Email: [email protected]
Email: [email protected]
These Terms of Service constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and the Coordinated Assistance Network ("CAN") concerning your access to canportal.org, which also includes any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). CAN has set forth below a Series of Access and use Terms ("SATS"). Compliance with and acceptance of the SATS are required in order for you to have access to and use of the Site. We have also included below CAN's agent for receipt of notice regarding copyright claims and other communication regarding the Site. IF YOU DO NOT AGREE WITH OR DO NOT ACCEPT ANY OF THE SATS, YOU MUST IMMEDIATELY EXIT THE SITE AND REFRAIN FROM FURTHER ACCESS.
CAN reserves the right, at its sole discretion, to change, modify, add or remove all or any portion of the Site or the SATS. Changes to the SATS shall be immediately effective when posted.
Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. CAN reserves the right, in its sole discretion, to make changes or modifications to these Terms of Service at any time and for any reason. CAN will alert you by sending notice to your registered email address about any changes. It is your responsibility to review this email and these supplemental or amended Terms of Service to stay informed of updates. You will be subject to and will be deemed to have been made aware of and to have accepted, the changes in any revised Terms of Service by your continued use of the Site after the date such revised Terms of Service are emailed to you.
Events may arise that result in disruption or discontinuation of access to the Site, removal of specific Site Contents or corruption of Site Code. Therefore, CAN reserves the right, without liability to: (1) discontinue provision of access to the Site to any and all users without notice; and (2) remove or modify any Site Content.
Your access to the Site and compliance with all policies and terms of service provide a limited, terminable license to view the Site contents and engage its interactive features. All information contained on the Site, such as text, graphics, logos, button icons, images, audio clips and the like are copyrighted by and proprietary to CAN, and may not be copied, reproduced, transmitted, displayed, performed, distributed, sublicensed, altered, stored for subsequent use or otherwise used in whole or in part in any manner without the prior written consent of CAN, except that the user may make such temporary copies in a single computer's RAM and hard drive cache as are necessary to browse the Site. The user may also make a single copy of the content displayed on any page of the Site to be used by the user for personal and noncommercial uses which do not harm the reputation of CAN or infringe on any copyright or trademark right of CAN, provided that the user does not remove any trademarks, copyright and any other notice contained in such content. Unless expressly permitted in writing from CAN, you shall not frame, link or commercially exploit any of the Site, Site contents or Site code.
Your access to the Site and compliance with all trademarks, service marks, trade names, trade dress, copyrights, patent rights and other proprietary rights in or associated with the Site, the Site Contents, and Site Code are the property of CAN or its licensors. Site Content includes, but is not limited to, text, images, graphics, audiovisual content and audio content. Site Code means any and all underlying elements of the Site, including, but not limited to source code, object code, and other sets of statements or instructions that relate to the operation or functions of the Site.
CAN is pleased to hear from its customers and Site users. We welcome your comments. However, due to legal requirements, we cannot provide compensation for, agree to consider, or agree to keep confidential, any submission of creative ideas, disclosures of inventions, other disclosures of potentially useful information, or submission of any other content. In the Site and in the Company, all content submitted by you via the Site are provided with a paid-up, perpetual, non-exclusive license, effective everywhere, to CAN to consider, use, re-publish, modify, disclose or otherwise exploit, at its sole discretion. If any applicable law, judicial decision or regulatory requirement restricts or limits the provisions of this paragraph, CAN's liability shall not exceed the amount set forth in THE LIMITATION OF LIABILITY paragraph of these SATS.
CAN may provide from time to time, at its sole discretion, one or more chat areas, message boards, e-mail functions, polls, surveys, and other features for use by visitors to the Site. Such features are referred to herein as "Visitor Features."
CAN may, in its sole discretion, discontinue provision of any Visitor Features to any or all Site visitors and may, in its sole discretion, remove any content provided by a Site visitor. Certain Visitor Features may be provided free of charge, but others may be subject to charges. Please consult these SATS and any instructions associated with a Visitor Feature to determine the charges, if any, for use of or access to particular Visitor Features.
Users of Visitor Features are bound by and must comply with the SATS, and must agree not to do one or more of the following:
CAN expects that all of those who use and have access to the Site will follow the SATS and otherwise conduct themselves properly. CAN is not responsible for monitoring, verifying or substantiating content or code provided by third-party users of the Site. Therefore, you agree that CAN shall not be liable for any breach of the SATS by third parties or for other injurious behavior engaged in by third parties who use or gain access to the Site.
