Updated/Amended August 1, 2020
HerdmanHealth wants to demonstrate its commitment to your privacy and has displayed its privacy statement for your review:
If you have any concerns regarding this statement, you should contact Virtual Speech Center’s privacy administrator by email at [email protected]
Changes to this Privacy Statement:
We reserve the right to modify this privacy statement and will publish notification on our web site no less than 30 days before the statement modifications take effect.
Information Collection and Use
HerdmanHealth located at 7525 S. Hampton Rd., Lincoln, NE 68506, email: [email protected] is the organization collecting the Personally Identifiable Information and/or Third Party Personally Identifiable Information through the Site.
When a user contracts HerdmanHealth services, the user is required to provide such information as their name, company name, address, phone number, e-mail address, product selection, and billing information. It is possible that we will also ask for additional information such as company industry, number of employees, etc., at the time our service is contracted or if interest in our services is expressed. It is optional for customers to provide this additional information, and users may choose not to do so when they activate services with HerdmanHealth or request information on our services.
When HerdmanHealth captures user information upon sign-up, we use the client information to activate the customer account. Once a client has signed up with HerdmanHealth, future mailing may periodically be sent out to the HerdmanHealth client base, introducing new products, product updates, and important HerdmanHealth news and information. Our users and clients have the option of receiving the HerdmanHealth company newsletter. Should a client choose to receive the newsletter via e-mail, we will not distribute the user e-mail address for any other purpose than the sending of our newsletter or other HerdmanHealth service information. If a user would like to cease receiving the newsletter or other promotional e-mail correspondence from HerdmanHealth, they may send an e-mail request to service to [email protected] and immediately be removed from future mailings. HerdmanHealth requires a valid, working e-mail address upon account setup in order to send our client account information details, including a welcome packet, and account username and password.
HerdmanHealth does not disclose any user/customer information to any third party, other than what we explicitly state upon account activation. Billing and financial information is required upon account activation for HerdmanHealth to bill for services rendered. HerdmanHealth will only use this billing information to verify the validity of the account, and bill for HerdmanHealth services. When HerdmanHealth bills for services rendered, a third-party processing company is used to charge customer credit cards and collect payment. This third-party is used only to process credit card charges and does not store or distribute customer credit card or billing information.
HerdmanHealth users are solely and individually responsible for maintaining the privacy and confidentiality of their own data, as well as their usernames and passwords. HerdmanHealth may collect information from visitors to the www.HerdmanHealth.com web site. Most commonly, we may collect the Internet addresses of www.HerdmanHealth.com site visitors. We use the information that we log from the www.HerdmanHealth.com website to both improve our services and help troubleshoot possible www.HerdmanHealth.com website problems. We may also analyze non-identifying statistics that we collect from website visitor usage and provide this data to qualified third parties.
Cookies Security protocols put into operation by HerdmanHealth are determined by encrypted session Ids and dynamic data. Should you select to activate the HerdmanHealth “Remember Me” feature, we will use a “cookie” that contains partial or full authentication information depending on your preference. The cookie will reside on your local system. Further, We use a third party to provide statistical analysis regarding our users use of the www.HerdmanHealth.com web sites and may set cookies in order to gather the information needed to perform their statistical analysis. The information collected by the third-party cookies does not contain any personal information or can be linked back to any individual user.
We use IP addresses to analyze trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Our web site contains links to other sites. Please be aware that HerdmanHealth is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site or the HerdmanHealth application.
From time-to-time our site requests information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include contact information and demographic information. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site or of the HerdmanHealth application.
HerdmanHealth has chosen to implement the latest technology that allows for the highest levels of Internet security that are possible today. Your information is encrypted and authenticated, using Secure Socket Layer (SSL) technology. The SSL systems provide complete data security for you and your users, and the authentication ensures that your valuable content is available only to registered users and is not accessible to unwanted parties. Each registered user is provided with a unique username and password. Each time a user logs onto www.HerdmanHealth.com website, he can only be authenticated and allowed access using the correct username and password that has been assigned. A session is issued for the purpose of capturing encrypted authentication data for the length of the session. Neither the username nor the password is included in the session. Security protocols put into operation by HerdmanHealth are determined by encrypted session Ids and dynamic data.
HerdmanHealth offers its visitors and customers a means to choose how we may use information provided. If, at any time after registering for information or ordering Services, you change your mind about receiving information from us, send us a request specifying your new choice. Simply send your request to [email protected]
Correcting and Updating Your Information
To update billing information or discontinue the Service please email info at [email protected].
Updated/Amended August 1, 2020
HerdmanHealth provides a cloud-based assessment SaaS tool in a Software as a Service (SAAS) model with various tools, resources, and computing capacity (the “System”), which consists of technology hosted on HerdmanHealth provisioned servers and accessed remotely, via the cloudThe parties have agreed that HerdmanHealth will provide the System to Licensed User, now and pursuant to future Orders. Therefore, in consideration of the commitments set forth below, the adequacy of which consideration the parties hereby acknowledge, the parties agree to all the terms and conditions of this Agreement
The following capitalized terms shall have the following meanings whenever used in this Agreement:
- “AUP” means HerdmanHealth’s acceptable use policy found on the HerdmanHealth site.
