DENTAL SLEEP SOLUTIONS FRANCHISING LLC
DS3 SOFTWARE as a SERVICE
USER AGREEMENT
THIS IS A LEGALLY BINDING AGREEMENT (“Agreement”) between Dental Sleep Solutions Franchising, LLC, a Florida Corporation (together with its subsidiaries "we" or "us") and you (“you” or “Customer”). BY CLICKING "CREATE ACCOUNT" OR BY OTHERWISE ACCESSING OR USING THE SERVICES (DEFINED BELOW), YOU AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. Please read this Agreement carefully, and do not continue use of the Services unless you agree fully with its terms. You and we are collectively referred to as the "Parties."
DEFINITIONS
For the purposes of this Agreement, the terms set forth in this section have the meanings assigned below.
“Administrative User” means a User with privileges to administer and direct use of the Provider’s account. This includes permission to administer, create, and suspend User accounts within the Provider’s account, as well as share Your Information or send and receive Protected Health Information to other parties.
“Authorized Representative” is an Administrative User designated by the Provider to act on the Provider’s behalf for the purposes of this Agreement and for facilitating Services.
“Business Associate Agreement” is included in Exhibit A and is used for the purpose of fulfilling HIPAA Privacy Rule obligations.
“De-Identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule.
“DS3 Agreement” shall mean the document(s) by which you subscribe to our Services and where your initial subscription payments are defined.
“Materials” mean many product, service, information, content, software, message, advertisement or any other work found at, aggregated at, contained on, distributed through, linked to or from, downloaded to or from or in any other manner accessed from the Services.
“Practice” means a Provider’s employees and other persons who perform work for and under the supervision of the Provider.
“Provider” or “Health Care Provider” means a provider of services (as defined in section 1861 of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.
“Provider of Record” means the Provider to whose name your account is established and bound and who is subject to all of the provisions applicable to you in this Agreement.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.
“Protected Health Information” is defined as in the US Health Insurance Portability and Accountability Act (HIPAA).
“Services” or “Service” means the System accessed via www.DentalSleepSolutions.com and/or other online aliased domains under this Agreement, including access to our electronic medical record, claim payment, and other services.
“Subscription Fees” are fees paid by you for Services, paid as defined in your DS3 Agreement and in this Agreement.
“Term” or “Extension Term” means the initial term and all renewal terms of this Agreement as defined in Section 20.
“User” means a natural person who is a member of Your Practice, identified by his/her legal name, to whom you have authorized access to our Services on your behalf subject to the terms of this Agreement.
“Use” means accessing, displaying, executing, loading or otherwise using the Service.
"You" or "you" means the individual or entity using the Service under this Agreement.
“Your Health Information” means Protected Health Information that you, your Users, your patients, or third parties working on your behalf add or store in the Services.
“Your Information” means information that you or your Users add or store in the Services.
Section I: GRANT OF LICENSE
Service License. In consideration of the Subscription Fees set forth in Your DS3 Agreement, you are granted a nonexclusive, non transferable, revocable, limited license to use the Service for your internal business purposes in accordance with this Agreement during the Term (see Section 20).
Scope of License. This Agreement grants you up to ten (10) User accounts that will allow you to use the Service. At least one (1) account will be an Administrative User. Up to nine (9) other accounts will have general User (non-administrative) permissions. Any additional Users may be subject to additional fees, as determined by us. Any additional "Provider" accounts beyond the initial Provider of Record are subject to additional fees, as determined by us. If you are an Authorized Representative, you warrant that a) the information you submit to us is complete and accurate and b) you have the authority to act on behalf of and bind Provider of Record to all the covenants, obligations, and restrictions of this Agreement.
Equipment. You are responsible for and must provide all equipment, software (other than any software provided by us) and services necessary to use the Service. The Services may currently be accessed by any modern browser (such as Mozilla Firefox or Google Chrome). You agree to maintain and update your internet browser as needed for security and compatibility purposes.
