Terms and Conditions
Last Updated: November 1, 2019
Effective Date: December 1, 2019
1. Personal Information Collected
Trusted Provider Network LLC collects publicly available information about physicians, mental health professionals, and other clinicians, hereinafter referred to as "TPN Network Enrollees"in a database to provide a directory and referral service to other healthcare professionals. This information includes your name, office address, office phone and fax numbers, specialty, and the education and training institutions you attended. Almost all doctors, and many other healthcare professionals, are included in our database. If you choose to register and become a User, you will verify that the information that we have collected about you is accurate.
We collect personal information from you at the following times:
When You Register
The following fields are required during registration to guarantee the Trusted Provider Network LLC network is a useful directory for its members: name, address, specialty, office phone, occupation, email address and password. Physicians are required to additionally enter licensing board and license number. Most of this information, other than your email address, will already be included in your profile, but we ask that you verify that the information is correct, and update it where necessary.
We also give you the option to provide the following information: subspecialty, title/practice, clinical areas of interest, maiden name, languages spoken at your office, and profile photo. Providing such information is completely optional and choosing not to provide this information will not affect your ability to browse the Trusted Provider Network LLC directory or use the Trusted Provider Network LLC service.
All of the information that is publicly available or you voluntarily provide will be included in your profile, which is accessible to anyone browsing the Trusted Provider Network LLC directory, except your birth year, year you graduated from medical school, and your email address.
When You Add a Public Profile
Once you have completed the registration process, you may at any time provide additional information to your profile. Such information includes: Interventions, modalities, Licensure, Focus Issues, A Profile Video, fellowships, work history, presentations, publications, education, professional interests, title, organizations, and board certifications. Providing additional information is entirely optional, but enables you to better identify yourself and find new opportunities in the Trusted Provider Network LLC system to build and leverage your professional network. All of the information that you voluntarily provide will be published in your profile, which is accessible to anyone browsing the Trusted Provider Network LLC directory. Any information you provide to us, whether during the registration process or as an update to your Profile, may be used in the same manner and extent to which other information is permitted to be used hereunder, including for the purpose of serving advertisements through the service.
When You Add a Privtate Profile
If you choose, you may fill out a private profile on Trusted Provider Network LLC. The private profile can consist of mobile phone, home phone, other phone, pager, inpatient/admit number, email address or other private note. Your private profile is visible only to those confirmed colleagues with whom you select to share it.
When You Invite Others to Join Trusted Provider Network LLC
If you wish to invite your colleagues to join Trusted Provider Network LLC, you can send emails to colleagues within the platform. In this case, no additional information about you or your colleagues is collected.
Alternatively, you may enter their names and email addresses, which Trusted Provider Network LLC will use to send your invitation including a message that you write. The names and email addresses of people that you invite will be used only to send your invitation and reminders.
When You Contact Customer Support
Trusted Provider Network LLC may collect information through our website or through Customer Support in order to, among other things, accurately categorize and respond to your inquiry and deliver appropriate service levels.
Log files, IP addresses and information about your computer and mobile device
Due to the communications standards on the internet, when you visit the Trusted Provider Network LLC website we automatically receive the URL of the site from which you came and the site to which you are going when you leave Trusted Provider Network LLC. Trusted Provider Network LLC also receives the internet protocol ("IP") address of your computer (or the proxy server you use to access the World Wide Web), your computer operating system and type of web browser you are using, email patterns, mobile device operating system (if you are accessing Trusted Provider Network LLC using a mobile device), as well as the name of your ISP or your mobile carrier. We use this information to analyze overall trends to help improve the service. The linkage between your IP address and your personally identifiable information is not shared with third parties without your permission, except as described in Section 2 ("Legal Disclaimer" and "Disclosures to Others"), below.
Consent to Trusted Provider Network LLC Processing Information About You
Rights to Access, Correct and Eliminate Information About You
You have a right to access, modify, correct and eliminate the data about you, which has been collected pursuant to your decision to become a User. If you update any of your information, we may keep a copy of the information which you originally provided to us in our archives for uses documented herein. We take your rights seriously and encourage you to use them if you deem this to be appropriate. You may exercise these rights by emailing us at email@example.com or by contacting us at:
Trusted Provider Network LLC
201 St Joseph St 2nd Floor
New Orleans, LA 70130
2. Uses of Personal Information
Trusted Provider Network LLC is an online service dedicated to helping TPN NETWORK ENROLLEES more effectively connect with one another. The information you choose to provide about yourself on our service is used to help you describe yourself to other Users. If you close your Trusted Provider Network LLC account, we will remove all of the personal information that you have provided to Trusted Provider Network LLC from our publicly viewable database, as well as any private profile information that you have stored with us. We will retain the publicly available data in the database, including all of the information about you that was available on our database prior to your joining the Trusted Provider Network LLC network. Other information, that does not personally identify you as an individual, is collected by Trusted Provider Network LLC from Users (such as, for example, patterns of utilization) and is exclusively owned by Trusted Provider Network LLC. This information can be utilized by Trusted Provider Network LLC in such manner as Trusted Provider Network LLC, in its sole discretion, deems appropriate.
Trusted Provider Network LLC Communications to You
Trusted Provider Network LLC will communicate with you through email, fax and notices posted on the Trusted Provider Network LLC website or through other means available through the service, including text and other forms of messaging. If we send any communications to you via the carrier service with which you have a mobile communications subscription or otherwise have access, you understand you will pay any service fees associated with any such access (including text messaging charges for messages to your mobile device). Our communications to you include emails which help inform Users about various features of the service. Trusted Provider Network LLC may send you promotional information unless you have opted out of receiving such information. You can change your email and contact preferences at any time by sending a request to firstname.lastname@example.org or by updating your profile information.
Information provided to Trusted Provider Network LLC (or to third parties with whom it offers combined services) is also used to customize your experience on our website. For example, you can store "favorite" phone numbers for easy reference.
Sharing Information with Third Parties
Trusted Provider Network LLC takes the privacy of Users very seriously. We do not sell, rent, or otherwise provide your private information to third parties for marketing or other purposes. We may provide data about the usage of our services with third party service providers with whom we contract to help us provide our Services. For example, we may work with vendors, consultants or other third parties to host and maintain our data and website properties, analyze our data, or provide marketing assistance. All contracted third parties must agree not to use your personal information and communications other than to fulfill their responsibilities to us and are bound by confidentiality agreements with regard to their use of such information. We may provide aggregated anonymous data about the usage of our services to third parties for such purposes as we deem, in our sole discretion, to be appropriate, including to prospective investors in Trusted Provider Network LLC. We may segment our Users by specialty, education, alumni groups, training, research, grants, trials, geographic location or other similar information and provide information from your public profile as part of our Services and product offerings. If you would like to be excluded from the aggregated research or products based upon aggregated or segmented data and Users' activities on the site, please email email@example.com.
As part of our Services, we may share personal information with accredited Continuing Medical Education (CME) and Continuing Education (CE) providers who certify CME and CE activities, to process CME or CE activities you may choose to take through our Service.
When you choose to engage with a sponsored program, such as engaging with a commercial client's sponsored news alert, we may provide our commercial clients with your identifiable information and information about the type of engagement (e.g., whether you viewed, interacted with or requested information about such promotional content). We will only share your identifiable information with clients who have agreed to use such information solely for authorized purposes.
To confirm, we will not provide your personal contact information such as email, phone, fax, or postal address as part of our Services. You may revoke your authorization to participate in these features of our Services at anytime. If you would like to be excluded from the accredited bodies, leading publications or commercial features of our Services, please email firstname.lastname@example.org.
We use your information, including the addresses you import through our contact importers, to make suggestions to you and other users on Trusted Provider Network LLC. For example, if another user imports the same email address as you do, we may suggest that you add each other as colleagues. To help your friends find you, we allow other users to use contact information they have about you, such as your email address, to find you, including through contact importers and search.
We offer search services to help you find information and learn more about other Users (for example, you can search for Users with particular expertise, or that you may know from your medical school). We use information from User profiles and other contributions to Trusted Provider Network LLC to inform and refine our search service.