- “Cloud Components” means such elements of the System as HerdmanHealth hosts on its provisioned computing systems pursuant to the applicable Order.
- “Licensed User” means a Party to this Agreement, while in good standing, or the Party’s employees and staff who are authorized to use Licensed Materials.
- “Licensed User Data” means data in electronic form managed or stored by the System submitted by or on behalf of a Licensed User.
- “Deliverables” means any report, data, services, or other solutions created pursuant to Professional Services by affiliates to HerdmanHealth and operating independently from HerdmanHealth not part of an Order.
- “Licensed Materials” means the Software as a Service (SaaS) residing in the Cloud Components; media, software products, training products, documents and forms and related products and/or materials, in any form, used or provided as part of the HerdmanHealth online service; copyright-claimed expressions residing in the Cloud Components; logos, trademarks, HerdmanHealth branding and goodwill; and website layout functionality and design features of the HerdmanHealth online site and service. All information and materials appearing on the HerdmanHealth Website and all online services offered as HerdmanHealth, including without limitation any and all site text, site layout, site functionality, site toolsets and design features, and menus are protected by U.S. and International copyright laws. Ownership of said information and materials (“the HerdmanHealth Copyright Information”) lies exclusively with HerdmanHealth or its affiliates; and except as specifically permitted, no portion of this website or the HerdmanHealth Copyright Information or Licensed Materials may be distributed or reproduced by any means, or in any form, without HerdmanHealth’s prior written permission.
- “Order” means an order or subscription for access to the System and Licensed Materials, executed with HerdmanHealth.
- “Professional Services” means such services by an affiliate of HerdmanHealth and referred by HerdmanHealth to the Licensed User separate from and outside this Agreement.
- “User” means any entity who uses the System on Licensed User’s behalf or through Licensed User’s account or passwords.
- “PHI” means Protected Health Information. According to the U.S. Department of Health and Human Services (HHS), PHI is individually identifiable health information that is “held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”
CLOUD COMPONENTS & GENERAL USE OF THE SYSTEM.
- Use of the System. During the Term (see Section 13.1, below), Licensed User may access and use the Cloud Components pursuant to: (a) this Master Agreement; (b) the terms of any current Order, including such features and functions as the Order allows; and (c) HerdmanHealth’s policies posted on its Website, including any updates as they may appear from time to time.
- System Revisions. HerdmanHealth may revise the features and functions of the Cloud Components at any time, provided no such revision materially reduces features or functionality provided pursuant to an Order.
- Onboarding. HerdmanHealth offers initial training to Licensed User concerning the functionality and orientation of HerdmanHealth. Onboarding is not instructional concerning HIPAA requirements, and Licensed User agrees that HerdmanHealth does not offer substantive instruction on HIPAA compliance, and further agrees to release, hold harmless and indemnify HerdmanHealth concerning any claim, suit, or proceeding in any way connected to or originating from the Onboarding training. The Parties agree that Onboarding is training to orient the Licensed User on HerdmanHealth platform functionality to aid Licensed User under this Agreement. Any Onboarding training provided on behalf of HerdmanHealth to Licensed User by a third party shall not change Licensed User’s agreements and duties under this subsection.
- License. HerdmanHealth hereby grants Licensed User a nonexclusive license to use the Licensed Materials, and to reproduce any forms offered for use by the System, as is set forth on the applicable Order, as necessary for Licensed User’s internal business purposes and solely as a component of the System offered to and accepted by Licensed User, provided Licensed User complies with the restrictions set forth below in Section 2 (Restrictions on Rights). Such internal business purposes do not include use by any parent, subsidiary, or affiliate of Licensed User, or any other third party other than Licensed User’s staff as specifically authorized in this Agreement or Order, and Licensed User shall not permit any such use.
- Restrictions on Rights. Copies of the Licensed Materials created or transferred pursuant to this Agreement are licensed, not sold, and Licensed User receives no title to or ownership of the Licensed Materials. Furthermore, Licensed User receives no rights to the Licensed Materials other than those specifically granted in Section 1 above. Without limiting the generality of the foregoing, Licensed User or User shall not: (a) modify, create derivative works from, distribute, sell, publicly display, publicly perform, or sublicense the Licensed Materials; (b) use the Licensed Materials in any way forbidden by Section 7.1 below; or (c) reverse engineer, decompile, disassemble, or otherwise attempt to derive any of the Licensed Materials’ source code. Moreover, Licensed User shall not allow third parties to violate this section 3.2.
- Delivery. HerdmanHealth shall provide the Licensed Materials to Licensed User, through online access via its Cloud Components, including forms and other Licensed Materials for electronic download, upon agreeing to subscribe to the service and receiving Licensed User access credentials from HerdmanHealth.
- Provision of Professional Services. HerdmanHealth may refer a Party seeking Professional Services through its partner network, and Licensed User may negotiate directly with the referred Professional Services provider, which will not be part of this Agreement.
