DECEMBER 2023
Terms of Service
QUICK LINKS:
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS SERVICE.
BY USING THE SERVICES OR CLICKING “AGREE” IN THE ORDER PLACED BY CUSTOMER, CUSTOMER IS AGREEING TO BE BOUND BY THIS AGREEMENT, WHICH SETS FORTH RXNT’S TERMS OF SERVICE. ANY ORDER PLACED BY A CUSTOMER SHALL CONSTITUTE AN OFFER TO CONTRACT SUBJECT TO THE STANDARD TERMS AND CONDITIONS HEREIN CONTAINED AND, UNLESS EXPRESSLY AGREED IN WRITING BY AN AUTHORIZED REPRESENTATIVE OF RXNT, NO ADDITION TO, OR VARIATION FROM, THESE STANDARD TERMS AND CONDITIONS SHALL APPLY. THESE STANDARD TERMS AND CONDITIONS WILL NEGATE THE CUSTOMER’S OWN TERMS AND CONDITIONS AS SUCH.
IF CUSTOMER IS AGREEING TO THIS AGREEMENT ON BEHALF OF OR FOR THE BENEFIT OF THEIR EMPLOYER, THEN CUSTOMER REPRESENTS AND WARRANTS THAT THEY HAVE THE NECESSARY AUTHORITY TO AGREE TO THIS AGREEMENT ON THEIR EMPLOYER’S BEHALF.
This agreement (Agreement) is between Networking Technology, Inc., a Maryland corporation d/b/a RXNT (RXNT), and the customer agreeing to these terms (“Customer”), and covers all services provided by RXNT to Customer. Customer understands that use of the Services is also governed by the Subscription Summary between the parties, RXNT’s Support Policy (Attachment A), its Pricing Policy (Attachment B), its Third Party Terms (Attachment C), its Business Associate Agreement (Attachment D), its Privacy Policy (Attachment E), its Security Notice (Attachment F), its Return of Data FAQ (Attachment G), and its Service Level FAQ (Attachment H), each of which is incorporated by reference into the Agreement and each of which may be modified from time to time.
1) RXNT SOFTWARE SERVICES
This Agreement provides Customer access and use of RXNT’s web-based subscription services, as specified on the electronic or written order between the parties (Subscription Summary), which is incorporated by reference into this Agreement and made part of it. Customer may purchase RXNT PM (Practice Management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing), and related services under this Agreement (Services).
2) USE OF SERVICES
a. RXNT Responsibilities
Training. RXNT shall provide online training to Customer during the Standard Onboarding Period (defined in Attachment B) for the Service Customer has subscribed to. All End Users must complete online training prior to the End User being granted access to the e-Prescribing application.
Support. RXNT must provide customer support for the Services as further detailed in the RXNT Support Policy. Customer shall be responsible for its own devices, systems, applications, connections and software used to access the Services.
b. Customer Responsibilities
Access by Employees and Contractors. Customer may allow its employees and contractors to access the Services in compliance with the terms of this Agreement and the applicable Subscription Summary, which access must be for the sole benefit of Customer. Customer is responsible for the compliance with this Agreement by its employees and contractors.
Restrictions and Responsibilities. Customer may not (i) sell, resell, rent or lease the Services, use the Services beyond its internal operations or reverse engineer the Services, (ii) use the Services to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party rights (including without limitation any privacy rights), (iii) interfere with or disrupt the integrity or performance of the Services, (iv) attempt to gain unauthorized access to the Services or its related systems or networks, (v) reverse engineer the Services or remove or modify any proprietary marking or restrictive legends in the Services, (vi) use the Services in violation of any law, including without limitation, HIPAA, Telephone Consumer Protection Act and any spam laws (for example, CAN SPAM), or (vii) access the Services to build a competitive product or service, or copy any feature, function or graphic of the Services for competitive purposes. Customer is solely responsible for Customer Information (defined below), must use commercially reasonable efforts to prevent unauthorized access to the Services, must notify RXNT promptly of any such unauthorized access, and may use the Services only in accordance with its user guide and applicable law.
Customer Information. All data, information, images and files entered or uploaded by Customer to the Services remains the sole property of Customer, as between RXNT and Customer (Customer Information), subject to the other terms of this Agreement. Customer grants RXNT a non-exclusive, royalty-free license to modify, store, transmit and otherwise use the Customer Information for purposes of RXNT performing under this Agreement. Notwithstanding the foregoing, if Customer’s access to the Services is suspended for non-payment of fees in accordance with Section 3(d), RXNT will have no obligation to provide Customer Information to Customer until Customer remedies such non-payment as provided in this Agreement.
Accuracy of Information Provided by Customer. Customer represents and warrants to RXNT that all Customer Information, Content (defined below) and other material provided under Customer’s account, by Customer or on its behalf, is true, correct and accurate. If Customer learns that any Customer Information or Content provided to RXNT as part of the Services is not true, correct or accurate, Customer must immediately notify RXNT by phone and in writing of this fact, and provide the true, correct and accurate information to RXNT. RXNT relies on Customer representations regarding the truth, accuracy and compliance with laws of Customer Information and Content. RXNT IS NOT LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY CUSTOMER’S FAILURE TO COMPLY WITH THIS PARAGRAPH, IRRESPECTIVE OF ANY ACT OR OMISSION ON THE PART OF RXNT.
Aggregation Services and De-identified Data. RXNT may use protected health information to provide you with data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining any and all ownership claims related to the de-identified data it creates from protected health information. RXNT may use, during and after this Agreement, all aggregate anonymized information and de-identified data for purposes of enhancing the Services, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.
Electronic Prescriptions for Controlled Substances. If Customer uses the Services for Electronic Prescriptions for Controlled Substance (Electronic Prescriptions), the following applies:
- Tokens. Each Electronic Prescription account is assigned to a specific provider (Prescribing Provider) authorized by Customer. Each Prescribing Provider will be provided with a hard token provided by a third party (Hard Token) and confirmation letter. If the Hard Token is lost, damaged or becomes inoperable, there will be an additional fee for a new Hard Token or confirmation letter. Each Prescribing Provider will also be provided a soft token provided by a third-party (Soft Token). The Soft Token must be downloaded/stored on a separate device from the computer or device on which the Prescribing Provider gains access to the Electronic Prescriptions feature and transmits prescriptions. The Hard Tokens and Soft Tokens are referred to generally as a Token.
- Customer Responsibilities. Customer and each Prescribing Provider agrees: (a) that each Prescribing Provider shall retain sole possession of the Hard Token and not to share the login passphrase with any other person; (b) that each Prescribing Provider may not allow any other person to use the Token or enter the login passphrase in order to sign controlled substance prescriptions; (c) that failure to secure the Token, login passphrase, or any biometric information may provide a basis for revocation or suspension of the Electronic Prescriptions account; (d) to notify RXNT within one business day of discovery if: (i) Customer or a Prescribing Provider is contacted by a pharmacy because one or more controlled substance prescriptions are displaying the incorrect United States Drug Enforcement Administration (DEA) number; (ii) if Customer or a Prescribing Provider discover that one or more controlled substance prescriptions issued using a Prescribing Provider DEA number were not consistent with the prescriptions actually signed, or were not signed at all; (iii) if a Prescribing Provider’s Token has been lost, stolen, or the authentication protocol has been compromised in any way; (e) that the Prescribing Provider is responsible for any controlled substance prescriptions written using its two-factor authentication credential; (f) that Prescribing Providers have the same responsibilities when issuing electronic prescriptions for controlled substances as when issuing paper or oral prescriptions; (g) to prescribe controlled substances only for legitimate medical purposes; (h) to review security logs on a daily basis for any security incidents; and (i) to report to the DEA any security incident and provide RXNT with a copy of such report. Customer agrees to keep all security incident reports on file for a period of two years.
Electronic Prescriptions (Excluding Prescriptions for Controlled Substances). If Customer uses the Services for Electronic Prescriptions (excluding prescriptions for controlled substances), the Customer and each Prescribing Provider agrees: (a) to only prescribe on their own behalf and not give away password or credentials to another person to prescribe for them; and (b) to take the same responsibility you would when transmitting paper or phone prescriptions.
Electronic Prescriptions in General. If Customer uses the Services for Electronic Prescriptions, Customer agrees to use Form I-9 to verify the identity and employment authorization of all End Users hired for employment, and must be able to provide evidence of such upon RXNT request. Customer and Prescribing Provider agree that Prescribing Provider (i) will not share their registration login credentials or give their login credentials to anyone else, (ii) is responsible for maintaining the confidentiality of their password, and (iii) agrees to accept responsibility for all activities that occur under their account or password.
c. Additional Terms
Content; Warranties. Customers may upload or submit content, files and information to the Services (Content). As between RXNT and Customer, all Content belongs to Customer, and Customer hereby grants RXNT a non-exclusive irrevocable, perpetual, royalty free license to display, store, distribute, share, modify and otherwise use such Content for purposes of this Agreement. All other elements that are provided by RXNT are solely owned by RXNT, and will not be retained by Customer upon suspension, expiration, or termination of this Agreement. Customer represents and warrants to RXNT that (i) any Content submitted to the Services does not violate any copyright, trade secret, privacy or other third-party right; (ii) it will not submit any Content that is untrue, defamatory, harmful to any person, or violates HIPAA Privacy Rules, State or Federal laws on patient privacy, and (iii) all patient testimonials submitted by Customer are accurate and have the patient's consent and comply with ethical guidelines of professional medical associations as well as state and local medical and private practice boards and governing bodies.
