OnCallMD SERVICES AND LICENSE AGREEMENT
This OnCallMD Services and License Agreement (the “Agreement”) is entered into effective __________ (the “Effective Date”), by and between OnCallMD Inc, a company organized under the laws of the State of Delaware (“OnCallMD”) and __________ (the “OnCallMD Physician”) located in the State of __________ . OnCallMD and the OnCallMD Physician may be referred to individually as a “Party” and collectively as the “Parties.”
RECITALS:
WHEREAS, OnCallMD provides a proprietary, web-based platform to its customers (the “Platform”);
WHEREAS, OnCallMD provides various operational and administrative services to manage the Platform; and
WHEREAS, the OnCallMD Physician desires to incorporate the Platform and the services it currently offers to its patients;
NOW, THEREFORE, in exchange for the promises made hereunder and for other valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereto agree as follows:
AGREEMENT
-
DEFINITIONS The following terms, which are not otherwise defined herein, shall have the meanings set forth below:
-
“Member” means, if applicable, an individual who possesses an OnCallMD paid monthly membership which allows such individuals access to OnCallMD’s proprietary Platform.
-
“Monthly Subscription Fees” 2.is the applicable rate paid by the Member to OnCallMD for access to OnCallMD’s proprietary Platform
-
“Telehealth Consultations” means remote medical consultations provided by a duly licensed physician who provides patient care, via telephone or web-based video.
-
“Services” means the duties and obligations of OncallMD to OnCallMD Physician under this Agreement.
-
TERM
This Agreement shall continue for six (6) months from the Effective Date (the “Initial Term”) and will be automatically renewed thereafter for additional six month terms (each a “Renewal Term”), unless (i) one Party delivers to the other Party written notice of non-renewal (a “Termination Notice”) at least thirty (30) days before expiration of the Term then in effect or unless earlier terminated as set forth below. The Initial Term and any Renewal Terms are referred to in this Agreement, collectively, as the “Term.”
-
THE PLATFORM
In addition to licensing the Platform, OnCallMD provides access through the Platform to Telehealth Consultations provided by licensed Physicians, Nurse Practitioners, Physician Assistants and other qualified healthcare personnel, affiliated through contract with OnCallMD (each a “Provider” and collectively, the “Providers”) to Members in the states where they live and travel (the “Telehealth Program”). Pursuant to the Telehealth Program, the Providers diagnose via the Telehealth Consultations the patient’s ailment, recommend treatment, and if medically necessary and appropriate, write a prescription for Non-Drug Enforcement Administration (DEA) controlled substances. Each Provider shall be licensed to practice medicine and/or osteopathic medicine in the state where the Member lives/is traveling, be licensed to write prescriptions in the state in which the Member is located at the time of the consultation, be technologically proficient, trained in Telehealth Consultations and covered by medical malpractice insurance having limits in the amounts set forth in 11C in all of the states where such Physician will be providing the Services hereunder.
-
DUTIES OF THE ONCALLMD PHYSICIAN
OnCallMD Physician agrees:
-
- To conduct telehealth encounters with patients utilizing OnCallMD’s platform.
-
To submit to credentialing with OnCallMD’s third-party vendor. Until credentialing is complete and approval issued, OnCallMD Physician shall not be permitted to provide the telemedicine services contemplated hereunder. Once approved, OnCallMD Physician hereby agrees to maintain the standards required for the approval and to immediately notify OnCallMD if there is a change in any of the OnCallMD Physician’s credentialing criteria.
-
To accept, as full payment, the per encounter reimbursement from OnCallMD for any approved telehealth encounters initiated through the OnCallMD platform.
-
To maintain a patient record for telemedicine encounters in accordance with medical standards of practice and in compliance with all laws regarding patient privacy, confidentiality, informed consent and record keeping.
-
To provide a description of the Platform and the Telehealth Program to patients, as provided or approved in advance by OnCallMD;
-
To provide OnCallMD with non-medical patient census data in a format approved by OnCallMD in support of converting patient to enrollment as a paid membership of OnCallMD’s Telehealth Program. Said census shall not contain any information that is Protected Health Information (PHI) under and federal or state law, rule or regulation.
-
That OnCallMD may call or email OnCallMD Physician’s patients for the purpose of increasing patient enrollment and/or to share general platform updates and newsletters.
-
DUTIES OF ONCALLMD
-
OnCallMD agrees: (i) upon payment confirmation of a Member’s membership via the Platform, to initiate that Member’s identity in the Member database, and begin processing that Member so that he/she may receive services under the Platform; (ii) to provide and grant to the OnCallMD Physician a non-exclusive, non-transferable, limited license to use the “OnCallMD” branded Platform (including all materials developed or provided to the OnCallMD Physician by OnCallMD related to the Platform, its marketing, implementation and use during the Term); and (iii) to provide and maintain an adequate system, forms and other resources for Members to access and agree to OnCallMD’s Terms and Conditions.
