WHEREAS, Nemours has an electronic health record system (EHRS) containing clinical information (including progress notes, specialty consults, laboratory
and imaging results), demographics, and other information; and,
WHEREAS, Nemours has an interest in improving the quality, delivery and coordination of care to Patients of Nemours by freely sharing with Practice, as
appropriate, detailed clinical level data pertaining to Patients of Nemours and Practice in instances wherein each entity either has or had a relationship with
the Patient and the information shared pertains to such relationship.
WHEREAS, Nemours has the ability to provide Practice secure electronic access to its Patients¿ EHRs contained in its EHRS via an Internet connection to its Service; and
WHEREAS, Practice desires to obtain secure electronic access to its Patients' EHRs using the Service;
NOW THEREFORE, in consideration of the promises and covenants contained in this Agreement, and for good and valuable consideration, Nemours and Practice agree as follows:
1. Access to Nemours' Data. Upon execution of this Agreement and any other required documents, and approval of all access sites and Users as required herein, Nemours will provide Practice secure access to its Patients' EHRs via its Service and will also provide limited training on the Service.
2.1 Authorized Agent or Representative means an individual who has the legal authority to legally obligate the Practice under this Agreement.
2.2 Business Associate means business associate of the Practice as defined at 45 C.F.R. § 160.103.
2.3 Health Care Operations means health care operations as defined in the HIPAA privacy regulations at 45 C.F.R. § 164.501 and the disclosure is for a purpose listed in paragraph (1) or (2) of said definition.
2.4 HIPAA means the Health Information Technology for Economic and Accountability Act of 1996 as amended. HIPAA, which contains the federal privacy regulations codified at 45 CFR §160 and §164 (Subparts A & E) and the federal security regulations codified at 45 CFR §160 and §164 (Subparts A & C).
2.5 Nemours' Data includes the PHI contained within Nemours' EHRS and Nemours' Proprietary Information.
2.6 Patient means an Individual as defined at 45 C.F.R. § 160.103 ("the person who is the subject of protected health information") with whom the Practice either has or had a relationship pertaining to the PHI being requested via the Service.
2.7 Permitted Use means uses of the Service described in Section 6 below.
2.8 Practice means a physician or allied health care practice, organized as a legal entity, consisting of either one or several physicians or allied health care providers providing care to pediatric Patients who have also been treated by Nemours providers. The legal entity is considered the Practice.
2.9 Privacy Officer refers to a Nemours employee who is responsible for the development and implementation of Nemours privacy policies and procedures, and who can be contacted at firstname.lastname@example.org or (904) 697-4287.
2.10 Protected Health Information (PHI) means individually identifiable health information as defined at 45 CFR §160.103. This information is protected by various state and federal privacy laws and regulations.
2.11 Proprietary Information refers to information relating to Nemours' internal business affairs, including information regarding Nemours products, pricing; personnel data; vendor information; financial data and other competitively sensitive information that Nemours maintains as confidential. It also includes non-publicly available information regarding the Service, EHRS vendors, and EHRS enhancements. If such information is already made available in the public domain, then such information is not Proprietary Information. All Proprietary Information is confidential and may not be used for any purpose without the advanced written consent of Nemours. Proprietary Information includes the NemoursLink Manual, this Agreement and the User Agreement, and any NemoursLink forms or documents.
2.12 Service means the NemoursLink software and other Nemours and EHRS Vendor supplied services, software, databases, content, documentation, works of authorship and other materials and intellectual property used to provide a secure method of communication enabling a User to view the EHR of a Practice's Patient who has received health care services at Nemours.
2.13 Technical Liaison means the department or individual employed by Nemours who should be contacted by a User or Practice to report certain events or problems as required by this Agreement. The contact information for the Technical Liaison is contained in paragraph 17 below.
2.14 Treatment means treatment as defined in the HIPAA privacy regulations at 45 C.F.R. § 164.501.
2.15 User means an employee or Business Associate of the Practice who is authorized by the Practice to access its Patients' EHRs, who has signed a User Agreement, and whose access to EHRS via the Service has been approved by Nemours.
3. Term and Termination. This Agreement is effective on the Effective Date and will continue until either Party notifies the other in writing of its intent to terminate. Nemours will consider any unauthorized use of the Service as a material breach of this Agreement and grounds for immediate termination of this Agreement. Nemours retains the right to unilaterally terminate access, in its sole discretion, without advance notice to Practice.