Trial Use. We offer Services on a limited basis to users for the purpose of evaluating our Services. During this trial period you acknowledge that you are subject to all covenants, obligations, and restrictions applicable to you in this Agreement, but you are entitled to none of the rights or benefits under this Agreement and waive and agree not to exercise any benefit or remedy thereof. Your Services may be terminated for any or no reason at any time by us, with or without notice.
Clinical Information and Support Services. We may provide information that assists you with clinical decision making, including reminders, alerts, and health-care related information and resources. You agree that any information or support materials available via the Services are for educational and informative purposes only and do not substitute for your professional judgment nor constitute professional, diagnostic, or treatment advice. You recognize we do not recommend or endorse any provider of healthcare products or services, and the appearance of such materials does not constitute our recommendation or endorsement. We and our affiliates disclaim all warranties as to the accuracy or quality of the Services for any purpose. You assume full risk and responsibility for use of information you obtain through our Services.
Endorsements. All product and service marks contained on or associated with the Service that are not our marks are the trademarks of their respective owners. References to any names, marks, products or services of third parties or hypertext links to third party sites or information do not necessarily constitute or imply our endorsement, sponsorship or recommendation of the third party, information, product or service.
Ownership. You acknowledge and agree that our company names and logos and all related product and service names, design marks and slogans (collectively, the "Marks"), and the Services, including all underlying software or other intellectual property are the property of us and our affiliates or third party suppliers, as applicable. You are not authorized to use any of the Marks in any advertising, publicity or any other commercial manner without the prior written consent of us. Your use of the Service confers no title or ownership in the Services, Software, Materials or Marks and is not a sale of any rights thereof. We and our third party suppliers retain all copyright, patent, trademark, trade secret and other intellectual property rights.
Patient Portal. You may allow your patients to access and upload parts of their medical information through our web-based portal we provide to you (“Patient Portal”). You are responsible for monitoring and granting access to your Patient Portal, and all information submitted through the Patient Portal is subject to this Agreement.
Privacy / HIPAA. Our Services are provided to you in order to store your Health Information and make it available to you for any legal purpose, including but not limited to treating your patients and facilitating insurance payment operations. We permit access to your Health Information to you and your Users, as well as covered entities and their business associates to whom you have provided consent. We may use your Health Information for the purpose of making suggestions and performance recommendations to you in connection with the Services. We may de-identify your information or create De-Identified Health Information for any purpose whatsoever. We may use your contact information to provide online directory services to allow patients to find and contact you.
Business Associate Agreement. We use all reasonable efforts to enable our services to meet applicable requirements set forth in the Privacy Rule and general HIPAA and HITECH Act requirements. Accordingly, we enter into a Business Associate Agreement (“BAA”) with you as defined in EXHIBIT A. Your use of the Services constitutes your acceptance of this BAA.
Responsibility of Use and Usage Restrictions. You warrant that you will not access or use the Service in any unlawful manner, for any unlawful purpose or in violation of these terms and conditions or applicable laws, rules, and regulations. You agree that you will be responsible for all usage of the Service through your account, whether or not authorized by you. While we provide certain technical safeguards against misuse of the Services, you agree that we will not be responsible for any unlawful access to your Services by any user. There are no third party beneficiaries to this Agreement, meaning that your Users, patients, subsidiaries, affiliates, or other third parties have no rights against us under this Agreement.
Except to the extent permitted above, you may not: permit other individuals to use the Service; modify, translate, reverse engineer, decompile, disassemble, circumvent any technical safeguards within the Services, or create derivative works based on any product, service, information, content, software, message, advertisement or any other work found at, aggregated at, contained on, distributed through, linked to or from, downloaded to or from or in any other manner accessed from the Service; copy (including copying onto a bulletin board or similar system) the Service or Materials other than as specified herein; rent, lease, grant a security interest in, or otherwise transfer rights to the Service or Materials or remove any proprietary notices or labels on the Service and Materials. You may not use the Services to transmit obscene, libelous, illegal, threatening, or offensive messages or materials. With regard to any Materials in which we or any affiliate or third party supplier of us claims a proprietary interest and which are offered for downloading from the Service, you may download one copy of such Materials on any single computer for your personal or internal business use, provided you keep intact all copyright and other proprietary notices.