-
OnCallMD further agrees to: (i) maintain a database of the Members’ information (in an electronic format that is compliant with the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), including but not limited to those changes adopted and incorporated by Section XIII of the American Recovery and Reinvestment Act of 2009 (ARRA) known as Health Information Technology for Economic and Clinical Health (HITECH) Act; (ii) provide to the OnCallMD Physician OnCallMD’s standard utilization and or other reports; (iii) provide initial training to the OnCallMD Physician at the time of implementation, and (iv) provide Platform user support to Members to effectively administer the Platform. Notwithstanding the foregoing, the OnCallMD Physician acknowledges and agrees that: (a) if the OnCallMD Physician requests OnCallMD to attend any events such as, but not limited to, enrollment meetings, health fairs, trainings, etc., OnCallMD will charge additional fees to attend as agreed to by both Parties; and (b) if the OnCallMD Physician requests OnCallMD to prepare any non-standard reports that require information technology programming, OnCallMD will charge the OnCallMD Physician an additional fee of Two Hundred ($200) Dollars per hour times that number of hours necessary for such non-standard reporting program development. Pursuant to the above, a Business Associate Agreement is required to be executed. See Exhibit II – OnCallMD Business Associate Agreement.
-
OnCallMD will provide OnCallMD Physician with an image and link to be added to OnCallMD Physician’s own website, if applicable, that will link back to OnCallMD Physician’s OnCallMD page to promote the use of OnCallMD Physician’s telehealth and related services. OnCallMD Physician may add this link and image to OnCallMD Physician’s own website or provide OnCallMD access to do so.
-
COMMUNICATION MATERIALS
OnCallMD will provide a template description of the Platform and the Telehealth Program for use by the OnCallMD Physician to communicate the Platform’s and the Telehealth Program’s services to the Members. Any changes or modifications to such description of services, and any and all materials used by the OnCallMD Physician or its agents to describe the Platform’s and the Telehealth Program’s services must be approved in advance in writing by OnCallMD prior to distribution. Such communications include, but are not limited to, those that are in written form, on websites, on the radio, on television, sent by email, sent by fax, etc. In addition, the OnCallMD Physician hereby authorizes OnCallMD to communicate directly with the Members for: (i) promoting the Platform and ancillary services or products related to the provision of remote care; and (ii) treatment, payment and health care operations of OnCallMD or any of its vendors on the Platform.
-
DATA TRANSMISSION SECURITY
-
Data transmission security is the process of sending data from one computer system to another in a secure manner so that only the intended recipient of the data receives the data and the data sent is identical to the data received. When ePHI (Electronic Personal Health Information) is transmitted over an electronic communications network i.e. “the internet”, transmissions of ePHI to and from OnCallMD, Inc. will utilize HIPAA-compliant encrypted file storage, or Secure File Transport Protocol (SFTP). OnCallMD requires all vendors or partners who are in receipt of ePHI to execute a Sub-Business Associate Agreement to conform to all applicable HIPAA regulations.
-
OnCallMD Physician is expressly prohibited from indirectly or directly, knowingly violating or attempting to violate the security of OnCallMD’s web sites, including, without limitation, accessing data not intended for such user or logging into a server or account which user is not authorized to access, attempting to probe, scan or test the vulnerability of the system or network or to breach security or authentication measures, scanning or testing the performance of the system or network, attempting to interfere with service to any user, host or network, including, without limitation, via means of submitting a virus or “trojan horse” to the Web site, overloading, “flooding”, “mail bombing” or “crashing”, or sending unsolicited electronic mail, including promotions and/or advertising of products or services. Violations of system or network security may result in civil or criminal liability. OnCallMD will investigate occurrences that may involve such violations and may involve, and cooperate with, law enforcement authorities in prosecuting users who are involved in such violations.
-
ONCALLMD PHYSICIAN PER CONSULT FEES
This Agreement is executed between the OnCallMD Physician and OnCallMD. Payment for virtual health consultations is received by OnCallMD from the OnCallMD Physician’s Members with respect to monthly subscription fees. OnCallMD Physician is eligible to receive per consult fees payable in accordance to OnCallMD’s Fees Schedule, see Exhibit I – Fees and Services. OnCallMD reserves the right to amend the virtual consultations fee schedule from time to time in concert in OnCallMD’s sole decision. Should OnCallMD Direct Physician’s not agree to the changes, their only recourse shall be the right to terminate the agreement with the Effective Date being the date the change goes into effect.
-
RELATIONSHIP OF THE PARTIES
-
OnCallMD and the OnCallMD Physician are and shall at all times function as independent contractors under this Agreement and neither OnCallMD nor the OnCallMD Physician is authorized to assume or create any obligations or liabilities, express or implied, on behalf of or in the name of the other Party, except to the extent otherwise specifically contemplated herein. The OnCallMD Physician’s patients, agents, employees, representatives, providers, methods, facilities and equipment of a Party shall at all times be under the exclusive direction and control of that Party.
