shall be required to pay in addition to any award of the arbitrator an amount equal to the greater of (x) $500.00, or (y) the amount of Practices reasonable attorney’s fees.

(4) Practice may choose to conduct the arbitration in the state of its principal address.

(i) PROVIDER AND PRACTICE EACH AGREE NOT TO PURSUE ARBITRATION ON A CLASS-WIDE BASIS. ARBITRATION WILL BE CONDUCTED SOLELY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

20.  Non-Disparagement

Practice agrees not to disparage PROVIDER or its respective vendors, and promises to refrain from engaging, directly or indirectly, in any action, communication or conduct negligently, recklessly or intentionally undertaken to damage the name or reputation of PROVIDER.

21.  Survival

Notwithstanding anything to the contrary in the Agreement, all sections of the Agreement that by their nature should survive termination or expiration will survive, including, without limitation, accrued rights to payment, indemnification obligations, warranty disclaimers, and limitations of liability.

22.  Modifications to Agreement

PROVIDER may from time-to-time and at any time amend any provision of the Agreement for any reason in its sole discretion, including fees and charges payable by Practice, whether or not such amounts are set forth in the Authorization. PROVIDER will note the date of the amendment at the top of the Agreement, and, unless specified otherwise, the amendment shall become effective at the start of the first billing cycle after PROVIDER has provided notice to Practice of such amendment. Amendments due to changes in any regulatory or legal requirement will become effective at such time that PROVIDER may specify, which may be sooner than the beginning of the next billing cycle following the date of notice.

23.  Final Sales

Except as expressly stated in the Agreement, all sales of Services are final, and all fees are non-refundable once paid.

24.  Notices; Consent to Electronic Communications

By applying for the Services and confirming that it has read the Agreement, Practice is confirming to PROVIDER that it has the means to access the Internet through its own service provider and download or print electronic communications. Practice agrees to the receipt of electronic communications by email or by the posting of such information by PROVIDER at one or more of PROVIDERs sponsored websites, such as www.pcihipaa.com. Such communications may pertain to the services delivered by PROVIDER, the use of information Practice may submit to PROVIDER, changes in laws or Rules impacting the Services or other reasons, such as amendment of the Agreement. In addition, all notices and other communications required or permitted under the Agreement by PROVIDER to Practice may also be delivered by PROVIDER to Practice either by FAX, overnight carrier or first-class mail, postage or other charges prepaid, addressed and transmitted as set forth below. All notices and other communications required or permitted under the Agreement by Practice to PROVIDER shall be delivered by Practice to PROVIDER by overnight carrier or certified mail, postage or other charges prepaid, addressed and transmitted as set forth below. Notice by FAX or e-mail shall be deemed delivered when transmitted. Notice by mail or overnight carrier shall be deemed delivered on the first (1st) business day after mailing or delivery to the carrier. Following are the addresses for the purposes of notices and other communications hereunder, which may be changed by written notice in accordance with this section:

If to PROVIDER, addressed and transmitted as follows:

PCIHIPAA
Attn: Practice Support
2601 Ocean Park Boulevard Suite 303,
Santa Monica, California 90405

(b) If to Practice, at the address provided as the billing address, or the FAX number or e-mail address and to the contact listed on the Authorization.

25.  Further Assurances

At any time or from time to time upon the request of PROVIDER, Practice will execute and deliver such further documents and do such other acts as PROVIDER may reasonably request in order to effectuate fully the purposes of the Agreement.

26.  Electronic Signature

Practice may become a party to, and become bound by, the Agreement by completing the Authorization and accepting it electronically over the Internet. This is done by clicking or entering I Agree, by providing an electronic form of signature or otherwise by affirmatively indicating acceptance or consent where requested on an electronic version of the Authorization (any such method constituting an Electronic Consent). By providing such Electronic Consent, Practice acknowledges that it has received and reviewed all applicable pages, terms and conditions of the Agreement, and it represents, warrants, consents and agrees as follows:

(a) The electronic agreement process allows Practice to sign and agree to legally binding agreements online by providing its Electronic Consent;

(b) Practice intends to use the electronic agreement process to provide its Electronic Consent;

(c) Practices Electronic Consent is legally binding, and is governed by the Electronic Signatures in Global and National Commerce Act of 2000, and/or the Uniform Electronic Transactions Act governances (or an amended version thereof) in its state of residence, and Practice agrees to be bound by these governances;

(d) The individual providing Electronic Consent on behalf of Practice is authorized by Practice to do so and is at least 18 years old; and

(e) The Electronic Consent will be binding upon Practice, and will not be construed by a court of law to have any less effect than a standard ink or paper signature.

27.  Privacy

PROVIDERs website collects and uses information about you and your use of the website.  Our Privacy Policy provides more about the information we collect and how we may use such information.  Please review our Privacy Policy at https://pcihipaa.com/privacy-policy/ which is incorporated to these Terms of Service by reference.