Agency Care Provider
Supplemental Terms of Use

Table of contents

  1. Agency Services
  2. Ordering
  3. CareLinx Obligations
  4. Agency Care Provider Obligations
  5. General
Business Associate Agreement

Table of contents

  1. Agency Services
  2. Ordering
  3. CareLinx Obligations
  4. Agency Care Provider Obligations
  5. General
Business Associate Agreement

These Supplemental Terms of Service ("Supplemental Terms") supplement the CareLinx Terms of Use ("General Terms") located at www.carelinx.com/terms for Care Providers who are agencies and that have ordered Services as further described in these Supplemental Terms ("Agency Care Providers"). In the event of a conflict between these Supplemental Terms and the General Terms, these Supplemental Terms shall control with respect to Agency Care Providers who are Members. Capitalized terms that have the meaning set forth below or as defined in the General Terms.PLEASE READ THESE SUPPLEMENTAL TERMS CAREFULLY. BY CLICKING ON A BOX THAT STATES AGENCY CARE PROVIDER ACCEPTS OR AGREES TO THESE SUPPLEMENTAL TERMS AND/OR ACCEPTING ENTERING INTO AN ORDER FORM WITH CARELINX REFERENCING THESE SUPPLEMENTAL TERMS, AGENCY CARE PROVIDER ACKNOWLEDGES AND AGREES TO THE FOLLOWING TERMS. ONCE ACCEPTED, THE SUPPLEMENTAL TERMS ARE INCORPORATED BY REFERENCE INTO THE GENERAL TERMS AND GOVERNED THEREBY (THE SUPPLEMENTAL TERMS TOGETHER WITH THE GENERAL TERMS, THE "TERMS"). IF AGENCY CARE PROVIDER DOES NOT AGREE TO THESE SUPPLEMENTAL TERMS, AGENCY CARE PROVIDER MAY NOT USE THE SITE OR THE SERVICES. CARELINX RESERVES THE RIGHT, IN ITS SOLE DISCRETION, TO CHANGE, MODIFY, ADD OR DELETE PORTIONS OF THE SUPPLEMENTAL TERMS AT ANY TIME ON NOTICE TO AGENCY CARE PROVIDER. AGENCY CARE PROVIDER'S CONTINUED USE OF THE SITE AND/OR THE SERVICES FOLLOWING THE NOTICE OF CHANGES WILL MEAN AGENCY CARE PROVIDER ACCEPTS THE CHANGES. IF AGENCY CARE PROVIDER DOES NOT AGREE TO SUCH CHANGES, AGENCY CARE PROVIDER MAY TERMINATE THE ORDER FORM ON WRITTEN NOTICE TO CARELINX WITHIN FIVE (5) DAYS FOLLOWING AGENCY CARE PROVIDER'S RECEIPT OF CARELINX'S NOTICE OF CHANGES.

  1. Agency Services

    1. By allowing Agency Care Providers to use the Services, CareLinx desires to allow Care Seekers to hire an agency as opposed to an individual as a Care Provider. By using the Services, Agency Care Providers are able to enhance their offering using the features and functions of the Services and will have access to potentially new Care Seekers. The Services that include the ability for Agency Care Providers and Care Seekers looking to hire an agency as opposed to an individual as a Care Provider to connect will defined as the "Agency Services".

    2. Care Seekers who register for the Agency Services ("Agency Care Seekers") will be able to search for Agency Care Providers via the Services. Depending on the Agency Care Seekers' preferences, Agency Care Provider may be able to contact such Agency Care Seekers.

    3. Agency Care Provider and the Agency Caregivers (defined below) will be considered a Member and Care Provider for purposes of the General Terms.

    4. CareLinx does not provide or arrange for home care services. The provision of home care services by an Agency Care Provider to an Agency Care Seeker will be subject to a separate agreement between Agency Care Provider and Agency Care Seeker ("Agency Agreement"). CareLinx is not a party to any such Agency Agreement and does not participate in the interaction between Agency Care Providers and Agency Care Seekers except to the limited extent necessary to make available the Agency Services. CareLinx does not provide any home care billing services. Any disputes related to the services received by Agency Care Seeker or payment due to Agency Care Provider must be resolved directly between Agency Care Seeker and Agency Care Provider.