4. Nemours Data. No rights or legal interest in Nemours' Data is transferred to the Practice under this Agreement. Practice will not copy or use Nemours' Data for any purpose other than for the Permitted Uses described in Section 6 below, unless Nemours consents in writing or such use or disclosure is required by law. If Practice receives a request or demand for disclosure of the Nemours' Data, including a subpoena, order, or other legal mandate, Practice will immediately notify Nemours, and to the extent feasible consistent with the legal mandate, withhold response to permit Nemours to seek a protective order.
5. Service. Subject to the terms and conditions of this Agreement, Nemours will make the Service available to Practice and its Users at reasonable times, provided that the Service may be unavailable when maintenance is being performed and at other times in Nemours' reasonable discretion. USERS HAVE NO RIGHT OF PRIVACY WHEN USING THE SERVICE. Nemours may, directly or through a third party designee, inspect, test and/or audit Practice and its Users¿ compliance with the terms and conditions of this Agreement. Nemours may also permit any regulator with jurisdiction over Nemours, a Practice and/or any User, to perform such inspections, tests and/or audits if requested by such regulators. Also, Nemours may permit its EHRS Vendors to inspect, test, or audit the use of the EHRS components pursuant to the terms of their agreements with Nemours. Practice hereby consents to the inspections, tests and audits described in this Section and shall cooperate and cause its Users to cooperate therewith.
6. Permitted Use of Service. Practice and its Users are permitted access and use of the Service solely for purposes of Treatment and Health Care Operations. Practice agrees that it (including its employees and business associates) will comply with all applicable laws and regulations, and the terms of this Agreement, in its access and use of the Service. Practice hereby represents, warrants and covenants that it has obtained all necessary consents, authorizations and permissions for such uses.
7. Prohibited Use of Service. Practice and its Users may not:
(a) Access or use the Service for any purpose other than the Permitted Uses listed in Section 6 above;
(b) Disclose to any third party, transfer to any third party, sell to any third party, or otherwise permit or facilitate third party access to Nemours' Data;
(c) Use any Nemours' Data with the intent to negatively impact the competitive advantage of Nemours in the marketplace;
(d) Use or disclose the Nemours' Data other than as permitted by this Agreement.
If Nemours determines that Practice or its User has accessed or used the Service in a prohibited or unlawful manner, Nemours may unilaterally terminate all access and seek any such other relief as appropriate.
8. Privacy of Nemours Data. Practice acknowledges it is a Covered Entity subject to the HIPAA privacy and security rules, and various other federal and state laws and regulations on privacy and security. Practice understands that the Service provides secure access to Nemours Data, including PHI, and agrees to comply, and cause its authorized Users to comply, with HIPAA in its use of the Service, and to take all reasonable and necessary precautions required by HIPAA to maintain the security and privacy of the PHI it accesses through the Service. Specifically, Practice agrees to:
(a) Report to the Nemours Privacy Officer any unauthorized access, use or disclosure of Nemours' Data of which Practice becomes aware;
(b) Take appropriate precautions to ensure that Patients, visitors, or other unauthorized personnel will not be able to see computer screens during access to Nemours' Data;
(c) Advise Patients requesting amendment of their PHI contained in the Nemours EHRS that the Practice does not have the authority to amend their PHI and that any amendments or corrections to it must be accomplished by contacting the Nemours Privacy Officer directly;
(d) Have in place a written agreement with any business associate or subcontractor authorized by Practice as a User to access its Patients' EHRs via the Service.
(e) Make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Plan on behalf of Nemours, available to the Secretary of Health and Human Services for the purposes of determining Nemours¿ compliance with privacy regulations.
9. Obligations of Practice.
(a) Equipment and Supplies. Practice is solely responsible for the costs of the equipment, maintenance, and supplies required for access to and use of the Service. Such costs include, but are not limited to, cost of acquisition, installation, operation and maintenance of personal computers and printers; costs related to wiring, hardware, software, phone charges, and Internet access services; and costs of ongoing equipment and supply upgrades.
(b) User Access. The Technical Liaison must be notified in writing of the names of Users authorized by Practice to access the Service. Users will not be granted access to the Service until the User signs a User Agreement, at which time Nemours will assign each User a unique logon and password to access the Service. Completion of the User Agreement requires the User to acknowledge he or she has read this Agreement. Therefore, it is the obligation of the Practice to give a copy of this Agreement to each of its authorized Users to read before the User signs the User Agreement.
