It is understood that by signing this form, the Customer understands the following:
Confidential Information, PCI Compliance, and HIPPA Compliance. “Discloser” and “Recipient” apply to both Parties depending on their role, whether as the discloser or the recipient of Confidential Information. “Confidential Information” means the terms of this Agreement; a Party’s proprietary or confidential information, intellectual property, trade secrets, know-how, software, technology, specifications, and non¬public business or financial information; a Party’s member, customer and employee data, Patient Data (as defined below), personally identifiable information (“PII”), and payment card industry information (“PCI”); any written materials marked as confidential; and any other information of a Party, including visual or oral information, which reasonably should be understood to be confidential. Confidential Information also means any third party’s information provided to a Party under the obligation of confidentiality.
“Patient Data” means any “protected health information” under HIPAA, including, without limitation, any data or information concerning a patient’s treatment, procedure, medicine, drugs, diagnosis, therapy, surgery, outcome, history, genetics, disclosure, behavior, name, address, or other identifying information of, or applicable to, any patient.
Use and Protection: Recipient may use Discloser’s Confidential Information solely for the purposes of this Agreement and as permitted or required under this Agreement.
The recipient will safeguard Discloser’s Confidential Information by doing the following:
- not disclosing Discloser’s Confidential Information, or permitting anyone else to disclose it, except to those employees, credentialed physicians, advanced practice clinicians, affiliates, accountants, attorneys, and consultants of Recipient who have a need to know and are required to keep it confidential;
- keeping confidential all of Discloser’s Confidential Information;
- maintaining Discloser’s Confidential Information in a safe and secure place;
- exercising the same degree of care to safeguard Discloser’s Confidential Information as it would in protecting its own, but in no event less than reasonable care; and
- returning or destroying all documents, copies, notes, or other materials containing any of Discloser’s Confidential Information upon Discloser’s request.
Exceptions to Obligations: The exceptions in this Section do not apply to Patient Data, PII, or PCI, which remain subject to the confidentiality obligations of this Agreement. Recipient is not subject to the confidentiality obligations of this Agreement regarding Confidential Information that Recipient can prove meets any of the following criteria: (a) is or becomes publicly available without breach of this Agreement, but only from the date that it becomes publicly available; (b) was rightfully in Recipient’s possession without an obligation of confidentiality owed to Discloser before Recipient received it from Discloser; (c) was disclosed to Recipient by a third party without obligation of confidentiality owed to Discloser; or (d) is independently developed by Recipient without using any of the Confidential Information.
Patient Data, PII, and PCI: If Customer permits Revcord to create, use, disclose, access, de-identify, aggregate, maintain, or transmit any of Customer’s Patient Data, PII, or PCI under this Agreement, Revcord must first sign, and require its contractors to sign, an approved business associate agreement (“BAA”) and data security agreement (“DSA”). The BAA and DSA are independent, stand-alone agreements and survive any termination of this Agreement. This Agreement does not amend, alter, or limit the BAA or DSA. With respect to Patient Data, PII, and PCI, if a conflict arises between this Agreement and the BAA or DSA, the BAA or DSA, as applicable, governs. Unless specifically permitted under the BAA or the DSA, Revcord may not create, use, disclose, access, de-identify, aggregate, maintain or transmit any of Customer’s Patient Data, PII, or PCI. If Revcord fails to comply with the previous sentence or discovers Customer’s Patient Data, PII, or PCI, then Revcord will (a) notify Customer immediately in writing, and (b) follow Customer’s instructions for returning or destroying that Patient Data, PII, or PCI.
Judicial Order: If a judicial or governmental request or order seeks Confidential Information, Recipient may disclose that Confidential Information as requested or ordered. But, if permitted by applicable law, the Recipient must notify Discloser before disclosing the Confidential Information and cooperate with Discloser’s reasonable requests in seeking a protective order or limiting the effect of that disclosure.
Limited Liability. Customer expressly agrees that use of Revcord hardware and/or software is at Customer’s sole risk. Neither Revcord, its employees, affiliates, agents, third party information providers, merchants, licensors, or the like, warrant that the Revcord service will not be interrupted or error-free; nor do they make any warranty as to the results that may be obtained from the use of Revcord. Under no circumstances, including negligence, shall Revcord, its officers, agents or anyone else involved in creating, producing, or distributing Revcord be liable for any direct, indirect, incidental, special or consequential damages that result from the use of or inability to use Revcord; or that results from mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, or transmission or any failure of performance, whether or not limited to acts of God or Nature, communication failure, theft, destruction or unauthorized access to records, programs or services. Notwithstanding the above, Customer’s exclusive remedies for all damages, losses, and causes of actions whether in agreement, tort including negligence or otherwise, shall not exceed the aggregate dollar amount which Customer paid during the term of this Agreement.
Indemnification. Customer agrees to indemnify Revcord against liability for any and all installations and use of the Revcord product by Customer. Customer agrees that it shall defend, indemnify, save and hold Revcord harmless from any and all demands, liabilities, losses, costs, and claims, including reasonable attorneys’ fees, asserted against Revcord, its agents, its customers, servants, officers, and employees, that may arise or result from any service provided or performed or agreed to be performed or any product sold by Customer, its agents, employees, or assigns. Customer agrees to defend, indemnify and hold harmless Revcord against liabilities arising out of (i) any injury to person or property caused by any products sold or otherwise distributed by Customer in connection with the use of Revcord; (ii) any material supplied by Customer infringing or allegedly infringing on the proprietary rights of a third party; (iii) copyright infringement and (iv) any defective product which Customer sold in conjunction with using Revcord.