-
The OnCallMD Physician and OnCallMD agree that that they will each maintain in strict confidence any and all patient information they may have access to by complying with the Privacy and Security Standards of HIPAA and the American Recovery and Reinvestment Act of 2009, including, without limitation, the requirements of the Health Information Technology for Economic and Clinical Health Act, which is part thereof, and the OnCallMD Physician agrees to secure a HIPAA Business Associate Agreement in the form set forth in Exhibit II attached hereto and made a part hereof.
-
NON-SOLICITATION / ONCALLMD EXCLUSIVITY
-
During the Term and for a period of two (2) years immediately thereafter, each Party agrees not to solicit any employee or independent contractor of the other Party on behalf of itself or any other business enterprise, nor shall either Party induce any employee or independent contractor associated with the other Party to terminate or breach an employment, contractual or other relationship with either Party, unless either Party has granted that right, in writing, to the other Party.
-
During the Term and for a period of two (2) years immediately thereafter, neither Party shall call on, solicit, take away, or attempt to call on, solicit, or take away any customer of either Party on whom either Party has called or with whom either Party became acquainted during the Term, as the direct or indirect result of either Parties’ engagement pursuant to this Agreement, unless if activity is necessary by OnCallMD in fulfilling its obligations under this Agreement.
-
During the Term, OnCallMD Physician shall not, and shall cause its affiliates and subsidiaries not to, on behalf of itself or any other business enterprise, enter into any agreement, contract, or arrangement, directly or indirectly, or make any equity investment in, any entity which provides services similar to the Platform or the Telehealth Program in the United States of America.
-
INDEMNIFICATION AND INSURANCE
-
Each Party agrees that it is solely liable for any breach, misrepresentation, error or omission by its employees, agents and representatives concerning the Platform or otherwise made by such Party in fulfilling its obligations under this Agreement. Each Party agrees to indemnify and hold harmless the other Party and its affiliates, and their directors, officers, employees, agents, representatives, successors and assigns, from and against any loss, cost, damage or expense, including reasonable attorneys’ fees and court costs, arising out of any error, omission or malfeasance of such breaching Party.
-
A Party claiming indemnification hereunder (the “Indemnified Party”) shall give the other Party (the “Indemnifying Party”) prompt written notice of any event or assertion of which Indemnified Party obtains knowledge concerning any event as to which such Indemnified Party may request indemnification hereunder, provided that any delay in providing written notice shall not serve as a bar to indemnification hereunder except to the extent that Indemnifying Party’s ability to defend against or avoid such claim has been prejudiced by such delay. The Parties shall cooperate in determining the validity of any claim for indemnification or assertion requiring indemnity hereunder and in defending against third parties with respect to the same, at Indemnifying Party’s cost and expense. Indemnifying Party shall promptly (and in no event later than thirty (30) days after receiving notice of a claim) decide whether to assume control of the defense of a claim, and if Indemnifying Party does not elect to control such defense, the Indemnified Party shall assume such control of the defense. The Party that is not controlling the defense of a claim may have its own counsel present at its own cost to monitor proceedings related to the claim. If the Indemnifying Party elects to control the defense of a claim, Indemnifying Party’s choice of counsel shall be reasonably satisfactory to Indemnified Party, and Indemnified Party shall be entitled to participate in such defense and shall cooperate fully in connection therewith. Indemnifying Party hereby agrees not to settle or compromise any claim without prior written consent of Indemnified Party.
-
Each Party will maintain such insurance coverage as is reasonably necessary to support its respective obligations under this Agreement, which, for OnCallMD Physician, shall be at least a commercially reasonable general liability policy. Upon written request, each Party shall provide evidence of such coverage to the other Party. Additionally, OnCallMD agrees that it will maintain appropriate liability insurance and the OnCallMD Physician is contractually obligated hereunder to have medical malpractice insurance coverage in the greater of One Million ($1,000,000) Dollars per occurrence and Three Million ($3,000,000) Dollars in the aggregate or as otherwise required by law. Proof of required insurance shall be established during the credentialing process which amount must be maintained during the term hereof.
-
OWNERSHIP OF INTELLECTUAL PROPERTY
-
The OnCallMD Physician acknowledges that all materials relating to the Platform that are developed by or on behalf of OnCallMD or provided to the OnCallMD Physician by OnCallMD (including, without limitation, the communications materials referred to in Section 6 above), and all trade names, service marks, trademarks and logos that are used by OnCallMD (including but not limited to the “OnCallMD” mark), and such other trade names, trademarks and logos as hereinafter may be designated by OnCallMD in connection with its business (the “OnCallMD Marks”) are the unique intellectual property of OnCallMD (the “Intellectual Property”), and the OnCallMD Physician agrees that: (i) the OnCallMD Physician will not duplicate the Platform in any format that would, in whole or in part, infringe upon the intellectual property rights of OnCallMD, and will not use or disclose the Intellectual Property in any manner other than pursuant to this Agreement; (ii) the OnCallMD Physician and its employees, directors, officers, agents, owners, successors and assigns shall maintain the confidentiality of any non-public Intellectual Property disclosed to the OnCallMD Physician by OnCallMD; and (iii) on termination of this Agreement, the OnCallMD Physician shall return to OnCallMD all of the Intellectual Property provided to the OnCallMD Physician.