(c) Access to Service. The selection of Users and the implementation and maintenance of security related to access to the Service by Users will be the sole responsibility of Practice. Practice will and will ensure each User maintains the security and confidentiality of its individual logon and password and does not share or disclose the User's assigned logon or password to others. PRACTICE WILL BE RESPONSIBLE FOR ENSURING ALL USERS COMPLY WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT, AND WILL ASSUME ALL RESPONSIBILITY AND LIABILTY BETWEEN NEMOURS AND PRACTICE WITH RESPECT TO USE OF THE SERVICE BY PRACTICE, ITS USERS OR ANY OTHER PERSONS WHO MAY ACCESS THE SERVICE USING LOGINS AND/OR PASSWORDS PROVIDED TO USERS. Nemours reserves the right to suspend or terminate a User's access to the Server for any reason.
(d) Termination of Access. In the event that a User is no longer authorized by Practice to access the Service, Practice agrees that it will take immediate steps to notify the Technical Liaison both orally at (877) MYNEMOURS and in writing so that the User¿s access to the Service may be terminated (see Section 17). Practice remains responsible for the User¿s actions until written notice to terminate access is provided to the Technical Liaison.
(e) Ensure Appropriate Use of Service. IT IS THE PRACTICE'S OBLIGATION TO MAKE SURE THE NEMOURS PRIVACY OFFICER IS IMMEDIATELY NOTIFIED IN INSTANCES WHERE THERE IS REASONABLE SUSPICION THAT THERE MAY HAVE BEEN PASSWORD COMPROMISE, UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF NEMOURS DATA, ALTERATION OF SERVICE SOFTWARE OR NEMOURS DATA, OR OTHER VIOLATIONS OF THIS AGREEMENT, THE USER AGREEMENT, OR STATE OR FEDERAL LAW. Notification should be made orally and in writing to the Privacy Officer at (904) 697-4287 and email@example.com.
(f) Representations and Warranties. Practice represents that it is in compliance with all applicable state and federal laws and regulations, and that neither it nor any of its Users, officers, employees, or agents has been debarred, penalized by, convicted, sanctioned, suspended, excluded or otherwise deemed ineligible to participate in any state or federal reimbursement program, including Medicaid or Medicare. In the event that Practice or any of its Users, officers, employees, or agents are sanctioned or excluded from participation in any state or federal reimbursement program as described above, Practice will immediately notify the Technical Liaison and Nemours may, in its sole discretion, terminate this Agreement and provide written notice to Practice.
(g) Licensed Use of Service and EHRS. Subject to the terms and conditions of this Agreement, Nemours grants to Practice a non-exclusive, non-transferable, limited license for Practice and Practice's authorized Users to access and use the Service and EHRS solely for the Permitted Use in Section 6 above. The foregoing license is only a permission to use the Service and EHRS subject to all terms and conditions herein and neither Practice nor any authorized User is entitled to a copy of any software or any other Service component used to provide access to the EHRS. Without in any way limiting the prohibitions or limitations stated elsewhere in this Agreement, Practice shall not and shall not permit its authorized Users or any other person to reproduce, publicly display, reverse engineer, disassemble, decompile, translate, port, adapt, modify or make derivative works of the Service or the EHRS; or sublicense, lease, lend, loan, re-distribute, re-transmit or time-share the Service or ERHS or make them available otherwise for access or use by any person or entity other than Practice and its authorized Users in accordance with this Agreement.
(h) Copyright. The Service and EHRS include materials that are protected by law, including United States copyright, trade secret law and other intellectual property laws and by international treaty provisions. All rights not granted under this Agreement are expressly reserved to Nemours and/or as applicable, Nemours' third party suppliers or agents. Practice shall not, and shall cause its authorized Users to not, remove any copyright, trademark, or other intellectual property or proprietary rights notices of Nemours or its third party suppliers or agents from the Service or EHRS or any copies, reports or other materials or data generated therefrom.
(i) Return of Proprietary Information. On Nemours' written request or upon the expiration or termination of this Agreement for any reason, Practice will promptly: (a) return or destroy, at Nemours¿ option, all originals and copies of all documents and materials it has received containing Nemours' Proprietary Information; and (b) deliver or destroy, at Nemours' option, all originals and copies of all summaries, records, descriptions, modifications, negatives, drawings, adoptions and other documents or materials, whether in writing or in machine-readable form, prepared by Practice, prepared under its direction, or at its request from the documents and materials referred to in subparagraph (a), and provide a notarized written statement to Nemours certifying that all documents and materials referred to in subparagraphs (a) and (b) have been delivered to Nemours or destroyed, as requested by Nemours.