    5. Agency Care Provider acknowledges and agrees that its Agency Caregivers' access to and use of the Services is subject to the General Terms. Each Agency Caregiver will be required to accept the General Terms prior to being able to access and use the Services. Agency Care Provider is responsible for use of the Services by its Agency Caregivers and for their compliance with the General Terms.

    6. Agency Care Provider may provide to CareLinx certain of its trademarks, service marks, and logos ("Agency Marks") to its profile on the Agency Services. Agency Care Provider grants CareLinx a non-exclusive, worldwide, royalty-free and fully paid license to use the Agency Marks during the Term as required to provide the Agency Services to Agency Care Provider and Agency Care Seekers.

  2. Ordering

    1. Order Form. In order to use the Services as an Agency Care Provider, Agency Care Provider must enter into an order form signed by both parties identifying the Services to be made available by CareLinx pursuant to these Supplemental Terms (an "Order Form").

    2. Account. Agency Care Provider will create an Account and provide to CareLinx such additional information as is requested by CareLinx, including, but not limited to certain information regarding the Agency Care Provider's employee caregivers ("Agency Caregivers").

    3. Agency Caregiver Accounts. Agency Care Provider will ensure each Agency Caregiver creates a separate Account for the Services and that the information provided by such Agency Caregiver in connection with such Account is accurate, complete and up to date.

    4. Fees. Agency Care Provider will pay to CareLinx the fees set forth in the Order Form ("Fees").

    5. Term. These Supplemental Terms will remain in effect for the term set forth in the Order Form ("Term"). Unless otherwise stated in the applicable Order Form, the initial term of an Order Form will be the Initial Term set forth in the Order Form. Thereafter, the Order Form will automatically renew for additional terms of one (1) year unless either party gives written notice of non-renewal to the other party at least thirty (30) days prior to the expiration of the then-current term.

    6. Termination. In lieu of the termination provisions in the General Terms, either party may terminate the Agreement immediately upon notice to the other party if the other party materially breaches the Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach. In addition, CareLinx may terminate the Agreement at any time, with or without cause, upon thirty (30) days written notice (email sufficient) to Agency Care Provider. Upon termination or expiration of the Agreement for any reason: (a) Agency Care Provider's (and all Agency Caregivers') access to and use of Services shall immediately terminate; and (b) any amounts owed to CareLinx under this Agreement will become immediately due and payable.

  3. CareLinx Obligations

    1. Provision Of Services . Subject to Agency Care Provider's payment of the Fees, CareLinx will provide to Agency Care Provider the Services set forth in the Order Form.

    2. Agency Care Seeker Information . Subject to the Agency Care Seekers' preferences, CareLinx may share with Agency Care Provider certain information regarding certain Agency Care Seekers in order to facilitate the connection between Agency Care Seekers and Agency Care Provider.

    3. Agency Care Provider Information. CareLinx will treat all personal information of Agency Caregivers provided to it by Agency Care Provider in accordance with CareLinx's privacy policy located at:www.carelinx.com/privacy

    4. Non-Solicitation . During the Term, unless otherwise consented to by Agency Care Provider in writing, CareLinx will not directly or indirectly solicit the Agency Caregivers to become a Member as an independent Care Provider, provided, however, that the foregoing will not be violated by (i) circumstances where an Agency Caregiver initiates contact with CareLinx; or (ii) general solicitations regarding caregivers becoming Members not specifically targeted at Agency Caregivers, including responses to general advertisements.

  4. Agency Care Provider Obligations

    1. User of Services. Unless otherwise mutually agreed by the parties in writing, Agency Care Provider will (and will ensure all Agency Caregivers): (i) use the CareLinx mobile application when providing home care services to Agency Care Seekers, including clock-in/clock-out, care plan tasks completions, and adding notes and alerts; (ii) submit timesheet/invoices to the Agency Care Seeker solely via the Services; (iii) only provide home care services to Agency Care Seekers using Agency Caregivers and (iv) ensure that Agency Care Seekers with whom Agency Care Provider enters into an Agency Agreement only pays Agency Care Provider via the Platform.

    2. Payment for Home Care services . Agency Care Provider will invoice Agency Care Seekers solely via the Services and accept payment from Agency Care Seekers solely via the Services. The Fees will be deducted from each invoice payment. In the event Agency Care Seeker invoices Agency Care Seekers outside of the Services in violation of these Supplemental Terms, Agency Care Provider is still responsible for the payment to CareLinx of all Fees. Agency Care Provider is solely responsible for the accuracy of all the timesheets and rates submitted via the Services and agrees to address any inaccuracies in a timely manner.