CAN is not necessarily affiliated with sites that may be linked to or from the Site. CAN cannot monitor or otherwise evaluate such sites, and CAN is not responsible for any of their contents, features, codes, underlying materials, terms of access or privacy policies. LINKS ARE PROVIDED FOR YOUR CONVENIENCE ONLY AND THEIR USE IS AT YOUR SOLE DISCRETION AND RISK.
WARRANTY DISCLAIMERS, DAMAGE LIMITATION, INDEMNIFICATION THE SITE, OPERATION OF THE SITE CODE, SITE CONTENTS (INCLUDED BUT NOT LIMITED TO LINKED SITE CONTENTS), AS WELL AS THE OPERATION OF AND EFFECTS OF ACCESS TO THE SITE AND LINKED SITES, ARE PROVIDED "AS IS," AND CAN, ITS LICENSORS AND SUPPLIERS, SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES OF: (1) SUITABILITY FOR ANY PARTICULAR PURPOSE, (2) MERCHANTABILITY (3) COMPLETENESS, (4) ACCURACY; (5) NON-INFRINGEMENT, AND (6) FREEDOM FROM TECHNICAL ERRORS OR UNAUTHORIZED, INJURIOUS MATTER, SUCH AS VIRUSES OR OTHER HARMFUL COMPONENTS.
NEITHER CAN, NOR ITS LICENSORS OR SUPPLIERS, WARRANT THAT DEFECTS IN THE CONTENTS OR OPERATIONS OF THE SITE OR LINKED SITES WILL BE CORRECTED OR THAT ACCESS WILL NOT BE INTERRUPTED OR DISCONTINUED.
WARRANTIES, OR ASPECTS OF THEM, THAT ARE, BY LAW, INCAPABLE OF BEING DISCLAIMED ARE NOT DISCLAIMED.
IRRESPECTIVE OF WHETHER A CLAIM IS BASED UPON CONTRACT OR TORT PRINCIPLES, AND IRRESPECTIVE OF WHETHER THEY HAD NOTICE OF THE POSSIBILITY OF SUCH DAMAGES, NEITHER CAN, ITS DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS, LICENSORS OR SUPPLIERS SHALL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES.
You agree to indemnify, defend and hold harmless CAN, its directors, officers, employees, contractors, licensors and suppliers against all losses, expenses, damages and costs, including reasonable attorneys' fees, resulting from any violation of the SATS by you or by others that access the Site through your terminal or to whom you have provided access to Site Contents. CAN reserves the option, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you shall cooperate with CAN in asserting any available defenses. You shall be responsible for any damages or fines assessed due to violation of the SATS by you or others that access the Site through your terminal or to whom you have provided access to Site Contents.
Products and services offered through the Site may be subject to license terms and terms of sale that are in addition to, or distinct from, the SATS. Therefore, the provision and acceptance of any such product or service shall be subject to any additional or distinct terms supplied by CAN or the third-party supplier of the product or service.
You consent to any transfer, in whole or part, of CAN's terms, interests, rights, and obligations hereunder to a subsequent owner of an interest in the Site. You also consent to any transfer, in whole or part, of your agreements hereunder to a subsequent owner, if any, of an interest in the Site.
The Site is controlled by CAN from its offices within the United States of America. CAN makes no representation that the Site, the Site Contents, links, or the Site Code are appropriate for use in countries other than the United States.
If you believe that any Site Content or Site Code, including but not limited to content provided by third parties via Visitor Features, infringes a copyright or other proprietary right, please forward to our Copyright Agent, Coordinated Assistance Network at 2519 N McMullen booth Rd Suite 510 Clearwater, FL 33761, the following information:
1. Your name, address, telephone number, e-mail address and other pertinent contact information;
2. A description of the copyrighted work or proprietary right that you believe is infringed;
3. The URL or a description of where the allegedly infringing content is located;
4. A statement by you, with respect to the copyright or other proprietary right, that you have a good faith belief that the disputed use is not authorized by either the owner of the asserted right, by an agent of the owner, or by the law;
5. An electronic or physical signature of the person authorized to act on behalf of the owner of the asserted right;
6. A statement by you, made under penalty of perjury, that the above information in your notice is correct and that you are the owner of the asserted right, or are authorized to act on behalf of the owner.