Except as required by law, you will not permit any third party to use or access the Services without our prior written consent. You agree to notify us immediately if you receive any demand or request from a third party for access to Services.
User Identification and Safeguards. You and your users must create credentials to access the Services that are uniquely assigned to each individual user. You have no ownership rights of such credentials, and you will ensure that each User of your Services has unique credentials identified with his/her natural name and that no user uses the credentials assigned to another user. We are not responsible to you or any third party for unauthorized access to your data or the unauthorized use of Services as a result of your intentional or unintentional error or omission. You are responsible for the use of the Services by any User, any User you authorize to use the Services, any person to whom you have given access to the Services, and any person who gains access to your data or the Services as a result of your failure to use reasonable security precautions, even if such use was not authorized by you shall be your responsibility for purposes of liability to any such third parties.
You must implement and maintain appropriate safeguards to protect your information and access to Services in accordance with the Privacy Rule, whether or not the information is subject to HIPAA. You will immediately notify us of any breach or suspected breach, or unauthorized use or disclosure of information within or obtained from the Services. You will take necessary actions to mitigate such a breach or suspected breach, and you agree to cooperate fully with our investigation of any breach or suspected breach.
Educational Webinar and Forum Conduct. We may offer participatory webinars, courses, discussion forums, or other opportunities to exchange information among Users. You will abide by all applicable forum and discussion rules, and you acknowledge that anything you say or post in these exchanges is available to the public. You are responsible for the protection of you and your Practice’s information, and you will not disclose individually identifiable health information during any exchange.
Your Risks. We act solely as an operator of the Service for your convenience, and use of the Service and any reliance by you upon any materials, including any action taken by you because of such use or reliance, is at your sole risk. Neither we nor any of our underlying suppliers, service providers, business partners, licensors, employees, distributors or agents is responsible or liable for, or makes any representations or warranties as to:
Any representations, promises, recommendations or inducements that may be made by or through any party (including vendors) found at, on, through, or from the Service;
The timeliness, accuracy, reliability, completeness, legality, copyright compliance, or decency of the Services or any Materials;
Any inaccuracy, omission, error or delay in the Services or any Materials;
Nonperformance of or interruption in the Services or any Materials due to: (i) any act or omission by any disseminating party, (ii) any force majeure (i.e., flood; riot; labor dispute; accident; action of government; communications, transmissions or power failure; equipment, systems or software malfunctions) or any other cause beyond the control of any disseminating party or (iii) outages, transmission quality or malfunctions of telephone circuits or computer systems including, but not limited to, any defects or failures with respect to your software, computer systems or Internet access provider;
The quality of the Services or any Materials (including the results to be obtained from use of them); or
Any loss resulting from, arising out of, or related to your access and/or use of or interaction with the Services or the Materials.
Remedies. Your sole and exclusive remedy for any material failure or nonperformance of the Software shall be for us to use commercially reasonable efforts to adjust or repair the Software within a reasonable period of time, as determined by us. You shall notify us within thirty (30) days of discovery of any error or such claim shall be deemed waived by you.
LIMITATIONS OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL we or any of our underlying SUPPLIERS, service providers, BUSINESS PARTNERS, information providers, licensors, employees, distributors or agents BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY MONEY DAMAGES, WHETHER DIRECT, INDIRECT, SPECIAL, INCIDENTAL, COVER, RELIANCE OR CONSEQUENTIAL DAMAGES, EVEN IF we or any of our underlying SUPPLIERS, service providers, BUSINESS PARTNERS, information providers, licensors, employees, distributors or agents SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. IN THE EVENT AND NOTWITHSTANDING THE FOREGOING, if we or any of our underlying SUPPLIERS, service providers, BUSINESS PARTNERS, information providers, licensors, employees, distributors or agents IS FOUND LIABLE TO YOU FOR DAMAGES FROM ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION (WHETHER IN CONTRACT, TORT, INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHERWISE), the AGGREGATE LIABILITY OF SUCH PARTIES WILL BE LIMITED TO THE AMOUNT YOU PAID FOR THE SERVICES. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU.
DISCLAIMER. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SOFTWARE, SERVICES, AND MATERIALS ARE PROVIDED "AS IS", AND PROVIDER HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EITHER EXPRESSED OR IMPLIED, WITH RESPECT TO THE SERVICE OR THE SOFTWARE, ITS QUALITY, PERFORMANCE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT.
Indemnification by You. You shall indemnify and hold harmless us and any of our underlying suppliers, service providers, business partners, information providers, licensors, employees, distributors or agents from and against any and all claims, demands, actions, causes of action, suits, proceedings, losses, damages, costs, and expenses, including reasonable attorneys fees, arising from or relating to your use of the Services, or any act, error, or omission of you or any user of your account in connection therewith, including, but not limited to, matters relating to incorrect, incomplete, or misleading data or information; libel; invasion of privacy; infringement of a copyright, trade name, trademark, service mark, or other intellectual property; any defective product or any injury or damage to person or property caused by any products sold or otherwise distributed through or in connection with the Service; or violation of any applicable law.
Fees and Payment. You agree to pay us the amount set forth in the DS3 Agreement or then-current fees as specified in Section 20 (Term and Termination). All monthly charges are due via bank transfer auto payment or credit card auto payment. Acceptance of the DS3 Agreement authorizes us to charge your bank account or credit card on a monthly basis as well as initial setup costs if applicable. If a credit charge or bank transfer fails, you will have three (3) calendar days to remedy the situation. Your Services may be suspended or terminated by us after ten (10) business days of non-payment. Should you fail to meet the payment terms of this Agreement, you will pay us all costs and expenses incurred by us in collecting payment due to us under this Agreement, including reasonable attorney’s fees, interest at the highest rate allowable by law on the entire balance owed, and any court expenses related to such action.
You have the right to dispute any items on an invoice with appropriate supporting documentation. In the event of such a dispute, both parties will use good faith efforts to resolve the dispute but you agree to pay all undisputed items in a timely manner in accordance with this Agreement. Invoices not disputed within 180 days of invoice date are deemed conclusively accurate.
You are solely and entirely responsible for all taxes, fees, and debts of any local, state, federal, or foreign taxing authority as applied to this Agreement and the Services and you shall pay such amounts.
Term and Termination. The term of this Agreement (the "Term") shall be commensurate with the term of the initial DS3 Agreement between you and us. This Agreement shall automatically renew at the end of your Term without action by you for successive terms equal to the original Term (each an "Extension Term") unless either party has given ninety (90) days notice, in writing, prior to the renewal date of its desire to terminate this agreement. All Extension Terms shall be subject to the terms and conditions hereunder and will renew at the then-current DS3 membership pricing fee. If your original Term was paid as a lump-sum (prepaid) amount with Term length greater than one (1) year we may, at our discretion, convert your Extension Term billing to a monthly charge. In the event you terminate this Agreement prior to expiration of the Term or Extension Term or fail to perform any of its obligations under this Agreement, we shall have, without limitation, all rights and remedies provided at law or in equity, as well as the right to recover from you an amount (which the parties hereby acknowledge constitutes our liquidated damages and not a penalty) equal to one hundred percent of your monthly charge multiplied by the number of months (including any partial months) remaining until the expiration date of the current Term or Extension Term. We have the right to terminate this Agreement at any time with at least thirty (30) days notice in the event that we are unable to continue performing our obligations under this Agreement due to any change in law or regulation making it impractical or uneconomical, in our sole discretion, to continue performing this Agreement. The provisions of this Agreement (other than your right to use the Services) shall survive termination or expiration of this Agreement.
Export Controls. None of the Services or underlying information or technology may be downloaded or otherwise exported or re exported (i) into (or to a national or resident of) Cuba, Iraq, Libya, Sudan, North Korea, Iran, Syria or any other country to which the U.S. has embargoed goods; or (ii) to anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S. Commerce Department's Table of Denial Orders. By using the Services, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any such country or on any such list. In addition, you are responsible for complying with any local laws in your jurisdiction which may impact your right to import, export or use the Service, and you represent that you have complied with any regulations or registration procedures required by applicable law to make this license enforceable.
General. This Agreement as well as the Business Associate Agreement (Exhibit A) constitutes the entire agreement between you and us with reference to this transaction. This Agreement will be governed by the laws of the State of Florida and in the event of any conflict of law, Florida law will prevail, without regard to any conflict of law principles. In the event of any dispute involving this Agreement, we and you each consent to exclusive jurisdiction and venue in state courts of Manatee County in the State of Florida and agree that we shall be entitled to reasonable attorney fees and costs. In the event any provision of this Agreement shall be deemed unenforceable, void or invalid, we have the right, in our sole discretion, to modify such provision so as to make it valid and enforceable or delete the provision entirely, and as so modified the entire Agreement shall remain in full force and effect. No decision, action, inaction, or assignment by us shall be construed to be a waiver of any rights or remedies available to us. This Agreement, and all our rights and obligations hereunder, may be assigned by us in connection with any sale to a third party of the Services.
EXHIBIT A
HIPAA BUSINESS ASSOCIATE AGREEMENT
(Effective January 1, 2023)
THIS HIPAA PRIVACY COMPLIANCE AGREEMENT (hereinafter known as "HIPAA Agreement") is made between YOU (hereinafter known as "Covered Entity") and DENTAL SLEEP SOLUTIONS FRANCHISING LLC, a Limited Liability Company, organized under the laws of the State of Florida (hereinafter known as "Business Associate"). Covered Entity and Business Associate shall collectively be known herein as "the Parties." BY CLICKING "CREATE ACCOUNT" OR ACCESSING OR USING THE SYSTEM, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT, UNDERTAKING LEGAL OBLIGATIONS, AND CONFERRING LEGAL RIGHTS.
WHEREAS, Covered Entity is a health care provider whose activities are generally described as a Dental Practice;
WHEREAS, Business Associate is in the business of providing services to the dental industry and its activities are generally described as Office Administration Support Services for the treatment of Snoring and Obstructive Sleep Apnea using Orthotic Appliance Therapy;
WHEREAS, the nature of the prospective contractual relationship between Covered Entity and Business Associate may involve the exchange of Protected Health Information ("PHI") as that term is defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") as amended by Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act"), including all pertinent regulations issued by the Department of Health and Human Services ("HHS").
NOW, THEREFORE, the premises having been considered and with acknowledgment of the mutual promises and of other good and valuable consideration herein contained, the Parties, intending to be legally bound, hereby agree as follows:
A. Definitions.
1. Breach. "Breach" has the same meaning as this term has in §13400 of Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act").
2. Business Associate. "Business Associate" shall mean DENTAL SLEEP SOLUTIONS FRANCHISING LLC.
3. Covered Entity. "Covered Entity" shall mean YOU.
4. Designated Record Set. "Designated Record Set" has the same meaning as this term has in 45 CFR §164.501.
5. Individual. "Individual" has the same meaning as this term has in 45 CFR §164.501.
6. Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E., as amended by the HITECH Act.
7. Protected Health Information. "Protected Health Information" (or "PHI") has the same meaning as this term has in 45 CFR §160.103 (as amended by the HITECH Act), limited to the information created or received by Business Associate from or on behalf of Covered Entity.
8. Required By Law. "Required By Law" has the same meaning as this term has in 45 CFR §164.501.
9. Secretary. "Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or his designate.
10. Security Standards. "Security Standards" means the security standards for protection of PHI promulgated by the Secretary in Title 45 C.F.R.
11. Unsecured Protected Health Information. "Unsecured Protected Health Information" shall mean Protected Health Information (PHI) that is not secured through the use of a technology or methodology specified by the Secretary in regulations or as otherwise defined in the §13402(h) of the HITECH Act.
12. Any prospective amendment to the laws referenced in this definitional section prospectively amend this HIPAA Agreement to incorporate said changes by Congressional act or by regulation of the Secretary of HHS.
B. Obligations and Activities of Business Associate.
1. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this HIPAA Agreement or as Required By Law.
2. Business Associate agrees to employ administrative, physical, and technical safeguards meeting required Security Standards for business associates as Required By Law to prevent disclosure or use of PHI other than as allowed by this HIPAA Agreement.
3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI held by Business Associate in violation of the requirements of this HIPPA Agreement.
4. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this HIPAA Agreement of which it becomes aware.
5. If a breach of unsecured protected health information occurs at or by Business Associate, the Business Associate must notify Covered Entity following the discovery of the breach without unreasonable delay and, in all cases, no later than sixty (60) days from the discovery of the breach. To the extent possible, the Business Associate should provide the Covered Entity with the identification of each individual affected by the breach as well as any information required to be provided by the Covered Entity in its notification to affected individuals. Business Associates shall comply with all regulations issued by HHS and applicable state agencies regarding breach notification to Covered Entity.
6. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this HIPAA Agreement to Business Associate with respect to PHI.
7. Business Associate agrees, at the request of Covered Entity, to provide Covered Entity (or a designate of Covered Entity) access to Protected Health Information in a Designated Record Set in prompt commercially reasonable manner in order to meet the requirements under 45 CFR §164.524.
8. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, in a prompt and commercially reasonable manner.
9. Business Associate agrees to make internal practices, books, and records, including policies and procedures for safeguarding Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary (including official representatives of the Secretary), in a prompt and commercially reasonable manner for purposes of determining Covered Entity's compliance with the Privacy Rule.
10. Business Associate shall, upon request with reasonable notice, provide Covered Entity access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI.
11. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
12. Business Associate agrees to provide to Covered Entity or an Individual, in a prompt and commercially reasonable manner, information collected in accordance with this HIPPA Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
C. Permitted Uses and Disclosures by Business Associate.
Except as otherwise limited in this HIPAA Agreement, Business Associate may use or disclose Protected Health Information, as follows:
1. On behalf of, Covered Entity, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
2. Except as otherwise limited in this HIPAA Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
D. Obligations of Covered Entity.
1. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate's use or disclosure of Protected Health Information.
2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate's use or disclosure of Protected Health Information.
3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate's use or disclosure of Protected Health Information.
4. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. Nothing in this paragraph shall restrict the ability of Business Associate to use or disclose PHI as set forth in paragraph C.2. herein.
E. Remedies in Event of Breach.
Covered Entity hereby recognizes that irreparable harm will result to Business Associate, and to the business of, Business Associate in the event of breach by Covered Entity of any of the covenants and assurances contained in Paragraphs B or C of this HIPAA Agreement. As such, in the event of breach of any of the covenants and assurances contained in paragraphs B or C above, Business Associate shall be entitled to enjoin and restrain Covered Entity from any continued violation of Paragraphs B or C. Furthermore, in the event of breach of Paragraphs B or C by, Covered Entity, Business Associate shall be entitled to reimbursement and indemnification from Covered Entity for Business Associate’s reasonable attorneys’ fees and expenses and costs that were reasonably incurred as a proximate result of the Covered Entity’s breach. The remedies contained in this paragraph E shall be in addition to (and not supersede) any action for damages and/or any other remedy Business Associate may have for breach of any part of this HIPAA Agreement.
F. Term and Termination.
1. Term of HIPAA Agreement. The Term of this HIPAA Agreement shall be effective as of the date given at the top of Page 1 herein, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
2. Termination for Cause. Upon Covered Entity's knowledge of a material breach by Business Associate, Covered Entity shall either:
a. Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this HIPAA Agreement if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity;
b. Immediately terminate this Agreement if Business Associate has breached a material term of this HIPAA Agreement and cure is not possible; or
c. If neither termination nor cure are feasible, Covered Entity shall report the violation to the Secretary.
3. Effect of Termination.
a. Except as provided in paragraph E.3(b) of this section, upon termination of this HIPAA Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
b. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon notification to Covered Entity that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this HIPAA Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.
G. Miscellaneous Terms.
1. State Law. If state law applicable to the relationship between Business Associate and Covered Entity contains additional or more stringent requirements than federal law for Business Associates regarding any aspect of PHI privacy, then Business Associate agrees to comply with the higher standard contained in applicable state law.
HIPAA BUSINESS ASSOCIATE AGREEMENT
(Effective January 1, 2023)
THIS HIPAA PRIVACY COMPLIANCE AGREEMENT (hereinafter known as "HIPAA Agreement") is made between YOU (hereinafter known as "Covered Entity") and DENTAL SLEEP SOLUTIONS FRANCHISING LLC, a Limited Liability Company, organized under the laws of the State of Florida (hereinafter known as "Business Associate"). Covered Entity and Business Associate shall collectively be known herein as "the Parties." BY CLICKING "CREATE ACCOUNT" OR ACCESSING OR USING THE SYSTEM, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT, UNDERTAKING LEGAL OBLIGATIONS, AND CONFERRING LEGAL RIGHTS.
WHEREAS, Covered Entity is a health care provider whose activities are generally described as a Dental Practice;
WHEREAS, Business Associate is in the business of providing services to the dental industry and its activities are generally described as Office Administration Support Services for the treatment of Snoring and Obstructive Sleep Apnea using Orthotic Appliance Therapy;
WHEREAS, the nature of the prospective contractual relationship between Covered Entity and Business Associate may involve the exchange of Protected Health Information ("PHI") as that term is defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") as amended by Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act"), including all pertinent regulations issued by the Department of Health and Human Services ("HHS").
NOW, THEREFORE, the premises having been considered and with acknowledgment of the mutual promises and of other good and valuable consideration herein contained, the Parties, intending to be legally bound, hereby agree as follows:
A. Definitions.
1. Breach. "Breach" has the same meaning as this term has in §13400 of Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act").
2. Business Associate. "Business Associate" shall mean DENTAL SLEEP SOLUTIONS FRANCHISING LLC.
3. Covered Entity. "Covered Entity" shall mean YOU.
4. Designated Record Set. "Designated Record Set" has the same meaning as this term has in 45 CFR §164.501.
5. Individual. "Individual" has the same meaning as this term has in 45 CFR §164.501.
6. Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E., as amended by the HITECH Act.
7. Protected Health Information. "Protected Health Information" (or "PHI") has the same meaning as this term has in 45 CFR §160.103 (as amended by the HITECH Act), limited to the information created or received by Business Associate from or on behalf of Covered Entity.
8. Required By Law. "Required By Law" has the same meaning as this term has in 45 CFR §164.501.
9. Secretary. "Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or his designate.
10. Security Standards. "Security Standards" means the security standards for protection of PHI promulgated by the Secretary in Title 45 C.F.R.
11. Unsecured Protected Health Information. "Unsecured Protected Health Information" shall mean Protected Health Information (PHI) that is not secured through the use of a technology or methodology specified by the Secretary in regulations or as otherwise defined in the §13402(h) of the HITECH Act.
12. Any prospective amendment to the laws referenced in this definitional section prospectively amend this HIPAA Agreement to incorporate said changes by Congressional act or by regulation of the Secretary of HHS.
B. Obligations and Activities of Business Associate.
1. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this HIPAA Agreement or as Required By Law.
2. Business Associate agrees to employ administrative, physical, and technical safeguards meeting required Security Standards for business associates as Required By Law to prevent disclosure or use of PHI other than as allowed by this HIPAA Agreement.
3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI held by Business Associate in violation of the requirements of this HIPPA Agreement.
4. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this HIPAA Agreement of which it becomes aware.
5. If a breach of unsecured protected health information occurs at or by Business Associate, the Business Associate must notify Covered Entity following the discovery of the breach without unreasonable delay and, in all cases, no later than sixty (60) days from the discovery of the breach. To the extent possible, the Business Associate should provide the Covered Entity with the identification of each individual affected by the breach as well as any information required to be provided by the Covered Entity in its notification to affected individuals. Business Associates shall comply with all regulations issued by HHS and applicable state agencies regarding breach notification to Covered Entity.
6. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this HIPAA Agreement to Business Associate with respect to PHI.
7. Business Associate agrees, at the request of Covered Entity, to provide Covered Entity (or a designate of Covered Entity) access to Protected Health Information in a Designated Record Set in prompt commercially reasonable manner in order to meet the requirements under 45 CFR §164.524.
8. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526 at the request of Covered Entity or an Individual, in a prompt and commercially reasonable manner.
9. Business Associate agrees to make internal practices, books, and records, including policies and procedures for safeguarding Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or to the Secretary (including official representatives of the Secretary), in a prompt and commercially reasonable manner for purposes of determining Covered Entity's compliance with the Privacy Rule.
10. Business Associate shall, upon request with reasonable notice, provide Covered Entity access to its premises for a review and demonstration of its internal practices and procedures for safeguarding PHI.
11. Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
12. Business Associate agrees to provide to Covered Entity or an Individual, in a prompt and commercially reasonable manner, information collected in accordance with this HIPPA Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.
C. Permitted Uses and Disclosures by Business Associate.
Except as otherwise limited in this HIPAA Agreement, Business Associate may use or disclose Protected Health Information, as follows:
1. On behalf of, Covered Entity, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity.
2. Except as otherwise limited in this HIPAA Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
D. Obligations of Covered Entity.
1. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate's use or disclosure of Protected Health Information.
2. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate's use or disclosure of Protected Health Information.
3. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate's use or disclosure of Protected Health Information.
4. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. Nothing in this paragraph shall restrict the ability of Business Associate to use or disclose PHI as set forth in paragraph C.2. herein.
E. Remedies in Event of Breach.
Covered Entity hereby recognizes that irreparable harm will result to Business Associate, and to the business of, Business Associate in the event of breach by Covered Entity of any of the covenants and assurances contained in Paragraphs B or C of this HIPAA Agreement. As such, in the event of breach of any of the covenants and assurances contained in paragraphs B or C above, Business Associate shall be entitled to enjoin and restrain Covered Entity from any continued violation of Paragraphs B or C. Furthermore, in the event of breach of Paragraphs B or C by, Covered Entity, Business Associate shall be entitled to reimbursement and indemnification from Covered Entity for Business Associate’s reasonable attorneys’ fees and expenses and costs that were reasonably incurred as a proximate result of the Covered Entity’s breach. The remedies contained in this paragraph E shall be in addition to (and not supersede) any action for damages and/or any other remedy Business Associate may have for breach of any part of this HIPAA Agreement.
F. Term and Termination.
1. Term of HIPAA Agreement. The Term of this HIPAA Agreement shall be effective as of the date given at the top of Page 1 herein, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
2. Termination for Cause. Upon Covered Entity's knowledge of a material breach by Business Associate, Covered Entity shall either:
a. Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this HIPAA Agreement if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity;
b. Immediately terminate this Agreement if Business Associate has breached a material term of this HIPAA Agreement and cure is not possible; or
c. If neither termination nor cure are feasible, Covered Entity shall report the violation to the Secretary.
3. Effect of Termination.
a. Except as provided in paragraph E.3(b) of this section, upon termination of this HIPAA Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
b. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon notification to Covered Entity that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this HIPAA Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.
G. Miscellaneous Terms.
1. State Law. If state law applicable to the relationship between Business Associate and Covered Entity contains additional or more stringent requirements than federal law for Business Associates regarding any aspect of PHI privacy, then Business Associate agrees to comply with the higher standard contained in applicable state law.
2. Consideration. Business Associate recognizes that the promises it has made in this HIPAA Agreement shall, henceforth, be detrimentally relied upon by Covered Entity in choosing to continue or commence a business relationship with Business Associate.
3. Modification. This HIPAA Agreement may only be modified through a writing signed by the Parties and, thus, no oral modification hereof shall be permitted. The Parties agree to take such action as is necessary to amend this HIPAA Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act of 1996, as amended.
4. Notice to Covered Entity. Any notice required under this HIPAA Agreement to be given Covered Entity shall be made via electronic communication based on the email address and contact information YOU provide.
5. Notice to Business Associate. Any notice required under this HIPAA Agreement to be given Business Associate shall be made in writing to:
Dental Sleep Solutions – ATTN: Business Associate HIPAA Agreement, 402 43rd St W, Suite A, Bradenton, FL 34209