Reminders, Statements, and Other SMS Messages. Customer agrees that by registering for the Services, including any request forms or use of communications features, constitutes a request for RXNT to send email, fax, phone call, or SMS reminders about upcoming appointments, billing statements, multi-factor authentication (MFA), special offers, and upcoming events. RXNT is not responsible for any text messaging or data transmission fees. If Customer provides a cellular phone number and agrees to receive communications from RXNT, Customer specifically authorizes RXNT to send text messages or calls to such number. Customer represents and warrants it has the authority to grant such authorization. Customer is not required to consent to receive text messages or calls as a condition of using the Services and may opt out of such messages through the Services.
Reviews & Opinions. RXNT does not endorse, validate as accurate, or necessarily agree with any of the reviews, links and user generated content from users or Customers on the Services. RXNT reserves the right to refuse to publish any patient review provided by Customer.
Advertisements. RXNT reserves the right to place advertisements or messages from third parties on webpages of the Services. Such advertisements or messages from third parties may be visible to users as well as Customers.
3) PAYMENT TERMS
a. Payment
Customer must pay all fees as specified on any order form or quote, and must pay all fees for any additional services utilized, as specified in the Pricing Policy. All fees are due upon receipt. Customer is responsible for providing complete and accurate billing and contact information to RXNT and notifying RXNT of any changes to such information.
b. Credit Card and ACH
Customer must pay all fees (US$) with a credit card or via ACH put on file with RXNT (“Payment Source”). Customer hereby authorizes RXNT to charge such credit card or withdraw from Customer’s bank account via ACH for all purchased Services and related services, and any renewals. Customer’s Payment Source will be charged immediately upon enrollment for the Services. For each renewal
thereafter, Customer’s Payment Source will be charged after email notification by RXNT three (3) days prior to renewal (“Renewal Date”). An invoice and a receipt of payment are both available on the Renewal Date.
c. Taxes
RXNT’s fees do not include any taxes, levies or other similar governmental assessments (Taxes). Customer is responsible for the payment of all Taxes associated with its purchases under this Agreement. RXNT is solely responsible for taxes assessable against RXNT based on its income, property and employees.
d. Suspension of Service for Non-Payment
RXNT may suspend or terminate the Services, or both, if Customer has not paid amounts owed to RXNT when due. In advance of any suspension or termination, RXNT will make commercially reasonable efforts to send a minimum 3-day notice of payment default to Customer prior to suspension or termination (Customer is responsible for updating its contact information with RXNT and notifying RXNT of any changes to such information).
e. Fee Changes
All fees may be changed with 60 days’ advance email notice to Customer. Customer is responsible for keeping its updated email address on file with RXNT.
f. Postage Fees
Since postage rate increases are publicly announced by the United States Postal Service, RXNT will automatically apply the rate increase to all services impacted by the change without advance notice.
4) WARRANTY/SERVICE LEVEL AGREEMENT/DISCLAIMERS
a. Availability
RXNT will make commercially reasonable efforts to maintain uptime of 99%.
b. Mutual Compliance with Laws
Each party represents and warrants to the other party that it will comply with all applicable laws regarding its performance under this Agreement.
c. NO MEDICAL ADVICE PROVIDED BY RXNT
The Services do not provide medical advice, provide medical or diagnostic services, or prescribe medication. Use of the Services is not a substitute for the professional judgment of health care providers in diagnosing and treating patients. Customer agrees that it is solely responsible for verifying the accuracy of patient information (including, without limitation, obtaining all applicable patients' medical and medication history and allergies), obtaining patient’s consent to use the Services (including without limitation the patient portal portion of the Services), and for all of its decisions or actions with respect to the medical care, treatment, and well-being of its patients, including without limitation, all of Customer’s acts or omissions. Any use or reliance by Customer upon the Services will not diminish that responsibility. Customer assumes all risks associated with Customer’s clinical use of the Services for the treatment of patients. Neither RXNT nor its licensors assume any liability or responsibility for damage or injury (including death) to Customer, a patient, other person, or tangible property arising from any use of the Services.
d. CUSTOMER’S COMPLIANCE WITH MEDICAL RETENTION LAWS AND PATIENT RECORDS ACCESS
Customer is responsible for understanding and complying with all state and federal laws related to retention of medical records, patient access to information and patient authorization to release data. Customer agrees that it will obtain any necessary patient consent prior to using the Services (including without limitation the patient portal portion of the Services) and will apply settings to exclude information from availability in the patient portal portion of the Services as necessary to comply with state or federal law.
e. DISCLAIMERS
RXNT DISCLAIMS ALL OTHER WARRANTIES OTHER THAN THOSE EXPRESSLY STATED IN OTHER PROVISIONS OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR WITHOUT DELAY, AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. WHILE RXNT TAKES REASONABLE PHYSICAL, TECHNICAL AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICES, RXNT DOES NOT GUARANTEE THAT THE SERVICES CANNOT BE COMPROMISED. RXNT DISCLAIMS ANY WARRANTY REGARDING ANY PERCENTAGE OF COLLECTION OF CLAIMS FOR CUSTOMER.
5) MUTUAL CONFIDENTIALITY
a. Definition of Confidential Information
Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). RXNT's Confidential Information includes without limitation the non-public portions of the Services. Confidential Information excludes information that: is or becomes generally known to the public without breach of any obligation owed to Discloser; was known to the Recipient prior to its disclosure by the Discloser without breach of any obligation owed to the Discloser; is received from a third party without breach of any obligation owed to Discloser; or was independently developed by the Recipient without use or access to the Confidential Information.
b. Protection of Confidential Information
The Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Discloser for any purpose outside the scope of this Agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees, contractors, and clients (as the case may be) who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this Agreement. The Recipient may disclose Confidential Information (i) to the extent required by law or legal process; (ii) to its legal or financial advisors, provided that such advisors are bound by a duty of confidentiality that includes use and disclosure restrictions; and (iii) as required under applicable securities regulations. In addition, each Party may disclose the terms and conditions of this Agreement on a confidential basis to current and prospective investors, acquirers and lenders and their respective legal and financial advisors in connection with due diligence activities.
6) PROPRIETARY RIGHTS
a. Reservation of Rights by RXNT
The software, workflow processes, user interface, designs, know-how and other technologies provided by RXNT as part of the Services (RXNT Technologies) are the proprietary property of RXNT and its licensors, and all right, title and interest in and to such items, including all associated intellectual property rights, remain only with RXNT. RXNT reserves all rights unless expressly granted in this Agreement.
b. AMA and ADA Content
AMA Content. The AMA Content is licensed to Customer as follows: RXNT grants Customer a non-exclusive, license for the duration of the Services to use such materials for Customer’s internal use solely with the Services, with the right to make additional copies of the material for such duration and purpose (Licensed Documentation). AMA Content means the coding work of nomenclature and codes for reporting of healthcare services from the print publication Current Procedural Terminology, Fourth Edition and the data file of Current Procedural Terminology (CPT) published by the American Medical Association in the English language as used in the United States. AMA Restrictions: Customer may not use outside the United States, publish, distribute or create any derivative work (including without limitation translation), transfer, sell, lease, license or otherwise make available the AMA Content, or a portion or copy of such content, except as expressly provided in this Agreement. This sublicense is limited to one user for each active provider associated with Customer’s account. Customer is responsible for seeking additional user licenses directly from the American Medical Association if it requires more than one user license per active provider. CPT is a copyright and a registered trademark, of the American Medical Association.
ADA Content.
The CDT is licensed to Customer as follows: RXNT grants Customer a non-exclusive, non-transferable right to use the CDT for Customer’s internal use solely with the Services (Licensed Documentation). The CDT means the textual, graphic and other editorial content included in the ADA developed publications titled CDT 2021: Current Dental Terminology (“CDT”) and all Updates as defined herein. The CDT content includes, but is not limited to, the Code on Dental Procedures and Nomenclature, a glossary, the ADA dental claim form and other dental information. This License grants End-User the right: (a) to install and use the CDT on End User’s computer system; (b) to retrieve CDT codes, descriptors and nomenclature via commands contained in the Bundled Products for the exclusive use of End User its employees; (c) to reproduce and distribute partial listings of the CDT codes, nomenclature and descriptors in various printed and electronic documents for purposes of claims processing, billing and patient treatment, via commands contained in the Bundled Product; (d) to print limited portions of the CDT solely for the exclusive use of End User; and (e) to print a complete listing of the CDT codes, nomenclature and descriptors solely for the exclusive use of Customer. ADA Restrictions: Customer may not and may not permit anyone else to (a) copy the CDT; (b) alter, amend, change or modify the CDT, including the CDT codes, nomenclature and descriptors or other content of the CDT; (c) remove any copyright or other proprietary notices, labels or marks from the CDT or from output created by using the Services; (d) distribute, sell, assign, lease or otherwise transfer the CDT, including any portion thereof, in any printed, machine-readable or other form to any other person, firm or entity; or (e) use the CDT, whether on a time-sharing, remote job entry or other multiple user arrangement. Customer shall take reasonable measures to maintain the security of the CDT. These restrictions shall not limit Customer’s right to add additional content to the Services provided that Customer does not alter, amend, change or modify the CDT and does not claim or otherwise imply that the additional content is owned, created, approved or endorsed by ADA. Customer acquires no proprietary interest in the CDT, or any portion thereof. Except for the limited rights expressly granted to End User herein this Agreement, all other rights in the CDT are owned and retained by ADA. EXCEPT AS EXPRESSLY STATED HEREIN, THE CDT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF PERFORMANCE OR MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER BEARS ALL RISK RELATING TO QUALITY, ACCURACY AND PERFORMANCE OF THE CDT.
c. Provisions Relating to Intelligent Medical Objects, Inc. (“IMO”)
RXNT’s license agreement with IMO requires that certain provisions (IMO Provisions outlined in Attachment C) be included in this Agreement with respect to the use by Customer and Customer’s end users of Services in which IMO’s intellectual property is embedded. The parties to this Agreement further acknowledge and agree that the IMO Provisions may be modified from time to time by IMO and that any such modifications shall be binding upon the parties hereto.
