Terms of Use

THIS AGREEMENT (Agreement) is made by and between Intraprise Health doing business as HIPAA One and the Subscriber identified below (collectively, and together with any Users as identified below, the Parties). As used in this Agreement, the term Subscriber shall include the entity identified to Intraprise Health as the HIPAA One Subscriber, together with its Permitted Affiliates and Registered Users as defined below.

In consideration of the following mutual covenants and commitments, the receipt and sufficiency of which are hereby acknowledged and confessed, the Parties hereby agree as follows:

1. Grant of License

Subject strictly to the terms and conditions of this Agreement, Intraprise Health hereby grants to Subscriber and Subscriber hereby accepts a personal, nonexclusive, nontransferable, and limited license (the License) to use the following:

(a) HIPAA One. The HIPAA Security Risk Assessment solution, as may be amended from time to time (the HIPAA One Solution), during the Term of this Agreement; beginning on the Effective Date, and thereafter for the remainder of the Term of this Agreement, provided Subscriber is in compliance with the terms and conditions of this Agreement, elects to continue with access; and pays the corresponding subscription fee.

2. Delivery

Upon acceptance of this Agreement by Intraprise Health, and while Subscriber is in compliance with its obligations hereunder, Intraprise Health shall make available to Subscriber access to HIPAA One, as applicable, for delivery by the Internet from the server(s) on which they are hosted. Access is unauthorized to any but Registered Users. Intraprise Health will use commercially reasonable efforts to make HIPAA One available at all times, subject however to interruption for reasonable periods of time for maintenance, upgrade and management, and Subscriber acknowledges that it may also be subject to interruption, delay, reduced graphics quality, or other reasons not subject to Intraprise Health's control such as events affecting Internet service providers or data hosting services.

3. Use of License

The License granted pursuant to this Agreement authorizes Subscriber to engage in only the following activities:

(a) For Internal, Limited Use Only. Subscribers may use HIPAA One solely for the purposes of satisfying the Office of Civil Rights Security Rule to conduct a periodic Risk Analysis, educational and information-sharing purposes to fulfill its own internal business needs. HIPAA One is a HIPAA Risk Assessment solution.

(b) Permitted Affiliates Included. "Permitted Affiliates" shall be authorized to use HIPAA One under and subject strictly to the terms and conditions of this Agreement. Permitted Affiliates shall include Registered Users as defined herein, and entities which are under common ownership or control with Subscriber and are specifically identified to Intraprise Health. Subscriber shall be fully responsible to Intraprise Health for any breach of this Agreement by its Permitted Affiliates, or any of its or their agents, representatives, employees, and any other person or entity to which Subscriber or any of its Permitted Affiliates gives access.

(c) Users to be Registered. Subscribers may sponsor one or more individuals to access and use HIPAA One under Subscriber's authority (Registered Users). Registered Users may be employees or agents of Subscriber, but must need to use HIPAA One in order to provide internal services or perform internal functions for the Subscriber, be accessible through the Subscriber's standard email convention, and shall be strictly subject together with Subscriber to the terms and conditions of this License. The Subscriber shall maintain a list of all current and past Registered Users at all times and shall identify its Registered Users to Intraprise Health. The Subscriber shall be solely responsible for insuring that only Registered Users use HIPAA One under Subscriber's authority, and for promptly notifying Intraprise Health when s/he is no longer authorized by Subscriber. Registered Users will be responsible for insuring that no one other than the Registered User gains access with his/her username and/or password. Intraprise Health may terminate a Registered User's access at any time upon misuse of HIPAA One in breach of the Terms of Use below. Upon termination of a Registered User's authorization under this License for any reason, Subscriber shall take steps to prevent the individual's further electronic access to HIPAA One and remove any such electronic files or paper copies of HIPAA One from his or her possession, custody or control.

(d) Updates. Intraprise Health may, in its sole discretion, provide updates, enhancements, new versions and/or supplements of HIPAA One (Updates) to Subscriber. Updates shall be deemed to be included in HIPAA One and therefore governed by this License, unless Intraprise Health expressly notifies Subscriber that the Update or Updates are provided under other licensing terms. Subscriber acknowledges that such Updates may reflect new or different requirements for certification, and therefore agrees to monitor and be familiar with Updates as they occur.