These SATS, and all disputes arising from or related to them, their interpretation, or their subject matters shall be governed by, resolved and remedied in accordance with the laws of the State of Florida (without resort to conflict of law principles) as it applies to agreements entered into and to be performed entirely within such State and to acts or omissions occurring wholly within the State. Any claims arising from or related to the SATS or their subject matters shall be brought and resolved only in the appropriate State or Federal Courts located in or closest to Tampa, Florida, and you expressly consent to the jurisdiction and exclusive venue of said courts. However, CAN, at its sole discretion, can also institute or convert any action (no matter which party initiates it) to an arbitration under the applicable rules of the American Arbitration Association, said arbitration to: (1) apply the choice-of-law specified above; and (2) take place in Tampa, Florida.
If otherwise applicable hereto, the Uniform Computer Information Transactions Act (as adopted by any State) and the United Nations Convention for the International Sale of Goods are hereby agreed not to be applicable to these SATS and their subject matters. In addition, all dis-claimable or waivable local and international provisions related to choice of law or dispute resolution are waived or disclaimed by you in favor of the above choice of Florida law, jurisdiction and forms for dispute resolution.
You agree and represent that you have carefully considered the SATS and that ambiguities, if any, shall not be enforced against the drafter but shall be fairly read so as not to prejudice the rights of CAN.
If any provision(s) of the SATS are deemed unenforceable in a determination by a body with proper jurisdiction, the Parties agree (without waiving rights of appeal) that the unenforceable provision(s) shall be: (1) reconstituted to approximate as closely as lawfully possible the evident intent of the original provision(s); or (2) if option (1), above, cannot be implemented, the unenforceable provision(s) shall be excised from the SATS and the Parties shall negotiate in good faith with respect to their modification. If the Parties cannot agree to a modification, the SATS shall be enforced, without the unenforceable provision, in a fair manner and without undue prejudice to either Party.
These Terms of Service and SATS as well as any policies or operating rules posted by CAN on the Site or in respect to the Site constitute the entire agreement and understanding between you and CAN. CAN’s failure to exercise or enforce any right or provision of SATS or these Terms of Service shall not operate as a waiver of such right or provision. These SATS and Terms of Service operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these SATS and Terms of Service is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these SATS or Terms of Service and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment or agency relationship created between you and us as a result of these SATS or Terms of Service or use of the Site. You agree that these SATS and Terms of Service will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.
In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at [email protected]
In addition to all Terms of Service, a Business Associate Agreement (“BAA”) is entered into effective of accepting these SATS by and between The Coordinated Assistance Network (“Covered Entity”) and your non-profit organization (“Business Associate”)(each a “Party” and collectively, the “Parties”)
A. Covered Entity is a “Covered Entity” as that term is defined under the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-91), as amended, (“HIPAA”), and the regulations promulgated thereunder by the Secretary of the U.S. Department of Health and Human Services (“Secretary”), including, without limitation, the regulations codified at 45 C.F.R. Parts 160 and 164 (“HIPAA Regulations”);
B. Business Associate performs Services for or on behalf of Covered Entity, and in performing said Services; Business Associate creates, receives, maintains, or transmits Protected Health Information (“PHI”);
C. The Parties intend to protect the privacy and provide for the security of PHI Disclosed by Covered Entity to Business Associate, or received or created by Business Associate, when providing Services in compliance with HIPAA, the Health Information Technology for Economic and Clinical Health Act (Public Law 111-005) (“the HITECH Act”) and its implementing regulations and guidance issued by the Secretary, and other applicable state and federal laws, all as amended from time to time; and
D. As a Covered Entity, Covered Entity is required under HIPAA to enter into a BAA with Business Associate that meets certain requirements with respect to the Use and Disclosure of PHI, which are met by this BAA.
AGREEMENT In consideration of the Recitals and for other good and valuable consideration, the receipt and adequacy of which is hereby acknowledged, the Parties agree as follows:
The following terms shall have the meaning set forth below. Capitalized terms used in this BAA and not otherwise defined shall have the meanings ascribed to them in HIPAA, the HIPAA Regulations, or the HITECH Act, as applicable.