Surveys and Polls
As a User, you may receive requests to participate in market research including polls and surveys submitted by other Trusted Provider Network LLC members. If you participate in surveys and polls offered through our website, the information you provide may be visible to others using the Trusted Provider Network LLC website. You may opt-out of participating by emailing email@example.com to stop receiving these inquiries and requests.
Communications to other Users
Communications you initiate through Trusted Provider Network LLC, such as a colleague invitation sent to a non-User, will not list your name in the message, or your current office address and phone/fax numbers. No other contact information will be included in the message.
Trusted Provider Network LLC members may communicate with one another using the Trusted Provider Network LLC messaging feature. Messages may only be initiated between two users who have connected within the Trusted Provider Network LLC network. In the case where a User has initiated a group message to two or more of his or her colleagues, recipients of this group message may "reply all" to the recipients of this group message, even though they are not all colleagues.
Customer will not upload or provide to Trusted Provider Network any personal financial information or medical information of any nature or any Protected Health Information ("PHI") or Electronic Protected Health Information ("ePHI"), as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). PHI means individually identifiable information relating to the past, present, or future health status off an individual and may include the first name and last name or first initial and last name of any natural person in combination with any of the following elements that relate to that natural person: a social security number; geographic identifiers, diagnoses, treatment information, medical test results, and prescription information are considered protected health information under HIPAA, as are national identification numbers and demographic information such as birth dates, gender, ethnicity, and contact and emergency contact information. PHI relates to physical records, while ePHI is any PHI that is created, stored, transmitted, or received electronically. Customer will remove such information immediately if accidentally uploaded or provided to Trusted Provider Network, or Trusted Provider Network may purge such information from the Services.
It is possible that we may need to disclose personal information when required by law, such as responses to civil or criminal subpoenas, or other requests by law enforcement personnel. We will disclose such information when we have a good-faith belief that it is necessary to comply with a court order, ongoing judicial proceeding, subpoena, or other legal process or request to Trusted Provider Network LLC brought in any country throughout the world, or to exercise our legal rights or defend against legal claims.
Disclosures to others
We may also disclose your personal and other information you provide, to another third party as part of a reorganization or a sale of substantially all of the business of Trusted Provider Network LLC. Any third party to which we transfer or sell Trusted Provider Network LLC's assets will have the right to continue to use the personal and other information that you provide to us.
3. Your Information Choices
Accessing and Changing Your Account Information
You can review the personal information you provided us and make any desired changes to the information you publish, or to the settings for your Trusted Provider Network LLC account, including your email and contact preferences, at any time by emailing firstname.lastname@example.org. You can also make these changes on the Trusted Provider Network LLC website by updating your Profile. Please be aware that even after your request for a change is processed, Trusted Provider Network LLC may, for a time, retain residual information about you in its backup and/or archival copies of its database.
Closing Your Account
You can also close your account at any time by emailing email@example.com. If you close your Trusted Provider Network LLC account, we will remove all of the information that you have provided to Trusted Provider Network LLC from our publicly viewable database, as well as any private profile information that you have stored with us. We will retain the publicly available data in the database, including all of the information about you that was available on our database prior to your joining the Trusted Provider Network LLC network. We may also retain certain data contributed by you if we believe it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law.
Trusted Provider Network LLC may also retain and use your information if necessary to provide the Services to other Users. For example, just as an email you may send to another person through an email service provider resides in that person's inbox even after you delete it from your sent files or close your account, communications to other Users, as well as your contributions to the online discussion or other communications, may remain visible to others after you have closed your account. Similarly, other information you have shared with others, or that other Users have copied, may also remain visible. This includes personal health information that you communicate through the Trusted Provider Network LLC Services. Trusted Provider Network LLC disclaims any liability in relation to the deletion or retention (subject to the terms herein) of information or any obligation not to delete the information. Trusted Provider Network LLC does not control when search engines update their cache, which may contain certain public profile information that has since been removed from Trusted Provider Network LLC publicly viewable database.
To request that we close your account and remove your information from the Trusted Provider Network LLC website, please send your request to firstname.lastname@example.org. Please send your request using an email account that you have registered with Trusted Provider Network LLC under your name. You will receive a response within five business days of its receipt.
If we learn that a User is deceased, we may memorialize the User's account. In these cases we may restrict profile access, remove messaging functionality, and close an account if we receive a formal request from the User's next of kin or other proper legal request to do so.
4. Your Obligations
As a User, you have certain obligations toward the other Users with whom you will be communicating. Certain of these obligations are imposed by applicable law and regulations, and others have become commonplace in user-friendly communities of like-minded members, such as Trusted Provider Network LLC:
- You must not download or otherwise disseminate any information which may be deemed to be injurious, defamatory, violent, offensive, racist, sexist or xenophobic, or which may otherwise violate the purpose and spirit of Trusted Provider Network LLC and its community of Users.
- You must not provide information to Trusted Provider Network LLC and /or other Users which you believe might be injurious or detrimental to your person, professional or social status.
- You must use our free peer-to-peer invite and secure message system for clinical, not commercial use. While we do allow selected client outreach for partner information, market research, expert witness, and career opportunities, these messages have a distinct format and channel-level opt-outs to protect our members. Those found soliciting, scamming, or spamming other members will be removed or suspended from the network at our sole discretion.
- You must refrain from posting PHI, ePHI, using TPN for any purpose which would violate the Stark Law, Anti-Kickback Statute, False Claims Act, or furthering any activities which would violate Federal, State or Local law.
Any violation of these guidelines may lead to the restriction, suspension or termination of your account by Trusted Provider Network LLC, as we take these principles seriously and consider them to be the basis on which our Users adhere to the Trusted Provider Network LLC website and the services which it offers.
5. Important Information
If Users have questions or concerns regarding this statement, you may contact Trusted Provider Network LLC by email at email@example.com.
Insurance data on Trusted Provider Network LLC is offered for informational purposes only, it should not be relied upon, and users agree to hold harmless Trusted Provider Network LLC and its data suppliers for use of the data.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page. We generally post updates to this policy once per year or as applicable. By continuing to use the Trusted Provider Network LLC service after notice of changes have been sent to you or published on the Trusted Provider Network LLC website, you are consenting to the changes.
If you use the Trusted Provider Network LLC service after notice of these changes have been posted, you are providing your consent to the changed practices.
In order to secure your personal information, access to your data on Trusted Provider Network LLC is password-protected. It is your responsibility to protect the security of your login information.
7. User Agreement
Trusted Provider Network LLC mission is to connect the world's behavioral health professionals to enable you to be more productive and successful.
B. Scope and Intent
2. YOUR OBLIGATIONS
A. Applicable laws and this Agreement
- DOs and DON'Ts
- Complaints Regarding Content Posted on the Trusted Provider Network LLC Website; and
B. License and warranty for your submissions to Trusted Provider Network LLC
You must comply with all applicable laws, the Agreement, as may be amended from time to time with or without advance notice, and the policies and processes explained in the following sections:
You have control over the information you provide Trusted Provider Network LLC under this Agreement, and may request its deletion at any time, unless you have shared information or content with others and they have not deleted it, or it was copied or stored by other users. Additionally, you grant Trusted Provider Network LLC and its registered users a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to Trusted Provider Network LLC, including, but not limited to, any registration data, user generated content, ideas, concepts, techniques or data to the services, you submit to Trusted Provider Network LLC, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss as noted in Sections 2 and 3 of this Agreement.
By providing information to us, you represent and warrant that you are entitled to and have the requisite rights to submit the information and that the information is accurate, not confidential, and not in violation of any contractual restrictions or other third party rights. Except as otherwise provided in this Agreement, Trusted Provider Network LLC will have no obligations with respect to the information you submit to us. Trusted Provider Network LLC hereby grants you a non-exclusive, non-transferable license to re-use or republish your own contributions made to the Trusted Provider Network LLC site in its original or derivative form for republication elsewhere, such as in journals or other professional publications. This license is restricted to your own contributions and does not grant you rights to republish the contributions or postings of other Trusted Provider Network LLC members. Trusted Provider Network LLC shall be free to use any ideas, concepts, know-how or techniques contained in such information for any purpose whatsoever including, but not limited to, developing, manufacturing, and marketing products and services incorporating such information. It is your responsibility to keep your Trusted Provider Network LLC profile information accurate and updated.