    3. Records and Audit . Agency Care Provider will, during the Term and for (10) years thereafter unless state or federal laws or regulations require a longer time period, maintain in good condition and order complete and accurate books and records relating to its activities relating to the Services, including, but not limited to all invoices and timesheets relating to the performance of services by Agency Care Provider to Agency Care Seekers. Agency Care Provider will permit CareLinx or its representatives to review Agency Care Provider's relevant records to ensure compliance with these Supplemental Terms. CareLinx will give Agency Care Provider at least ten (10) days advance notice of any such inspection and will conduct the same during normal business hours in a manner that does not unreasonably interfere with Agency Care Provider's normal operations. If any such audit should disclose any underpayment of Fees, Agency Care Provider will promptly pay CareLinx such underpaid amount.

    4. Agency Agreement . Agency Care Provider will enter into an Agency Agreement with each Agency Care Seeker prior to providing any services to such Agency Care Seeker. Such Agency Agreement will include an explicit statement that Agency Care Provider, and not CareLinx, is the employer of the Agency Caregivers. The care plan for the provision of home care services to any Agency Care Seeker will be set forth in the Agency Agreement or otherwise agreed upon by Agency Care Provider and Agency Care Seeker. Agency Care Provider will ensure that the Agency Caregivers provide the home care services in accordance with applicable, laws, rules and such care plan (including with respect to the tasks and timelines set forth therein).

    5. Use of Information . Agency Care Provider will use any information provided by Agency Care Seeker or CareLinx hereunder solely as necessary to provide home care services to Agency Care Seeker, which such use will comply with all applicable laws, rules, and regulations as well as CareLinx's privacy policy located at:www.carelinx.com/privacy

    6. Representations and Warranties . Agency Care Provider represents, warrants and covenants that at all times during the Term: (i) Agency Care Providers' acceptance of the Terms and performance of its obligations hereunder will not, with or without the giving of notice or the passage of time, conflict with, result in the breach of or the termination of, or constitute a default under any agreement to which Agency Care Provider is or may be bound; (ii) neither Agency Care Provider nor any employee of Agency Care Provider, including any Agency Caregiver, is subject to sanction or exclusion from or by any licensing or certifying body or federal or state health care program, nor currently involved in any action or proceeding which could result in sanction or exclusion or other disciplinary action by any licensing or certifying body or any governmental entity; (iii) the services provided to Agency Care Seekers will be provided in a professional manner consistent with the level of care, skill, practice and judgment exercised by other professionals in performing services of a similar nature under similar circumstances by personnel with requisite skills, qualifications and licenses needed to carry out such work; (iv) it has obtained and will maintain (on behalf of itself and all Agency Caregivers) all necessary releases, consents, rights, licenses, representations, warranties and assignments necessary for performance of its obligations hereunder and in the General Terms; (v) it will comply with all applicable federal and state laws, including without limitation all applicable laws related to health information privacy and security, and record retention.

    7. Background Checks . Agency Care Provider represents and warrants that all Agency Caregivers have been subjected to a rigorous background check by Agency Care Provider, including, but not limited to, verification of employment, criminal history records check and any such checks required by applicable laws, rules and regulations. Agency Care Provider represents and warrants that none of its Agency Caregivers have been convicted of, or have agreed to enter into a pretrial diversion or similar program in connection with the prosecution of, a criminal offense involving theft, dishonesty, breach of trust, money laundering, the illegal manufacture, sale, distribution of or trafficking in controlled substances, or substantially equivalent activity in a domestic, military or foreign court. Agency Care Provider hereby consents to CareLinx's conducting additional interviews, background checks, and audits regarding Agency and its Agency Caregivers as necessary for CareLinx to comply with applicable laws, rules, and regulations.