1.1. “Breach” shall have the meaning given under 42 U.S.C. § 17921(1) and 45 C.F.R. § 164.402.
1.2. “Designated Record Set” shall have the meaning given such term under 45 C.F.R. § 164.501.
1.3. “Disclose” and “Disclosure” mean, with respect to PHI, the release, transfer, provision of access to, or divulging in any other manner of PHI outside of Business Associate or to other than members of its Workforce, as set forth in 45 C.F.R. § 160.103.
1.4. “Electronic PHI” or “e-PHI” means PHI that is transmitted or maintained in electronic media, as set forth in 45 C.F.R. § 160.103.
1.5. “Protected Health Information” and “PHI” mean any information, whether oral or recorded in any form or medium, that: (a) relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual; (b) identifies the individual (or for which there is a reasonable basis for believing that the information can be used to identify the individual); and (c) shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 C.F.R. § 160.103. Protected Health Information includes e-PHI.
1.6. “Security Incident” shall have the meaning given to such term under 45 C.F.R. § 164.304.
1.7. “Services” shall mean the services for or functions on behalf of Covered Entity performed by Business Associate pursuant to any service agreement(s) between Covered Entity and Business Associates which may be in effect now or from time to time (“Underlying Agreement”), or, if no such agreement is in effect, the services or functions performed by Business Associate that constitute a Business Associate relationship, as set forth in 45 C.F.R. § 160.103.
1.8. “Unsecured PHI” shall have the meaning given to such term under 42 U.S.C. § 17932(h), 45 C.F.R. § 164.402, and guidance issued pursuant to the HITECH Act including, but not limited to the guidance issued on April 17, 2009 and published in 74 Federal Register 19006 (April 27, 2009) by the Secretary
1.9. “Use” or “Uses” mean, with respect to PHI, the sharing, employment, application, utilization, examination or analysis of such PHI within Business Associate’s internal operations, as set forth in 45 C.F.R. § 160.103. 1.10. “Workforce” shall have the meaning given to such term under 45 C.F.R. § 160.103.
2.1. Permitted Uses and Disclosures of Protected Health Information Business Associate shall not Use or Disclose PHI other than for the purposes listed on the signature page hereto for performing the Services, as permitted or required by this BAA, or as Required by Law. Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of Subpart E of 45 C.F.R. Part 164 if so Used or Disclosed by Covered Entity. However, Business Associate may Use or Disclose PHI (i) for the proper management and administration of Business Associate; (ii) to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains a written agreement from the person to whom the PHI is to be Disclosed that such person will hold the PHI in confidence and will not Use and further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (iii) for Data Aggregation purposes for the Health Care Operations of Covered Entity. To the extent that Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate must comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligations.
2.2. Prohibited Marketing and Sale of PHI Notwithstanding any other provision in this BAA, Business Associate shall comply with the following requirements: (i) Business Associate shall not Use or Disclose PHI for fundraising or marketing purposes, except to the extent expressly authorized or permitted by this BAA and consistent with the requirements of 42 U.S.C. § 17936, 45 C.F.R. §§ 164.514(f), and 164.508(a)(3)(ii), and (iii) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI except with the prior written consent of Covered Entity and as permitted by the HITECH Act, 42 U.S.C. § 17935(d)(2), and 45 C.F.R. § 164.502(a)(5)(ii).
2.3. Adequate Safeguards of PHI Business Associate shall implement and maintain appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this BAA. Business Associate shall reasonably and appropriately protect the confidentially, integrity, and availability of e-PHI that it creates, receives, maintains or transmits on behalf of Covered Entity in compliance with Subpart C of 45 C.F.R. Part 164 to prevent Use or Disclosure of PHI other than as provided for by this BAA.
2.4. Mitigation Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of the requirements of this BAA.
2.5. Reporting Non-Permitted Use or Disclosure
2.5.1. Reporting Security Incidents and Non-Permitted Use or Disclosure Business Associate shall report to Covered Entity in writing each Security Incident or Use or Disclosure that is made by Business Associate, members of its Workforce or Subcontractors that is not specifically permitted by this BAA no later than three (3) business days after becoming aware of such Security Incident or non-permitted Use or Disclosure, in accordance with the notice provisions set forth herein. Business Associate shall investigate each Security Incident or non-permitted Use or Disclosure of Covered Entity’s PHI that it discovers to determine whether such Security Incident or non-permitted Use or Disclosure constitutes a reportable Breach of Unsecured PHI. Business Associate shall document and retain records of its investigation of any Breach, including its reports to Covered Entity under this Section 2.5.1. Upon request of Covered Entity, Business Associate shall furnish to Covered Entity the documentation of its investigation and an assessment of whether such Security Incident or non-permitted Use or Disclosure constitutes a reportable Breach. If such Security Incident or non-permitted Use or Disclosure constitutes a reportable Breach of Unsecured PHI, then Business Associate shall comply with the additional requirements of Section 2.5.2 below.