-
OnCallMD grants to the OnCallMD Physician a limited, non-exclusive, non-transferable license to use the OnCallMD Marks during the Term and only pursuant to the terms of this Agreement and in a manner that has been approved, in writing, by OnCallMD in advance.
-
OnCallMD shall have the right to use OnCallMD Physician’s trade name, trademark, service mark, or symbol in its advertising, publicity or other promotional endeavors during the term of this Agreement.
-
OnCallMD Physician represents and warrants that the use of all elements that the OnCallMD Physician provides to OnCallMD for marketing, will not infringe upon or violate any copyrights, trade secrets, privacy and publicity rights, contractual rights or other rights of any third party. OnCallMD Physician further represent and warrants that, to the best of OnCallMD Physician’s knowledge, such use will not infringe upon any patent rights or that of any third party.
-
NON-DISCLOSURE OBLIGATIONS
-
As used in this Agreement, the term “Confidential Information” means any technical or business information furnished by one Party to the other Party in connection with this Agreement, regardless of whether such information is specifically designated as confidential and regardless of whether such information is in written, oral, electronic, or other form. Such Confidential Information may include, without limitation, trade secrets, know-how, inventions, technical data or specifications, testing methods, business or financial information, research and development activities, product and marketing plans, and customer and supplier information.
-
Each Party (the “Receiving Party”) receiving Confidential Information from the Party disclosing Confidential Information (the “Disclosing Party”) agrees that it shall:
-
maintain all Confidential Information in strict confidence, except that the Receiving Party may disclose or permit the disclosure of any Confidential Information to its directors, officers, employees, consultants, and advisors who are obligated to maintain the confidential nature of such Confidential Information and who need to know such Confidential Information for the purposes set forth in this Agreement;
-
use all Confidential Information solely for the purposes set forth in this Agreement; and
-
allow its directors, officers, employees, consultants, and advisors to reproduce the Confidential Information only to the extent necessary to effect the purposes set forth in this Agreement, with all such reproductions being considered Confidential Information.
-
The obligations of the Receiving Party under Section 13.B above shall not apply to the extent that the Receiving Party can demonstrate that certain Confidential Information:
-
was in the public domain prior to the time of its disclosure under this Agreement;
-
entered the public domain after the time of its disclosure under this Agreement through means other than an unauthorized disclosure resulting from an act or omission by the Receiving Party;
-
was independently developed or discovered by the Receiving Party without use of the Confidential Information; or
-
is or was disclosed to the Receiving Party at any time, whether prior to or after the time of its disclosure under this Agreement, by a third party having no fiduciary relationship with the Disclosing Party and having no obligation of confidentiality with respect to such Confidential Information.
-
The nondisclosure obligations of the Receiving Party under Section 13 shall be waived in any instance where Confidential Information is required to be disclosed to comply with applicable laws or regulations, or with a court or administrative order, provided that the Disclosing Party receives prior written notice of such disclosure and that the Receiving Party takes all reasonable and lawful actions to obtain confidential treatment for such disclosure and, if possible, to minimize the extent of such disclosure.
-
The Receiving Party acknowledges that the Disclosing Party (or any third party entrusting its own confidential information to the Disclosing Party) claims ownership of the Confidential Information disclosed by the Disclosing Party and all patent, copyright, trademark, trade secret, and other intellectual property rights in, or arising from, such Confidential Information. No option, license, or conveyance of such rights to the Receiving Party is granted or implied under this Agreement. If any such rights are to be granted to the Receiving Party, such grant shall be expressly set forth in a separate written instrument.
-
The Receiving Party acknowledges that the Disclosing Party makes no representations and gives no warranties of any kind regarding the Confidential Information disclosed to Receiving Party and shall have no liability with respect to any such Confidential Information under this Agreement.
-
Upon expiration or termination of the Term, the Receiving Party shall return to the Disclosing Party all originals, copies, and summaries of documents, materials, and other tangible manifestations of Confidential Information in the possession or control of the Receiving Party, except for Confidential Information that is not electronically retrievable because it is not discrete or severable from non-Confidential Information.
-
The Receiving Party agrees that any breach of its obligations under this Agreement will cause irreparable harm to the Disclosing Party; therefore, the Disclosing Party shall have, in addition to any remedies available at law, the right to obtain equitable relief to enforce this Agreement.
-
TERMINATION
-
Termination Without Cause – Notwithstanding any other provision herein, either Party may terminate this Agreement as of any date providing not less than Thirty (30) days’ prior written notice to the other Party of its intention to terminate this Agreement.