(e) Terms of Use; Changes. The Subscriber agrees to comply with the Terms of Use at all times. Intraprise Health may, in its sole discretion, change the Terms of Use from time to time, to take effect immediately upon notice. Ordinarily Intraprise Health will endeavor to make a reasonable effort to provide email notice of such changes, but such changes will take effect upon their posting on the Intraprise Health websites regardless of whether email or other actual notice has been given.

(f) Content Contribution. Registered Users may upload or post truthful, non-defamatory content they create to HIPAA One, provided that (i) such content shall not be considered personally identifiable information or personal health information (e.g. ePHI); (ii) Intraprise Health accepts no obligation to review content at any time, but may remove it at any time in its sole discretion; (iii) all such contributions remain the sole and exclusive property of the SUBSCRIBER, including but not limited to all rights in and to copyright and moral rights (and including without limitation all rights to create derivative works, recover for infringement, register and renew in all countries, languages and media now known or hereafter developed); (iv) Intraprise Health shall not be deemed the publisher of any such contributions, will not be attributed to Intraprise Health, and will be attributed only to the Registered User who posted them; and (v) a user who contributes content to HIPAA One, and the Subscriber sponsoring the user, shall be liable jointly and severally to indemnify, hold harmless and defend Intraprise Health, its officers and agents, from and against any claims, losses or liabilities arising from or relating to any violation of this section by the user or Subscriber, or other liability arising from or pertaining to the user's contribution of the content.

4. Restrictions of Use

Any use of HIPAA One not expressly permitted by this Agreement is prohibited, including but not limited to the following:

(a) Use for Third Parties. Using part or all of HIPAA One to provide analyses, assessments, or services or products of any kind to any person or entity.

(b) Derivative Works. Creating any Derivative Work of HIPAA One for any purpose not permitted hereunder without Intraprise Health's express prior consent.

(c) Unauthorized Access. Accessing unlicensed components of HIPAA One or related services without express authorization.

(d) Reverse Engineering. Disassembling, decompiling or otherwise reverse engineering any part of HIPAA One, or removing, modifying or obscuring any copyright, trade secret or other proprietary legend.

(e) Unauthorized Copying. Copying all or any part of HIPAA One except for the purposes and to the extent authorized herein; or

(f) Assignments. Assigning this Agreement, or sublicensing, distributing, or otherwise transferring any part of HIPAA One except in the connection with the sale or transfer of all or substantially all of the Subscriber's stock or assets.

(g) Commercial Uses. For any commercial or personal use, including but not limited to "scraping," surveys, contests, pyramid schemes, chain letters, junk mail, spamming or unsolicited messages (commercial or otherwise), advertising, or offering to sell or buy goods or services for any personal or business purposes.

(h) Use Contrary to Law. Use in any way which violates any applicable law or regulation, including but not limited to hacking, password cracking, "spoofing" or other unauthorized access; attempting to obtain any materials or information through any means not intentionally made available through HIPAA One; use of viruses, Trojan horses, worms, spyware, or other malware; use to defame, stalk, threaten or otherwise violate the legal rights of others (including rights of privacy, publicity, copyright or otherwise); transmission of materials in violation of intellectual property laws; or false or misleading use of proprietary designations or labels.

(i) Use Injurious or Obstructive to Others. Use in any way that could damage, disable, overburden, or impair or interfere with any other party's use of the services or access to HIPAA One.

5. License Fees and Payments

(a) Fees. Fees for subscriptions and for other products or services will be charged according to Intraprise Health's current terms and prices, which are subject to change without notice. No refund or credit will be given in the event of early termination.

(b) Payment Terms; Taxes. All amounts which may be due and payable to Intraprise Health, and which are not paid in full when due will bear interest at the rate of one percent (1%) per month simple interest until paid in full, or the highest amount allowed by law, whichever is less. Fees will not include taxes now or hereafter levied, all of which shall be for Subscriber's account. Subscriber agrees to indemnify Intraprise Health and hold it harmless from any taxes or related costs, interests or penalties paid or payable by Subscriber other than taxes related to Intraprise Health's income.

6. Intraprise Health Ownership of Intellectual Property

(a) Sole and Exclusive Ownership by Intraprise Health. Subscriber acknowledges Intraprise Health's sole and exclusive ownership, right and title in and to HIPAA One and all documentation related thereto, together with all copies, and all changes, modifications, deletions, translations, derivations or additions thereto, including but not limited to any text, images, photographs, animations, video and audio incorporated into them. The Parties further agree that HIPAA One constitutes copyrighted and/or proprietary information of Intraprise Health which is protected by copyright, and that any and all rights, inventions and copyrights arising out of or related to HIPAA One or related documentation, and all rights to license, market or otherwise develop or dispose of HIPAA One or related documentation, are and shall be the exclusive property of Intraprise Health.

(b) Intraprise Health Trade Secrets. The Parties further agree that HIPAA One includes valuable, confidential information, compilations, methods, techniques, procedures and processes not generally known or readily ascertainable by proper means, which can only be obtained from Intraprise Health. Intraprise Health has implemented reasonable protections, including the terms of this License, to prevent their unauthorized disclosure or use. To further those measures, Subscriber agrees that it will take all measures as may be reasonably requested by Subscriber, and in no event less than reasonable measures, to ensure that HIPAA One and related documentation are held in confidence and are not used or disclosed except as permitted under this Agreement or with Intraprise Health's express prior consent. This obligation will survive the termination or expiration of this Agreement or the Parties' relationship for any reason.

(c) Exclusions. These prohibitions shall not apply to information, compilations, methods, techniques, procedures or processes included in HIPAA One that are or have become generally known in the industry through no fault of Subscriber; or which Subscriber can show from written records were (i) known to it before entering this License, (ii) independently developed by it without use of or reference to HIPAA One, or (iii) lawfully obtained by it from a third party not in breach of any obligation to Intraprise Health. They will also not apply to residual knowledge retained in intangible, non-electronic form by Registered Users due to their access to HIPAA One, such as general ideas, concepts, and know-how.

(d) Certification; Injunctive Relief. Upon Intraprise Health's request, an officer of Subscriber shall certify in writing that it is in full compliance with the terms and conditions of this License. Subscriber hereby acknowledges that any violation of this License by it or an affiliated person or entity would cause irreparable injury to Intraprise Health, and, as a result, Intraprise Health shall be entitled to seek any injunctive relief or other rights or remedies to which Intraprise Health is or may be entitled to under law to prevent or mitigate the effects of such violation.

7. Defense of Infringement and Misappropriation Claims

(a) Notice and Cure. If Intraprise Health receives notice that any component of HIPAA One may infringe any valid U.S. copyright, U.S. trademark or U.S. patent or constitute a misappropriation of a valid trade secret under the law of any state, Intraprise Health may, at its sole discretion: (i) procure for Subscriber the right to continue using the potentially or allegedly infringing or misappropriated component, or (ii) modify HIPAA One to provide for substitute materially equivalent functioning or a materially functional equivalent which does not infringe and/or is not misappropriated. If Intraprise Health elects to provide substitute equivalent functioning or a functional equivalent, upon notice Subscriber shall stop using the allegedly infringing or misappropriated component and shall cooperate with Intraprise Health in implementing use of the functional substitute.

(b) Defense. Intraprise Health will defend Subscriber against any claims by an unaffiliated third party that any component of HIPAA One infringes any valid U.S. copyright, U.S. trademark or U.S. patent or misappropriates any trade secret valid under the law of any applicable state, provided Subscriber gives Intraprise Health prompt written notice of such a claim with all information known to it, gives Intraprise Health sole control over its defense or settlement, and provides Intraprise Health with complete and timely assistance and cooperation in such defense.