2.5.2. Breach of Unsecured PHI If Business Associate determines that a reportable Breach of Unsecured PHI has occurred, Business Associate shall provide a written report to Covered Entity without unreasonable delay but no later than thirty (30) calendar days after discovery of the Breach. To the extent that information is available to Business Associate, Business Associate’s written report to Covered Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall cooperate with Covered Entity in meeting Covered Entity’s obligations under the HITECH Act with respect to such Breach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s), the Secretary and, if applicable, the media, as required by the HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the Breach.
2.6. Availability of Internal Practices, Books, and Records to Government Business Associate agrees to make its internal practices, books and records relating to the Use and Disclosure of PHI received from or created or received by the Business Associate on behalf of Covered Entity available to the Secretary for purposes of determining Covered Entity’s compliance with HIPAA, the HIPAA Regulations, and the HITECH Act. Except to the extent prohibited by law, Business Associate shall notify Covered Entity of all requests served upon Business Associate for information or documentation by or on behalf of the Secretary. Business Associate agrees to provide to Covered Entity proof of its compliance with the HIPAA Security Standards.
2.7. Access to and Amendment of Protected Health Information To the extent that Business Associate maintains a Designated Record Set on behalf of Covered Entity and within fifteen (15) days of a request by Covered Entity, Business Associate shall (a) make the PHI it maintains (or which is maintained by its Subcontractors) in Designated Record Sets available to Covered Entity for inspection and copying, or to an individual to enable Covered Entity to fulfill its obligations under 45 C.F.R. § 164.524, or (b) amend the PHI it maintains (or which is maintained by its Subcontractors) in Designated Record Sets to enable the Covered Entity to fulfill its obligations under 45 C.F.R. § 164.526. Business Associate shall not Disclose PHI to a health plan for payment or Health Care Operations purposes if and to the extent that Covered Entity has informed Business Associate that the patient has requested this special restriction and has paid out of pocket in full for the health care item or service to which the PHI solely relates, consistent with 42 U.S.C. § 17935(a) and 42 C.F.R. § 164.522(a)(1)(vi). If Business Associate maintains PHI in a Designated Record Set electronically, Business Associate shall provide such information in the electronic form and format requested by the Covered Entity if it is readily reproducible in such form and format, and, if not, in such other form and format agreed to by Covered Entity to enable Covered Entity to fulfill its obligations under 42 U.S.C. § 17935(e) and 45 C.F.R. § 164.524(c)(2). Business Associate shall notify Covered Entity within fifteen (15) days of receipt of a request for access to PHI.
2.8. Accounting To the extent that Business Associate maintains a Designated Record Set on behalf of Covered Entity, within thirty (30) days of receipt of a request from Covered Entity or an individual for an accounting of disclosures of PHI, Business Associate and its Subcontractors shall make available to Covered Entity the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under 45 C.F.R. § 164.528 and its obligations under 42 U.S.C. § 17935(c). Business Associate shall notify Covered Entity within fifteen (15) days of receipt of a request by an individual or other requesting party for an accounting of disclosures of PHI.
2.9. Use of Subcontractors Business Associate shall require each of its Subcontractors that creates, maintains, receives, or transmits PHI on behalf of Business Associate, to execute a Business Associate Agreement that imposes on such Subcontractors the same restrictions, conditions, and requirements that apply to Business Associate under this BAA with respect to PHI.
2.10. Minimum Necessary Business Associate (and its Subcontractors) shall, to the extent practicable, limits its request, Use, or Disclosure of PHI to the minimum amount of PHI necessary to accomplish the purpose of the request, Use or Disclosure, in accordance with 42 U.S.C. § 17935(b) and 45 C.F.R. § 164.502(b)(1) or any other guidance issued thereunder.