-
Termination by OnCallMD – If this Agreement is terminated by OnCallMD, for any reason whatsoever, OnCallMD shall demand payment, if applicable, on any invoice that is delinquent at the time of termination or that becomes delinquent after the date of termination. Conversely, any accrued payables or outstanding amounts due to OnCallMD Physician on the date of termination of this agreement shall be paid by OnCallMD to OnCallMD Physician.
-
Termination by Breach – If OnCallMD Physician is in material breach of this Agreement, OnCallMD shall give OnCallMD Physician thirty (30) days’ written notice of any such breach. If such breach has not been cured to OnCallMD’s satisfaction within such thirty (30) day period, then this Agreement shall automatically terminate at the end of the applicable notice period without further notice.
-
Termination due to Cessation – This Agreement may be terminated by either Party upon thirty (30) days’ written notice to the other Party, in the event that the other Party: (i) shall become insolvent; (ii) admits in writing its inability to pay its debts as they mature; or (iii) ceases to function as a going concern or to conduct its operations in the normal course of business, if such event is not cured within the thirty (30) day period.
-
Effect of Termination by OnCallMD Physician – If this Agreement is terminated by the OnCallMD Physician, for any reason whatsoever, the OnCallMD Physician shall pay, if applicable, all amounts outstanding on invoices issued, and invoices to be issued, not later than fifteen (15) calendar days after the termination date for Services rendered prior to the effective date of such termination.
-
Effect of Any Termination – Upon any termination or expiration of this Agreement, (i) OnCallMD Physician will immediately discontinue use of the Telehealth Program (as well as any use of the OnCallMD Confidential Information); (ii) OnCallMD Physician will promptly pay, if applicable, all accrued and outstanding amounts due under this Agreement; (iii) each Party will delete any of the other Party’s Confidential Information from computer storage or any other media including, but not limited to, online and off-line libraries; and (iv) each Party will return to the other Party or, at the other Party’s option, destroy, all physical copies of any the other Party’s Confidential Information.
-
Survival – The termination or expiration of this Agreement shall in no case relieve OnCallMD Physician from its obligation to pay, if applicable, to the other, any sums accrued under this Agreement prior to such termination or expiration.
-
COMPLIANCE WITH LAWS
Each Party will perform its obligations under this Agreement in a manner that complies with all laws applicable to such Party.
-
ENTIRE AGREEMENT
-
This Agreement (including any exhibits or attachments hereto) constitutes the entire agreement by and between OnCallMD and the OnCallMD Physician relating in any manner of its subject matter, and any representation, warranty, covenant, understanding or agreement not contained or incorporated in it by reference shall be of no force or effect. This Agreement supersedes all prior proposals, discussions, writings, and agreements between the Parties relating to the subject matter hereof. This Agreement may only be modified in writing, signed by an authorized representative of each Party.
-
In the event any provision of this Agreement shall be determined to be invalid or unenforceable, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement, but rather this Agreement shall be construed as if not containing the particular invalid or unenforceable provision or provisions, and the rights and obligations of the Parties shall be construed and enforced accordingly.
-
NOTICE
Any notice required by this Agreement may be given by ordinary mail, certified mail, return receipt requested, or overnight mail to the address of the other Party set forth below or to such other address as specified in a written notice by one Party to the other Party. Notice shall be deemed to be received three days after deposit, if given by ordinary mail, seven days after deposit if given by certified mail, return receipt requested, and one day after deposit if given by overnight mail. The address of each Party for notice is set forth opposite their signature block on the signature page hereof.
-
GOVERNING LAW AND DISPUTES
This Agreement shall be governed by Florida law, without giving effect to its conflicts of laws provisions. Jurisdiction and venue for any and all disputes under this Agreement shall be the state and/or federal courts of Miami, Florida. Prior to the institution of formal court action, the Parties agree that any claim or controversy arising from this Agreement shall be considered and addressed by one representative from OnCallMD and one representative from the OnCallMD Physician at a meeting held upon at least five business days’ advance notice from the complaining Party. Such meeting shall be held at a neutral location in the city where the non-complaining Party has its principal office. If the claim or controversy is not resolved by the representatives at such meeting or within five business days thereafter, either Party may proceed with court action.
-
STATE AVAILABILITY
With respect to the Telehealth Program, OnCallMD Physician will be notified within 30 days of any changes with respect to the states in which the Telehealth Program is being offered by OnCallMD.
-
MISCELLANEOUS
This Agreement is deemed to have been prepared jointly by the Parties hereto, and any uncertainty or ambiguity herein shall not be interpreted against either Party, but shall be interpreted according to the application of the rules of interpretation for arm’s length agreements.
This Agreement may be executed in any number of counterparts, all of which shall constitute one and the same instrument, and each Party hereto may execute this Agreement by signing one or more counterpart and which may be executed by way of facsimile or electronic signature all of which shall not affect the construction of this Agreement. Each signatory hereto represents that he/she has full authority to sign this Agreement on behalf of his/her respective organization and to bind and obligate such organization to the terms hereof.