    8. Employment Taxes and Benefits . Agency Care Provider warrants that the home care services will be provided solely by employees (or, if permitted by applicable laws, rules and regulations, contractors) of Agency Care Provider. Agency Care Provider agrees to pay all necessary employment taxes required by law and to be solely responsible for the direction and control of each Agency Caregiver and the job duties and working conditions of each Agency Caregiver. Agency Care Provider expressly acknowledges and agrees that it shall have sole responsibility for all obligations and costs associated with compliance with all applicable federal, state and local laws and regulations governing employment. Agency Care Provider also agrees to report employees' income and withhold all required taxes from such income, as may be required by law. Employees of Agency Care Provider will not be entitled to receive any benefits or compensation, or to participate in any plans, arrangements, or distributions by CareLinx pertaining to any bonus, stock option, profit sharing, insurance or similar benefits, for CareLinx employees. In addition, Agency Care Provider agrees that it will provide for Workers' Compensation, unemployment, and all other coverage required under applicable local, state or federal law or its contractual obligations with respect to the Agency Caregivers.

    9. Complaints and Grievances . Agency Care Provider will ensure that all complaints or grievances from Agency Caregivers are reported to CareLinx in a timely and accurate manner and will provide to CareLinx (and assist CareLinx in obtaining) any additional information regarding any such complaints or grievances reasonably requested by CareLinx.

    10. Indemnification . In addition to the indemnification obligations set forth in the General Terms, Agency Care Provider agrees that it will defend (including payment of all attorneys' fees) and indemnify CareLinx against any claim asserted against CareLinx for Agency Care Provider's failure to comply with its obligations under Sections 4(d) through (h), 5(b) or any claim by an Agency Caregiver or Agency Care Seeker that CareLinx is the employer of an Agency Caregiver.

    11. Suspension and Exclusion . Agency Care Provider acknowledges and agrees that CareLinxcan suspend or exclude any Agency Caregiver from using all or part of Services in the event any such Agency Caregiver fails to comply with the requirements of Care Providers applicable to such Services.

    12. Non-Solicitation . During the Term, unless otherwise consented to by CareLinx in writing, Agency Care Provider will not directly or indirectly solicit any Member to become an Agency Caregiver, provided, however, that the foregoing will not be violated by (i) circumstances where a Member initiates contact with Agency Care Provider; or (ii) general solicitations regarding caregivers becoming Agency Caregivers not specifically targeted at Members, including responses to general advertisements.

    13. Services Covenant . Agency Care Provider represents, warrants and covenants that the services provided to Agency Care Seekers (e.g., in terms of scope, quality, price, responsiveness, etc.) will be no less favorable than the most favorable services that Agency Care Provider provides to any other client or customer of Agency Care Provider.

    14. Content . For purposes of the General Terms, all content, materials or information submitted by Agency Caregivers will be deemed Agency Care Provider's Content.

    15. Agency Personnel . Agency shall ensure that its employees and/or independent contractors who provide Services have the credentials, licenses, certifications and training to perform the Services.

    16. Additional Terms . In order for Agency Care Provider to be available to provide home care services to certain groups of Agency Care Seekers, Agency Care Provider may have to agree to additional terms and conditions as communicated by CareLinx to Agency Care Provider. Agency Care Provider acknowledges and agrees that if it does not agree to such additional terms and conditions, it will not be able to provide services so such Agency Care Seekers.

  5. General

    1. No Affiliation . Agency Care Provider acknowledges that neither Agency Care Provider nor its Agency Caregivers are legally affiliated with CareLinx in any way, and no independent contractor, partnership, joint venture, employer-employee or franchiser-franchisee relationship is intended or created by Agency Care Provider's or its Agency Caregivers' use of the Site or Services or by these Supplemental Terms or the General Terms.

    2. HIPAA Compliance . Agency Care Provider acknowledges and agrees that from time to time during the term of the Terms through use of the Services, Agency Care Provider, its affiliates, Agency Caregivers, employees, agents and subcontractors or assigns may be exposed to or have access to Protected Health Information ("PHI") as defined by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementation regulations ("HIPAA"). Agency Care Provider represents, warrants and covenants that it will (and it will cause its affiliates, Agency Caregivers, employees, agents and subcontractors or assigns may be exposed to or have access to PHI to) comply with HIPAA with respect thereto. To the extent that CareLinx processes PHI on behalf of Agency Care Provider and required by applicable laws, rules or regulations or CareLinx's contractual obligations, Agency Care Provider and CareLinx will execute the BAA in the form attached hereto as Exhibit A (the "BAA").