C. Service Eligibility
To be eligible to use the Service, you must meet the following criteria and represent and warrant that you: (1) are 18 years of age or older; (2) a certified U.S. physician, licensed behavioral professional with active state license or other health care professional (3) are not currently restricted from the Services, or not otherwise prohibited from having a Trusted Provider Network LLC account, (4) are not a competitor of Trusted Provider Network LLC or are not using the Services for reasons that are in competition with Trusted Provider Network LLC; (5) will only maintain one Trusted Provider Network LLC account at any given time; (6) have full power and authority to enter into this Agreement and doing so will not violate any other agreement to which you are a party; (7) will not violate any rights of Trusted Provider Network LLC, including intellectual property rights such as copyright or trademark rights; and (8) agree to provide at your cost all equipment, software, and internet access necessary to use the Services.
D. Sign-In Credentials
You agree to: (1) Keep your password secure and confidential; (2) not permit others to use your login credentials to access your account; (3) refrain from using other Users' accounts; (4) refrain from selling, trading, or otherwise transferring your Trusted Provider Network LLC account or any information and content of another Trusted Provider Network LLC user to another party; and (5) refrain from charging anyone for access to any portion of Trusted Provider Network LLC, or any information therein. Further, you are responsible for anything that happens through your account until you close down your account or prove that your account security was compromised due to no fault of your own. To close your account, please contact firstname.lastname@example.org.
E. IndemnificationYou indemnify us and hold us harmless for all damages, losses and costs (including, but not limited to, reasonable attorneys' fees and costs) related to all third party claims, charges, and investigations, caused by (1) your failure to comply with this Agreement, including, without limitation, your submission of content that violates third party rights or applicable laws, (2) any content you submit to the Services, and (3) any activity in which you engage on or through Trusted Provider Network LLC.
If you purchase any services that we offer for a fee, either on a one-time or subscription basis ("Premium Services"), you agree to Trusted Provider Network LLC storing your payment card information. You also agree to pay the applicable fees for the Premium Services (including, without limitation, periodic fees for premium accounts) as they become due plus all related taxes, and to reimburse us for all collection costs and interest for any overdue amounts. Your obligation to pay fees continues through the end of the subscription period during which you cancel your subscription. You may cancel your Premium Services by contacting email@example.com. You also acknowledge that Trusted Provider Network LLC Premium Services are subject to this Agreement and any additional terms related to the provision of the Premium Service. All fees and charges are nonrefundable and there are no refunds or credits for partially used periods. All Premium Services, including upgrades and additional messages acquired as part of your Premium account, expire immediately upon cancellation or termination of your Premium account.
G. Notify Us of Acts Contrary to the Agreement
If you believe that you are entitled or obligated to act contrary to this Agreement under any mandatory law, you agree to provide us with detailed and substantiated explanation of your reasons in writing at least 30 days before you act contrary to this Agreement, to allow us to assess whether we may, at our sole discretion, provide an alternative remedy for the situation, though we are under no obligation to do so.
H. Notifications and Service Messages
For purposes of service messages and notices about the Services to you, Trusted Provider Network LLC may place a banner notice across its pages to alert you to certain changes such as modifications to this Agreement. Alternatively, notice may consist of an email from Trusted Provider Network LLC to an email address associated with your account, even if we have other contact information. You also agree that Trusted Provider Network LLC may communicate with you through your Trusted Provider Network LLC account or through other means including email, mobile number, telephone, or delivery services including the postal service about your Trusted Provider Network LLC account or services associated with Trusted Provider Network LLC. You acknowledge and agree that we shall have no liability associated with or arising from your failure to maintain accurate contact or other information, including, but not limited to, your failure to receive critical information about the Service.
I. User-To-User Communication and Sharing
Trusted Provider Network LLC offers various ways to communicate via TPN messaging which include or may include in the future forums such as TPN messaging, where you can communicate with individuals and groups. Any electronic personal health information communicated will be subject to the Business Associate Agreement attached as Exhibit A.
Trusted Provider Network LLC members can create groups, phone lists for free, however, Trusted Provider Network LLC may close or transfer groups or phone lists in its discretion, or remove content from them if the content violates this Agreement or others' intellectual property rights.
Please note that ideas you post and information you share may be seen and used by other Users, and Trusted Provider Network LLC cannot guarantee that other Users will not use the ideas and information that you share on Trusted Provider Network LLC. Therefore, if you have an idea or information that you would like to keep confidential and/or don't want others to use, or that is subject to third party rights that may be infringed by your sharing it, do not share it on Trusted Provider Network LLC. TRUSTED PROVIDER NETWORK LLC IS NOT RESPONSIBLE FOR A USER'S MISUSE OR MISAPPROPRIATION OF ANY CONTENT OR INFORMATION YOU POST, UPLOAD, OR TRANSMIT WITHIN Trusted Provider Network LLC. User will bear any and all liability arising out of uploading any PHI.
K. Contributions to Trusted Provider Network LLC
By submitting ideas, suggestions, documents, and/or proposals ("Contributions") to Trusted Provider Network LLC through its suggestion or feedback webpages, you acknowledge and agree that: (a) your Contributions do not contain confidential proprietary or protected health information; (b) Trusted Provider Network LLC is not under any obligation of confidentiality, express or implied, with respect to the Contributions; Trusted Provider Network LLC shall be entitled to use or disclose (or choose not to use or disclose) such Contributions for any purpose, in any way, in any media worldwide; (d) Trusted Provider Network LLC may have something similar to the Contributions already under consideration or in development; (e) you irrevocably assign to Trusted Provider Network LLC all rights to your Contributions; and (f) you are not entitled to any compensation or reimbursement of any kind from Trusted Provider Network LLC under any circumstances.
L. Posted Data
The information and content posted on Trusted Provider Network LLC is gathered from publicly available data or submitted by Users, and Trusted Provider Network LLC cannot guarantee the accuracy of such information. Use of Trusted Provider Network LLC by you is conditioned upon your agreement that all of the information and content, including profile and insurance data, is for informational purposes only and should not be relied upon, and that as User, you agree to hold harmless Trusted Provider Network LLC and other Users and data suppliers for your use or reliance on such data.
3. YOUR RIGHTS
On the condition that you comply with all your obligations under this Agreement, including, but not limited to, the Do's and Don'ts listed in Section 12, we grant you a limited, revocable, nonexclusive, nonassignable, nonsublicenseable license and right to access the Services, through a generally available web browser, mobile device or application (but not through scraping, spidering, crawling or other technology or software used to access data without the express written consent of Trusted Provider Network LLC or its Users), view information and use the Services that we provide on Trusted Provider Network LLC webpages and in accordance with this Agreement. Any other use of Trusted Provider Network LLC contrary to our mission and purpose (such as seeking to connect to someone you do not know or to use information gathered from Trusted Provider Network LLC commercially in each case unless expressly authorized by Trusted Provider Network LLC) is strictly prohibited and a violation of this Agreement. We reserve all rights not expressly granted in this Agreement, including, without limitation, title, ownership, intellectual property rights, and all other rights and interest in Trusted Provider Network LLC and all related items, including any and all copies made of the Trusted Provider Network LLC website.
4. OUR RIGHTS AND OBLIGATIONS
A. Services Availability
For as long as Trusted Provider Network LLC continues to offer the Services, Trusted Provider Network LLC shall provide and seek to update, improve and expand the Services. As a result, we allow you to access Trusted Provider Network LLC as it may exist and be available on any given day and have no other obligations, except as expressly stated in this Agreement. We may modify, replace, refuse access to, suspend or discontinue Trusted Provider Network LLC, partially or entirely, or change and modify prices for all or part of the Services for you or for all our users in our sole discretion. All of these changes shall be effective upon their posting on our site or by direct communication to you unless otherwise noted. Trusted Provider Network LLC further reserves the right to withhold, remove and or discard any content available as part of your account, with or without notice if deemed by Trusted Provider Network LLC to be contrary to this Agreement. For avoidance of doubt, Trusted Provider Network LLC has no obligation to store, maintain or provide you a copy of any content that you or other Users provide when using the Services.