IN WITNESS WHEREOF, this Agreement has been duly executed and delivered by the duly authorized representatives of the Parties herein as of the Effective Date.
ONCALLMD Inc & THE ONCALLMD PHYSICIAN
Notices sent to:
OnCallMD, Inc. General Counsel, legal@oncall.md
OnCallMD Inc, 300 South Pine Island Rd STE 307, Plantation, FL, 33324
EXHIBIT I – COMPENSATION PLAN
-
For call telehealth consultations verified and accounted for by OnCallMD during each calendar month of this agreement, OnCallMD Physician will receive a Fifty ($50) Dollar consult fees for OnCallMD Physician’s telehealth services:
*OnCallMD reserves the right, from time to time, to adjust, alter, or update the OnCallMD monthly subscription fees structure, and accompanying OnCallMD Physician per consult fees as needed and agreed to by both parties.
EXHIBIT II – BUSINESS ASSOCIATE AGREEMENT
See attached.
HIPAA BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement, dated as of _________________ (“Agreement”), by and between _________________, on its own behalf and on behalf of all entities controlling, under common control with or controlled by it (the “Covered Entity”), and OnCallMD, Inc, a Delaware limited liability company, (“Business Associate”). Covered Entity and Business Associate may be referred to herein collectively as the “Parties” or individually as “Party”.
WHEREAS, Covered Entity and Business Associate are parties to an agreement or various agreements pursuant to which Business Associate provides certain services to Covered Entity (“Services Agreement or Agreements”). In connection with Business Associate’s services, Business Associate creates, receives, maintains or transmits Protected Health Information from, to, or on behalf of Covered Entity, which information is subject to protection under the Federal Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 (the “HIPAA Statute”), the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”), and related regulations promulgated by the Secretary (“HIPAA Regulations”).
WHEREAS, Business Associate qualifies as a “business associate” (as defined by the HIPAA Regulations) of its clients, which means that Business Associate has certain responsibilities with respect to the Protected Health Information of its clients; and WHEREAS, in light of the foregoing and the requirements of the HIPAA Statute, the HITECH Act and HIPAA Regulations, Business Associate and Covered Entity agree to be bound by the terms and conditions of this Agreement.
NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
-
Definitions.
-
General. Capitalized terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms by the HIPAA Statute, the HITECH Act and HIPAA Regulations as in effect or as amended from time to time.
-
Specific.
-
Breach. “Breach” shall have the same meaning as the term “breach” in 45 CFR § 164.402.
-
Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term “electronic health record” in the HITECH Act, Section 13400(5).
-
Electronic Protected Health Information, “Electronic Protected Health Information” shall have the same meaning as the term “electronic protected health information” in 45 CFR § 160.103, limited to the information that Business Associate creates, receives, maintains, or transmits from or on behalf of Covered Entity.
-
Individual. “Individual” shall have the same meaning as the term “individual” in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § I 64.502(g).
-
Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164.
-
Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity.
-
Required By Law. “Required by Law” shall have the same meaning as the term “required by law” in 45 CFR § 164.103.
-
Secretary. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his designee.
-
Security Rule. “Security Rule” shall mean the Security Standards at 45 CFR Part 160 and Part 164.
-
Services Agreement. “Services Agreement” shall mean any present or future agreements, either written or oral, between Covered Entity and Business Associate under which Business Associate provides services to Covered Entity which involve the use or disclosure of Protected Health Information. The Services Agreement is amended by and incorporates the terms of this Agreement.
-
Subcontractor. “Subcontractor” shall have the same meaning as the term “subcontractor” in 45 CFR § 160.103.
-
Unsecured Protected Health Information. “Unsecured Protected Health Information” shall have the same meaning as the term “unsecured protected health information” in 45 CFR § 164.402.
-
HIPAA. “HIPAA” collectively refers to the HIPAA Statute, the HITECH Act, and the HIPAA Regulations, as such may be amended from time to time.
-
Obligations and Activities of Business Associate.
-
Use and Disclosure. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Service Agreement or as Required By Law. Business Associate shall comply with the provisions of this Agreement relating to privacy and security of Protected Health Information and all present and future provisions of HIPAA that relate to the privacy and security of Protected Health Information and that are applicable to Covered Entity and/or Business Associate. In addition, Business Associate agrees to comply with all applicable State laws governing the privacy, security and confidentiality of protected health information, to the extent such state laws are not preempted by HIPAA. Without limiting the foregoing, to the extent the Business Associate will carry out one or more of the Covered Entity’s obligations under the Privacy Rule, Business Associate shall comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligations.
-
Appropriate Safeguards. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of the Protected Health Information other than as provided for by the Service Agreement and this Agreement. Without limiting the generality of the foregoing, Business Associate represents and warrants that Business Associate:
-
Has implemented and will continue to maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information as required by the Security Rule; and
-
Shall ensure that any agent or subcontractor, to whom Business Associate provides Electronic Protected Health Information, has implemented and will continue to maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information as required by the Security Rule.