    3. Confidentiality . "Confidential Information" means any nonpublic information of a party (the "Disclosing Party"), whether disclosed orally or in written or digital media, that is identified as "confidential" or with a similar legend at the time of such disclosure or that the receiving party (the "Receiving Party") knows or should have known is the confidential or proprietary information of the Disclosing Party. Information will not constitute the other party's Confidential Information if it (i) is already known by the Receiving Party without obligation of confidentiality; (ii) is independently developed by the Receiving Party without access to or use of the Disclosing Party's Confidential Information; (iii) is publicly known without breach of the Agreement; or (iv) is lawfully received from a third party without obligation of confidentiality. The Receiving Party will not use or disclose any Confidential Information except as expressly authorized by this Agreement and will protect the Disclosing Party's Confidential Information using the same degree of care that it uses with respect to its own confidential information, but in no event with safeguards less than a reasonable degree of care. The Receiving Party will take prompt and appropriate action to prevent unauthorized use or disclosure of the Disclosing Party's Confidential Information. If any Confidential Information must be disclosed to any third party by reason of legal, accounting or regulatory requirements, the Receiving Party will promptly notify the Disclosing Party of the order or request and permit the Disclosing Party (at its own expense) to seek an appropriate protective order. Upon the request of the Disclosing Party or upon the termination or expiration of the Agreement, the Receiving Party will return to the Disclosing Party (or at the Disclosing Party's option, securely destroy) all Confidential Information of the Disclosing Party and all copies thereof in the Receiving Party's possession.

    4. Limitation of Liability . The first paragraph of Section 16 of the General Terms relating to limitation of liability is hereby replaced with the following: IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THE TERMS HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. THE MAXIMUM LIABILITY OF CARELINX ARISING OUT OF OR IN ANY WAY CONNECTED TO THE TERMS WILL NOT EXCEED THE FEES PAID BY AGENCY CARE PROVIDER TO CARELINX DURING THE TWELVE (12) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. THE MAXIMUM LIABILITY OF CARELINX ARISING OUT OF OR IN ANY WAY CONNECTED TO THE BAA WILL NOT EXCEED $500,000 PER INCIDENT. IN NO EVENT WILL CARELINX'S SUPPLIERS HAVE ANY LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED TO THE TERMS. NOTHING IN THE TERMS WILL LIMIT OR EXCLUDE EITHER PARTY'S LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF A PARTY OR ITS EMPLOYEES OR AGENTS OR FOR DEATH OR PERSONAL INJURY.

EXHIBIT A

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (this "Agreement") by and between _______________ ("Covered Entity") and CareLinx ("Business Associate"), is entered into on ____________, 201_ ("Effective Date"), for the purposes of complying with the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder ("HIPAA") and the security provisions of the American Recovery and Reinvestment Act of 2009, also known as the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act").

WITNESSETH

WHEREAS, Covered Entity is a covered entity as such term is defined under HIPAA and as such is required to comply with the requirements thereof regarding the confidentiality and privacy of Protected Health Information; and

WHEREAS, Business Associate has entered or may enter into one or more agreements with Covered Entity, including Order Form(s), the CareLinx Terms of Use and Agency Care Provider Supplemental Terms of Use ("Service Agreement"), pursuant to which Business Associate may receive Protected Health Information for or on behalf of Covered Entity; and

WHEREAS, by providing services pursuant to the Service Agreement and receiving Protected Health Information for or on behalf of Covered Entity, Business Associate shall become a Business Associate of Covered Entity, as such term is defined under HIPAA, and will therefore have obligations regarding the confidentiality and privacy of Protected Health Information that Business Associate receives from or on behalf of, Covered Entity.

NOW THEREFORE, in consideration of the mutual covenants, promises, and agreements contained herein, the parties hereto agree as follows:

  1. DEFINITIONS. For the purposes of this Agreement, capitalized terms shall have the meanings ascribed to them below. All capitalized terms used but not otherwise defined herein or the Service Agreement will have the meaning ascribed to them by HIPAA.

    1. "Protected Health Information" or "PHI" is any information, whether oral or recorded in any form or medium that is created, received, maintained, or transmitted by Business Associate for or on behalf of Covered Entity, that identifies an individual or might reasonably be used to identify an individual and relates to: (i) the individual's past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present or future payment for health care.

    2. "Secretary" shall refer to the Secretary of the U.S. Department of Health and Human Services.