3.1. Term The term of this Agreement shall be effective as of the Effective Date and shall terminate as of the date that all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy the PHI, protections are extended to such information, in accordance with Section 3.3, or on the date that Covered Entity terminates for cause as authorized in Section 3.2, whichever is sooner.
3.2. Termination for Cause Upon Covered Entity’s knowledge of a material breach or violation of this BAA by Business Associate, Covered Entity shall either:
a. Notify Business Associate of the breach in writing, and provide an opportunity for Business Associate to cure the breach or end the violation within ten (10) business days of such notification; provided that if Business Associate fails to cure the breach or end the violation within such time period to the satisfaction of Covered Entity, Covered Entity may immediately terminate this BAA upon written notice to Business Associate; or
b. Upon written notice to Business Associate, immediately terminate this BAA if Covered Entity determines that such breach cannot be cured
3.3. Disposition of Protected Health Information Upon Termination or Expiration
3.3.1. Upon termination or expiration of this BAA, Business Associate shall either return or destroy all PHI received from or created or received by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form and retain no copies of such PHI. If Covered Entity requests that Business Associate return PHI, PHI shall be returned in a mutually agreed upon format and timeframe, at no additional charge to Covered Entity.
3.3.2. If return or destruction is not feasible, Business Associate shall (a) retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities; (b) return to Covered Entity the remaining PHI that Business Associate still maintains in any form; (c) continue to extend the protections of this BAA to the PHI for as long as Business Associate retains the PHI; (d) limit further Uses and Disclosures of such PHI to those purposes that make the return or destruction of the PHI infeasible and subject to the same conditions set out in Section 2.1 and 2.2 above, which applied prior to termination; and (e) return to Covered Entity the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
4.1. Amendment to Comply with Law This BAA shall be deemed amended to incorporate any mandatory obligations of Covered Entity or Business Associate under the HITECH Act and its implementing HIPAA Regulations. Additionally, the Parties agree to take such action as is necessary to amend this BAA from time to time as necessary for Covered Entity to implement its obligations pursuant to HIPAA, the HIPAA Regulations, or the HITECH Act.
4.2. Indemnification Business Associate hereby agrees to indemnify and hold harmless Covered Entity, its affiliates, and their respective officers, directors, managers, members, shareholders, employees and agents from and against any and all fines, penalties, damage, claims or causes of action and expenses (including, without limitation, court costs and attorney’s fees) arising from any violation of HIPAA the Business Associate incurs, from violations against the HIPAA Regulations, or the HITECH Act or from any negligence or wrongful acts or omissions, including but not limited to failure to perform its obligations, that results in a violation of HIPAA, the HIPAA Regulations, or the HITECH Act, by Business Associate or its employees, directors, officers, subcontractors, agents or members of Business Associate’s Workforce.
4.3. Notices Any notices required or permitted to be given hereunder by either Party to the other shall be given in writing: (1) by personal delivery; (2) by electronic mail or facsimile with confirmation sent by United States first class registered or certified mail, postage prepaid, return receipt requested; (3) by bonded courier or by a nationally recognized overnight delivery service; or (4) by United States first class registered or certified mail, postage prepaid, return receipt, in each case, addressed to a Party on the signature page(s) to this Agreement or to such other addresses as the Parties may request in writing by notice given pursuant to this Section 4.3. Notices shall be deemed received on the earliest of personal delivery; upon delivery by electronic facsimile with confirmation from the transmitting machine that the transmission was completed; twenty-four (24) hours following deposit with a bonded courier or overnight delivery service; or seventy-two (72) hours following deposit in the U.S. mail as required herein
4.4. Relationship of Parties Business Associate is an independent contractor and not an agent of Covered Entity under this BAA. Business Associate has the sole right and obligation to supervise, manage, contract, direct, procure, perform or cause to be performed all Business Associate obligations under this BAA.
4.5. Survival The respective rights and obligations of the Parties under Sections 3.3 and 4.2 of this BAA shall survive the termination of this BAA.
Applicable Law and Venue This Agreement shall be governed by and construed in accordance with the laws of the state of Florida (without regards to conflict of laws principles). The Parties agree that all actions or proceedings arising in connection with this BAA shall be tried and litigated exclusively in the State or federal (if permitted by law and if a Party elects to file an action in federal court) courts located in The United States.