(c) Limitation of Duty to Defend. Intraprise Health shall have no obligation to defend Subscriber against any claim (i) that is based upon an allegedly infringing use or use of misappropriated intellectual property after Intraprise Health has notified Subscriber of a functional substitute as provided above; (ii) that results from any use or disclosure of HIPAA One, in whole or in part, in breach of any term of this License; (iii) for any claim based in whole or in part on Subscriber's acts or omissions; or (iv) use by Subscriber in any manner, purpose or combination not expressly authorized by Intraprise Health.

(d) Exclusive Remedy. The rights and remedies stated in this Section state Intraprise Health's entire liability and the exclusive remedy of Subscriber with respect to any claim of infringement or misappropriation of the intellectual property rights of any third party, whether arising under statutory or common law or otherwise.

8. Representations and Warranties

(a) Subscriber hereby represents and warrants to Intraprise Health that Subscriber is a healthcare organization or otherwise involved in the responsible handling of healthcare information; that it is fully authorized to enter into this Agreement; and that it will comply in all respects with its obligations hereunder.

(b) HIPAA One AND ACCESS TO HIPAA One ARE PROVIDED"AS IS, WITH ALL FAULTS. Intraprise Health, ITS AGENTS AND ITS SUPPLIERS HEREBY DISCLAIM ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES, DUTIES AND CONDITIONS, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, QUIET POSSESSION, SECURITY, CONFORMITY TO DESCRIPTION, NON-INFRINGEMENT, RELIABILITY, ACCURACY OR COMPLETENESS, OR RESULTS. THE ENTIRE RISK AS TO THE QUALITY OR ARISING OUT OF THE USE OF HIPAA One AT ALL TIMES REMAINS WITH THE SUBSCRIBER, ITS PERMITTED AFFILIATES AND ITS REGISTERED USERS.

9. Exclusion of Incidental, Consequential and Certain Other Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL Intraprise Health OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER DATA OR INFORMATION, BUSINESS INTERRUPTION, PERSONAL INJURY, LOSS OF PRIVACY, FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, NEGLIGENCE, OR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE ", THE PROVISION OF OR FAILURE TO PROVIDE HIPAA One, OR OTHERWISE ARISING OUT OF THE USE OF HIPAA One, OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF Intraprise Health OR ANY AGENT OR SUPPLIER, AND EVEN IF Intraprise Health OR ANY AGENT OR SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10. Limitation of Liability and Remedies

(a) UNDER NO CIRCUMSTANCES, AND UNDER NO THEORY, SHALL THE LIABILITY OF Intraprise Health OR ANY OF ITS AFFILIATES, SUPPLIERS, OFFICERS, AGENTS, EMPLOYEES, OR REPRESENTATIVES TO SUBSCRIBER OR ANYONE IN PRIVITY WITH SUBSCRIBER EXCEED THE TOTAL AMOUNT ACTUALLY RECEIVED BY Intraprise Health AS FEES UNDER THIS AGREEMENT.

(b) THESE DISCLAIMERS AND LIMITATIONS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.

11. Indemnification

Subscriber hereby agrees to defend, indemnify and hold harmless Intraprise Health, its officers, directors, shareholders, employees and agents at Subscriber's own expense from and against any and all suits, claims, actions, losses, costs, penalties and damages of whatsoever kind in nature, including settlement amounts, expert witness fees and attorney's fees and costs, arising out of or in connection with or incident to the use of HIPAA One or any related good or service by Subscriber, its Permitted Affiliates, its Registered Users or any other person or entity affiliated with it, or any breach of this Agreement by Subscriber or any of the above-referenced persons or entities.

12. Term and Termination

(a) Term. The term of this Agreement ("Term") shall begin on the date accepted by Subscriber and shall expire one (1) calendar year later, unless terminated sooner.

(b) Termination. Subscriber may terminate this Agreement at any time for any reason. Intraprise Health may terminate this Agreement upon breach or threatened breach by Subscriber or any person acting under Subscriber's authority (i) which occurs or remains uncured ten (10) days after notice from Intraprise Health, or (ii) which relates to confidentiality of any Intraprise Health confidential, or proprietary information or Intraprise Health’s sole and exclusive ownership of intellectual property rights related to HIPAA One or related documentation. In the latter event this Agreement may be terminated by Intraprise Health immediately upon notice.