B. Third Party Sites
Trusted Provider Network LLC is not responsible for and does not endorse any features, content, advertising, products or other materials on or available from Third Party Sites. Accordingly, if you decide to access Third Party Sites, you do so at your own risk.
C. Disclosure of User Information
You acknowledge, consent and agree that we may access, preserve, and disclose your registration and any other information you provide if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary in our opinion to: (1) comply with legal process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) enforce this Agreement; (3) respond to claims of a violation of the rights of third parties, whether or not the third party is a User, individual, or government agency; (4) respond to customer service inquiries; or (5) protect the rights, property, or personal safety of Trusted Provider Network LLC, our Users or the public.
D. Connections and Interactions With Other Users
You are solely responsible for your interactions with other Users. Trusted Provider Network LLC may limit the number of colleague connections you may have to other Users and may, in certain circumstances, prohibit you from contacting other Users through use of the Services or otherwise limit your use of the Services. Trusted Provider Network LLC reserves the right, but has no obligation, to monitor disputes between you and other members and to restrict, suspend, or close your account if Trusted Provider Network LLC determines, in our sole discretion, that doing so is necessary to enforce this Agreement.
You agree that from time to time Trusted Provider Network LLC may invite or otherwise make you aware of certain educational, promotional or financial opportunities relating to Your Communications and profile.
5. SERVICE DISCLAIMER
Do not rely on Trusted Provider Network LLC, any information therein, or its continuation. We provide the platform for Trusted Provider Network LLC and all information and services on an "as is" and "as available" basis. Trusted Provider Network LLC does not control or vet User generated content for accuracy. We do not provide any express warranties or representations.
To the fullest extent permissible under applicable law, we disclaim any and all implied warranties and representations, including, without limitation, any warranties of merchantability, fitness for a particular purpose, title, accuracy of data, and noninfringement. If you are dissatisfied or harmed by Trusted Provider Network LLC or anything related to Trusted Provider Network LLC, you may close your Trusted Provider Network LLC account and terminate this agreement in accordance with section 7 ("termination") and such termination shall be your sole and exclusive remedy.
Trusted Provider Network LLC is not responsible, and makes no representations or warranties for the delivery of all TPN messages sent through Trusted Provider Network LLC to anyone. In addition, we neither warrant nor represent that your use of the service will not infringe the rights of third parties. Any material, service, or technology described or used on the website may be subject to intellectual property rights owned by third parties who have licensed such material, service, or technology to us.
Trusted Provider Network LLC does not guarantee that the services it provides will function without interruption or errors in functioning. In particular, the operation of the services may be interrupted due to maintenance, updates, or system or network failures. Trusted Provider Network LLC disclaims all liability for damages caused by any such interruption or errors in functioning. Furthermore, Trusted Provider Network LLC disclaims all liability for any malfunctioning, impossibility of access, or poor use conditions of the Trusted Provider Network LLC site due to inappropriate equipment, disturbances related to internet service providers, to the saturation of the internet network, and for any other reason.
6. MEDICAL DISCLAIMER
Trusted Provider Network LLC reminds you that the Service is not meant to serve as a substitute for your own professional medical judgment. You should always exercise your professional judgment in evaluating your patients, and should carefully consider any treatment plan. Trusted Provider Network LLC encourages you to confirm the information made available or otherwise obtained through the Service with other reliable sources before undertaking any treatment. We also encourage you to review from time to time the American Medical Association's Policy for Professionalism in the Use of Social Media at http://www.ama-assn.org/ama/pub/meeting/professionalism-social-media.shtml.
BUSINESS ASSOCIATE AGREEMENT
The Health Insurance Portability and Accountability Act of 1996 generally requires that covered entities and business associates enter into contracts to ensure that the business associates will appropriately safeguard protected health information. A business associate contract serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. You and Trusted Provider Network LLC agree to the terms of the business associates agreement provided in Exhibit A relating to any communications of electronic protected health information.
8. LIMITATION OF LIABILITY
Neither Trusted Provider Network LLC nor any employees, shareholders, representatives or directors ("Trusted Provider Network LLC Affiliates") shall be cumulatively liable for (a) any damages in excess of U.S. $10, or (b) any special, incidental, indirect, punitive or consequential damages or loss of use, profit, revenue or data to you or any third person arising from your use of the Service, any platform applications or any of the content or other materials on, accessed through or downloaded from Trusted Provider Network LLC. This limitation of liability is part of the basis of the bargain between the parties and without it the terms and prices charged would be different. This limitation of liability shall:
Apply regardless of whether (1) you base your claim on contract, tort, statute or any other legal theory, (2) we knew or should have known about the possibility of such damages, or (3) the limited remedies provided in this section fail of their essential purpose; and
Not apply to any damage that Trusted Provider Network LLC may cause you intentionally or knowingly in violation of this Agreement or applicable law, or as otherwise mandated by applicable law that cannot be disclaimed from in this Agreement.
Not apply if you have entered into a separate agreement to purchase Premium Services with a separate Limitation of Liability provision that supersedes this section in relation to those Premium Services.
A. Mutual Rights of Termination
You may terminate this Agreement, for any or no reason, at any time, with notice to Trusted Provider Network LLC pursuant to Section 11.B. This notice will be effective upon Trusted Provider Network LLC processing your notice. Trusted Provider Network LLC may terminate the Agreement and your account for any reason or no reason, at any time, with or without notice. This cancellation shall be effective immediately or as may be specified in the notice. Termination of your Trusted Provider Network LLC account includes disabling your access to Trusted Provider Network LLC and may also bar you from any future use of Trusted Provider Network LLC.
B. Misuse of the Services
Trusted Provider Network LLC may restrict, suspend or terminate the account of any User who abuses or misuses the Services or offers competitive services. Misuse of the Services includes inviting to connect other Users whom you do not know or with whom you do not have a medical referral, informational, recruiting or consulting objective authorized by Trusted Provider Network LLC; abusing the Trusted Provider Network LLC messaging services; using the Services commercially without Trusted Provider Network LLC authorization, infringing any intellectual property rights, violating any of the Do's and Don'ts listed in Section 12, or any other behavior that Trusted Provider Network LLC, in its sole discretion, deems contrary to its purpose. In addition, and without limiting the foregoing, Trusted Provider Network LLC has adopted a policy of terminating accounts of Users who, in Trusted Provider Network LLC sole discretion, are deemed to be repeat infringers under the United States Copyright Act.
C. Effect of Termination
Upon the termination of your Trusted Provider Network LLC account, you lose access to the Services. The terms of this Agreement shall survive any termination, except Sections 3 ("Your Rights") and 4.a-b, and d ("Our Rights and Obligations") hereof.
10. DISPUTE RESOLUTION
A. Law and Forum for Legal Disputes
This Agreement or any claim, cause of action or dispute ("claim") arising out of or related to this Agreement shall be governed by the laws of the state of California regardless of your country of origin or where you access Trusted Provider Network LLC, and notwithstanding of any conflicts of law principles and the United Nations Convention for the International Sale of Goods. You and Trusted Provider Network LLC agree that all claims arising out of or related to this Agreement must be resolved exclusively by a state or federal court located in New Orleans, Louisiana except as otherwise agreed by the parties or as described in the Arbitration Option paragraph below. You and Trusted Provider Network LLC agree to submit to the personal jurisdiction of the courts located within New Orleans, Louisiana for the purpose of litigating all such claims. Notwithstanding the above, you agree that Trusted Provider Network LLC shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
B. Arbitration Option
For any claim (excluding claims for injunctive or other equitable relief) where the total amount of the award sought is less than $10,000, the party requesting relief may elect to resolve the dispute in a cost effective manner through binding non-appearance-based arbitration. In the event a party elects arbitration, they shall initiate such arbitration through an established alternative dispute resolution ("ADR") provider mutually agreed upon by the parties. The ADR provider and the parties must comply with the following rules: (a) the arbitration shall be conducted by telephone, online and/or be solely based on written submissions, the specific manner shall be chosen by the party initiating the arbitration; (b) the arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and any judgment on the award rendered by the arbitrator shall be final and may be entered in any court of competent jurisdiction.
11. GENERAL TERMS
If any provision of this Agreement is found by a court of competent jurisdiction or arbitrator to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable and effective to the maximum extent possible in order to effect the intention of the provision; and if a court or arbitrator finds the modified provision invalid, illegal, void or unenforceable, the validity, legality and enforceability of the remaining provisions of this Agreement will not be affected in any way.
B. Notices and Service of Process
In addition to Section 2.h. ("Notifications and Service Messages"), we may notify you via postings on TPN.health. You may contact us at firstname.lastname@example.org or via mail or courier at:
Trusted Provider Network LLC
ATTN: Legal Department
864 S. Peters, 2nd Floor
New Orleans, LA 70130
Additionally, Trusted Provider Network LLC accepts service of process at this address. Any notices that you provide without compliance with this section on Notices shall have no legal effect.
C. Entire Agreement
You agree that this Agreement constitutes the entire, complete and exclusive agreement between you and us regarding the Services and supersedes all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of this Agreement. You also may be subject to additional terms and conditions that may apply when you use or purchase certain other Trusted Provider Network LLC services, third-party content or third party software.
D. Initial Posting and Amendments to This Agreement
E. No Informal Waivers, Agreements or Representations
Our failure to act with respect to a breach of this Agreement by you or others does not waive our right to act with respect to that breach or subsequent similar or other breaches. Except as expressly and specifically contemplated by the Agreement, no representations, statements, consents, waivers or other acts or omissions by any Trusted Provider Network LLC Affiliate shall be deemed legally binding on any Trusted Provider Network LLC Affiliate, unless documented in a physical writing hand signed by a duly appointed officer of Trusted Provider Network LLC.
F. No Injunctive Relief
In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Service, exploitation of any advertising or other materials issued in connection therewith, or exploitation of the Services or any content or other material used or displayed through the Services.
G. Assignment and Delegation
You may not assign or delegate any rights or obligations under the Agreement. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under the Agreement, fully or partially without notice to you. We may also substitute, by way of unilateral novation, effective upon notice to you, Trusted Provider Network LLC for any third party that assumes our rights and obligations under this Agreement.
H. Potential Other Rights and Obligations
You may have rights or obligations under local law other than those enumerated here if you are located outside the United States.
12. Trusted Provider Network LLC USER "DOS" and "DON'TS"
As a condition to access Trusted Provider Network LLC, you agree to this User Agreement and to strictly observe the following DOs and DON'Ts:
A. Do Undertake the Following:
- Comply with all applicable laws, including, without limitation, state and federal patient privacy laws, intellectual property laws, export control laws, tax laws, Stark Law, Anti-Kickback Statute, False Claims Act, HIPAA, and other regulatory requirements;
- Provide accurate information to us and update it as necessary;
- Review and comply with notices sent by Trusted Provider Network LLC concerning the Services; and
- Disclose any potential conflicts-of-interest, such as consultant fees (e.g. promoting "off-label" use) as appropriate; and
- Use the Services in a professional manner.
B. Don't Undertake the Following:
- Act dishonestly or unprofessionally by engaging in unprofessional behavior by posting inappropriate, inaccurate, or objectionable content to Trusted Provider Network LLC;
- Publish inaccurate information in the designated fields on the profile form (e.g., do not include a link or an email address in the specialty field). Please also protect sensitive personal information such as your email address, phone number, street address, or other information that is confidential in nature;
- Harass, abuse or harm another person, including sending unwelcomed or unauthorized communications to others using Trusted Provider Network LLC;
- Upload a profile image that is not your likeness or a head-shot photo;
- Use or attempt to use another's account without authorization from the user, or create a false identity on Trusted Provider Network LLC;
- Offer inducements or accept inducements related to referrals of patients who participate in federal, state, or governmental payor programs such as Medicare, Medicaid, Tri-care or the like.
Upload, post, email, utilize any TPN Messaging format, fax, transmit or otherwise make available or initiate any content that:
- Falsely states, impersonates or otherwise misrepresents your identity, including but not limited to misrepresenting your current or previous positions and qualifications, or your affiliations with a person or entity, past or present;
- Is unlawful, libelous, abusive, obscene, discriminatory or otherwise objectionable;
- Adds to a content field content that is not intended for such field (i.e. submitting a telephone number in the specialty field);
- Includes information that you do not have the right to disclose or make available under any law or under contractual or fiduciary relationships (such as private patient information, insider information, or proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
- Infringes upon patents, trademarks, trade secrets, copyrights or other proprietary rights;
- Includes any unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or any other form of unauthorized communication. This prohibition includes but is not limited to (a) using Trusted Provider Network LLC invitations to send messages to people who don't know you or who are unlikely to recognize you as a known contact; (b) using Trusted Provider Network LLC to connect to people who don't know you and then sending unsolicited promotional messages to those direct connections without their permission; and (c) sending messages to distribution lists, newsgroup aliases, or group aliases;
- Contains software viruses, worms, or any other computer code, files or programs that interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment of Trusted Provider Network LLC or any User of Trusted Provider Network LLC;
- Forges headers or otherwise manipulate identifiers in order to disguise the origin of any communication transmitted through the Services; and/or
- Duplicate, license, sublicense, publish, broadcast, transmit, distribute, perform, display, sell, rebrand, or otherwise transfer information found on Trusted Provider Network LLC (excluding content posted by you) except as permitted in this Agreement or as expressly authorized by Trusted Provider Network LLC;
- Reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive the source code for any underlying intellectual property used to provide the Services, or any part thereof
- Utilize or copy information, content or any data you view on and/or obtain from Trusted Provider Network LLC to provide any service that is competitive, in Trusted Provider Network LLC sole discretion, with Trusted Provider Network LLC;
- Imply or state, directly or indirectly, that you are affiliated with or endorsed by Trusted Provider Network LLC unless you have entered into a written agreement with Trusted Provider Network LLC;
- Adapt, modify or create derivative works based on Trusted Provider Network LLC or technology underlying the Services, or other Users' content, in whole or part;
- Rent, lease, loan, trade, sell/re-sell access to Trusted Provider Network LLC or any information therein, or the equivalent, in whole or part;
- Sell, sponsor, or otherwise monetize content, phone lists, or any other service or functionality of Trusted Provider Network LLC, without the express written permission of Trusted Provider Network LLC;
- Deep-link to the Site for any purpose, (i.e. including a link to a Trusted Provider Network LLC web page other than Trusted Provider Network LLC home page) unless expressly authorized in writing by Trusted Provider Network LLC or for the purpose of promoting your profile or a Group on Trusted Provider Network LLC;
- Remove any copyright, trademark or other proprietary rights notices contained in or on Trusted Provider Network LLC, including those of both Trusted Provider Network LLC and any of its licensors;
- Collect, use, copy, or transfer any information, including, but not limited to, personally identifiable information obtained from Trusted Provider Network LLC except as expressly permitted in this Agreement or as the owner of such information may expressly permit;
- Share information of non-Users without their express consent;
- Infringe or use Trusted Provider Network LLC brand, logos and/or trademarks, including, without limitation, using the word "Trusted Provider Network LLC" in any business name, email, or URL or including Trusted Provider Network LLC trademarks and logos or as expressly permitted by Trusted Provider Network LLC;
- Use manual or automated software, devices, scripts robots, other means or processes to access, "scrape," "crawl" or "spider" any web pages or other services contained in the site, unless explicitly permitted by Trusted Provider Network LLC;
- Use bots or other automated methods to access Trusted Provider Network LLC, add or download contacts, send or redirect messages, or perform other activities through Trusted Provider Network LLC, unless explicitly permitted by Trusted Provider Network LLC;
- Access, via automated or manual means or processes, Trusted Provider Network LLC for purposes of monitoring Trusted Provider Network LLC availability, performance or functionality for any competitive purpose;
- Engage in "framing," "mirroring," or otherwise simulating the appearance or function of Trusted Provider Network LLC website;
- Attempt to or actually access Trusted Provider Network LLC by any means other than through the interfaces provided by Trusted Provider Network LLC such as its mobile application or by navigating to http://tpn.health using a web browser. This prohibition includes accessing or attempting to access Trusted Provider Network LLC using any third-party service, including software-as-a-service platforms that aggregate access to multiple services, including Trusted Provider Network LLC;
- Attempt to or actually override any security component included in or underlying Trusted Provider Network LLC;
- Engage in any action that directly or indirectly interferes with the proper working of or places an unreasonable load on Trusted Provider Network LLC infrastructure, including, but not limited to, sending unsolicited communications to other Users or Trusted Provider Network LLC personnel, attempting to gain unauthorized access to Trusted Provider Network LLC, or transmitting or activating computer viruses through or on Trusted Provider Network LLC;
- Interfere with or disrupt or game Trusted Provider Network LLC or the Services, including, but not limited to, any servers or networks connected to Trusted Provider Network LLC, in particular Trusted Provider Network LLC search algorithms.
- Any attempt to obtain unauthorized access, interfere with or to exceed authorized access to Trusted Provider Network LLC shall be considered a trespass and computer fraud and abuse, punishable under state and federal laws. Trusted Provider Network LLC hereby notifies you that any or all communications with this website can and will be monitored, captured, recorded, and transmitted to the authorities as deemed necessary by Trusted Provider Network LLC in its sole discretion and without further notice.
- Any content which contains PHI or ePHI or any post which would violate the terms of the Federal False Claims Act, Stark Law, Anti-Kickback Statute or other federal, state, or local law.
13. COMPLAINTS REGARDING CONTENT POSTED ON THE TRUSTED PROVIDER NETWORK LLC WEBSITE
If you believe any materials accessible on or from the Services infringe your copyright, you may request removal of those materials (or access thereto) from the Services by contacting Trusted Provider Network LLC at the following physical or email address:
Trusted Provider Network LLC
ATTN: Legal Department
201 St Joseph St – 2nd Floor
New Orleans, LA 70130
and providing the following information:
- Identification of the copyrighted work that you believe to be infringed. Please describe the work, and where possible include a copy or the location (e.g., URL) of an authorized version of the work.
- Identification of the material that you believe to be infringing and its location. Please describe the material, and provide us with its URL or any other pertinent information that will allow us to locate the material.
- Your name, address, telephone number and (if available) e-mail address.
- A statement that you have a good faith belief that the complained of use of the materials is not authorized by the copyright owner, its agent, or the law.
- A statement that the information that you have supplied is accurate, and indicating that "under penalty of perjury," you are the copyright owner or are authorized to act on the copyright owner's behalf.
- A signature or the electronic equivalent from the copyright holder or authorized representative.
In an effort to protect the rights of copyright owners, we maintain a policy for the termination, in appropriate circumstances, of subscribers and account holders who are repeat infringers.
EXHIBIT A: HIPAA BUSINESS ASSOCIATE AGREEMENT BETWEEN TRUSTED PROVIDER NETWORK LLC AND PROVIDER
THIS HIPAA BUSINESS ASSOCIATE AGREEMENT (the "BA Agreement") is entered into as of the date that the Trusted Provider Network LLC User (referred to in this BA Agreement as "Provider" electronically agrees to the Online Terms and Conditions of Use governing the Trusted Provider Network LLC service. This BA Agreement is entered into between the Provider ("Covered Entity") and Trusted Provider Network LLC, Inc. ("Business Associate").
WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), which protects the confidentiality of health information;
WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services ("HHS") promulgated Privacy Standards and Security Standards, each as defined below, governing confidential health information;
WHEREAS, Business Associate performs services through its provision of the Trusted Provider Network LLC Services (the "Service") on behalf of Covered Entity;
WHEREAS, Business Associate's provision of the Service requires Covered Entity to provide Business Associate with access to confidential health information; and
WHEREAS, in order to comply with the business associate requirements of HIPAA and its implementing regulations, Business Associate and Covered Entity must enter into an agreement that governs the uses and disclosures of such confidential health information by the Business Associate.
NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
The following terms used in this BA Agreement shall have the same meaning as those terms in the HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Minimum Necessary, Notice of Privacy Practices, Security Incident, Subcontractor, and Use.
For purposes of this BA Agreement, the following terms shall have the following meanings:
"Breach" when capitalized, "Breach" shall have the meaning set forth in 45 C.F.R. 164.402 (including all of its subsections); with respect to all other uses of the word "breach" in this BA Agreement, the word shall have its ordinary contract meaning.
"Business Associate" shall generally have the same meaning as the term "business associate" at 45 C.F.R. § 160.103.
"Covered Entity" shall generally have the same meaning as the term "covered entity" at 45 C.F.R. § 160.103.
"Electronic Media" shall have the meaning set forth in 45 C.F.R. 160.103, which is defined as electronic storage media (including memory devices in computers, hard drives, any removable or transportable digital memory medium, such as magnetic tape or disk, optical disk or digital memory card) or transmission media used to exchange information already in electronic storage media (including the Internet, extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media). Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged does not exist in electronic form before the transmission.
"Electronic Protected Health Information" or "EPHI" shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media or (ii) maintained in any medium constituting Electronic Media. For instance, EPHI includes information contained in a patient's electronic medical records and billing records. "EPHI" shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
"HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Part 160 and Part 164.
"HITECH Act" shall mean the Health Information Technology for Economic and Clinical Health Act, found in Title XIII of the American Recovery and Reinvestment Act of 2009, effective February 17, 2009.
"Individual" shall have the same meaning as set forth in 45 C.F.R. 160.103, defined as the person who is the subject of PHI, and shall include a personal representative in accordance with 45 C.F.R. 164.502(g).
"Individually Identifiable Health Information" shall mean information that is a subset of health information, including demographic information collected from an individual, and
(i) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(ii) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (a) identifies the individual, or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
"Privacy Standards" shall mean the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, as currently in effect.
"Protected Health Information" or "PHI" shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media, (ii) maintained in any medium constituting Electronic Media; or (iii) transmitted or maintained in any other form or medium. For instance, PHI includes information contained in a patient's medical records and billing records. "Protected Health Information" shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C. 1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.
"Required by Law" shall have the same meaning as the term "Required by law" in 45 C.F.R. 164.103.
"Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or any office or person within the U.S. Department of Health and Human Services to which/whom the Secretary has delegated his or her authority to administer the Privacy Standards and the Security Standards, such as the Director of the Office for Civil Rights.
"Security Standards" shall mean Security Standards for the Protection of Electronic Protected Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and C.
"Subsequent Business Associate" shall mean any agent, including subcontractors, of Business Associate to whom Business Associate discloses Protected Health Information or Electronic Protected Health Information.
"Unsecured Protected Health Information" shall have the same meaning as the term "unsecured protected health information" in 45 C.F.R. 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
All references to "days" in this BA Agreement shall mean calendar days. Capitalized terms used not defined herein shall have the meanings ascribed to them in the Privacy Standards or the Security Standards.
2.1 Permitted Uses and Disclosures. Business Associate agrees that it shall use and disclose Protected Health Information received from Covered Entity for the purposes of providing the Service services, as otherwise permitted under this BA Agreement, or as Required by Law. Business Associate is authorized to use Protected Health Information to deidentify the information in accordance with 45 C.F.R. § 164.514(a)-(c). Business Associate agrees to follow guidance issued by the Secretary regarding what constitutes "minimum necessary" with respect to the use or disclosure of PHI and EPHI. Until such time that such guidance is issued, Business Associate shall limit its use or disclosure of PHI and EPHI, to the extent practicable, to the limited data set (as defined in 45 C.F.R. 164.514(e)(2)), or to the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively.
2.2 Disclosures to Subsequent Business Associates. Business Associate shall not disclose any PHI to any Subsequent Business Associate, unless and until Business Associate and the Subsequent Business Associate have entered into an agreement containing the same terms and conditions as set forth in this BA Agreement.
2.2.1 Business Associate, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and § 164.308(b)(2), if applicable, shall ensure that any subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.
2.3 Reporting Violations of Law. Consistent with the requirements of 45 C.F.R. 164.502(j)(1), Business Associate may disclose Protected Health Information to report violations of law to appropriate Federal and State authorities.
2.4 Appropriate Safeguards. Business Associate shall implement appropriate administrative, technical, and physical safeguards to prevent any use or disclosure of Protected Health Information not authorized by this BA Agreement. Specifically, Business Associate agrees to comply with the requirements of 45 C.F.R. 164.308, 164.310,164.312 and 164.316 to the same extent such requirements apply to Covered Entity.
2.5 Reporting of Illegal, Unauthorized or Improper Uses or Disclosures and Remedial Actions. Business Associate shall report to Covered Entity any illegal, unauthorized, or improper use or disclosure of Protected Health Information, Security Incident or any Breach (collectively, "Known Misuse") by it or a Subsequent Business Associate without unreasonable delay and within ten (10) business days of obtaining knowledge of such Known Misuse. Additionally, if the Known Misuse is a Breach of Unsecured Protected Health Information, Business Associate shall comply with the requirements of 45 C.F.R. 164.410. Business Associate shall take, or, in the event that the acts or omissions of a Subsequent Business Associate gave rise to the Known Misuse, shall require a Subsequent Business Associate to take, commercially reasonable actions to mitigate the negative impact of any Known Misuse and adopt additional or improve existing safeguards to prevent recurrence.
2.6 Internal Practices, Books and Records. Business Associate shall make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, or their designees, for purposes of determining and facilitating Business Associate's and Covered Entity's compliance with the Privacy Standards and Security Standards.
2.7 Access to Protected Health Information.
2.7.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.524 to provide Individuals with access to their Protected Health Information.
2.7.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to access Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.8 Amendments to Protected Health Information.
2.8.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.526 to provide Individuals the right to amend their Protected Health Information.
2.8.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to amend Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9 Accounting of Disclosures.
2.9.1 Within twenty (20) days of a request by Covered Entity, Business Associate shall provide Covered Entity with an accounting of all disclosures of Protected Health Information, other than disclosures excepted from the Privacy Standards accounting requirement under 45 C.F.R. 164.528(a)(1)(i)-(ix), made by Business Associate or by a Subsequent Business Associate in the previous six (6) years (but in no event prior to April 14, 2003) in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.528 to provide Individuals with an accounting of disclosures of their Protected Health Information.
2.9.2 Such accounting shall include, with respect to each disclosure: the date of the disclosure; the name (and address, if known) of the entity or person receiving the Protected Health Information; a description of the Protected Health Information disclosed; a statement of the purpose of the disclosure; and any other information the Secretary may require under 45 C.F.R. 164.528 (collectively, "Disclosure Information").
2.9.3 Notwithstanding Section 2.11.2, for repetitive disclosures of Protected Health Information that Business Associate makes for a single purpose to the same person or entity, Business Associate may record: (a) the Disclosure Information for the first of these repetitive disclosures; (b) the frequency, periodicity or number of these repetitive disclosures made during the accounting period; and the date of the last of these repetitive disclosures.
2.9.4 Business Associate shall notify Covered Entity within ten (10) days of receiving a request from an Individual for an accounting of disclosures of Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.
2.9.5 In accordance with the HITECH Act, the parties acknowledge that the Secretary shall promulgate regulations regarding the right of Individuals to receive an accounting of disclosures made for treatment, payment and healthcare operations during the previous three (3) years if such disclosures are made through the use of an electronic health record. The parties agree to comply with such regulations promulgated by the Secretary as of the effective date of those regulations.
2.10 Subpoenas, Court Orders, and Governmental Requests. If Business Associate receives a court order, subpoena, or governmental request for documents or other information containing Protected Health Information, Business Associate will use reasonable efforts to notify Covered Entity of the receipt of the request within ten (10) business days to provide Covered Entity an opportunity to respond. Business Associate may comply with such order, subpoena, or request as Required by Law or permitted by law.
2.11 Remuneration in Exchange for PHI. Except as permitted by the HITECH Act or regulations promulgated by the Secretary in accordance with the HITECH Act, and as of the effective date of such regulations, Business Associate shall not directly or indirectly receive remuneration in exchange for PHI unless Covered Entity notifies Business Associate that it obtained a valid authorization from the Individual specifying that the Individual's PHI may be exchanged for remuneration by the entity receiving such Individual's PHI.
3. Covered Entity Obligations.
3.1 Notice of Privacy Practices. Covered Entity shall notify Business Associate of limitation(s) in its notice of privacy practices, to the extent such limitation affects Business Associate's permitted Uses or Disclosures.
3.2 Individual Permission. Covered Entity shall notify Business Associate of changes in, revocation of, permission by an Individual to use or disclose PHI, to the extent such changes affect Business Associate's permitted Uses or Disclosures.
3.3 Restrictions. Covered Entity shall notify Business Associate of restriction(s) in the Use or Disclosure of PHI that Covered Entity has agreed to, to the extent such restriction affects Business Associate's permitted Uses or Disclosures.
3.4 Consents and Authorizations. Covered Entity represents and warrants that any and all consents, authorizations, or other permissions necessary under the Privacy Standards or other applicable law (including state law) to transmit information through the Service and/or under this BA Agreement have been properly secured.
3.5 Marketing. Covered Entity represents and warrants that it has obtained any and all authorizations from Individual for any use or disclosure of PHI for marketing, unless the marketing communication is made without any form of remuneration (i) to describe medical services or products provided by either party; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual or to direct or recommend alternate treatments, therapies, providers or settings.
3.6 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164.
4. Term and Termination.
4.1 Term. The Term of this BA Agreement shall commence on and this BA Agreement shall be effective as of the date on which Covered Entity electronically registers for the Service, and shall continue in effect for as long as Covered Entity is registered for the Service.
4.2 Termination for Cause. In the event either party determines that the other has engaged in a pattern of activity or practice that constitutes a material breach of a term of this BA Agreement and such violation continues for thirty (30) days after written notice of such breach has been provided, the party claiming a breach shall have the right to terminate Covered Entity's participation on the Service or, if termination is not feasible, to report the breach to the Secretary.
4.3 Effect of Termination.
4.3.1 Return or Destruction of Protected Health Information; Disposition When Return or Destruction Not Feasible. Upon termination of this Agreement, the parties hereby acknowledge that the return or destruction of PHI received by the Business Associate from Covered Entity is not feasible, and that, therefore, Business Associate may retain a copy of such Protected Health Information provided that: (i) the provisions of this Agreement shall continue to apply to any such information retained following cancellation, termination, expiration, or other conclusion of Covered Entity's participation on the Service; and (ii) Business Associate shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible, for as long as Business Associate maintains such PHI.
4.3.2 Reasonable Fees. All reasonable fees incurred to cause the return, destruction, or storage of Protected Health Information under this Section 4.3 shall be borne by the Covered Entity.
5.1 Regulatory References. A reference in this BA Agreement to a section in HIPAA, the HITECH Act, the Privacy Standards, or the Security Standards means the section as in effect or as amended at the time.
5.2 Survival. The respective rights and obligations of the parties under Section 4.3 of this BA Agreement shall survive the termination of this BA Agreement.
5.3 Interpretation. Any ambiguity in this BA Agreement shall be resolved in favor of a meaning that permits the parties to comply with the Privacy Standards and Security Standards. Except to the extent specified by this BA Agreement, all of the terms and conditions governing Covered Entity's participation on the Service shall be and remain in full force and effect. In the event of any inconsistency or conflict between this BA Agreement and the terms and conditions governing Covered Entity's participation on the Service, the terms and provisions and conditions of this BA Agreement shall govern and control.
5.4 Amendment. The parties shall work together through reasonable negotiations to amend this BA Agreement as necessary to comply with any changes in law, including, but not limited to, the promulgation of amendments to the Privacy Standards or Security Standards required by the HITECH Act or any other future laws, applicable to or affecting the rights, duties, and obligations of the parties under this BA Agreement or the terms and conditions governing Covered Entity's participation on the Service.
5.5 Independent Relationship. None of the provisions of this BA Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this BA Agreement and the terms and conditions governing Covered Entity's participation on the Service.
5.6 Notices. In addition to Section 2.h. ("Notifications and Service Messages") and 11.b ("Notices and Service of Process"), we may notify you via postings on TPN.HEALTH. You may contact us at email@example.com or via mail or courier at the address below.
All notices and notifications under this BA Agreement shall be sent in writing by traceable carrier to the listed persons on behalf of Business Associate and Covered Entity at the addresses indicated at the address below, or as set forth in the online registration process or such other address as a party may indicate by at least ten (10) days' prior written notice to the other party. Notices will be effective upon receipt. Any notices provided without compliance with this section on Notices shall have no legal effect.
5.7 Construction and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the State of California (excepting any conflict of laws provisions which would serve to defeat application of California law). Each of the parties hereto submits to the exclusive jurisdiction of the state and/or federal courts located within the State of California for any suit, hearing or other legal proceeding of every nature, kind and description whatsoever in the event of any dispute or controversy arising hereunder or relating hereto, or in the event any ruling, finding or other legal determination is required or desired hereunder.
ADDRESSES FOR NOTICES
FOR Trusted Provider Network LLC, INC:
Trusted Provider Network LLC
ATTN: Legal Department
201 St Joseph St – 2nd Floor
New Orleans, LA 70130
FOR COVERED ENTITY:
The notice address for Covered Entity will be the address provided by that entity on the online registration page for the Trusted Provider Network LLC service.
HIPAA Compliant Communications using Trusted Provider Network LLC
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to protect electronic data pertaining to patient identification and health, and standardize the process of data interchange. A major component of HIPAA is the "Security Rule", which includes technical safeguards and their implementation. Technical safeguards are defined in 445 CFR Part 164 § 164.304:
Technical safeguards means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.
The Security Rule's technical safeguards do not mandate a specific technology solution but rather employ the adaptable requirement that an entity use any and as many security measures as are reasonable and appropriate. These security measures are required to meet several standards, as described below. Trusted Provider Network LLC meets --and in many cases exceeds-- these standards while bringing innovative flexibility and features to physician users.
"Access" is defined in § 164.304: Access means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.
The access control standard § 164.312(a)(1) requires that a covered entity must:
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).
Access controls are designed to provide the appropriate privileges to user accessing data, applications and files. The HIPAA Security Rule describes implementation specifications for the access control standard:
Unique user identification § 164.312(a)(2)(i). Assign a unique name and/or number for identifying and tracking user identity.
Trusted Provider Network LLC assigns each user a unique identification number, allowing it to route information appropriately and track user activity. Healthcare provider accounts are associated with a preexisting profile sourced from the National Provider Index (NPI).
Automatic logoff § 164.312(a)(2)(iii). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
The Trusted Provider Network LLC website terminates electronic sessions after a period dependent on access-device type. By default, sessions are automatically terminated after 30 minutes of inactivity and a new login required.
Encryption and decryption § 164.312(a)(2)(iv). Implement a mechanism to encrypt and decrypt electronic protected health information. To protect sensitive health information from unauthorized access, all data on the Trusted Provider Network LLC network is protected using the Secure Sockets Layer (SSL) protocol. In fact, Trusted Provider Network LLC was the first professional/social network to force the https:// standard for all mobile and web communication features, protecting from unauthorized access over wireless and wired networks. Inbox messages and faxes are additionally encrypted end-to-end using 256-bit Advanced Encryption Standard (AES) encryption with Cipher-Block Chaining (CBC) mode for message headers, content and attachments.
The audit control standard § 164.312(b) requires that a covered entity must:
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
Trusted Provider Network LLC records and examines network activity to protect users, technical infrastructure and electronic health information from security violations. Access logs are stored indefinitely. Logs are maintained every time an inbox (DocMail) or fax (DocFax) record has been accessed or edited. These logs are fully encrypted, easily accessible by Trusted Provider Network LLC, and can be retrieved at short notice for emergency situations.
"Integrity" is defined in § 164.304:
Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.
The integrity standard § 164.312(c)(1) requires that a covered entity must:
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
Trusted Provider Network LLC protects the integrity of electronic health information via end-to-end encryption and decryption of messages transferred over the SSL protocol. To protect against destruction, Trusted Provider Network LLC messages are securely archived once per hour, and access to archives is itself logged and archived separately.
Person or Entity Authentication
The person or entity authentication control standard § 164.312(d) requires that a covered entity must:
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
During user registration, a new user claiming to be a healthcare provider initiates account registration by entering their name and finding their pre-filled profile, pre-generated by Trusted Provider Network LLC from the National Provider Index (NPI) of US providers. They then verify they are the person they claim to be by entering their date of birth and work zip code, then passing a challenge- response identity test. Trusted Provider Network LLC utilizes a third party identification services provider that generates three identity challenge questions based on credit reports and other databases. After passing the identity test, a user creates an account and a personal password, which must be used to subsequently sign-in to the application.
New users that fail to pass the identity quiz, do not find their NPI number, or do not have an NPI number can create an unverified, placeholder Trusted Provider Network LLC account wherein all communication features are disabled. Users in the unverified state are prompted to enter a manual verification process, wherein proof of identity and provider credentials is established using manually submitted and reviewed copies of identification and employment documents.
The transmission security standard § 164.312(e)(1) requires that a covered entity must:
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
There are two implementation specifications for the transmission security standard:
Integrity controls § 164.312(e)(2)(i). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
Encryption § 164.312(e)(2)(ii). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
Trusted Provider Network LLC uses the Secure Socket Layer (SSL) Handshake Protocol with a 2048-bit RSA Cryptosystem for all mobile and web data communication, protecting from unauthorized access over wireless and wired networks. Trusted Provider Network LLC messages are further encrypted using 256-bit AES with CBC mode on message headers, content and attachments.
The Trusted Provider Network LLC mobile application for Android and iOS features secure Inbox messaging and faxing. No PHI is ever stored locally on mobile devices. Rather the data transmitted to mobile devices is erased from the device after access, while the version on Trusted Provider Network LLC servers remains encrypted at rest. In the event a user has a lost or stolen mobile device, the user or Trusted Provider Network LLC support can deauthenticate the device remotely.
Today's physician faces many of the same communication barriers as their predecessors—they are restricted to outdated, HIPAA approved devices such as pagers and fax machines.
Although text messaging is standard practice in other fields, SMS does not meet HIPAA security requirements. That prohibits instant, text-based communication within the medical community.
Trusted Provider Network LLC provides a HIPAA compliant, digitally encrypted messaging technology that enables physicians to communicate securely and conveniently from web and mobile platforms.
Trusted Provider Network LLC requires new users to submit personally-identifiable information and pass an identity verification quiz to ensure each member is a verified healthcare professional.
Highlights of Trusted Provider Network LLC Security and Compliance Components
* Unique User Identification and Verification
* User Authentication to Confirm the Medical Professional's Identity
* SSL Handshake Protocol with 2048-bit RSA Cryptosystem
* Secure Inbox with End-to-End 256-bit AES Digital Encryption with CBC mode
* Automatic Logoff During Inactivity
* Audit Control to Protect Users from Security Violations
* Backup of All Network Activity
Trusted Provider Network LLC is a free application that can be utilized on iPhone, Android and the web. HIPAA compliance and data security is a top priority for Trusted Provider Network LLC communication platform. We welcome any additional questions, ideas or feedback at firstname.lastname@example.org.