10. Assignment. Neither this Agreement nor any of the rights herein may be assigned by Practice without the express, prior written approval of Nemours. Nemours may, without the consent of Practice, assign the rights and obligations herein.
11. Relationship of the Parties. It is expressly understood and agreed that this Agreement is not intended to, and does not, create a joint venture, partnership, association, or other affiliation or business relationship between the parties. Nemours and Practice shall at all times be separate legal entities and are not liable for the debts or obligations of the other party.
12. Indemnification. Practice shall indemnify and hold harmless Nemours, its affiliates and subsidiaries, and its and their directors, officers, employees, agents, and suppliers from and against any and all third party claims, demands, actions, proceedings and all resulting liabilities, losses, damages, costs and/or expenses, including reasonable attorney¿s fees and legal expenses, of whatsoever kind and nature, arising out of or relating to any access to or use of the Service or EHRS by or through Practice, including by its authorized Users or any other persons who may access the Service using logins and/or passwords provided to its authorized Users. Additionally, Practice shall indemnify and reimburse Nemours, its affiliates and subsidiaries for actual costs of notification and associated mitigation, including credit monitoring, incurred by Nemours or a Nemours affiliate as a result of a Breach of Unsecured PHI arising out of or relating to any access to or use of the Service or EHRS by or through Practice, including by its authorized Users or any other persons who may access the Service using logins and/or passwords provided to its authorized Users.
13. Limitation of Liability. UNDER NO CIRCUMSTANCES SHALL NEMOURS, ITS PARENT OR AFFILIATED ENTITIES, OR ITS OR THEIR DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS OR INSURERS BE LIABLE TO PRACTICE FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS OR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL LOSSES OR DAMAGES OF ANY NATURE OR KIND WHATSOEVER OR FOR ANY EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES, AND NOTWITHSTANDING THE FORM (e.g., CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) IN WHICH ANY LEGAL OR EQUITABLE ACTION MAY BE BROUGHT.
14. Applicable Law and Disputes. This Agreement shall be construed, and the rights and liabilities of the parties determined, in accordance with the laws of the state of Florida, except with regard to the conflicts of law principles of the state of Florida to the extent they would apply the laws of another state to this Agreement. Venue shall lie in Duval County, Florida, for any dispute arising out of this Agreement. If any dispute arises under this Agreement and results in litigation, the losing party shall pay the prevailing party all costs of litigation, including reasonable attorney's fees.
15. Survival of Certain Provisions. The obligations of the parties to this Agreement pertaining to indemnification, confidentiality and compliance with the Privacy Regulations, and permitted and prohibited uses of Nemours¿ Data set forth in paragraphs 4, 5, 6, 7, 8, 9, 11, 12, 13, and 14 shall survive and continue beyond the termination of this Agreement.
16. Notices. Any notices required to be given under this Agreement to the Technical Liaison shall be in writing and may be delivered personally, sent by registered or certified mail, by a nationally recognized overnight delivery service, or sent by facsimile or electronic mail with confirmation, addressed as follows (or at any address the parties may specify in writing later):
|Nemours Children's Clinic, Orlando The Nemours Foundation|
Attnetion: Nnemours Health Informatics
9161 Narcoossee Road, Suite 206
Orlando, FL 32827
|With copy to: |
The Nemours Foundation
Attn: Office of Contracts Administration
10140 Centruion Parkway North
Jacksonville, FL 32256
Fax: (904) 697-4241
17. Entire Agreement and Waiver. This Agreement constitutes the entire agreement between the parties and supersedes all other written or oral agreementswith respect to the subject matter hereof. This Agreement may not be altered, amended or modified except as agreed in writing by the parties. No consentor waiver, express or implied, by either party in the performance by the other party of its obligations under this Agreement shall be deemed or construed to be a consent to or waiver of any other breach or default by the other party.
18. Counterparts and Electronic Signature: This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but allof which together will constitute one and the same instrument. Delivery of an executed signature page by facsimile transmission or PDF will be as effective asdelivery of a manually signed counterpart.
IN WITNESS HEREOF, the parties have executed this Agreement as of the day and year first written above.
David W. West, MD
THE NEMOURS FOUNDATION
Nemours Health Informatics