-
Reporting. Business Associate agrees to promptly, and in any event within three (3) business days, report to Covered Entity any of the following:
-
Any use or disclosure of Protected Health Information not permitted by this BA Agreement of which Business Associate becomes aware.
- Any Security Incident of which Business Associate becomes aware.
- The discovery of a Breach of Unsecured Protected Health Information.
A Breach is considered “discovered” as of the first day on which the Breach is known, or reasonably should have been known, to Business Associate or any employee, officer or agent of Business Associate, other than the individual committing the Breach. Any notice of a Security Incident or Breach of Unsecured Protected Health Information shall include the identification of each Individual whose Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during such Security Incident or Breach as well as any other relevant information regarding the Security Incident or Breach. Any such notice shall be directed to Covered Entity pursuant to the notice provisions of the Services Agreement or to the Privacy Officer of Covered Entity.
-
-
Investigation. Business Associate shall reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BA Agreement and/or any Security Incident or Breach.
-
Reports and Notices. Business Associate shall reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices to the Individual, a regulatory body or any third party required to be made under HIPAA, HIPAA Regulations, the HITECH Act, or any other Federal or State laws, rules or regulations, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.
-
Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate or its employees, officers, Subcontractors or agents of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement (including, without limitation, any Security Incident or Breach of Unsecured Protected Health Information). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this Agreement and/or any Security Incident orBreach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices to the Individual, a regulatory body or any third party required to be made under HIPAA or any other Federal or State laws, rules or regulations, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity. Business Associate shall keep Covered Entity fully apprised of all mitigation efforts of the Business Associate required under this Section.
-
Agents/Subcontractors. Business Associate agrees to ensure that any agent and/or subcontractor that creates, receives, maintains or transmits Protected Health Information on behalf of Business Associate agrees in writing to restrictions and conditions at least as stringent as those that apply to Business Associate pursuant to this Agreement with respect to such information. Business Associate agrees that, in the event that Business Associate becomes aware of a pattern of activity or practice 0 f an agent and/or subcontractor that constitutes a material breach or violation by the agent and/or subcontractor of any such restrictions or conditions, Business Associate shall take reasonable steps to cure the breach or end the violation, as applicable, and if such steps are unsuccessful, to terminate the contract or arrangement with such agent and/or subcontractor.
-
Access to Designated Record Sets. To the extent that Business Associate possesses or maintains Protected Health Information in a Designated Record Set, Business Associate agrees to provide access, at the request of Covered Entity, and in the time, format and manner reasonably requested by Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual or the Individual’s designee in order to meet the requirements under HIPAA. If an Individual makes a request for access to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within three (3) business days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual or the Individual’s designee.
-
Amendments to Designated Record Sets. To the extent that Business Associate possesses or maintains Protected Health Information in a Designated Record Set, Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to HIPAA at the request of Covered Entity or an Individual, and in the time and manner reasonably requested by Covered Entity. If an Individual makes a request for an amendment to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within three (3) business days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual.
-
Access to Books and Records. Business Associate agrees to make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner reasonably requested by the Covered Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s or Business Associate’s compliance with HIPAA.
-
Accountings. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA.
-
Requests for Accountings. Business Associate agrees to provide to Covered Entity or an Individual, in the time and manner reasonably requested by Covered Entity, information collected in accordance with Section 2.k. of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA. If an Individual makes a request for an accounting directly to Business Associate, Business Associate shall notify Covered Entity of the request within three (3) business days of such request and will cooperate with Covered Entity and allow Covered Entity to send the response to the Individual.
-
Privacy Requirements. To the extent Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, Business Associate shall comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).
-
Permitted Uses and Disclosures by Business Associate.
-
Service Agreement. Except as otherwise limited in this Agreement, Business Associate may only use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Service Agreement, provided that such use or disclosure would not violate HIPAA, HIPAA Regulations or HITECH if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. All such uses and disclosures shall be consistent with the minimum necessary requirements of HIPAA.
-
De-Identified Data. Business Associate is not authorized to de-identify Protected Health Information or to use or disclose any de-identified Protected Health Information of Covered Entity except as otherwise provided in the Service Agreement. If de-identification is specified in the Service Agreement, Business Associate shall de-identify the information in accordance with 45 CFR 164.514(a)- (c).
-
Use for Administration of Business Associate. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.
-
Disclosure for Administration of Business Associate. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that (i) disclosures are Required By Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the Protected Health Information will remain confidential and he used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
-
Permissible Requests by Covered Entity.Except as set forth in Section 3 of this Agreement, Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
-
Term and Termination.