    3. "Unsecured PHI" shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary (e.g., encryption). This definition applies to both hard copy PHI and electronic PHI.

  2. OBLIGATIONS OF BUSINESS ASSOCIATE.

    1. General Compliance with Law. Business Associate warrants that it, its agents and its subcontractors: (i) shall use or disclose PHI only in connection with fulfilling its duties and obligations under this Agreement and the Service Agreement; (ii) shall not use or disclose PHI other than as permitted or required by this Agreement or required by law; (iii) shall not use or disclose PHI in any manner that violates applicable federal and state laws or would violate such laws if used or disclosed in such manner by Covered Entity; and (iv) shall only use and disclose the minimum necessary PHI for its specific purposes.

    2. Use and Disclosure of Protected Health Information. Subject to the restrictions set forth throughout this Agreement, Business Associate may use the information received from Covered Entity if necessary for (i) the proper management and administration of Business Associate; or (ii) to carry out the legal responsibilities of Business Associate.
      Subject to the restrictions set forth in throughout this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that: (i) disclosures are required by law, or (ii) Business Associate obtains reasonable assurances from the person or entity to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person or entity, and the person or entity notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

      Business Associate is permitted, for Data Aggregation purposes to the extent permitted under HIPAA, to use, disclose, and combine PHI created or received on behalf of Covered Entity by Business Associate pursuant to this Agreement with PHI, as defined by 45 C.F.R. 160.103, received by Business Associate in its capacity as a business associate of other covered entities, to permit data analyses that relate to the Health Care Operations of the respective covered entities and/or Covered Entity.

      Business Associate may de-identify any and all PHI created or received by Business Associate under this Agreement. Once PHI has been de-identified pursuant to 45 CFR 164.514(b), such information is no longer Protected Health Information and no longer subject to this Agreement.

      Business Associate acknowledges that, as between Business Associate and Covered Entity, all PHI shall be and remain the sole property of Covered Entity, including any and all forms thereof developed by Business Associate in the course of its fulfillment of its obligations pursuant to the Agreement and Service Agreement.

    3. Covered Entity Obligations. To the extent that Business Associate is to carry out any of Covered Entity's obligations that are regulated by HIPAA, Business Associate shall comply with the HIPAA requirements that apply to the Covered Entity in the performance of such obligation.

    4. Safeguards. Business Associate shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Business Associate's operations, to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. Business Associate shall comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of such electronic PHI other than as provided for by this Agreement.

    5. Availability of Books and Records. Business Associate shall permit the Secretary and other regulatory and accreditation authorities to audit Business Associate's internal practices, books and records at reasonable times as they pertain to the use and disclosure of PHI in order to ensure that Covered Entity and/or Business Associate is in compliance with the requirements of HIPAA.

    6. Individuals' Rights to Their PHI.
      (i) Access to informationTo the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for access to PHI pursuant to 45 CFR Section 164.524, Business Associate, within ten (10) business days upon receipt of written request by Covered Entity, shall make available to Covered Entity such PHI. In the event that any Individual requests access to PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days.Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual's request for PHI and Business Associate will make no such determinations. Except as Required by Law, only Covered Entity will be responsible for releasing PHI to an Individual pursuant to such a request. Any denial of access to PHI determined by Covered Entity pursuant to 45 CFR Section 164.524, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.

      (ii) Amendment of InformationTo the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for an amendment to PHI, Business Associate shall, within ten (10) business days upon receipt of a written request by Covered Entity, make available to Covered Entity such PHI. In the event that any Individual requests amendment of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days.Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual's request for an amendment to PHI and Business Associate will make no such determinations. Any denial of amendment to PHI determined by Covered Entity pursuant to 45 CFR Section 164.526, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.Within ten (10) business days of receipt of a request from Covered Entity to amend an individual's PHI in the Designated Record Set, Business Associate shall incorporate any approved amendments, statements of disagreement, and/or rebuttals into its Designated Record Set as required by 45 CFR Section 164.526.