(c) Events Upon Termination. Immediately upon termination or expiration of this Agreement, Subscriber and all persons acting under Subscriber's authority will cease access to and use of HIPAA One "and related documentation, and will remove all electronic and paper copies from their possession, custody and control. All provisions relating to the protection of Intraprise Health’s confidential and proprietary information and to Intraprise Health’s sole and exclusive ownership of intellectual property rights related to HIPAA One or related documentation shall survive expiration or termination of this Agreement.

13. Miscellaneous

(a) Notices. Notices required or permitted to be given under this Agreement shall be deemed delivered when sent by email, without notification of transmittal failure, to the email addresses provided by the Parties in this Agreement. Such addresses may be changed upon written notice to the other party, provided such notice is conspicuous and clear. The Subscriber will be solely responsible for insuring that any such notice from Intraprise Health is timely forwarded to Permitted Affiliates and Registered Users acting under Intraprise Health’s authority.

(b) Entire Agreement. This Agreement contains the entire agreement of the Parties relating to the subject matter hereof, superseding all prior written or oral agreements, commitments, representations or understandings. Each party represents and warrants to the other that in entering into and performing its obligations hereunder, it is not relying on any promise, inducement, course of dealing or trade, or representation not contained herein.

(c) Severability. If any provision of this Agreement is found for any reason to be invalid or unenforceable, it will be deemed severed and the remainder of the Agreement enforced, and in place of the invalid or unenforceable portion there shall be deemed substituted, as of the effective date of this Agreement, a provision as nearly similar to it as possible while still being valid and enforceable.

(d) Further Assurances. Each party agrees to cooperate fully with the others and to execute such further instruments as may be reasonably requested by the other party to carry into effect the intents and purposes of this Agreement.

(e) No Waiver. The failure or delay of any party at any time to require performance by the other party of any provision of this Agreement shall not be construed as a waiver of such performance, or of any continuing or succeeding breach of such provision.

(f) Force Majeure. Either party shall be excused from delay in or failure of performance to the extent it results from causes beyond that party's reasonable control, provided that the party acts diligently to remedy the cause of the delay or failure. Inability or failure to pay or to control one's own affiliates, employees, or agents will not be considered an event of force majeure.

(g) No agency. Each party is acting as an independent contractor and in no way is the agent or partner of the other in any respect. No party has the authority to make commitments for or bind the other to any obligation.

(h) Export Restrictions. Subscriber agrees to comply in all respects with any governmental laws, orders or other restrictions (Export Restrictions) on the export or re-export of HIPAA One "or related documentation imposed by the governments of the United States or the country to which it is shipped. The Subscriber shall not commit any act or omission that will result in a breach of Export Restrictions.

(i) Choice of Law and Forum; Jury Waiver. This Agreement and the relationship between and among the Parties shall be interpreted, governed and enforced under Utah law, excluding its choice of law provisions. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. Any action arising from or pertaining to this Agreement or the relationship between or among the Parties shall be heard in the state or federal courts in or for Utah County, Utah and in no other location. Subscriber and all persons or entities in privity with it hereby waive all defenses of lack of personal jurisdiction forum non conveniens. TO THE FULLEST EXTENT PERMITTED BY LAW, THE PARTIES HEREBY WAIVE TRIAL BY JURY.

14. Business Associate Information

(a) Business Associates are vendors which are entered into the Business Associate Manager (BAM) application. By entering in vendors information into the BAM HIPAA One software, you are granting permission for Intraprise Health to contact those vendors for the below purposes.

(b) In an attempt to protect ePHI, Intraprise Health may reach out on behalf of Subscriber, to help identify whether related Business Associates have completed their HIPAA Security Risk Analysis abiding by the terms and conditions outlined in potential and signed business associate agreements. By ensuring compliance with the HHS requirement to conduct a HIPAA Security Risk Analysis per 45 CFR 164.308(a)(1)(ii)(A) vendors must provide satisfactory assurances per 45 CFR 164.308(b)(3).

(c) Intraprise Health will keep Business Associate information private, not sell or share this information, but rather be used to ensure compliance with federal and state regulations.