-
Term. This Agreement shall be effective as of the date of this Agreement and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created, maintained, transmitted or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
-
Termination for Cause. Upon Covered Entity’s knowledge of a material breach by Business Associate of this Agreement, Covered Entity shall either:
-
Provide an opportunity for Business Associate to cure the breach or end the violation. If Business Associate does not cure the breach or end the violation within the time specified by Covered Entity, Covered Entity shall terminate: (A) this Agreement; (B) all of the provisions of the applicable Service Agreement that involve the use or disclosure of Protected Health Information; and (C) such other provisions, if any, of the applicable Service Agreement as Covered Entity designates in its sole discretion; or
-
If Business Associate has breached a material term of this Agreement and cure is not possible, immediately terminate: (A) this Agreement; (B) all of the provisions of the applicable Service Agreement that involve the use or disclosure of Protected Health Information; and (C) such other provisions, if any, of the applicable Service Agreement as Covered Entity designates in its solediscretion.
-
Effect of Termination.
-
Except as provided in Section 5(c)(ii), upon termination of the applicable Service Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
-
In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. In addition, with respect to Electronic Protected Health Information, Business Associate shall continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164, to prevent the use or disclosure of the Protected Health Information, for as long as Business Associate retains the Electronic Protected Health Information.
- Compliance with the Electronic Transaction Standards.
When providing its services and/or products, Business Associate shall comply with all applicable HIPAA standards and requirements (including, without limitation, those specified in 45 CFR Part 162) with respect to the transmission of health information in electronic form in connection with any transaction for which the Secretary has adopted a standard under HIPAA (“Covered Transactions”). Business Associate will make its services and/or products compliant with HIPAA’s standards and requirements no less than thirty (30) days prior to the applicable compliance dates under HIPAA. Business Associate represents and warrants that it is aware of all current HIPAA standards and requirements regarding Covered Transactions, and Business Associate shall comply with any modifications to HIPAA standards and requirements which become effective from time to time. Business Associate agrees that such compliance shall be at its sole cost and expense, which expense shall not be passed on to Covered Entity in any form, including, but not limited to, increased fees. Business Associate shall require all of its agents and subcontractors (if any) who assist Business Associate in providing its services and/or products to comply with the terms of this Section 6.
Business Associate agrees to indemnify, defend and hold harmless Covered Entity and its employees, trustees, professional staff representatives and agents (collectively, the “Indemnities”) (rom and against any and all claims (whether in law or in equity), obligations, actions, causes of action, suits, debts, judgments, losses, fines, penalties, damages, expenses (including attorney’s fees), liabilities, lawsuits or costs incurred by the Indemnities which arise or result from a breach of the terms and conditions of this Agreement, a violation of HIPAA, or a Breach by Business Associate or its employees, agents or subcontractors. Business Associate’s indemnification obligations hereunder shall not be subject to any limitations of liability or remedies in the Service Agreement.
-
-
Miscellaneous.
-
No HIPAA Agency Relationship. It is not intended that an agency relationship (as defined under the Federal common law of agency) be established hereby expressly or by implication between Covered Entity and Business Associate for purposes of liability under HIPAA, HIPAA Regulations, or the HITECH Act. No terms or conditions contained in this BA Agreement shall be construed to make or render Business Associate an agent of Covered Entity.
-
Regulatory References. A reference in this Agreement to a section in HIPAA, HIPAA Regulations or HITECH means the section as in effect or as amended or modified from time to time, including any corresponding provisions of subsequent superseding laws or regulations..
-
Amendment. The parties agree to take such action as is necessary to amend the Service Agreement or this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of HIPAA, HIPAA Regulations or HITECH.
-
Survival. The respective rights and obligations of Business Associate under Section 5(c), Section 7 and this Section 8(c) of this Agreement shall survive the termination of the Service Agreement or this Agreement.
-
Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with HIPAA, HIPAA Regulations or HITECH.
-
Third Party Beneficiaries. Covered Entity’s subsidiaries and affiliates shall be considered third party beneficiaries of this Agreement and the agreements contained therein.
-
Miscellaneous. The terms of this Agreement are hereby incorporated into the Service Agreement (s) (including present and future agreements). Except as otherwise set forth in Section 8(d) of this Agreement, in the event of a conflict between the terms of this Agreement and the terms of the Service Agreement, the terms of this Agreement shall prevail. The terms of the Service Agreement which are not modified by this Agreement shall remain in full force and effect in accordance with the terms thereof. This Agreement shall be governed by, and construed in accordance with, the laws of the State of Florida, exclusive of conflict of law rules. Each party to this Agreement hereby agrees and consents that any legal action or proceeding with respect to this Agreement shall only be brought in the state and federal courts located in Florida. This Agreement may be executed in counterparts, each of which when taken together shall constitute one original. Any PDF or facsimile signatures to this Agreement shall be deemed original signatures to this Agreement. No amendments or modifications to this Agreement shall be effected unless executed by both parties in writing. This Agreement constitutes the entire agreement between the parties with respect to the subject matter contained herein and this Agreement supersedes and replaces any former business associate agreement or addendum entered into by the parties.
[Signature Page Follows]
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date set forth above.
Covered Entity:
By:
Print Name:
Print Title:
Business Associate:
ONCALLMD, Inc
By:
Print Name:
Print Title: