The following Standard Terms of Service (the “TOS”) are made part of and incorporated into your Service Agreement with Kipu Health LLC, a Delaware limited liability company (together with its subsidiaries and affiliates, “Kipu,” “we” or “us”) and govern your and all users’ rights and responsibilities in connection with use and access the Service provided by Kipu thereunder.
THESE TOS ARE LEGALLY BINDING ON KIPU AND YOU AS A “USER” OF THE SERVICE IN ANY CAPACITY FOR ANY REASON WHATSOEVER. EACH TIME YOU LOG IN AND/OR CLICK “I AGREE,” OR BY OTHERWISE ACCESSING OR USING THE SERVICE FOR ANY REASON, YOU ARE ENTERING INTO THESE TOS AND YOU AGREE TO BE BOUND BY THEM, BOTH PERSONALLY AS AN INDIVIDUAL AND AS AN AGENT OF YOUR EMPLOYER, ORGANIZATION, OR OTHER ENTITY ON BEHALF OF WHICH YOU ARE ACCESSING THE SERVICE, REGARDLESS OF WHETHER SUCH PRINCIPAL HAS BEEN DISLOSED. SUCH EMPLOYER, ORGANIZATION, OR OTHER ENTITY IS LIKEWISE BOUND TO ALL THESE TERMS TO WHICH YOU ARE ASSENTING.
Please read these TOS carefully, and do not access or use the Service if you are unwilling or unable to be bound by these TOS. You and we are collectively referred to as the “Parties.”
For the purposes of these TOS, certain terms used in these TOS (whether or not capitalized) shall have the meanings assigned to them in Section 1 below. Terms not defined below or in the body of these TOS (whether or not capitalized) have the definitions given to them in the Service Agreement or HIPAA, as applicable.
“Administrative Rights” means the rights to administer and direct the use of a Client’s account, including the authority to provide, request, issue, administer and limit the access rights to other User accounts issued to such Client’s Authorized Workforce, as well as the rights to integrate, connect, or otherwise share Your Information with, or receive Protected Health Information from, third parties through the Service.
“Ancillary Documentation” means any online knowledge base, training materials, documentation, presentations, instructions, online or offline manuals, reference documents, screenshots, videos, recorded webinars, and like information, as updated from time to time, provided or made accessible via login to the Service.
“Authorized Workforce” means those natural persons who are members of your Workforce who you have identified (by their legal names, and the legal names of their employers) in your account as authorized to access the Service on your behalf.
“BAA” means the Kipu Business Associate Agreement, available online at https://www.kipu.health/business-assoc-agreement.
“Beta Features” means any component of the Service not generally available to all Clients and clearly designated as beta, pilot, limited release, developer preview, non-production or by a notification or to you, whether contained in the Service or not, or description of similar import.
“Client” means the legal organization that executed the Service Agreement.
“Clinical Data Exchange” means the exchange, with your Consent, of Protected Health Information (and Your Personal Information as necessary) between You and covered entities (and their business associates) for any permitted purpose, including, to the extent applicable, care coordination, performance or quality measurement programs, and risk adjustment, and other treatment, payment or health care operations purposes.
“Confidential Information” means any information relating to our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information, including Ancillary Documentation, that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. “Confidential Information” does not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you. “Confidential Information” does not include individuals’ health information.
“Consent” means consent or authorization by a user of the Service allowing us to take actions described under these TOS, which the user of the Service may give in an electronic communication to us or by use of the features of the Service (such as “share,” “transmit,” “refer,” “authorize,” “opt-in,” “agree” or toggling or selecting an action through a settings or activation page located within the Service, and the like). Such Consent may apply to an individual case or situation, or may apply globally or programmatically based on variables that apply to an overall situation or circumstance (whether through a settings or preference page, a global “opt-in” or otherwise).
“Credentials” means any unique identifier, password, token, credential, any combination thereof, or other means we may utilize from time to time for authorizing access to all, or any portion of, the Service.
“De-Identified Health Information” means health information that has been de-identified in accordance with the provisions of the Privacy Rule.
“De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.
“De-Identified Personal Information” means Personal Information from which all identifiers that could reasonably be anticipated to identify an individual by an anticipated recipient – such an individual’s name, contact information, or government identifiers – have been removed.
“De-Identify,” means (i) with respect to Personal Information, to make such information into De-Identified Personal Information, and (ii) with respect to health information, means to make such health information into De-Identified Health Information.
“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.
“HITECH Act” means the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.
“Kipu Gold Certified Biller” means a billing company which is actively participating in, and in good standing under the Kipu Gold Certified Biller Program, for which Kipu has received an authorization letter from a Client to access the Service with separate login Credentials on such Client’s behalf as part of the Client’s Authorized Workforce.
“Personal Information” means information that includes an individual’s name, contact information, government identifiers, or includes identifiers that could reasonably be anticipated to identify an individual personally by an anticipated recipient.
“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the Service, as changed from time to time.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.
“Protected Health Information” has the meaning given it in the Privacy Rule.
“Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C, as amended.
“Service” means our electronic health record and related services, including our electronic medical record services, HIPAA-secure messaging services, revenue cycle management services, practice management services, other operations workflow solutions, and other services provided by us to you.
“Service Agreement” means these TOS together with (and as part of) your Service Agreement with Kipu with all exhibits and any signed or initialed addendum including the following, as applicable:
- Exhibit A – Negotiated Terms
- Exhibit B – Price List for the Services
- Exhibit C – Labs Interface Selection and Request Form
- Exhibit D – Termination Rider
- Exhibit E – Auto Pay Authorization Form
“SLA” means the Kipu Service Level Agreement available online at https://www.kipu.health/service-level-agreement-sla.
“Term” means the length of time the Service Agreement is in effect until otherwise terminated as provided in any exhibit or addendum to the Service Agreement.
“TPTOS” the Kipu Third Party Terms of Service available online at https://www.kipu.health/third-party-tos.
“User” (capitalized) means a natural person who has been authorized, pursuant to these TOS, to access the Service on your behalf; a “user” (un-capitalized) shall mean any user of the Service. As a “user” you are bound by these TOS, along with any employer, organization, or other entity for which you are acting as an agent.
“Workforce” means a Client’s employees, agents, principals, volunteers, trainees, contractors, and other persons whose conduct, in the performance of work for Client, is under the direct control of such Client, whether or not they are paid by the Client. This includes third-party companies with which you may contract for services, including but not limited to third-party billers, information technology professionals, and any other service provider that performs services on your behalf.
“Your Health Information” means Protected Health Information that you or your Workforce input or upload onto the Service, or that we otherwise receive from you or on your behalf from your patients, authorized service providers, or our third-party partners pursuant to these TOS (including Section 4.1.10).
“Your Information” means information that you or your Workforce input or upload onto the Service, including Your Personal Information and Your Health Information.
“Your Personal Information” means Personal Information that you or your Workforce enter or upload onto the Service.
In addition, the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation.” The word “will” shall be construed to have the same meaning and effect as the word “shall.” The word “or” shall be construed to have the same meaning and effect as “and/or.” The words “herein,” “hereof” and “hereunder,” and words of similar import, shall be construed to refer to these TOS. The headings used in these TOS are used for convenience only and are not to be considered in construing or interpreting these TOS.
2. Grant of Right to Use the Service
2.1 We grant to you and you accept a non-exclusive, personal, non-transferable (except as expressly permitted in Section 21.2), limited right to access and use the Service during the Term, subject to your full compliance with the terms and conditions set forth in these TOS and with our Policies and Procedures. You will not: (a) use the Service for time-sharing, rental or service bureau purposes; (b) make the Service, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the Service, in whole or in part, or otherwise attempt to discover the source code to the software used by the Service; or (d) modify, combine, integrate, render interoperable, or otherwise access for purposes of automating data conversion or transfer, the Service or associated software with any other software or services not provided or approved by us. You will obtain no rights to the Service except for the limited rights to use the Service expressly granted by the Service Agreement and these TOS. You are bound by these TOS, along with any employer, organization, or other entity for which you are acting as an agent or accessing Service.
3. Access to the Service
3.1 Access Rights of Clients and their Authorized Workforce
3.1.1 Client. We offer the Service to the Client and to natural persons who are members of the Client’s Authorized Workforce, as more fully described in this Section 3.1. We treat the Client in whose name the Service Agreement was executed and Instance established as the owner of all User accounts associated with such Client. The Client is a party to these TOS for all purposes and shall be subject to all of the provisions that are applicable to the person addressed as “you” in these TOS. Although a member of a Client’s Authorized Workforce may have logged into your Instance and accessed the Service and electronically consented to these TOS, or may continue to administer Administrative Rights on the Client’s behalf, only the Client is entitled to any of the rights, remedies or benefits under these TOS and control over the Administrative Rights. The Client is likewise subject to, and we may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, waivers and releases included in these TOS. The Client may delegate Administrative Rights to one or more members of the Client’s Authorized Workforce, but the Client remains responsible for all activity occurring thereunder.
3.1.2 Authorized Representatives. An authorized representative of a Client may have administrative privileges on a Client’s Instance. We call the person(s) authorized to act on behalf of a Client the “Authorized Representative(s)” of such Client. The Client and Authorized Representative may be the same person. If you are taking any action with respect to a Client’s Instance, you represent and warrant that (a) you have the authority to act on such Client’s behalf either as owner/principal or as a member of such Client’s Authorized Workforce, (b) the information you submit to us is complete and accurate, and (c) you have the authority to enter into these TOS on behalf of such Client and bind such Client to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in these TOS. If you are an Authorized Representative, you recognize that you have no personal rights with respect to such Client’s Instance, and that such Client may change the Authorized Representative at any time, for any or no reason, with or without notice. You are bound by these TOS, along with any employer, organization, or other entity for which you are acting as an agent.
3.1.3 Authorized Workforce. If you are a member of a Client’s Authorized Workforce, and such Client has authorized you to access the Service on its behalf by authorizing aCredential for you, then you are authorized under these TOS to access the Service solely on behalf and at the direction of such Client. As such, you may log in in and use the functionality of the Service solely on behalf and at the direction of such Client. You consent to and authorize the disclosure to such Client any content related to, or otherwise generated by your use of the Service, including secure messages. You hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in these TOS that are applicable to the person addressed as “you” in these TOS, and you hereby grant and make all rights, waivers and releases set forth in these TOS that are granted and made by the person addressed as “you” in these TOS, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under these TOS other than the limited, non-exclusive, non-transferable, personal right under this Section 3.1.3 to sign in and use the functionality of the Service solely on behalf and at the direction of such Client. Notwithstanding the applicable provisions at Section 17, you acknowledge that your access to the Service may be terminated by the Client or us at any time, for any reason or no reason at all, with or without notice. By (i) accessing any of the Service under a Client’s account(s), or (ii) contacting us by any means and requesting or directing us to take any action with respect to any Client’s account(s) or data held by such account(s), or (iii) asserting any right or authority with respect to such account(s) or data, you represent and warrant that you have the authority to act on such Client’s behalf and that you are not using the Service, or otherwise engaging in the activities described in clauses (i) through (iii) above, for the benefit or at the direction of any person or entity other than such Client, including yourself. Unless you are a member of a Client’s Authorized Workforce, you may not access the Service for the purpose of uploading any information, including but not limited to laboratory results, to patient files, regardless of whether your organization has an agreement with Kipu or any Client.
3.1.4 Super Admin “users”. A user with the assigned role of Super Admin (a “Super Admin User”) must be registered with a company domain email. In order to log in to an Instance, a Super Admin User may be required to authenticate both email and cell phone via two-factor authentication. By logging in, a Super Admin User agrees to accept email and text communication regarding his or her Instance and attendant responsibilities as a Super Admin User. Kipu reserves the right at any time to restrict or disable access for any Super Admin User who fail to meet the minimum requirements set forth above.
3.1.5 All other “users”. If you are a “user” as defined herein, you hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in these TOS that are applicable to the person addressed as “you” in these TOS, and you hereby grant and make all rights, waivers and releases set forth in these TOS that are granted and made by the person addressed as “you” in these TOS, but you are entitled to none of, and hereby waive and agree not to exercise or assert any of, the rights, remedies or benefits under these TOS. Nothing in this section authorizes or shall be deemed to authorize your use of the Service and if your use is not expressly permitted under these TOS, you may be held directly liable and required to pay damages to Kipu for improperly accessing the Service.
3.2 Beta Features; Updates
3.2.1 Beta Features. If you are invited to access any Beta Features of the Service or you access any Beta Features of the Service, you acknowledge that: (a) such features have not been made commercially available by Kipu; (b) such features may not operate properly, be in final form or fully functional; (c) such features may contain errors, design flaws or other problems; (d) it may not be possible to make such features fully functional; (e) use of such features may result in unexpected results, corruption or loss of data, or other unpredictable damage or loss; (f) such features may change and may not become generally available; and (g) Kipu is not obligated in any way to continue to provide or maintain such features for any purpose in providing the ongoing Service. These Beta Features are provided “AS IS”, with all faults. You assume all risk arising from use of such features, including, without limitation, the risk of damage to your computer system or the corruption or loss of data. We may in our sole discretion discontinue Beta Services at any time, and may never make them generally available.
3.2.2 Updates. We will be updating the service from time to time to add new features and fix bugs. These updates usually take a few seconds, but sometimes require a longer suspension of the Service. In such cases, we will notify you at least 48 hours in advance, and we will strive to schedule it so that your business is minimally impacted. We also provide software to support special features for tablets and other devices. If you use this software, it will automatically check if your version is current. If it is not, you may be required to install a newer version before access to the Service is allowed.
You agree that your use of the Service, or certain features or functionality of the Service, may be subject to verification by us of your identity and credentials as a health care provider or health care professional under applicable law, and to your ongoing qualification as such. You agree that we may use and disclose Your Personal Information for such purposes, including making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. Notwithstanding the applicable provisions at Section 16, you agree that we may terminate your access to or use of the Service at any time if we are unable at any time to determine or verify your identity, qualifications or credentials.
3.4 Permitted Uses
3.4.1. Subject to the terms of these TOS, you may use Your Health Information for any purpose expressly permitted by applicable law, including treatment, payment and health care operations.
3.4.2 If you are granted access rights to another user of the Service’s Protected Health Information through the Service, you may use such information for treatment and for obtaining payment for treatment; provided that, except as expressly authorized in our Policies and Procedures, (i) you may access only information pertaining to individuals with whom you have a treatment relationship or for whom a Client who has a treatment relationship with the individual has requested a professional consultation from you, or from whom you have received authorization to use their health information; and (ii) to the extent applicable to you, you may use only the minimum necessary information for performing billing any services.
3.4.3 You will not use the Service for any purposes other than those described in Section 3.4.1 or Section 3.4.2. In particular:
(a) You may not reproduce, publish, or distribute content in connection with the Service that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;
(b) You may not use the Service to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;
(c) You may not duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or allow any person that is not part of your Authorized Workforce to access the Service without the express written permission of Kipu’s Chief Executive Officer (“CEO”);
(d) You may not commercialize any portion of the Service or any information or software associated with or used to access, exploit, or use the Service; and
(e) Except as expressly permitted in writing by Kipu’s CEO, you may not modify, port, adapt, make screen captures from or translate the Service.
In addition, to further safeguard the confidentiality, integrity and availability of the information and other elements housed in the Service, as well as the stability of the Service, you agree that you will not (nor attempt to), nor will you authorize anyone to (or authorize anyone to attempt to):
(f) (i) abuse or misuse the Service, including gaining or attempting to gain unauthorized access to the Service, or altering or destroying information housed in the Service; (ii) take any action that imposes or may impose (to be determined in our sole discretion) an unreasonable or disproportionately large load on our infrastructure; (iii) interfere or attempt to interfere with the proper working of our Site or Services or any activities conducted on or with the Service; (iv) bypass our robot exclusion headers, robots.txt rules, or any other measures we may use to prevent or restrict access to our Service; (v) use the Service in a manner that interferes with other users’ use of the Service; (vi) use the Service in any manner that violates our Policies and Procedures; or (vii) use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the Service;
(g) circumvent any technical measures we have put in place to safeguard the Service or the confidentiality, integrity or accessibility of any information housed thereon, or any technical measures we have put in place to restrict access to the Service solely to the class of persons expressly so authorized pursuant to Sections 3.1.1 through 3.1.3;
(h) access any portion of the Service other than with a standard commercial browser (such as Internet Explorer, Mozilla Firefox, Chrome, Android or iOS) or through mobile applications developed and operated by us;
(i) “frame” or “mirror” any part of the Service; or
(j) use any computer program, bot, macro, robot, spider, offline reader, site search/retrieval application, scraper, browser add-on, rich internet application, artificial-intelligence or machine-learning technology, or other manual or automatic device, tool, or process to access, retrieve, index, data mine, or in any way reproduce or circumvent the navigational structure or presentation of the Service; for the avoidance of doubt, this specifically prohibits you from using automated software in connection with the Service, and prohibits you from circumventing any security measure, access control system, or other technological control or measure in the Service.
You agree that your abusive use of the Service in violation of this Section 3.4.3 may cause damage and harm to us, including impaired goodwill, reduced performance, and increased expenses. You also agree that monetary damages for your abusive use of the Service are difficult to determine, and that if you, or others acting with you, request more than 500 pages of the Service or make more than 100 upload requests on the Service in any 24-hour period, you, and those acting with you, will be liable for liquidated damages in the amount of one dollar ($1.00) for each page request or upload request made during that 24-hour period which exceeds those limits
3.5 Clinical Support Information; Information Exchange
We may provide information to assist you in clinical decision-making. This may include information and reminders concerning drug interactions, allergies, dosages, as well as general health-care related information and resources. We may also provide forums for our users to exchange information. You agree that the information and materials available through the Service are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed in the Service by us and by third parties beyond our control. We are not responsible for the accuracy or completeness of information available from or through the Service. You assume full risk and responsibility for the use of information you obtain from or through the Service, and neither we nor any of our licensors or data providers are responsible or liable for any claim, loss, or liability arising from use of the information. We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials in the Service relating to any such products, items or services is not an endorsement or recommendation of them. You will review the definitions, functionality, and limitations of the Service, and to make an independent determination of their suitability for your use. We and our suppliers, partners and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the Service for any purpose.
3.6.1 You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Service. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce to transmit, store and process electronic health information through the use of the Service.
3.6.2 You will immediately notify us of any breach or suspected breach of the security of the Service of which you become aware, or any unauthorized use or disclosure of information within or obtained from the Service, and you will take such actions to mitigate the breach, suspected breach, or unauthorized use or disclosure of information within or obtained from the Service as we may direct, and will cooperate with us in investigating and mitigating the same. You have consented to the terms and conditions of the BAA for the purposes of compliance with HIPAA.
3.7 User Identification.
We authorize you and your Authorized Workforce to use the Credentials uniquely assigned to, or selected by, each such individual User. You acquire no ownership rights in any such Credentials, and such Credentials may be revoked, reset or changed at any time in the discretion of us or the Client. You will adopt and maintain reasonable and appropriate security precautions for your Credentials to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce shall have and use a unique identifier. You will ensure that no member of your Workforce uses Credentials assigned to another Workforce member. You may not attempt to conceal your identity by using multiple Internet Protocol addresses or email addresses, or by any other means, to use the Service
3.8 No Third-Party Access
Except as required by law, you will not permit any third party (other than persons who satisfy the definition of Authorized Workforce, and in all cases meet the requirements of Section 3.1.3) to use or access the Service without the prior written consent of Kipu’s CEO. Nor will you authorize or assist any person or entity in accessing, or attempting to access, any portion of the Service via any means other than a commercial browser (such as Internet Explorer, Mozilla Firefox, Chrome, iOS or Android) or a mobile app that we have authored and provided to you. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the Service. You will cooperate fully with us in connection with any such demand. You will also notify us if any person or entity, whether or not a member of your Authorized Workforce, (a) attempts to access the Service by any means other than a commercial browser, (b) claims to offer a service or system that “integrates with” our Service or (c) requests to use your Credentials or requests that you obtain Credentials in order to access the Service in a manner that would violate these TOS if you engaged in such activity.
3.9 Your Workforce
You may permit your Authorized Workforce to use the Service on your behalf, subject to the terms of these TOS. You will:
3.9.1 require each member of your Authorized Workforce to have unique Credentials, and will provide the legal name(s) of each such member for which you are seeking Credentials;
3.9.2 train all members of your Authorized Workforce in the requirements of these TOS and the Policies and Procedures relating to their access to and use of the Service, and ensure that they comply with such requirements;
3.9.3 take appropriate disciplinary action against any member of your Workforce who violates the terms of these TOS or the Policies and Procedures;
3.9.4 ensure that only the person to whom a specific set of Credentials have been assigned accesses the Service with such Credentials; and
3.9.5 be bound by these TOS, along with any employer, organization, or other entity for which you are acting as an agent.
3.10 Personal Health Record
Kipu may at some point enable the Service to make available to your patients portions of their medical records through a web-based personal health record portal that we would operate on your behalf (a “Patient Portal”). If and when the Patient Portal becomes available, you would be responsible for granting Patient Portal access privileges to your patients, either on an individual basis or for your entire patient population. You would also be solely responsible for the information that you make available through a Patient Portal. Health information included in Patient Portals, if and when they become offered as part of the Service, will be held and administered by us on your behalf subject to the terms of these TOS and our business associate obligations stated in Section 9.
We may offer forums for the exchange of information among our users. You will comply with all applicable forum rules. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of such forums. You acknowledge that any information you post in a forum is available to the public, and may result in your receiving communications from others outside of our site. You are responsible for safeguarding the privacy of your and your patients’ personal information when you participate in forums, discussion groups and the like. You agree not to disclose individually identifiable health information through such forums.
3.12.1 You are solely responsible for ensuring that your use of the Service complies with applicable law, including laws relating to the maintenance of the privacy, security, and confidentiality of patient and other health information. You will not grant any user, including members of your Authorized Workforce, any rights to access or use our Service that they would not be allowed to have under applicable laws. We offer no assurance that your use of the Service under the terms of these TOS will not violate any law or regulation applicable to you. To the extent that the Service allows you to send and/or receive SMS messages, you acknowledge that SMS messaging is not encrypted and represent that you have reviewed your organization’s use of this capability and determined that such use is compliant with all applicable laws and regulations, including but not limited to HIPAA and 42 CFR Part 2. You acknowledge that we may share Your Information with third parties if we determine in good faith that disclosure of Your Information is necessary to (i) comply with a court order, warrant or other legal process, (ii) protect the rights, property or safety of Kipu or others, (iii) investigate or enforce suspected breaches of these TOS, or (iv) allow our third-party partners to comply with their obligations under federal or state law.
3.12.2 The Parties acknowledge and agree that (i) any fees charged or amounts paid hereunder are not intended, nor will they be construed to be, an inducement or payment for referral of patients among Kipu, Client, or any third party and (ii) they will not enter into any agreements, or otherwise make any payments, for the purpose of rewarding the referral of patients among Kipu, Client, or any third party.
3.12.3 The Parties will each separately maintain effective compliance programs consistent with the relevant compliance guidelines set forth by the Office of the Inspector General of the Department of Health and Human Services. The Parties will cooperate with each other to provide accurate and full responses to any material inquiry or concern of either Party related to compliance and to any reasonable request by either Party for clarification, documentation, or further information concerning Client billing or Client’s provision of, or referrals related to, health services for its patients.
3.12.4 Client warrants to Kipu on a continuing basis throughout the term of its Service Agreement that Client will not bill or claim payment in any form, directly or indirectly, from any government health care program or other third-party payer for the cost of any Kipu Services, including, without limitation, on a government cost report.
3.12.5 No payment to or receivable of Client or of any physician or licensed or specially trained non-physician who is credentialed with payers, linked to Client’s organization, and performs health services for Client’s patients (“Billable Provider) is assigned to Kipu, and Kipu is not the beneficiary of any such payment or receivable. All such payments and receivables (including, but not limited to, checks and electronic fund transfers) will be payable to Client or the Billable Provider and will remain the property of Client or the Billable Provider. Kipu will not endorse or sign any such check or instrument. Any lockbox or other account into which Client payments or receivables are deposited will remain in the name of, and under the sole ownership and control of, Client or the Billable Provider and subject only to the instructions of Client or the Billable Provider. Kipu will not be a signatory on or have any power to transfer or withdraw from any account into which Client or Billable Provider payments or receivables from any federally funded program are deposited.
3.12.6 Client and Kipu each warrant that neither it nor any of its personnel to its knowledge (i) has been convicted of any crime arising from claims or other transactions, financial relationships, or financial dealings in connection with health care or (ii) has been excluded from any federal or state health care program. Client warrants to Kipu that it and its Billable Providers are and will be duly licensed and authorized to provide and bill for the health services that they render.
3.12.7 Client must verify the accuracy, completeness, and appropriateness of all information entered into or selected in the Service, including information from third party products and services, before such information is utilized. Client acknowledges and agrees that the professional duty to treat the patient lies solely with Client, and use of information contained in or entered into or provided through the Service, in no way replaces or substitutes for the professional judgment or skill of Client. Client is responsible and liable for the treatment of patients as to whom Client and its personnel access or use the Service, including responsibility for personal injury or loss of life. Client represents and warrants to Kipu that (i) all data it provides to Kipu or that it selects in Kipu, including, but not limited to, codes and practitioner identifiers, are accurate and in conformity with all legal requirements; (ii) its medical records appropriately support all codes that it enters, selects or approves; (iii) it and its personnel are duly authorized to enter and access such data; (iv) and Kipu is duly authorized to receive, use, and disclose such data subject to the terms of its Service Agreement. Kipu is not a health plan or healthcare provider and it cannot and does not independently review or verify the medical accuracy or completeness the medical information entered into, or made available to it in, the Service. Use of and access to the Service, including, but not limited to, clinical information in the Service, is at the sole risk and responsibility of Client and any practitioner or health care provider or facility using data provided by Kipu as part of the Service. Kipu shall not be liable for any action or inaction of Client which may give rise to liability under the federal False Claims Act or any state version thereof.
3.13 Professional Responsibility
You will be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information in the Service, or concerning the qualifications or competence of persons who placed it there. We have no liability for the consequences to you or your patients of your use of the Service.
Kipu does not warrant the accuracy of codes or other data contained in the Service. The clinical information contained in the Service is intended as a supplement to, and not a substitute for, the knowledge, expertise, skill, and judgment of physicians, pharmacists or other healthcare professionals in patient care and related fields.
You agree that the sole and exclusive responsibility for any medical decisions or actions with respect to a patient’s medical care and for determining the accuracy, completeness or appropriateness of any billing, clinical, coding, diagnostic, medical or other information provided by the Service resides solely with the health care provider. Kipu assumes any responsibility for how such materials are used. The choice with regard to when and how to use the Service for patient medical records is the health care provider’s responsibility, and the Service and any database are to be used at the health care provider’s discretion. You understand and agree that the Service provides possible coding options and does not “recommend,” “suggest,” or “advise” proper coding decisions and that the responsibility for the medical treatment, and any associated decisions regarding billing for medical services, rests with the health care provider and revolves around the health care provider’s judgment and the health care provider’s analysis of the patient’s condition. In addition, you agree that any prompts or alerts contained in the Service are tools available to the health care provider for augmenting the documentation of the patient’s electronic medical records, and are not intended in any way to eliminate, replace or substitute for, in whole or in part, the health care provider’s judgment and analysis of the patient’s condition.
You will cooperate with us in the administration of the Service, including providing reasonable assistance in evaluating the Service and collecting and reporting data requested by us for purposes of administering the Service.
You hereby agree to indemnify, defend, and hold harmless us and other users, and our and their respective affiliates, officers, directors, employees and agents, from and against any claim, cost or liability, including reasonable attorneys’ fees, arising out of or relating to: (a) the use of the Service by you or your Workforce; (b) any breach by you or your Workforce of any representations, warranties or agreements contained in these TOS; (c) the actions of any person gaining access to the Service under Credentials assigned to you or a member of your Workforce; (d) the actions of anyone using Credentials assigned to you or any member of your Workforce that adversely affects the Service or any information accessed through the Service; and (e) your negligent or willful misconduct, or that of any member of your Workforce. Your indemnification obligations in these TOS (including this Section 3.15) are cumulative, and are not intended to, nor do they, limit your indemnification obligations elsewhere in these TOS or at law, even if such obligations arise or are occasioned or triggered by a single assertion, claim, circumstance, action, event or transaction.
3.16 Your Information; Accuracy
You shall have all responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of Your Information and Kipu shall not be responsible or liable for the deletion, correction, destruction, damage, loss of use, or failure of any of Your Information, regardless of the cause or reason therefor.
You represent and warrant to Kipu that all data, information, documentation and other material provided under your account or by you are true, correct and accurate. If you learn that any item provided to Kipu as part of the Service is not true, correct or accurate, you must immediately notify Kipu via phone (so as not to delay resolution or to prevent submission of incorrect claim) and in writing, and provide the true, correct and accurate information to Kipu. You represent and warrant that all encounter data submitted to Kipu for payer or patient reimbursement has actually been performed on patients, is entirely accurate and truthful, is properly documented and meets all payer requirements including medical necessity. You acknowledge that the proper payer required notification has been given to the patient regarding their financial responsibility in cases where the procedure is not covered by their insurance plan or does not meet medical necessity. You represent and warrant that any procedures or services not directly rendered by the physician are actually performed by a licensed (as required by state law) professional that is trained and recognized by the payer as authorized to perform the procedure and that the encounter meets supervision requirements as defined by the payer.
You must conduct auditing and monitoring as part of your compliance program and to refund any identified overpayments to payers or patients within 60 days of discovery. If any investigation is initiated or any action is brought by any individual, state or federal agency, insurance payer or third party whatsoever regarding any of the claims filed as part of the Service on your behalf, then you must cooperate fully in any such investigation or action and must provide all relevant supporting documentation to support the claims filed upon request.
4. Use of Information
4.1 Purpose of Service
The purpose of the Service is to store Your Health Information and (i) to make it available to you and your Authorized Workforce for any legal purpose, including treatment, payment and health care operations; (ii) to facilitate the sharing of individuals’ health information among users and other parties with whom you or your Authorized Workforce members elect to share such information, and (iii) if and when a Patient Portal becomes available, to make health information available to your patients through the Patient Portal. You may make Your Health Information accessible to other users of the Service, other individuals and entities, or to your patients through the Service for these purposes. You authorize us, as your business associate under the BAA, to use and disclose Your Information as follows:
4.1.1 We will permit unrestricted access to Your Health Information to you and your Authorized Workforce. You are responsible for ensuring that your use of Your Health Information is consistent with the relevant legal restrictions.
4.1.2 We will permit access to Your Health Information to your patients to whom you have enabled to receive access through our Patient Portal (when made available) or any integrated third-party service, including but not limited to KipuMessenger and PingMD®.
4.1.3 We will permit access to Your Information by health care providers, covered entities and their business associates to whom you have Consented to provide access to the Service and who have otherwise agreed to integrate with our systems. We will obtain your Consent before we make Your Health Information available to other providers, covered entities and their respective business associates. You acknowledge that once we have granted access rights to another provider or covered entity (or their respective business associates), we have no control over the uses and disclosures that such person or entity makes of Your Health Information, and the recipient may be subject to its own legal or regulatory obligations (including HIPAA) to retain such information and make such information available to patients, governmental authorities and others as required by applicable law or regulation.
4.1.4 We may disclose or permit access to Your Information to entities such as, but not limited to, health plans, health care clearinghouses, medical groups, independent practice associations, your authorized service providers and other parties responsible for payment and their business associates for the purpose of obtaining (or confirming eligibility or authorization for) payment for services you provide, unless you advise us in writing that, with respect to a specific service provided to a specified patient, such patient has paid out of pocket in full for the service to which the health information relates, and has requested that it not be disclosed to his or her health plan.
4.1.5 We may De-Identify Your Information, and use and disclose De-Identified Information for any purpose whatsoever, including as provided by Section 5 and Section 7.2.
4.1.6 We may create limited data sets from Your Health Information, and disclose them for any purpose for which you may disclose a limited data set; and you hereby authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable law and regulation.
4.1.7 We may use Your Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the Service makes available. Preparation of such analyses and reports may include the use of data aggregation services relating to your treatment and health care operations, which we may perform using Your Health Information. Such reporting will be done in a manner that does not make any disclosure of Your Health Information that you would not be permitted to make.
4.1.8 We may use Your Information for the proper management and administration of the Service and our business, and to carry out our legal responsibilities, which may include us disclosing such information to one of our business associates that has entered into a business associate agreement. We may also disclose Your Information for such purposes if the disclosure is required by law (as such term is defined in 45 CFR §164.103), or we obtain reasonable assurances (as such term is interpreted or applicable in connection with or under HIPAA) from the recipient that it will be held confidentially and used or further disclosed only (a) as required by law (as such term is defined in 45 CFR §164.103), or (b) for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.
4.1.9 We may use Your Health Information and Directory Information (defined below) to contact your patients on your behalf for any purpose for which you would be permitted to contact them, including:
(a) For treatment and health care operations messages, including sending appointment notifications (such as appointment requests, confirmations, reminders, cancellations and the like) and messages about currently prescribed medications (including refill reminders), or post-visit treatment satisfaction surveys, invitations and administrative messages concerning Patient Portal access, and the like;
(b) With your Consent, to request an authorization on your behalf from your patients to use or disclose their health information for any purpose for which use or disclosure may be made with an appropriate authorization, including research purposes. You agree that we may also use and disclose your patients’ health information as permitted by any such authorization; and
(c) To provide information about health-related products or services that you provide, or that we provide on your behalf as your business associate.
4.1.10 From time to time we may incorporate information we receive from your authorized service providers (including Third-Party Applications as discussed in Section 11.2), our third-party partners, or covered entities (and their business associates) who are providing or paying for medical services for one or more of your patients, into the Service we provide to you. Such information may include, without limitation, clinical information such as lab results, imaging results, eligibility information, prior authorizations and prescription history; and shall, upon incorporation into the Service, be treated as “Your Health Information” for all purposes hereunder. You hereby authorize us to request and receive such information on your behalf from such authorized service providers or our third party partners.
4.1.11 We may use or disclose Your Health Information for other purposes, as from time to time described in our Policies and Procedures; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation if made by you or your business associate.
4.1.12 We may use Your Information to provide you with notifications regarding Your patients’ potential eligibility for certain programs, including savings programs, coupons, sampling, educational, safety, adherence or treatment support materials or other programs which you may choose to share with your patients (“Patient Support Programs”) as well as to administer the Support and Assessment Resources more fully described in Section 6 below. These notifications and materials are not a substitute for your professional medical judgment pertaining to the appropriateness of any such program for a given patient and you should discuss any such programs or materials with your patients directly. We may receive remuneration from the funding sources or sponsors for presenting you with Support and Assessment Resources or displaying their advertisements. In connection with offering or operating such Patient Support Programs or Support and Assessment Resources, we may share personally identifiable information about you for the purposes of program administration, and for assessing program eligibility, effectiveness or performance. We will only share such information with partners who are subject to confidentiality obligations. Additionally, we may disclose Personal Information about you to administrators of the Patient Support Programs or Support and Assessment Resources for recordkeeping, corporate integrity or regulatory reporting purposes.
4.2 Responsibility for Misuse by Other Users
You acknowledge that in granting access to the Service for the purposes set forth in Section 4.1, we will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the system, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the Service will contain certain technical safeguards against misuse of the Service, it will rely to a substantial extent on the representations and undertakings of users of the Service. You agree that we will not be responsible for any unlawful access to or use of Your Health Information by any user resulting from the user’s misrepresentation to us, or breach of the user’s user agreement or our Policies and Procedures.
4.3 Specially Protected Information
We apply the standards of the Privacy Rule in permitting access to the Service. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. You agree that you are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in Section 4.1, subject to the restrictions of the Privacy Rule and applicable law, including those laws that may be more restrictive than the Privacy Rule. In particular, you will:
4.3.1 not make available to other users through the Service any information in violation of any restriction on use or disclosure (whether arising from your agreement with such users or under law);
4.3.2 obtain all necessary consents, authorizations or releases from individuals required for making their health information available through the Service for the purposes set forth in Section 4.1;
4.3.3 include such statements (if any) in your notice of privacy practices as may be required in connection with your use of the Service; and
4.3.4 not place in the Service any information that you know or have reason to believe is false or materially inaccurate.
4.4 Health Record Sharing
With your Consent, we may make parts of your online heath record for any patient you designate accessible to any other user of the Service or any third party whom you approve, but subject to the technical limitations of the Service generally. You may revoke your Consent with respect to any other user at any time. While your Consent is in effect, an approved user may only view any health record you have designated for his or her access. If you revoke your Consent, the approved user will continue to have the ability to view the health record in the form in which it existed at the time you revoked your Consent, but will not be able to view changes made to the record thereafter. The same rules apply to your use of another user’s record who approves access by you. You and your Workforce are fully responsible for the information in any chart that you share. You or your Workforce should not share patient information that violates any state or federal laws. In any event, but especially in cases of potential fraud, misuse or abuse of the Service, we reserve the right, in our sole judgment, to revoke, remove, cancel or deny any request to share online health records as part of the Service.
4.5 Client Directories
We may include your Directory Information (defined below) in our (a) “Public Client Directories,” which are electronic directories for patients and the general public; and (b) “Professional Client Directories,” which are electronic directories for Clients and other members of the healthcare community ((a) and (b) collectively, “Client Directories”). Client Directories may be made available in various electronic formats, including searchable databases, Client landing pages, interactive reference tools, reference lists, ratings, and integrated look-up features, among others. They may also incorporate information designed to help users, such as integrated maps, and licensure confirmation tools, reviews, among other matters. Client Directories may include a “contact” feature that allows users to contact other users directly through the Service. Our Public Client Directory may be made available to public search engines to aid Client discovery. Listing in the Client Directories is subject to eligibility criteria, which may differ between the Public Client Directory and Professional Client Directory. A Client’s “Directory Information” includes the Client’s name, name(s) of physicians or other healthcare professionals associated with a Client, associated specialties, Client’s business telephone number(s) and physical address(es), National Client Identifiers (or NPI), and the Client’s available appointment slots, as each is indicated from information a Client has inputted or imported into the Service. The Directory Information may include additional information you input or upload into profile tools we make available in the Service (such as a profile photograph, accepted insurance, available office hours, a front desk email address, and the like), as and when such tools are available.
4.6 Care Coordination and Clinical Data Exchange
We will enable Clinical Data Exchange between You and your business associate(s) or those covered entities (and their respective business associates), including health systems, Accountable Care Organizations, payers, and laboratories who desire to transmit such data to you with respect to patients they have a treatment or payment relationship or with whom you have Consented to provide such data (all third parties collectively referred herein as “Transmission Partner”). While such transmission integrations are in effect, such Transmission Partner may send and receive clinical data to and from your account on a routine and recurring basis. You may disable an integration with any Transmission Partner by contacting us through one of the methods described at www.kipu.health, but any clinical data already received by such Transmission Partner will remain in its possession, subject to the terms of your independent agreements with such Transmission Partner, if any. You are solely responsible for ensuring that You have all necessary consents from Your patients applicable to the sharing of any of Your Health Information under applicable law with respect to each Transmission Partner with whom you have Consented to share any information under this Section 4.6.
5. Providing Physician Data to Payers and Others
Without limiting the provisions of Section 7.2, you agree that we may provide De-Identified Health Information and other information (including Your Personal Information and information concerning your practice) to any medical group, independent practice association of physicians, health plan or other organization with which you have a contract to provide medical services, or to whose members or enrollees you provide medical services. Such information may identify you, but will not identify any individual to whom you provide services. Such information may include aggregated data concerning your patients, diagnoses, procedures, orders and the like.
6. Support and Assessment Resources; Advertising
We may also present to you, through the Service or through the use of Your Information, the opportunity to utilize or engage in clinical decision support or assessment resources or informational programs (“Support and Assessment Resources,” which may also include, for the avoidance of doubt, Patient Support Programs (as previously described in Section 4.1.12)). We may also place advertisements concerning the products and services of third parties throughout the Service, so that you see them when you use the Service. Such Support or Assessment Resources or advertisements may be funded or sponsored by third parties, and may include branded or unbranded content about medical substance abuse related conditions, treatments and products, or safety and regulatory information resources. They may also include opportunities to participate in informational surveys or studies, or to discuss with your patients potential beta programs, trials or other research programs, which may be funded by government grants. We may receive remuneration from the funding sources or sponsors for presenting you with Support and Assessment Resources or displaying their advertisements. In connection with offering or operating such Support and Assessment Resources or delivering advertising, we may share personally identifiable information about you for the purposes of assessing program eligibility, effectiveness or performance with partners who are subject to confidentiality obligations. Additionally, if you choose to engage or utilize one of the Support and Assessment Resources, you may be asked to provide personal information that may be used to supplement Your Information as well as information gathered as part of the program itself (e.g., responses to surveys). This information will be used to provide the content or services described in the Support and Assessment Resources or provide you with any gift or honoraria associated with the program. If you receive remuneration for participating in a sponsored survey, for example, we may be required to provide the funding source or sponsor with information about you for its recordkeeping, regulatory reporting or measurement purposes. You acknowledge and agree that we or our authorized representatives may contact you via email, phone, or text message at any time for any reason.