7) LIMITS ON LIABILITY.
a. Consequential Damages. EXCEPT WITH RESPECT TO GROSS NEGLIGENCE OR INTENTIONALLY HARMFUL ACTS, IN NO EVENT WILL RXNT BE LIABLE TO LICENSEE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF RXNT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
b. Limit. RXNT’s TOTAL LIABILITY FOR THE CUMULATIVE CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, SHALL NOT EXCEED THE TOTAL AMOUNT OF ALL LICENSE FEES PAID TO RXNT BY LICENSEE DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE ACT, OMISSION, OR EVENT GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS FOR THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. Customer acknowledges and understands that the disclaimers and limitations of liability set forth in this Agreement form an essential basis of the contract between the Parties and were a fundamental inducement to RXNT to enter into this Agreement, and that absent such disclaimers, exclusions and limitations of liability, the terms and conditions of this Agreement would be substantially different.
8) TERM, TERMINATION, AND RETURN OF DATA
a. Term
The applicable Services will continue for the duration of one (1) year and will be automatically extended for additional consecutive terms unless either party provides written notice of termination of no less than sixty (60) days prior to extension. This Agreement continues until all the Services are terminated.
b. Termination for Material Breach
Either party may terminate this Agreement and the applicable Subscription Summary if the other party material breaches any term of the Agreement or the Subscription Summary and does not cure the breach within thirty (30) days of written receipt of notice of breach. Additional terms are in the Term, Termination and Return of Data Policy FAQ page.
c. Return of Data
RXNT will have no obligation to provide Customer Information to Customer upon termination of this Agreement. Notwithstanding the foregoing, RXNT may retain Customer Information for 60 days from such termination and RXNT may provide Customer access to such information upon Customer’s request. For additional information, please see the Return of Data Policy FAQ (Attachment G).
d. Customer Actions upon Termination
Upon termination, Customer must pay any unpaid fees and destroy all RXNT property in Customer’s possession. Customer, upon RXNT’s request, will confirm in writing that it has complied with this requirement.
e. Suspension or Termination of Service for Violation of Law or the Agreement
RXNT may immediately suspend or terminate the Services and remove applicable Customer Information or Content if it in good faith believes that, as part of using the Services, Customer may have violated a law or any term of this Agreement. RXNT may try to contact Customer in advance, but it is not required to do so.
9) INDEMNITY
a. Customer’s Indemnification Obligations
To the extent allowed by applicable law, Customer must indemnify, defend, and hold harmless RXNT against all third-party claims (including without limitation by governmental agencies), demands, damages, costs, penalties, fines, and expenses (including reasonable attorneys’ fees and costs) arising out of or related to:
- the use of the Services by Customer,
- Customer’s breach of any term in this Agreement,
- any unauthorized use, access or distribution of the Services by Customer,
- the breach by Customer of any third party’s patent, trademark, copyright, trade secret or other intellectual property rights, or
- violation of any individual’s privacy rights related to information submitted under Customer’s account, or fraudulent, invalid, duplicate, incomplete, unauthorized, or misleading information submitted under Customer’s account or by Customer.
b. RXNT’s Indemnification Obligations
To the extent allowed by applicable law, RXNT must indemnify, defend, and hold harmless Customer against all third-party claims (including without limitation by governmental agencies), demands, damages, costs, penalties, fines, and expenses (including reasonable attorneys’ fees and costs) arising out of or related to:
- RXNT’s breach of any term in this Agreement, or
- the breach by RXNT of any third party’s patent, trademark, copyright, trade secret or other intellectual property rights.
c. Indemnification Procedures.
The party seeking indemnification (“Indemnitee”) shall: (a) promptly notify the indemnifying party (“Indemnitor”) in writing of any such claim, (b) give sole control of the defense and settlement of any such claim to Indemnitor (provided that Indemnitor may not settle any claim in a manner that adversely affects Indemnitee’s rights, imposes any obligation or liability on Indemnitee or admits liability or wrongdoing on the part of Indemnitee without Indemnitee’s prior written consent), and (c) provide all information and assistance reasonably requested by Indemnitor, at Indemnitor’s expense, in defending or settling such claim. Indemnitee may join in defense with counsel of its choice at Indemnitee’s own expense.
10) GOVERNING LAW
a. Governing Law
This Agreement is governed by the laws of the State of Maryland (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this Agreement.
b. Consent to Jurisdiction
Customer consents to the personal jurisdiction of and service of process in any federal or state court sitting in the State of Maryland.
c. Equitable Relief
Notwithstanding another provision of this Agreement, RXNT may seek and obtain injunctive and equitable relief in any court of competent jurisdiction without restriction or required process in this Agreement.
f. PROHIBITION OF CLASS AND REPRESENTATIVE ACTIONS
EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL PARTY BASIS, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PARTY'S CLAIMS, AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, CLASS OR REPRESENTATIVE PROCEEDING.
11) OTHER TERMS
a. No Solicit or Hire Clause
Customer acknowledges that RXNT invests considerable time and expense in the training of its employees and independent subcontractors in the services to be provided under this Agreement. Customer agrees that for the full term of this Agreement, and for 1 year after its termination, Customer will not solicit or employ in any capacity, whether as a direct employee or independent contractor providing similar services to Customer as RXNT, any person employed by RXNT at any time during the term of this Agreement whose duties involve providing the Services, whether for Customer or other RXNT customers.
b. Consent to Electronic Notice, Communications and Transactions
By using the Services, Customer agrees to conduct business electronically and acknowledges that Customer has read the Customer Disclosures: Electronic Business Transactions, Signing Documents Electronically, and Receiving Electronic Notices and Disclosures, located at https://www.rxnt.com/customer-disclosures/.
For purposes of messages and notices about the Services (including without limitation, collections and payments issues), RXNT may send email notices to the email address associated with Customer's account or provide in service notifications. For certain notices (e.g., notices regarding termination or material breaches), RXNT may send notices to the postal address provided by Customer. RXNT has no liability associated with Customer's failure to maintain accurate contact information within the Services or its failure to review any emails or in-service notices. Customer will have the ability to enter into agreements, authorizations, consents and applications; make referrals; order lab tests; prescribe medications; or engage in other transactions electronically. CUSTOMER AGREES THAT ITS ELECTRONIC SUBMISSIONS VIA THE SERVICES IN CONNECTION WITH SUCH ACTIVITIES CONSTITUTE ITS AGREEMENT TO BE BOUND BY SUCH AGREEMENTS AND TRANSACTIONS AND APPLIES TO ALL RECORDS RELATING TO SUCH TRANSACTIONS. Customer represents and warrants that it has the authority to take such actions.
c. Entire Agreement and Changes
This Agreement and the Subscription Summary constitute the entire agreement between the parties, and supersede all prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this Agreement. No representation, promise or inducement not included in this Agreement is binding. No modification or waiver of any term of this Agreement is effective unless signed by both parties. Notwithstanding the foregoing, RXNT may modify this Agreement by posting modified Terms of Service on the RXNT website. Changes will always prevail from the date of publication at the website www.RXNT.com/customer-agreement. RXNT will make commercially reasonable efforts to provide thirty (30) days’ notice of changes to this Agreement. To receive notices, Customer must subscribe using the “Subscribe to Updates” button on that website. Customer agrees that by continuing to use the Services after posting of the modified Terms of Service, Customer agrees to be bound by the changes.
d. Feedback
If Customer provides feedback or suggestions about the Services, then RXNT (and those it allows to use its technology) may use such information without obligation to Customer.
e. Beta Features
If Customer is invited to access any beta features of the Services or a Customer accesses any beta features of the Services, Customer acknowledges that: (a) such features have not been made commercially available by RXNT; (b) such features may not operate properly, be in final form or fully functional; (c) such features may contain errors, design flaws or other problems; (d) it may not be possible to make such features fully functional; (e) use of such features may result in unexpected results, corruption or loss of data, or other unpredictable damage or loss; (f) such features may change and may not become generally available; and (g) RXNT is not obligated in any way to continue to provide or maintain such features for any purpose in providing the ongoing Services. These beta features are provided AS IS, with all faults. Customer assumes all risk arising from use of such features, including, without limitation, the risk of damage to Customer’s computer system or the corruption or loss of data.
f. No Assignment
Neither party may assign or transfer this Agreement or the Subscription Summary to a third party, except that this Agreement with the Subscription Summary may be assigned (without the consent) as part of a merger, or sale of all or substantially all of the business or assets, of a party.
g. Electronic Notice
For purposes of messages and notices about the Services (including without limitation, collections and payments issues), RXNT may send email notices to the email addresses associated with Customer's account or provide in service notifications. For certain notices (e.g., notices regarding termination or material breaches), RXNT may send notices to the postal address provided by Customer. RXNT has no liability associated with Customer's failure to maintain accurate contact information within the Services or its failure to review any emails or in-service notices.
h. Independent Contractors and Enforceability
The parties are independent contractors with respect to each other. If any term of this Agreement is invalid or unenforceable, the other terms remain in effect.
i. No Additional Terms
RXNT rejects additional or conflicting terms of a form-purchasing document. If there is an inconsistency between this Agreement and the Subscription Summary, the Subscription Summary prevails.
j. Survival of Terms
All terms survive termination of this Agreement that by their nature survive for a party to assert its rights and receive the protections of this Agreement. The Convention on Contracts for the International Sale of Goods does not apply.
k. Customer Name
RXNT may use Customer's name and logo in customer lists and related promotional materials describing Customer as a customer of RXNT, which use must be in accordance with Customer’s trademark guidelines and policies, if any, provided to RXNT.
l. Telephone Consumer Protection Act of 1991
- Definition of TCPA
This Section concerns compliance with the Telephone Consumer Protection Act of 1991, located at 47 U.S.C. §§ 227 et seq., including the implementing regulations therefore located at 47 C.F.R. 64.1200 et seq. (TCPA) and the Telemarketing Sales Rule authorized by the Telemarketing and Consumer Fraud and Abuse Prevention Act, located at 15 U.S.C. §§ 6101-6108 (TSR) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, located at 15 U.S.C §§ 7701-7713 (CAN SPAM Act).
- Customer’s Responsibilities
As between Customer and RXNT, Customer must comply and be solely responsible for complying with all laws governing any messages sent or received in connection with its access or use of the Service, including without limitation, the TCPA, TSR, and CAN SPAM Act.
Customer is responsible for, without limitation, obtaining any legally required consents from all third parties (including its patients or customers) to send and receive any text message and/or emails using the Service and honoring any requests revoking such consent or otherwise “opting-out” of receiving any such messages and/or emails.
Customer is solely liable for, and must indemnify, defend and hold harmless RXNT from and against any and all damages, liabilities, judgments, fees, fines, costs and expenses (including reasonable attorneys’ fees) incurred by RXNT arising from any claims, demands or legal actions made against RXNT resulting from Customer’s failure to comply with this Section.
ATTACHMENT A – Support Policy
Hours of Operation
Practice Management Support: Monday-Friday, 8am-8pm (Eastern Time), excluding national holidays.
Clinical Support: Monday-Friday, 8am-10pm (Eastern Time), excluding national holidays.
Identity & Token Support: Monday-Thursday, 8am-5pm (Eastern Time), Friday, 8am-4pm (Eastern Time), excluding national holidays.
Scheduled Maintenance
Scheduled maintenance may occur between 11pm-7am (Eastern Time), during weekends and holidays or with 24-hour notice.
Access to Software Support for RXNT PM, RXNT EHR, and RXNT ERX
Click the Help tab on the RXNT product dashboard (or any page in RXNT PM, RXNT EHR, and RXNT ERX) to access self-help and feature guides, knowledgebase articles, video tutorials, FAQs, and more.
If you cannot find your answer under the Help tab, choose from one of the following options to contact RXNT customer support:
- Email your Practice Management Support questions to [email protected], your Clinical Support questions to [email protected], and your Identity & Token Support questions to [email protected]
- Chat us online using the Chat tab on the RXNT product dashboard (or any page in RXNT PM, RXNT EHR, and RXNT ERX)
- Call 800-943-7968, choose Option 4 for general software support, then choose:
- Option 1 for RXNT PM software support
- Option 2 for RXNT EHR and RXNT ERX software support
ATTACHMENT B – Pricing Policy
Pricing & Billing Policies for your RXNT Account
General Terms
Billing Frequency and Methods
Billing | Frequency and Method |
Subscription fees | Billed monthly or annually |
Transactional fees (electronic claims, eligibility checks, electronic remittance advice, paper claims, patient statements) | INCLUDED under our Per Provider Per Month and Per Provider Per Year subscription levels |
Data storage fees | NO CHARGE except for a historic database extension requested by Customer whereby the fees will be outlined in a quote |
Data import fees | NO CHARGE for an initial import of patient demographics and insurance information. Fees for additional imports will be outlined in a quote |
Onboarding |
NO CHARGE for onboarding during the standard onboarding period. The standard onboarding period begins at the time of enrollment and terminates 30-60 days following enrollment, depending on the Service Customer subscribed to (“Standard Onboarding Period”). If Customer foregoes onboarding during the Standard Onboarding Period or needs more time than allotted during the Standard Onboarding Period, Customer may purchase additional onboarding (“Additional Onboarding Period”). ERX Only: EHR Bundle: Practice Management and Full Suite Bundle: |
Training | NO CHARGE for online training during the Standard Onboarding Period or an Additional Onboarding Period. Customer may purchase additional online training (“Additional Training”) for a fee of $200 per hour. Additional Training will be invoiced in advance of the training provided. |
Support | NO CHARGE |
- Upgrading or Downgrading Subscriptions. New licenses purchased will be charged on a pro-rata monthly basis and removed licenses will be credited to the account on a pro-rata monthly basis. The credit will be applied to the next invoice.
- Fees: All fees charged by RXNT are described in RXNT’s Pricing Policy page and are determined by the subscription level selected and specific provider characteristics (example, Physician or Non-Physician Provider, or full-time or part-time). All prices may change with 60 days electronic notice. You are responsible for keeping your email address updated with RXNT. Mailing fees (example, for mailings like paper insurance claims or paper patient statements) may be increased at any time to reflect a change in the USPS postage or processing costs.
Billing & Other Terms
- Account Changes: RXNT bills immediately after the subscription is purchased and each month thereafter. Except for account cancelations or terminations which are covered under the RXNT Terms of Service, changes must be made by the last day of each month for the changes to be reflected on your next invoice.
- No Refunds/Credits: All fees are nonrefundable and non-cancellable. RXNT does not refund or credit subscription fees for partial months, any portion of a prepaid plan upon a deactivation of a Provider or account cancellation, or for Additional Onboarding Periods, or Additional Training requested by the Customer, but is unused or unattended. Customer is responsible for all fees (including any monthly minimum) for the entire term of the applicable order or subscription agreement.
- Practices: Must have at least one active Provider within a Practice for the Practice to remain active.
- Multi-Location Provider: Providers activated within multiple locations within a single RXNT company account will be charged one subscription fee, subject to the Provider using and correctly inputting the same name, NPI, and other user information in connection with all relevant practices. For any provider needing EPCS service for more than one company account, there is a fee for any additional company account, as outlined under Electronic Prescribing of Controlled Substances (EPCS), below.
Customer Support Plans & Fees
Phone, Email and Live Chat Support
- All subscription levels include unlimited access to customer support by email, live chat and phone.
Assisted Payer Enrollment Service
- Assisted enrollment services include clearinghouse sign-up and setup of electronic services with insurance companies.
- Unlimited number of payers on your initial enrollment. Subsequent payers are also included.
- Assisted enrollments are included for all customers without additional fees during the Standard Onboarding Period.
Electronic Clearinghouse Services & Fees
Electronic Claims Submission (ANSI 837)
- Electronic claims submission service includes sending electronic claims in the ANSI 837 format to RXNT's Clearinghouse.
- No charge for Per Provider Per Month subscription levels.
Electronic Remittance Advice (ANSI 835)
- Electronic remittance advice service includes receiving electronic remittance advice messages from RXNT’s Clearinghouse in the ANSI 835 format.
- No charge for Per Provider Per Month subscription levels.
Electronic Real-Time Insurance Eligibility Services (ANSI 270/271)
- Electronic real-time insurance eligibility services include performing electronic verification of insurance benefits from RXNT’s Clearinghouse in the ANSI 270/271 format.
- No charge for Per Provider Per Month subscription levels.
- Termination of Remittance Services: If Customer desires to discontinue electronic remittance services, then Customer must contact the insurance companies directly to request termination.
Electronic Prescribing of Controlled Substances (EPCS) using RXNT EHR or RXNT ERX
Customers wanting a provider to be able to prescribe controlled substances electronically need access to RXNT EPCS service. The cost per token is $85.00 per provider, per company account, per year. We provide the provider identity proofing and credentialing required by the Drug Enforcement Agency (DEA), which includes both a hard token and a soft token. Soft token means a token accessed electronically via a mobile app.
Provider Communications Service
Customers wanting to send appointment visit reminders or patient statements via text, email, or phone need access to RXNT’s Provider Communications service. The cost is $2.00 per month to enable the Provider Communications Service. Each Provider Communication by text is $0.02 per text. Each Provider Communication by call is $0.04 per call (reminders only). There is no cost for any Provider Communication by email.
Note: Beginning March 15, 2024, the cost to enable RXNT’s Provider Communications Service, which includes eFax, e-mail, text messages, and phone calls, is $6.25 per month. Each Provider Communication by text is $.02 per text. Each Provider Communication by call is $.04 per call (reminders only). Each Provider Communication by eFax (both sent and received) is $.02 per minute.
eFax Service
Customers wanting to send or receive an electronic fax (eFax) need access to RXNT Electronic Fax (eFax) service and save the electronic faxes received to a patient’s medical record. The cost is $4.00 per month for the practice and $0.06 per page.
Note: This eFax Service section is void beginning March 15, 2024, and the cost of eFax thereafter is at the rates outlined in the Provider Communications Service section.
Direct Email
Customers wanting a provider to be able to securely send and receive patient information to other providers (outside of RXNT) need access to RXNT Direct Email. The cost is $14.00 per month for the practice and $17.00 per month for each email address needed.
Immunization Interface
Customers wanting to electronically send patient immunization record to state immunization registries need access to RXNT Immunization Interface. There is a one-time set-up cost of $350.00 payable upfront. The monthly costs vary depending on the service needed:
- Uni-directional Immunization Reporting - $30.00 provider, per month
- Bi-directional Immunization Reporting - $42.00 provider, per month
Custom Smart Form (a.k.a. custom encounter/note template)
Customers purchasing RXNT EHR (electronic health records) may request a Custom Smart Form subject to the following terms and conditions:
- Customer may request five (5) Custom Smart Forms at no cost as follows: The Custom Smart Form order has to be made in one (1) initial order within sixty (60) days following the Customer’s enrollment (the “Initial Order”).
- Customer may purchase additional Custom Smart Forms as part of the Initial Order at a rate of $100/additional form.
- Customer must provide all Custom Smart Forms they are requesting in the Initial Order to their RXNT Onboarding Coach before their template consultation.
- A Custom Smart Form order will be delivered within 4-6 weeks from the Customer’s template consultation, pending successful payment. RXNT will not commence work on a Custom Smart Form order until payment is received. A delayed payment will adversely affect the delivery timelines outlined.
- Fees related to a Custom Smart Form order will be charged to the payment source on file (for Customer) immediately following the template consultation or revision request.
- A Custom Smart Forms order i) not provided in advance of the Customer’s template consultation or ii) received more than sixty (60) days following the Customer’s enrollment is considered a subsequent order (“Subsequent Order”). A Subsequent Order may be placed at a rate of $500/order and $125/form. For example, a second order containing one (1) form would cost $625. Similarly, a second order containing three (3) forms would cost $875.
- Revisions to a Custom Smart Form order (“Revision Request”) by Customer may be requested within fourteen (14) days following RXNT’s delivery of the Custom Smart Form order (“Delivery”) for a fee of $50/revised form. A Revision Request received more than fourteen (14) days following Delivery will be available for $125/revised form.
- A Revision Request will be delivered within 4-6 Weeks from the delivery, pending successful payment.
- A cancellation fee of $200 will be charged to the payment source on file (for Customer) in each of the following situations:
- The Customer fails to provide documentation one (1) business day in advance of the scheduled consultation for the second time;
- The Customer cancels a template consultation with less than 24-hours’ notice; or
- The Customer does not show up for a scheduled template consultation.
Paper Claims Mailing Services
If Customer desires, RXNT can print and mail claims on your behalf. The cost is $0.40 per claim. Postage and mailing materials are all included. NOTE: Customer does NOT have to use this service. Customer may print its claims using its own printer and mail those claims and there is no fee charged by RXNT.
Patient Payment Credit Card Services
If Customer would like to utilize RXNT’s payment processing service, Customer must i) turn it on for all providers within its practice and ii) set up a merchant account with our merchant services partner, Paya. The rate Customer will pay for processing credit card payments will be quoted by Paya.
To utilize RXNT’s payment processing service the cost is $15.00 per provider, per month. This includes the ability for the Customer to take patient payment through the RXNT Scheduler and/or Billing software and for the Customer’s payment to make payment through the RXNT Patient Bill Pay Portal or through the RXNT Patient Portal.
Patient Statement Mailing Service Fees
- Sending batches of patient statements to Change Health Care Clearinghouse for printing and mailing (postage is included).
- Statement Service: $0.85/statement.
- Change of Address Service: Included in the Statement Service charge.
- No fee for printing of patient statements to your own printer from RXNT.
Data Storage
There is no charge for data storage except for a historic database extension requested by Customer whereby the fees will be outlined in a quote. For a list of what information Customer may import and store in RXNT, please refer to the following link: https://help.rxnt.com/hc/en-us/articles/360035878934-Import-Data-into-RXNT#what-can-rxnt-import-from-my-previous-system--0-0.
ATTACHMENT C – Third Party Terms
PROVISIONS RELATING TO INTELLIGENT MEDICAL OBJECTS, INC. (“IMO”)
IMO END-USER License RIDER Language (“EULA”)
The RXNT Services contain Problem IT terminology from Intelligent Medical Objects, Inc. (“IMO”) (the “Service”). The Service and the RXNT Services are separate products provided by separate entities. Your use or your End Users use of the Service (collectively the “END-USER”) in conjunction with the Software is subject to the terms and conditions of this End User License Agreement (“EULA”).
In consideration of the rights and restrictions contained herein, END-USER agrees as follows:
1. Grant of License
The license granted herein is a non-exclusive, non-transferable license to use the Service solely in conjunction with the Software for internal use: (i) in a clinical setting; and (ii) in a non-production/non-clinical setting for backup, archival, support, testing, training and demonstration purposes; provided END-USER complies with the restrictions set forth in Section 2.
2. Restrictions
END-USER shall not cause or permit others to copy, duplicate, redistribute, loan, rent, retransmit, publish, license or sublicense or otherwise transfer, or commercially exploit, the Service, in whole or part. END-USER shall not prepare derivative works or incorporate the Service, in whole or part, in any other system or work; or reverse engineer, decompile, disassemble, decrypt, translate, alter, adapt or modify the Service, in whole or part.
3. Ownership
This EULA provides only a license of rights to use the Service and does not provide for the sale or other transfer of title. Except for third party content included in the Service, IMO has and shall have exclusive title to and ownership of all of its products, including the Service and of all of its sub-parts and components, and of all updates, modifications, alterations, customizations, derivative works, revisions or enhancements thereof, and of all software, source code, and trade secrets, and proprietary research, equations, screens, techniques, methodology, analysis, programming or know-how thereof.
Any ideas or requests for terms submitted by END-USER to the Software vendor or IMO for inclusion in the Service shall be considered part of a derivative work of the Service and shall be owned by IMO with all rights assigned by END-USER to IMO. END-USER shall not be charged for such regular inclusion of added terms. END-USER will have a perpetual, non-exclusive license to use, display or modify these requested terms apart from the Service.
4. Technical Warranty
The Service, as provided by IMO, does not include any disabling devices such as devices that result in the electronic recapture of programming, undocumented functions, passwords, keys, security devices or trap doors, or any computer viruses.
5. Disclaimer of Warranties
EXCEPT FOR WARRANTIES THAT MAY NOT BE DISCLAIMED AS A MATTER OF LAW OR THAT ARE INCLUDED HEREIN, THE SERVICE IS PROVIDED ON AN "AS IS" BASIS AND IMO MAKES NO REPRESENTATIONS OR WARRANTIES WHATSOEVER, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY OR NATURE OF THE SERVICE, NONINFRINGEMENT, COMPATIBILITY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Any warranties expressly provided herein do not apply if: (i) the END-USER alters, mishandles or improperly uses, stores or installs all, or any part, of the Service; (ii) the END-USER uses, stores or installs the Service on a computer system which fails to meet the specifications for the Software; or (iii) the breach of warranty arises out of or in connection with acts or omissions of persons or entities other than IMO.
6. Assumption of Risk
THE END-USER ACKNOWLEDGES THAT THE SERVICE IS NOT A SUBSTITUTE FOR THE CARE PROVIDED BY LICENSED HEALTH CARE PRACTITIONERS. AS BETWEEN THE END-USER AND IMO, THE END-USER HEREBY ASSUMES FULL RESPONSIBILITY FOR: (A) ITS USE OF THE SERVICE; AND (B) ENSURING THE APPROPRIATENESS OF USING AND RELYING UPON THE INFORMATION IN VIEW OF ALL ATTENDANT CIRCUMSTANCES, INDICATIONS, AND CONTRAINDICATIONS. IMO SHALL NOT BE RESPONSIBLE AND HAS NO LIABILITY TO ANY PERSON FOR: (A) ANY ERRORS, MISSTATEMENTS, INACCURACIES OR OMISSIONS REGARDING CONTENT DELIVERED THROUGH THE SERVICE; (B) ANY DELAYS IN OR INTERRUPTIONS OF SUCH DELIVERY; OR (C) ANY DATA OR INFORMATION INPUT INTO THE SERVICE BY THE END-USER. ADDITIONALLY, IMO UNDERTAKES NO OBLIGATION TO SUPPLEMENT OR UPDATE CONTENT OF THE SERVICE.
THE SERVICE DOES NOT ENDORSE DRUGS, DIAGNOSE PATIENTS, OR RECOMMEND THERAPY. THE SERVICE IS AN INFORMATIONAL RESOURCE DESIGNED TO ASSIST LICENSED HEALTH CARE PRACTITIONERS IN DOCUMENTING THE CARE OF THEIR PATIENTS. THE INFORMATION CONTAINED WITHIN THE SERVICE IS INTENDED FOR USE ONLY BY PHYSICIANS AND OTHER HEALTHCARE PROFESSIONALS WHO SHOULD RELY ON THEIR CLINICAL DISCRETION AND JUDGMENT IN DIAGNOSIS AND TREATMENT.
7. Disclaimer of Liability
EXCEPT FOR IMO’S OBLIGATIONS UNDER SECTION 8(B), IN NO EVENT SHALL IMO BE LIABLE TO ANY PERSON INCLUDING, BUT NOT LIMITED TO END-USER AND PERSONS TREATED BY OR ON BEHALF OF END-USER FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS EULA OR THE SERVICE. IMO’S TOTAL LIABILITIES ARISING OUT OF OR RELATED TO THIS EULA ARE LIMITED TO THE FEES RECEIVED BY IMO FROM THE SOFTWARE’S LICENSOR FOR END-USER’S USE OF THE SERVICE.
8. Indemnification
- a.) By END-USER. END-USER agrees to indemnify, defend, and hold IMO harmless from any claims, costs, liabilities, judgments, attorneys’ fees, settlements, penalties or other losses in all causes including, but not limited to losses for tort, personal injury, medical malpractice or product liability arising out of or relating to: (a) the END-USER’s use of the Service; (b) any data or information input into the Service by END-USER; (c) END-USER’s negligence or intentional misconduct; and (d) any breach of this EULA by END-USER. In the event that END-USER indemnifies IMO, then: (i) END-USER will retain qualified counsel with demonstrable experience defending claims of the type to be defended, who shall be preapproved by IMO; and (ii) END-USER agrees to let IMO participate in the defense of any action, at IMO’s option and expense.
- b.) By IMO. IMO agrees to indemnify, defend, and hold END-USER harmless against third party claims, costs, liabilities, judgments, attorneys’ fees, settlements, and penalties brought against END-USER arising out of, related to, or alleging that the IMO Service infringes on a United States patent, trademark or copyright of a third party (collectively “Indemnified Claim”); provided END-USER promptly, but within thirty (30) days, notifies IMO in writing of such Indemnified Claim. IMO shall have sole control of the defense of any Indemnified Claim, including appeals, negotiations, and any settlement or compromise thereof; provided END-USER will have the right to approve the terms of any settlement or compromise that restricts its rights granted under this Agreement or subjects it to any ongoing obligations. IMO shall have no indemnification obligation to END-USER to the extent that an Indemnified Claim arises out of: (i) END-USER’S violation of this EULA; (ii) information incorporated into the Service by END-USER or Software vendor; (iii) a modification or addition to the Service made by END-USER or Software vendor; or (iv) the use of the Service in combination with any program or equipment or any part thereof not furnished or approved by IMO.
9. Intellectual Property Disclaimers; Use of Trademarks
END-USER will not alter, cover or remove any trademark, copyright or other proprietary rights notice placed by IMO or a third party in or on the Service. END-USER will not use or modify any IMO or third party trademarks, trade names, service marks, corporate names or logos or those of its affiliates (collectively “Marks”) or any advertising materials containing any of the foregoing unless it has obtained the prior written approval of IMO, which may be withheld for any reason. Goodwill associated with the Marks inures solely to IMO and the respective third-party owners. END-USER acknowledges and agrees that it shall not, directly or indirectly, do anything inconsistent with the validity, ownership, distinctiveness or integrity of the Marks, or the goodwill attaching thereto, nor shall it assist any third party in doing so.
10. END-USER Documentation
END-USER is responsible for generating any user documentation related to the Service.
11. Security
END-USER shall establish the appropriate firewalls and security systems, such that the Service is accessed only by authorized employees or contractors of END-USER and is not used in a manner that would violate the terms of this EULA.
12. Third Party Beneficiary
END-USER agrees that IMO shall be, and is hereby, named as an express third-party beneficiary of this EULA for the purpose of enforcing at law and at equity all rights under this EULA against END-USER, the covenants of END-USER and the warranty disclaimers and limitations of liability set forth in this EULA, whether or not such provisions make specific reference to IMO or the Service.
13. Term and Termination
The term of this EULA begins upon installation of the Software and/or Service and continues for the term specified in END-USER’s Software license agreement. This EULA may be terminated by IMO or Software vendor at any time if: (i) END-USER violates any provision of this EULA; or (ii) Software vendor’s relationship with IMO terminates. If this EULA is terminated for any reason, END-USER agrees to immediately return or destroy all copies of the Service and all companying items and certify the return or destruction thereof.
14. Third Party Content
END-USER acknowledges that the Service includes third-party content. END-USER agrees to the terms and conditions set forth in Schedule A of this EULA.
15. General
END-USER will hold the terms of this EULA confidential. END-USER will ensure that anyone with authorized access to the Service will comply with the provisions of this EULA and Schedule A. If any provision of this EULA is determined to be unenforceable, the rest of this EULA will remain in full force. Headings in this EULA are for convenience only and are not part of this EULA. The delay or failure to assert a right herein or to insist upon compliance with any term or condition of this EULA shall not constitute a waiver of that right or excuse a subsequent failure to perform any term or condition. END-USER may not assign any of the rights herein without prior written approval from IMO. This EULA will be governed by the State of Illinois without regard to choice-of-law principles. The courts of the State of Illinois and/or the United States District Court for the Northern District of Illinois shall have exclusive jurisdiction over any action arising under or related to the subject matter of this EULA and the parties agree to submit to the jurisdiction of the courts of the State of Illinois and the United States District Court for the Northern District of Illinois. This EULA is the entire agreement between END-USER and IMO as to the subject matter. Any amendment must be in writing signed by both END-USER and IMO.
SCHEDULE A-Third Party Content Terms SNOMED CT® Codes
The Service makes use of SNOMED Clinical Terms® (SNOMED CT®) which is used by permission of the International Health Terminology Standards Development Organization (IHTSDO). All rights reserved. SNOMED CT®, was originally created by The College of American Pathologists. “SNOMED” and “SNOMED CT” are registered trademarks of the IHTSDO.
EXHIBIT C-THIRD PARTY CONTENT TERMS AND CONDITIONS SNOMED CT® CODES
The Service includes SNOMED Clinical Terms (SNOMED CT®) which is used by permission of the International Health Terminology Standards Development Organization (IHTSDO). All rights reserved. SNOMED CT®, was originally created by The College of American Pathologists. “SNOMED” and “SNOMED CT” are registered trademarks of the IHTSDO.
ATTACHMENT D – Business Associate Agreement
This Business Associate Agreement (“Agreement”) is made and entered into as of the earliest date on which the RXNT Terms of Service has been accepted by the Customer and the Subscription Summary has been executed by the parties (“Effective Date”) by and between Networking Technology, Inc. dba RXNT (the “Business Associate,” as further defined below) and Customer (“Covered Entity,” as further defined below), (collectively, the “Parties”).
WHEREAS, Customer is a covered entity as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the regulations promulgated pursuant to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act (Division A, Title XIII and Division B, Title IV of Public L. 111–5) and Networking Technology, Inc. is a “Business Associate” as defined under HIPAA;
WHEREAS, Business Associate has contracted with Covered Entity to provide certain services to or on behalf of Covered Entity (“RXNT Terms of Service”), and Covered Entity may provide Business Associate with Protected Health Information or may require Business Associate to create, use, maintain, or transmit Protected Health Information on behalf of Covered Entity;
WHEREAS, the parties enter into this Agreement for the purpose of ensuring compliance with HIPAA and relevant implementing regulations, including the Privacy Rule, the Security Rule, and the Breach Notification Rule;
NOW THEREFORE, in consideration of the mutual promises and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:
I. DEFINITIONS AND INTERPRETATION
a. Definitions Generally.
i. “Breach” shall have the meaning given to such term in 45 C.F.R. § 164.402.
ii. “Breach Notification Rule” shall mean the rule related to breach notification for Unsecured Protected Health Information at 45 C.F.R. Parts 160 and 164.
iii. “Electronic Protected Health Information” or (“EPHI”) shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 160.103 limited to the information created or received by Business Associate from or on behalf of Covered Entity.
iv. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information, codified at 45 C.F.R. Parts 160 and Part 164, Subparts A and E.
v. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
vi. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, codified at 45 C.F.R. § 164 Subparts A and C.
vii. Other capitalized terms used but not otherwise defined in this Agreement shall have the same meaning as those terms in the Privacy, Security or Breach Notification Rules.
b. Inconsistencies. If the provisions of this Agreement are inconsistent with HIPAA or its implementing regulations or any binding interpretation thereof, said conflict will be resolved in favor of the regulations. To the extent that any such conflicts are nonetheless permitted under the Regulations, the provisions of this Agreement will prevail.
c. State Law and Preemption. Where any provision of applicable State law is more stringent or otherwise constitutes a basis upon which the Regulation is preempted, state law controls and the Parties agree to comply fully therewith.
d. Third-Parties. Except as expressly provided for in the Regulations and/or within the terms contained herein, this Agreement does not create any rights in third parties.
II. PERMITTED USES AND DISCLOSURES BY THE BUSINESS ASSOCIATE
a. Permitted Uses. Except as otherwise limited in the RXNT Terms of Service, this Agreement or as Required by Law, the Business Associate may use or disclose PHI as permitted by the Security Rule, as permitted by this Agreement or the RXNT Terms of Service, and as necessary to perform functions, activities or services for or on behalf of the Covered Entity including but not limited to: (i) Facilitating the processing of administrative, clinical and financial healthcare transactions; (ii) Treatment of patients of the Covered Entity; and (iii) Establishing and maintaining Business Management Programs.
b. Data Aggregation. Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation services to the Covered Entity to the fullest extent permitted by the Privacy Rule, any terms of service agreed to by the Parties and any applicable provisions in this Agreement.
c. De-Identification. The Business Associate may de-identify PHI received or created pursuant to the RXNT Terms of Service consistent with 45 C.F.R. § 164.514.
d. Other Permitted Uses.The Business Associate may use PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities thereof.
e. Permitted Disclosures. The Business Associate may disclose PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities, if: (i) Required By Law; and/or (ii) Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person and Business Associate will be notified of any instances of which the person is aware in which the confidentiality of the PHI is breached or suspected to have been breached.
f. Report Violations of Law. The Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.502(j)(1).
III. PRIVACY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE
a. Limitations on Disclosures. The Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement, the RXNT Terms of Service, or as Required by Law. The Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule if done by the Covered Entity, unless expressly permitted to do so pursuant to the Privacy Rule, the RXNT Terms of Service, and this Agreement
b. Safeguards against Unauthorized Use. The Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the RXNT Terms of Service and this Agreement or as Required by Law.
c. Reporting and Mitigation. The Business Associate agrees to report to the Covered Entity any unauthorized use or disclosure of PHI in violation of this Agreement and to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by the Business Associate in violation of the requirements of this Agreement.
d. Agreements with Subcontractors. The Business Associate agrees to ensure, consistent with 45 C.F.R. § 164.502I(1)(ii), that any Subcontractor that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees in writing to the same restrictions and conditions that apply to the Business Associate in the RXNT Terms of Service and this Agreement with respect to the PHI.
e. Obligations on Behalf of the Covered Entity. To the extent the Business Associate carries out an obligation of the Covered Entity’s under the Privacy Rule, the Business Associate must comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligation.
f. Access to PHI. The Business Associate shall provide access, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity, to PHI in a Designated Record Set, to the Covered Entity in order to meet the requirements under the Privacy Rule at 45 C.F.R. § 164.524.
g. Amendment of PHI. The Business Associate shall make PHI contained in a Designated Record Set available to the Covered Entity for purposes of amendment per 45 C.F.R. § 164.526. The Business Associate shall make any amendment(s) to an Individual’s PHI that the Covered Entity directs or agrees to pursuant to the Privacy Rule, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity. If an Individual requests an amendment of PHI directly from the Business Associate or its Subcontractors, the Business Associate shall notify the Covered Entity in writing promptly after receiving such request. Any denial of amendment of PHI maintained by the Business Associate or its Subcontractors shall be the responsibility of the Covered Entity.
h. Accounting of Disclosures. The Business Associate shall document disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. At a minimum, such information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the Individual of the basis for the disclosure, or a copy of the Individual’s authorization, or a copy of the written request for disclosure. The Business Associate shall provide to Covered Entity information necessary to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528. In the event that the request for an accounting is delivered directly to the Business Associate or its Subcontractors, the Business Associate shall provide a copy of such request to the Covered Entity, in writing, promptly after the Business Associate’s receipt of such request.
i. Retention of Protected Health Information. Notwithstanding Section VII of this Agreement, the Business Associate and its Subcontractors shall retain all PHI throughout the term outlined in the RXNT Terms of Service and shall continue to maintain the information required under Section III(h) of this Agreement for a period of six (6) years after termination of the RXNT Terms of Service.
j. Minimum Necessary. The Business Associate shall only request, use and disclose the Minimum Necessary amount of PHI necessary to accomplish the purpose of the request, use or disclosure.
k. Availability of Information. For the purpose of the Secretary determining the Covered Entity’s compliance with the Privacy Rule, the Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of the Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for the purposes of the Secretary determining the Covered Entity’s compliance with the Privacy Rule.
IV. SECURITY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE
a. Compliance with the Security Rule. The Business Associate agrees to comply with the Security Rule with respect to Electronic Protected Health Information and have in place reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of EPHI and to prevent the use or disclosure of EPHI other than as provided for by the RXNT Terms of Service and this Agreement or as Required by Law.
b. Subcontractors. The Business Associate shall ensure that any Subcontractor that creates, receives, maintains, or transmits EPHI on behalf of the Business Associate agrees in writing to comply with the Security Rule with respect to such EPHI.
c. Security Incident/Breach Notification Reporting. The Business Associate shall report any successful Security Incident promptly upon becoming aware of such incident.
V. BREACH NOTIFICATION RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE
a. Notification Requirement. To the extent the Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses Unsecured PHI, it will, following discovery of the Breach of such information, notify the Covered Entity of such Breach.
b. Content of Notification. Any notice referenced above in Section V(a) of this Agreement will include, to the extent known to the Business Associate, the identification of each individual whose Unsecured PHI has been, or is reasonably believed by the Business Associate to have been accessed, acquired, or disclosed during such Breach. Business Associate will also provide to the Covered Entity other available information that the Covered Entity is required to include in its notification to the individual pursuant to the Breach Notification Rule.
VI. OBLIGATIONS OF THE COVERED ENTITY
a. Notification Regarding Limitations and Restrictions on Disclosure. The Covered Entity shall notify the Business Associate of any limitation(s) in its Notice of Privacy Practices of Covered Entity which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.
b. Notification of Changes to Limitations and Restrictions on Disclosure. The Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
c. Limitations and Restrictions on Disclosure Arising Under Third-Party Agreements. The Covered Entity shall further notify the Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.
d. Requests by the Covered Entity.The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would be prohibited to the Covered Entity under the applicable Regulations.
VII. TERM AND TERMINATION
a. Term. The term of this Agreement shall be enforceable as of the Effective Date and shall terminate upon the expiration or termination of the RXNT Terms of Service.
b. Termination for Cause. Upon the Covered Entity’s knowledge of a material breach by the Business Associate of this Agreement, the Covered Entity shall provide an opportunity for the Business Associate to cure the breach or terminate this Agreement if the Business Associate does not cure the breach or end the violation within thirty (30) days after receipt of written notice from the Covered Entity.
c. Disposition of PHI upon Termination. Except as otherwise provided in this Section, upon termination of this Agreement for any reason, the Business Associate shall continue to extend the protections of this Agreement to all PHI received from Covered Entity. This provision shall also be applicable to any PHI in the possession of Subcontractors of the Business Associate. Business Associate shall limit further uses and disclosures of PHI for so long as the Business Associate maintains such PHI.
d. Retention of Certain Information. The Covered Entity understands and agrees that information generated through the use of the services provided under the RXNT Terms of Service will be retained as necessary by the Business Associate for purposes of financial reporting, insurance claims, and other legal and business purposes.
e. HIPAA Security Rule. The Covered Entity agrees to comply with the HIPAA Security Rule, including, without limitation, safeguarding all computers, laptops, cell phones, tablets, or other mobile devices in accordance with the HIPAA Security Regulations.
VIII. MISCELLANEOUS
a. Indemnification. In the event that there is a breach of privacy with respect to PHI under this BAA, the party causing the breach will indemnify the other party and its officers and directors for all actual damages, costs and attorneys’ fees caused by the breach, including but not limited to the actual costs of providing patient notice as a result of the breach.
b. LIMITATION OF LIABILITY. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
c. Regulatory References. Any references in this Agreement to any law, rule or regulation shall be interpreted to include the section as in current effect or as may from time to time be amended and for which compliance is required.
d. Amendments. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for the Covered Entity and the Business Associate to comply with the requirements of the Privacy, Security, or Breach Notification Rules, as well as HIPAA and the HITECH Act; however, all amendments to any of the provisions contained herein shall be made in writing.
e. Survival. The respective rights and obligations of Business Associate under Article III of this Agreement shall survive the termination of this Agreement.
f. Entire Agreement. This Agreement is the entire agreement between the Parties with regard to its subject matter and shall supersede any prior agreements.
g. Notice. Any notices required or relating to this Agreement shall be in writing and shall be sent by means of certified mail, postage prepaid, or reputable commercial carrier.
If to Business Associate:
Attn: Legal
1449 Whitehall Road
Annapolis, MD 21409
ATTACHMENT E - Privacy Policy
Your privacy is extremely important to RXNT. The RXNT Website and Client Services Privacy Policy found at https://www.rxnt.com/privacy-policy/ governs your use of the Services.
California Consumer Privacy Act of 2018
CCPA Definition
CCPA means the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199.95), the CCPA Regulations (Cal. Code Regs. tit. 11, §§ 7000 to 7102), and any related regulations or guidance provided by the California Attorney General. For the purposes of this Section, terms defined in the CCPA, including personal information and business purposes, carry the same meaning.
b. Application of This Section
This Section applies solely to the extent that: (i) RXNT’s provision of the Service is not exempt from the CCPA under California Civil Code section 1798.145(c)(1)(A) and (c)(1)(B) pertaining to medical information, PHI, providers of healthcare, and covered entities; (ii) Customer is a “business” within the meaning of the CCPA; and (iii) RXNT is processing the personal information of California residents.
Customer personal information includes any “personal information” contained within the data that RXNT “processes” (as defined in the CCPA) in connection with performing the Service.
c. Compliance
RXNT is a service provider and will not collect, retain, use, disclose, or otherwise process Customer personal information for any purpose other than performing the Service, or as otherwise permitted by the CCPA. RXNT will limit Customer personal information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to provide the Service or to achieve another compatible operational purpose.
RXNT will not collect, use, retain, disclose, sell or otherwise make Customer personal information available for RXNT’s own commercial purposes or in a way that does not comply with the CCPA. RXNT may, however, use, publicize, or share with third parties such data that it creates or derives from its provision of the Services that is anonymized and/or aggregated data that does not identify Customer, any consumer, or household. RXNT may use this data to improve RXNT’s products and services and for RXNT’s other lawful business purposes. Notwithstanding the foregoing, RXNT may, with Customer’s consent, share Customer contact information with certain partners we may work with.
RXNT must promptly comply with any Customer request or instruction requiring RXNT to provide, amend, transfer, or delete Customer personal information, or to stop, mitigate, or remedy any unauthorized processing unless otherwise permitted by the CCPA.
Customer and RXNT, notwithstanding anything in the agreement entered, acknowledge and agree that RXNT’s access to Customer personal information is not part of the consideration exchanged by the parties in respect of the Agreement.
If a law requires RXNT to disclose Customer personal information for a purpose unrelated to the Service, RXNT must first inform Customer of the legal requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
RXNT may use a subcontractor to provide or support the provision of the Service. Any subcontractor used must qualify as a service provider under the CCPA and RXNT will not make any disclosures to the subcontractor that the CCPA would treat as a sale.
RXNT certifies that it understands its obligations under this paragraph and must comply with them.
d. Customer’s Responsibilities
Customer is solely responsible for: (i) identifying whether the CCPA applies to Customer; (ii) providing any notices of your privacy practices that may be required by CCPA; and (iii) identifying and responding to verifiable consumer requests to exercise CCPA (CCPA Rights Requests) rights to access, delete, or opt out of the sale of personal information, including for verifying the identity of consumers submitting CCPA Rights Requests and for evaluating the scope and legality of such requests. Customer is solely responsible and liable for responding to an individual's CCPA Rights Requests, including without limitation the content and timing of the response, in compliance with the CCPA.
The Customer may not direct or otherwise cause RXNT to share any Customer personal information with any third party in a manner that may constitute a “sale” as defined in the CCPA.
CPPA Rights Requests
RXNT will provide reasonable assistance to Customer in responding to such CCPA Rights Requests, including assistance in providing self-service functionality.
RXNT will treat any CCPA Rights Request that Customer submits under CCPA as presumptively valid under CCPA. With respect to CCPA Rights Requests for which Customer requires RXNT to provide assistance, Customer must: (i) notify RXNT within five days of its receipt of the CCPA Rights Request by emailing [email protected]; and (ii) provide RXNT with the consumer’s email address or such other information that would permit RXNT to honor the request.
Within ten business days of RXNT’s receipt of a CCPA Request for Access to Customer personal information, RXNT will provide Customer with a file that contains the Customer personal information that RXNT maintains about the individual via a secure method of transfer if necessary. RXNT may withhold from such file any Customer personal information that the CCPA does not require be provided in such response.
Except as otherwise required by applicable law or permitted by the CCPA, RXNT, within ten business days of receipt of a CCPA Request for Deletion of Customer personal information, will delete the Customer personal information, to the extent RXNT maintains such Customer personal information about the individual. RXNT may delete such Customer personal data by anonymizing and/or aggregating the information such that the information does not identify and is not reasonably capable of identifying the individual.
ATTACHMENT F - Security Notice
How We Protect Your Data on Our Web-based Software Services
What This Security Notice Covers
This security notice pertains to the security measures in place at RXNT for protection of personal and protected health information in connection with the use of the RXNT web site, and the RXNT PM (practice management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing) web-based services (collectively, Service).
Unique identification of users
To comply with the HIPAA requirements and to provide a secure service, RXNT requires all users to have a unique username.
In addition to a username, every user account must be protected with a password of sufficient complexity. RXNT ERX service sign-ins are protected by account lock out for non-usages.
Security on the RXNT web site
RXNT Service users may choose to sign into their account at the RXNT web site. Such sign-ins are protected by SSL security. Your browser will usually display an indicator (such as a "lock" icon) when using a secure SSL connection.
Security in the RXNT service
The RXNT Service communicates with secure RXNT hosted and controlled servers and networks. All communications are secured with public-key encryption. RXNT disallows the use of low cipher strength in our production service.
RXNT helps to ensure physical and technical security protections of customer data, as it uses servers located in SOC 2 Type 2 certified hosting providers.
RXNT employs redundant, next-generation firewalls, intrusion detection and prevention services monitored 24X7X365. RXNT uses a PCI Approved Scanning Vendor (ASV), internal and external threat prevention delivering timely and accurate reports of our production services.
In addition to these controls RXNT deploys Azure cloud defender and Azure cloud native protection services which help to identify, block, and track hacking attempts, scans, data breaches, adware,
malware, spyware, Trojans, phishing attempts and other equally malicious requests.
RXNT ensures encryption of data at rest by implementing Azure provided cloud native solution.
Role-based security
Every user in the RXNT Service belongs to one or more roles. A role is defined by each customer and is assigned a set of permissions.
Application locking
In accordance with HIPAA policies, RXNT’s Service will automatically lock up if left unattended for a period-of-time. Correct credentials of the user will need to be provided prior to using the application again.
RXNT password policy
RXNT system passwords are meant to help protect sensitive patient medical and financial records, as well as practice financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness.
The passwords are encouraged to be at least (8) eight characters long and have to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker. The passwords will expire on a regular basis.
A user may change their password at any point in the RXNT web site. Passwords changed by administrators/RXNT Support staff will immediately expire to allow users to log in but also to ensure that they immediately change their passwords to something that only they know.
RXNT will never store any passwords in permanent storage in a way that is reversible. The RXNT Service will never show the password in plain-text, human-readable form.
Changes to this security policy
RXNT may update this policy at any time for any reason. If there are any significant changes to how we handle security, we will make a reasonable commercial effort to send a notice to the contact email address specified in your company's RXNT account or by placing a prominent notice on our site.
Questions?
If you have questions or suggestions, you can contact us at:
Thomas Kavukat, CTO
RXNT
1449 Whitehall Road
Annapolis, MD 21409
[email protected]
To report a security violation, please call us at 800-943-7968.
ATTACHMENT G - Data Return Policy FAQ
The following FAQ outlines RXNT’s policies for return of data regarding RXNT services as referenced in the RXNT Terms of Service Agreements, Section 8.
This FAQ will be updated on a regular basis to ensure regulatory compliance, allow adjustments for various changes in workflow, updated product features and operational efficiency.
RXNT PM (Practice Management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing).
Q: If I terminate my contract with RXNT, will I have an opportunity to download my data?
A: RXNT recommends that the Customer initiate or perform their data export prior to the actual termination date. The Customer data will only be provided in Microsoft Excel (.XLS) or Comma Separated Values (.CSV) file format and only includes patient records (including patient demographics and insurance coverage information) and claim records (including encounter and claim information).
Q: What happens to my data after the actual termination date?
A: RXNT will continue to retain the Customer’s data for an additional minimum 60 days (Data Retention Period) as a safeguard in the event that the client requires additional data.
Q: If I discover that I need additional information during the Data Retention Period, how can I obtain the additional data?
A: Please contact the RXNT Support Department (Support) at [email protected] for assistance.
Q: During the Data Retention Period, will RXNT continue to maintain privacy, security and integrity of my data as defined by HIPAA?
A: As noted in the RXNT Business Associate Agreement (BAA), RXNT will continue to extend the protections of the BAA agreement during the Data Retention Period.
Q: What data can I download from the system?
A: RXNT recommends contacting Support for assistance in identifying data to export from RXNT – prior to the actual termination date. If Customer contacts Support for assistance after the date Customer has requested their account be disabled, RXNT may require the Customer to pay the standard rate of $100 an hour (minimum 30 minutes) before assisting them with the export.
Q: Will RXNT maintain a copy of my data to comply with local, state, federal and/or HIPAA Medical Records retention mandate (6-10 years depending on the state)?
A: After the Data Retention Period is completed, RXNT will properly dispose of customer data containing PHI as noted on RXNT’s BAA. Customer will solely be responsible for complying with all state and HIPAA records retention requirements.
Q: What does RXNT consider an “Abandoned Account”?
A: An abandoned account means a Customer has discontinued service (but has failed to formally terminate its account with the service) by a combination of non-payment of the current or previous month fees and 30 consecutive days of no Customer logins to the service. At the 31st day, the account is deemed “Abandoned” and the account is terminated. In addition, an account will also be deemed “Abandoned” and terminated if the user fails to confirm their account via e-mail within 30 days of sign-up.
Q: What happens to my data if my account is deemed “Abandoned” and terminated?
A: After the account is deemed terminated, the data is held for an additional minimum 60 days (Data Retention Period). RXNT will then properly dispose of customer data containing PHI as noted on RXNT’s BAA. Customer will solely be responsible for complying with all state and HIPAA records retention requirements.
Q: Can I get a refund or credit if I cancel the Services?
A: No. As stated in the Pricing Policy, RXNT does not refund or credit subscription fees for partial months or for any portion of a prepaid plan upon a deactivation of a Provider or account cancellation.
ATTACHMENT H - Service Level FAQ
The following FAQ outlines RXNT’s service level agreement regarding RXNT services as referenced in the RXNT Terms of Service Agreements, Section 4, a.
This FAQ will be updated on a regular basis to ensure regulatory compliance, allow adjustments for various changes in workflow, updated product features and operational efficiency.
RXNT PM (Practice Management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing).
Q: If I terminate my contract with RXNT, will I have an opportunity to download my data?
A: RXNT recommends that the Customer initiate or perform their data export prior to the actual termination date. The Customer data will only be provided in Microsoft Excel (.XLS) or Comma Separated Values (.CSV) file format and only includes patient records (including patient demographics and insurance coverage information) and claim records (including encounter and claim information).
Q: Does RXNT guarantee a system uptime and reliability?
A: RXNT makes every effort to maintain an uptime of 99%.
Q: Where are the RXNT data centers?
A: RXNT data centers are located in Texas.
Q: What redundancy is in place?
A: There is redundancy of all critical systems & network components
Q: Is there a disaster recovery plan?
A: Yes. RXNT’s data center has a fully functional disaster recovery plan in place.
Q: How does RXNT handle scheduled outages and maintenance?
A: RXNT may conduct maintenance online at any hour, when a service interruption is not required. RXNT will make a reasonable effort to conduct scheduled system maintenance that requires an outage between the hours of 11:00 PM and 7:00 AM Eastern Time. RXNT will make a commercially reasonable effort to provide 30 minutes advanced notification of emergency maintenance or within 30 minutes of an unplanned outage. All notifications shall be sent to the Customer designated point of contact.
Last Updated: This document was last updated on December 1, 2023