- Deliverables. HerdmanHealth provides no warranty, does not endorse or recommend, and is not responsible for any Professional Services.
Licensed User shall pay HerdmanHealth the fee set forth in each Order (the “Subscription Fee”) for each Term. Licensed User is responsible to compensate HerdmanHealth for all fees incurred by HerdmanHealth for declined payments, and related financial fees for declined payments by the Licensed User.
LICENSED USER DATA & PRIVACY.
- Risk of Exposure. Licensed User recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the System, Licensed User assumes such risks. Licensed User’s own credentials to access the HerdmanHealth site face the risk of compromise and theft through security errors or omissions occurring on the Licensed User’s own network or computing system. HerdmanHealth offers no representation, warranty, or guarantee that Licensed User Data will not be exposed or disclosed through errors or the actions of third parties; and HerdmanHealth shall not be responsible for maintaining data or records for Licensed User, and that therefore Licensed User acknowledges and agrees that it remains Licensed User’s duty and responsibility to store or maintain its records under its own, separate storage arrangements.
- Data Accuracy. HerdmanHealth shall have no responsibility or liability for the accuracy of data uploaded to the System by Licensed User, including without limitation Licensed User Data and any other data uploaded by Users.
- Data Deletion. HerdmanHealth may permanently erase Licensed User Data if Licensed User’s account is delinquent, suspended, or terminated for 30 days or more. Since PHI data is prohibited from upload onto the System, it is subject to deletion, reporting to appropriate HIPAA compliance offices, and other appropriate handling by HerdmanHealth to remedy any User’s error in uploaded PHI data, and not precluding other remedies deemed appropriate by HerdmanHealth in its sole discretion.
- Excluded Data. Licensed User represents and warrants that Licensed User Data does not and will not include, and Licensed User has not and shall not upload or transmit to HerdmanHealth’s computers or other media, any data (“Excluded Data”) which upon transition would violate: HIPAA/HITECH; a state privacy statute or any US law or regulation that restricts data transmission as afforded by HerdmanHealth Cloud Components; and any international privacy provision that would be violated by using HerdmanHealth (the “Excluded Data Laws“). LICENSED USER RECOGNIZES AND AGREES THAT: (a) HERDMANHEALTH HAS NO LIABILITY FOR ANY FAILURE TO PROVIDE PROTECTIONS SET FORTH IN THE EXCLUDED DATA LAWS OR OTHERWISE TO PROTECT EXCLUDED DATA; (b) HerdmanHealth EXPRESSLY PROHIBITS USER UPLOADING SPECIFIED SENSITIVE EXCLUDED DATA IN ITS TERMS OF SERVICE AND VIOLATIONS OF THE TERMS OF SERVICE PROVIDE CERTAIN REMEDIES, WHICH ARE NOT EXCLUSIVE TO HERDMANHEALTH; and (c) HERDMANHEALTH’S SYSTEMS ARE NOT INTENDED FOR MANAGEMENT OR PROTECTION OF EXCLUDED DATA AND MAY NOT PROVIDE ADEQUATE OR LEGALLY REQUIRED SECURITY FOR EXCLUDED DATA.
- Aggregate & Anonymized Data. Notwithstanding the provisions above of this Article 6, HerdmanHealth may use, reproduce Aggregate Data in order to analyze the performance of the SaaS product, to monitor trends in order to improve the service, or for other trend analysis or other analytic purposes in order to improve the service offering (“Aggregate Data” refers to Licensed User Data with the following removed: personally identifiable information and the names and addresses of Licensed User and any of its Users.)
LICENSED USER’S RESPONSIBILITIES & RESTRICTIONS
- Acceptable Use. Licensed User shall comply with the AUP. Licensed User shall not: (a) allow third parties to use the System, except as specifically authorized by this Agreement; (b) provide System passwords or other log-in information to any third party, except Licensed User’s staff as specifically authorized by this Agreement; (c) share non-public System features or content with any third party; or (d) access the System in order to build a competitive product or service, to build a product using similar ideas, features, functions or graphics of the System, or to copy any ideas, features, functions or graphics of the System. In the event that it suspects any breach of the requirements of this Section 1, including without limitation by Users, HerdmanHealth may suspend Licensed User’s access to the System without advanced notice, in addition to such other remedies as HerdmanHealth may have. Neither this Agreement nor the AUP requires that HerdmanHealth take any action against Licensed User or any User or other third party for violating the AUP, this Section 7.1, or this Agreement, but HerdmanHealth is free to take any such action it sees fit.
- Unauthorized Access. Licensed User shall take reasonable steps to prevent unauthorized access to the System, including without limitation by protecting its passwords and other log-in information. Licensed User shall notify HerdmanHealth immediately of any known or suspected unauthorized use of the System or compromise of its security and shall use best efforts to stop said compromise.
- Reasonable Security. Licensed User represents and warrants that Licensed User presently undertakes, or agrees under this Agreement through the ordering of Professionals Services that it will undertake commercially reasonable cybersecurity measures to ensure the confidentiality, integrity, and availability of its computing systems, Internet attack surfaces, and supply chain for the purposes of providing information assurance and trustworthiness of its business operations, and further agrees to indemnify HerdmanHealth for any losses or damages sustained by HerdmanHealth and its affiliates and other users of HerdmanHealth for damages sustained as a result of Licensed User’s errors or omissions that are the proximate cause of those damages by HerdmanHealth and its affiliates and other third parties.
- Other Users; System Access. Licensed User is responsible and liable for: (a) Other Users’ use of the System, including without limitation unauthorized User conduct and any User conduct that would violate the AUP or the requirements of this Agreement applicable to Licensed User; and (b) any use of the System through Licensed User’s account, whether authorized or unauthorized.
- Maintenance of Forms, Records, and Important Data. It shall remain the sole responsibility of Licensed User, irrespective of Licensed User’s actions to input data, records, forms and any information onto the system, and notwithstanding any other term in this agreement or other understandings or implied relationship between the Parties, to maintain its own documentation.
IP & FEEDBACK
- IP Rights in the System. HerdmanHealth retains all right, title, and interest in and to the System, including without limitation all software used to provide the System and all graphics, user interfaces, logos, and trademarks reproduced through the System. This Agreement does not grant Licensed User any intellectual property license or rights in or to the System or any of its components, except to the limited extent that this Agreement specifically sets forth Licensed User license rights to Licensed Materials. Licensed User recognizes that the System and its components are protected by copyright and other laws.
- Feedback. HerdmanHealth has not agreed to and does not agree to treat as confidential any Feedback (as defined below) that Licensed User, or other Users, provide to HerdmanHealth, and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict HerdmanHealth’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting Licensed User or other User in question. (“Feedback” refers to any suggestion or idea for improving or otherwise modifying any of HerdmanHealth’s products or services.)
CONFIDENTIAL INFORMATION PROTECTION
- Injunction. Licensed User agrees that business processes, methods and other information contained on the HerdmanHealth website is Confidential Information, and that HerdmanHealth is entitled to protect its proprietary information in any way it sees fit. Licensed User further agrees that loss of proprietary information would cause HerdmanHealth irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, HerdmanHealth will be entitled to injunctive relief against such disclosure or threatened disclosure of its Confidential Information, without proving actual damage or posting a bond or other security.
- Termination & Return. With respect to Confidential Information, the remedies of Section 1 above (Injunction) will terminate five years after the date of disclosure or threatened disclosure. Upon termination of this Agreement, Licensed User shall return all copies of Confidential Information to HerdmanHealth or certify, in writing, the destruction thereof.
- Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. HerdmanHealth will retain all right, title, and interest in and to all Confidential Information.
REPRESENTATIONS & WARRANTIES.
- From HerdmanHealth.
- Re IP Rights in the System. Subject to the next sentence, HerdmanHealth represents and warrants that HerdmanHealth is the owner of the SaaS service offering, or the recipient of a valid license thereto, and that it has and will maintain the full power and authority to grant the rights granted in this Agreement without the further consent of any third party. HerdmanHealth’s representations and warranties in the preceding sentence do not apply to the extent that the infringement arises out of any of the conditions listed in Subsections 1(a) through 11.1(f) below. In the event of a breach of the warranty in this Section 10.1, HerdmanHealth, at its own expense, will promptly take the following actions: (i) secure for Licensed User the right to continue using the System; (ii) replace or modify the System to make it non-infringing; or (iii) terminate the infringing features of the Service and refund to Licensed User any prepaid fees for such features, in proportion to the portion of the Term left after such termination. In conjunction with Licensed User’s right to terminate for breach where applicable, the preceding sentence states HerdmanHealth’s sole obligation and liability, and Licensed User’s sole remedy, for breach of the warranty in this Section 10.1 and for potential or actual intellectual property infringement by the System.
- Representation and Warranty terms contained in sections 6.6 and 7.3 above are hereby incorporated by reference.
- Re Licensed User Itself. Licensed User represents and warrants that: (i) it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation known to it would have a material adverse impact on its ability to perform as required by this Agreement; (ii) it has accurately identified itself and it has not provided any inaccurate information about itself to or through the System; and (iii) it is a corporation, the sole proprietorship of an individual 18 years or older, or another entity authorized to do business pursuant to applicable law.
- From HerdmanHealth. HerdmanHealth shall defend and indemnify Licensed User and Licensed User’s Associates (as defined below in Section 3) against any “Indemnified Claim,” meaning any third-party claim, suit, or proceeding arising out of, related to, or alleging infringement of any patent, copyright, or trademark, or other intellectual property right by the System, and for no other claim, suit, or proceeding except for the listed infringement claims listed in this subsection 11.1. HerdmanHealth’s obligations set forth in this Section 11.1 do not apply to the extent that an Indemnified Claim arises out of: (a) Licensed User’s breach of this Agreement; (b) Licensed User’s failure to incorporate Licensed Materials updates or upgrades that would have avoided the alleged infringement, provided HerdmanHealth offered such updates or upgrades without charges not otherwise required pursuant to this Agreement; (c) HerdmanHealth’s modification of Licensed Materials in compliance with specifications provided by Licensed User, including without limitation Deliverables to the extent created based on such specifications; (d) any Deliverable, if the disclosure provided at or before delivery states that such Deliverable incorporates third party software or other assets; or (e) use of the System in combination with hardware or software not provided by HerdmanHealth.
- From Licensed User. Licensed User shall indemnify and defend HerdmanHealth and HerdmanHealth’s Associates (as defined below in Section 3) against any “Indemnified Claim,” meaning any third party claim, suit, or proceeding arising out of or related to Licensed User’s alleged or actual use of, misuse of, or failure to use the System, including without limitation: (a) claims by other Users or by Licensed User’s employees; (b) claims related to unauthorized disclosure or exposure of personally identifiable information or other private information, including Licensed User Data; (c) claims related to infringement or violation of a copyright, trademark, trade secret, or privacy or confidentiality right by written material, images, logos or other content uploaded to the System through Licensed User’s account, including without limitation by Licensed User Data; (d) claims that use of the System through Licensed User’s account, including by Licensed User’s Clients or other Users, harasses, defames, or defrauds a third party or violates the CAN-Spam Act of 2003 or any other law or restriction on electronic advertising. Indemnified Claims pursuant to the preceding sentence also include (f) claims related to the injury to or death of any individual, or any loss of or damage to real or tangible personal property, caused by the act or omission of Licensed User or of any of its agents, subcontractors, or employees; and additionally, claims arising out of errors or omissions as provided in sections 6.7 or 7.3, above.
- Litigation & Additional Terms. The obligations of the indemnifying party (“Indemnitor”) pursuant to Section 1 or 11.2 above: (a) include retention and payment of attorneys and payment of court costs, as well as settlement at Indemnitor’s expense and payment of judgments; and (b) will be excused to the extent that the other contracting party’s (“Indemnified Party’s”) or any of such Indemnified Party’s Associates’ failure to provide prompt notice of the Indemnified Claim or reasonably to cooperate materially prejudices the defense. Indemnitor will control the defense of any Indemnified Claim, including appeals, negotiations, and any settlement or compromise thereof; provided Indemnified Party will have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it admit wrongdoing or liability or subjects it to any ongoing affirmative obligations. (A party’s “Associates” are its officers, directors, shareholders, parents, subsidiaries, agents, successors, and assigns.)
LIMITATION OF LIABILITY.
- Dollar Cap. HerdmanHealth’s LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE FOLLOWING:
- For direct costs to the Licensed User: Total liability of HerdmanHealth shall not exceed three times the accumulated subscriptions paid by the Licensed User for all terms of service executed between the Parties and paid by Licensed User; or,
- Liability for indirect, consequential, and economic losses shall not exceed $25,000 per occurrence from an incident arising out of or related to this Agreement causing damage to a Licensed User or third parties.
- In no event will HerdmanHealth be liable for special or punitive damages arising out of or related to this Agreement. Total liability of HerdmanHealth for any damages shall not exceed the total insurance available for an incident arising out of or related to this agreement, including the allocation of Licensed User’s insurance that would cover Licensed User’s damages. The Parties agree that in calculating the liability of HerdmanHealth, Licensed User’s insurance coverage will first be determined and calculated before calculating any gap of coverage to attribute to the liability of HerdmanHealth.
TERM & TERMINATION
- Term. The term of this Agreement (the “Term”) shall commence on the date of the Order and will continue for the period contained in the Order. This Agreement will automatically renew for successive periods, as provided in the Order.
- Termination for Cause. Either party may terminate this Agreement for the other’s material breach by written notice, effective in 30 days unless the other party first cures such breach. Without limiting HerdmanHealth’s other rights and remedies, HerdmanHealth may suspend or terminate any Licensed User’s access to the System at any time, without advanced notice, if HerdmanHealth reasonably concludes such Licensed User’s or other User has conducted itself in a way that is not consistent with the requirements of the AUP or the other requirements of this Agreement, or in a way that subjects HerdmanHealth to potential liability.
- Effects of Termination. Upon termination of this Agreement, Licensed User shall cease all use of the System and delete, destroy, or return all copies of the Documentation in its possession or control. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of Licensed User to pay fees incurred before termination; (b) Articles and Sections 2 (Restrictions on Software Rights) 8 (IP & Feedback), 9 (Confidential Information), 10 (Warranty Disclaimers), 11 (Indemnification), and 12 (Limitation of Liability); and (c) any other provision of this Agreement that must survive to fulfill its essential purpose.
- Independent Contractors. The parties are independent contractors and will so represent themselves in all regards. Neither party is the agent of the other, and neither may make commitments on the other’s behalf. The parties agree that no HerdmanHealth employee or contractor will be an employee of Licensed User.
- Notices. HerdmanHealth may send notices pursuant to this Agreement to Licensed User’s email contact points provided by Licensed User, and such notices will be deemed received 24 hours after they are sent. Licensed User may send notices pursuant to this Agreement to [email protected], and such notices will be deemed received 72 hours after they are sent.
- Force Majeure. No delay, failure, or default, other than a failure to pay fees when due, will constitute a breach of this Agreement to the extent caused by acts of war, terrorism, hurricanes, earthquakes, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, or other causes beyond the performing party’s reasonable control.
- Assignment & Successors. Licensed User may not assign this Agreement or any of its rights or obligations hereunder without HerdmanHealth’s express written consent. Except to the extent forbidden in this Section 4, this Agreement will be binding upon and inure to the benefit of the parties’ respective successors and assigns.
- Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.
- No Waiver. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any other breach of this Agreement.
- Choice of Law & Jurisdiction.This Agreement will be governed solely by the internal laws of the State of Colorado, without reference to: (a) any conflicts of law principle that would apply the substantive laws of another jurisdiction to the parties’ rights or duties; (b) the 1980 United Nations Convention on Contracts for the International Sale of Goods; or (c) other international laws. The parties consent to the personal and exclusive jurisdiction of the federal and state courts of Colorado.
- Construction. The parties agree that the terms of this Agreement result from negotiations between them. This Agreement will not be construed in favor of or against either party by reason of authorship.
- Technology Export. Licensed User shall not: (a) permit any third party to access or use the System in violation of any U.S. law or regulation; or (b) export any software provided by HerdmanHealth or otherwise remove it from the United States except in compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, Licensed User shall not permit any third party to access or use the System in, or export such software to, a country subject to a United States embargo, including any new laws that may become enacted subject to the effective date of this Agreement.
- Entire Agreement. This Agreement sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications.
For any questions or concerns, please contact:
HerdmanHealth Legal Department
Business Associate Agreement (BAA)
Updated/Amended May 22, 2022
This Agreement (“Agreement”) is made and entered into at the date and time your HerdmanHealth account is created and is between you (“Covered Entity”) and HerdmanHealth LLC, a limited liability company (“Business Associate”).
Business Associate is in the business of providing an online substance use, mental health and co-occurring assessment products (“Offering”) and Covered Entity wishes to engage, or has engaged, Business Associate in connection with the offering. In consideration of the premises and mutual promises contained in this Agreement, the parties agree as follows:
Terms used, but not otherwise defined in this Agreement, shall have the same meaning as those terms in the Privacy Rule, Security Rule, and HITECH Act, (“HIPAA Rules”) which definitions are incorporated in this Agreement by reference.
- “Agent” shall have the meaning as determined in accordance with the federal common law of agency. “Breach” shall have the same meaning as the term “breach” in 45 CFR Section 164.402.
- “Business Associate” shall mean HerdmanHealth LLC, and its product Herdman Assessment Forms.
- “Covered Entity” shall mean active subscriber to HerdmanHealth.
- “Data Aggregation” shall have the same meaning as the term “data aggregation” in 45 CFR Section 164.501.
- Designated Record Set. “Designated Record Set” shall have the same meaning as the term “designated record set” in 45 CFR Section 164.501.
- “Disclosure” and “Disclose” shall have the same meaning as the term “Disclosure” in 45 CFR Section 160.103.
- “Electronic Health Record” shall have the same meaning as the term in Section 13400 of the HITECH Act.
- “Health Care Operations” shall have the same meaning as the term “health care operations” in 45 CFR Section 164.501.
- “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
- “HITECH Act” shall mean The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009 (“ARRA” or “Stimulus Package”), specifically DIVISION A: TITLE XIII Subtitle D—Privacy, and its corresponding regulations as enacted under the authority of the Act.
- “Individual” shall have the same meaning as the term “individual” in 45 CFR Section160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR Section 164.502(g).
- “Minimum Necessary” shall mean the Privacy Rule Standards found at Section164.502(b) and Section 164.514(d)(1).
- “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.
- “PHI” (“PHI”) shall have the same meaning as the term “protected health information” in 45 CFR Section 160.103, limited to the information created, received, maintained or transmitted by Business Associate on behalf of Covered Entity.
- “Required By Law” shall have the same meaning as the term “required by law” in 45 CFR Section 164.103.
- “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee.
- “Security Incident” shall have the same meaning as the term “Security Incident” in 45 CFR Section 164.304.
- “Security Rule” shall mean the Standards for Security of Electronic PHI at 45 CFR parts Section 160 and Section 164, Subparts A and C.
- “Subcontractor” shall mean a person or entity “that creates, receives, maintains, or transmits protected health information on behalf of a business associate” and who is now considered a business associate, as the latter term is defined in 45 CFR Section 160.103.
- “Subject Matter” shall mean compliance with the HIPAA Rules and with the HITECH Act. “Unsecured PHI” shall have the same meaning as the term “unsecured PHI” in 45 CFR Section 164.402.
- “Use” shall have the same meaning as the term “Use” in 45 CFR Section 164.103.
- Business Associate agrees to not Use or Disclose PHI other than as permitted or required by this Agreement or as Required by Law.
- Business Associate agrees to use appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this Agreement. Business Associate further agrees to implement administrative physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any electronic PHI, as provided for in the Security Rule and as mandated by Section 1304 of the HITECH Act.
- If the Breach, as discussed in paragraph 2(C), pertains to Unsecured PHI, then Business Associate agrees to report any such data Breach to Covered Entity within ten (10) business days of discovery of said Breach; all other compromises of PHI shall be reported to Covered Entity within twenty (20) business days of discovery. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity, via email or phone call, with information necessary for Covered Entity to meet the requirements of said section.
- If Business Associate is an Agent of Covered Entity, then Business Associate agrees that any Breach of Unsecured PHI shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Breach, and under no circumstances later than one (1) business day thereafter. Business Associate further agrees that any compromise of PHI, other than a Breach of Unsecured PHI as specified in 2(C) of this Agreement, shall be reported to Covered Entity within ten (10) business days of discovering said compromise, or attempted compromise.
- Business Associate agrees to ensure that any Subcontractor, to whom Business Associate provides PHI, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. Business Associate further agrees that restrictions and conditions analogous to those contained herein shall be imposed on said Subcontractors via a written agreement that complies with all the requirements specified in Section 164.504(e)(2), and that Business Associate shall only provide said Subcontractors PHI consistent with Section
- 13405(b) of the HITECH Act. Further, Business Associate agrees to provide copies of said written agreements to Covered Entity within ten (10) business days of a Covered Entity’s request for same.
- Business Associate agrees to provide access via in-app export, to PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual, in order to meet Covered Entity’s requirements under 45 CFR Section 164.524. Business Associate further agrees, in the case where Business Associate controls access to PHI in an Electronic Health Record, or controls access to PHI stored electronically in any format, to provide similar access in order for Covered Entity to meet its requirements of the HIPAA Rules and under Section 13405(c) of the HITECH Act. These provisions do not apply if Business Associate and its employees or Subcontractors have no PHI in a Designated Record Set of Covered Entity.
- Business Associate agrees to make PHI in a Designated Record Set available to the Covered Entity for the purpose of making amendments and incorporate such amendments in the Designated Record Set pursuant to 45 CFR Section164.526. This provision does not apply if Business Associate and its employees or Subcontractors have no PHI from a Designated Record Set of Covered Entity.
- Unless otherwise protected or prohibited from discovery or disclosure by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures (collectively “Compliance Information”), relating to the Use or Disclosure of PHI and the protection of same, available to the Covered Entity or to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Rules and the HITECH Act. Business Associate further agrees, at the request of Covered Entity, to provide Covered Entity with demonstrable evidence that its Compliance Information ensures Business Associate’s compliance with this Agreement over time. Business Associate shall have a reasonable time within which to comply with requests for such access and/or demonstrable evidence, consistent with this Agreement. In no case shall access, or demonstrable evidence, be required in less than ten (10) business days after Business Associate’s receipt of such request, unless otherwise designated by the Secretary.
- Business Associate agrees to maintain necessary and sufficient documentation of Disclosures of PHI as would be required for Covered Entity to respond to a request by an Individual for an accounting of such Disclosures, in accordance with 45 CFR Section164.528. On request of Covered Entity, Business Associate agrees to provide to Covered Entity documentation made in accordance with this Agreement to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. Section 164.528. Business Associate shall provide said documentation in a manner and format to be specified by Covered Entity. Business Associate shall have a reasonable time within which to comply with such a request from Covered Entity and in no case shall Business Associate be required to provide such documentation in less than five (5) business days after Business Associate’s receipt of such request.
- Except as provided for in this Agreement, in the event Business Associate receives an access, amendment, accounting of disclosure, or other similar request directly from an Individual, Business Associate shall redirect the Individual to the Covered Entity.
- To the extent that Business Associate carries out one or more of Covered Entity’s obligations under the HIPAA Rules, the Business Associate must comply with all requirements of the HIPAA Rules that would be applicable to the Covered Entity.
- A Business Associate must honor all restrictions consistent with 45 CFR Section 164.522 that the Covered Entity or the Individual makes the Business Associate aware of, including the Individual’s right to restrict certain disclosures of PHI to a health plan where the individual pays out of pocket in full for the healthcare item or service, in accordance with HITECH Act Section] 13405(a).
- Except as otherwise limited by this Agreement, Business Associate may make any Uses and Disclosures of PHI necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such User or Disclosure would not violate the Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
- Except as otherwise limited in this Agreement, Business Associate may Use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
- Except as otherwise limited in this Agreement, Business Associate may Disclose PHI for the proper management and administration of the Business Associate, provided that Disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and used, or further Disclosed, only as Required By Law, or for the purpose for which it was Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
- Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity as permitted by 45 CFR Section 164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to Covered Entity only wherein said services pertain to Health Care Operations. Business Associate further agrees that said services shall not be provided in a manner that would result in Disclosure of PHI to another covered entity who was not the originator and/or lawful possessor of said PHI. Further, Business Associate agrees that any such wrongful Disclosure of PHI is a direct violation of this Agreement and shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Disclosure and, under no circumstances, later than three (3) business days thereafter.
- Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services States, Counties or other Agencies/Organizations gathering research data as permitted by 45 CFR Section 164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to these agencies only wherein said services pertain to Health Care Operations. Business Associate further agrees that said services shall not be provided in a manner that would result in Disclosure of PHI to another covered entity who was not the originator and/or lawful possessor of said PHI. Further, Business Associate agrees that any such wrongful Disclosure of PHI is a direct violation of this Agreement and shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Disclosure and, under no circumstances, later than three (3) business days thereafter.
- Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with Section 164.502(j)(1).
- Business Associate shall make Uses, Disclosures, and requests for PHI consistent with the
- Minimum Necessary principle as defined herein.
- Covered Entity shall notify Business Associate of the provisions and any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR Section 164.520, to the extent that such provisions and limitation(s) may affect Business Associate’s Use or Disclosure of PHI.
- Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that the changes or revocation may affect Business Associate’s use or disclosure of PHI.
- Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, and also notify Business Associate regarding restrictions that must be honored under Section 13405(a) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s Use or Disclosure of PHI.
- Covered Entity shall notify Business Associate of any modifications to accounting disclosures of PHI under 45 CFR Section 164.528, made applicable under Section 13405(c) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s user or disclosure of HI.
- Business Associate shall provide information to Covered Entity via email or phone call, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(d) of this Agreement. Covered Entity reserves the right to modify the inner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the HIPAA Rules or the HITECH Act and Business Associate is provided sixty (60) business days notice before the requested modification takes effect. F. Covered Entity shall not require Business Associate to Use or Disclose PHI in any manner that would not be permissible under the HIPAA Rules or if done by the Covered Entity.
- The Term of this Agreement shall be effective as of the date and time Covered Entity agrees to the Terms of Service for using HerdmanHealth’s Mobile Application, Website, Software, and Services by creating an account and shall terminate when all of the PHI covered by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this Agreement.
- Termination for Cause by Covered Entity. Upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall give Business Associate written notice of such breach and provide reasonable opportunity for Business Associate to cure the breach or end the violation. Covered Entity may terminate this Agreement, and Business Associate agrees to such termination, if Business Associate has breached a material term of this Agreement and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary.
- Termination for Cause by Business Associate. Upon Business Associate’s knowledge of a material breach of this Agreement by Covered Entity, Business Associate shall give Covered Entity notice via email of such breached provide reasonable opportunity for Covered Entity to cure the breach or end the violation. Business Associate may terminate this Agreement, and Covered Entity agrees to such termination, if Covered Entity has breached a material term of this Agreement and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Business Associate shall report the violation to the Secretary.
- Except as provided in paragraph B of this section, upon termination of the Agreement, for any reason, Business Associate shall return or destroy all PHI received from or created or received by Business Associate on behalf of Covered Entity. This provision shall also apply to PHI that is in the possession of Subcontractors of Business Associate. Business Associate shall retain no copies of the PHI.
- In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity, within ten (10) business days, notification of the conditions that make return or destruction infeasible. Upon such determination, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible for so long as Business Associate maintains such PHI.
- This Agreement may be modified only by a signed written agreement between Covered Entity and Business Associate.
- All other agreements entered between Covered Entity and Business Associate, not related to this Subject Matter, shall remain in full force and effect.
- This Agreement and the rights of the parties shall be governed by and construed in accordance with the Federal Arbitration Act, Federal law as it pertains to the Subject Matter, and shall be governed by and construed in accordance with the laws of the State of Nebraska as it pertains to contract formation and interpretation, without giving effect to its conflict of laws.
- In the event of a Dispute between you and HerdmanHealth (including any dispute over the validity, enforceability, or scope of this dispute resolution provision), other than with respect to claims of injunctive relief, the Dispute will be resolved by binding arbitration pursuant to the rules of the American Arbitration Association Commercial Arbitration Rules. The place of the arbitration shall be in Lincoln, Nebraska. If there is any Dispute between you and HerdmanHealth or that is determined to be subject to arbitration pursuant to the preceding sentence, you agree to submit in that event to the exclusive jurisdiction and venue of the state and federal courts located in the City of Lincoln and County of Lancaster, Nebraska.
- Regulatory References. A reference in this Agreement to a section in the Privacy Rule, Security Rule, or HITECH Act means the section as in effect or as amended.
- The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity and Business Associate to comply with the requirements of the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act and its corresponding regulations.
- The respective rights and obligation of Business Associate under Section 5(B) of this Agreement shall survive the termination of this Agreement.
- Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act and its corresponding regulations.
- If any provision or provisions of this Agreement is/are determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, this Agreement shall not be unlawful, void, or unenforceable thereby, but shall continue in effect and be enforced as though such provision or provisions were omitted.
For any questions or concerns, please contact:
HerdmanHealth Legal Department