      (iii) Accounting of DisclosuresIn order to allow Covered Entity to respond to a request by an Individual for an accounting pursuant to 45 CFR Section 164.528, Business Associate shall, within ten (10) business days of a written request by Covered Entity for an accounting of disclosures of PHI about an Individual, make available to Covered Entity such PHI. At a minimum, Business Associate shall provide Covered Entity with the following information: (a) the date of the disclosure; (b) the name of the entity or person who received the PHI, and if known, the address of such entity or person; (c) a brief description of the PHI disclosed; and (d) a brief statement of the purpose of such disclosure. In the event that any Individual requests an accounting of disclosures of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within five (5) business days. Covered Entity will be responsible for preparing and delivering an accounting to Individual. Business Associate shall implement an appropriate record keeping process to enable it to comply with the requirements of this Agreement.

    7. Disclosure to Third Parties. usiness Associate shall obtain and maintain a written agreement with each subcontractor or agent that has or will have access to PHI, which is received from, or created or received by, Business Associate for or on behalf of Covered Entity, pursuant to which such subcontractor and agent agrees to be bound by the same restrictions, terms, and conditions that apply to Business Associate under the Agreement with respect to such PHI.

    8. Reporting Obligations. In the event of a Breach of any Unsecured PHI that Business Associate accesses, maintains, retains, modifies, records, or otherwise holds or uses on behalf of Covered Entity, Business Associate shall report such Breach to Covered Entity as soon as practicable, but in no event later than ten (10) business days after the date the Breach is discovered. Notice of a Breach shall include, to the extent such information is available: (i) the identification of each individual whose PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed during the Breach; (ii) the date of the Breach, if known, and the date of discovery of the Breach; (iii) the scope of the Breach; and (iv) the Business Associate's response to the Breach.

      In the event of a use or disclosure of PHI that is improper under this Agreement but does not constitute a Breach, Business Associate shall report such use or disclosure to Covered Entity within ten (10) business days after the date on which Business Associate becomes aware of such use or disclosure.In the event of any successful Security Incident, Business Associate shall report such Security Incident in writing to Covered Entity within ten (10) business days of the date on which Business Associate becomes aware of such Security Incident. The parties acknowledge that unsuccessful Security Incidents that occur within the normal course of business shall not be reported pursuant to this Agreement. Such unsuccessful Security Incidents include, but are not limited to, port scans or "pings," and unsuccessful log-on attempts, broadcast attacks on Business Associate's firewall, denials of service or any combination thereof if such incidents are detected and neutralized by Business Associate's anti-virus and other defensive software and not allowed past Business Associate's firewall.

  3. OBLIGATIONS Of COVERED ENTITY.

    1. Permissible Requests. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would violate applicable federal and state laws if such use or disclosure were made by Covered Entity. Covered Entity may request Business Associate to disclose PHI directly to another party only for the purposes allowed by HIPAA and the HITECH Act.

    2. Notifications. Covered Entity shall notify Business Associate of any limitation in any applicable notice of privacy practices in accordance with 45 CFR Section 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI.

    3. Individual Restrictions. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use or disclosure of PHI.

    4. General Restrictions. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.

  4. TERM AND TERMINATION.

    1. General Term and Termination. This Agreement shall become effective on the Effective Date set forth above and shall terminate upon the termination or expiration of the Service Agreement and when all PHI provided by either party to the other, or created or received by Business Associate on behalf of Covered Entity is, in accordance with this Section, destroyed, returned to Covered Entity, or protections are extended.

    2. Material Breach. Where either party has knowledge of a material breach by the other party, the non-breaching party shall provide the breaching party with an opportunity to cure. Where said breach is not cured to the reasonable satisfaction of the non-breaching party within twenty (20) business days of the breaching party's receipt of notice from the non-breaching party of said breach, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach. Where either party has knowledge of a material breach by the other party and cure is not possible, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach.

    3. Return or Destruction of PHI. Upon termination of this Agreement for any reason, Business Associate shall: (i) if feasible as determined by Business Associate, return or destroy all PHI received from, or created or received by Business Associate for or on behalf of Covered Entity that Business Associate or any of its subcontractors and agents still maintain in any form, and Business Associate shall retain no copies of such information; or (ii) if Business Associate determines that such return or destruction is not feasible, extend the protections of this Agreement to such information and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible, in which case Business Associate's obligations under this Section shall survive the termination of this Agreement.

  5. MISCELLANEOUS.

    1. Amendment. If any of the regulations promulgated under HIPAA or the HITECH Act are amended or interpreted in a manner that renders this Agreement inconsistent therewith, the parties shall amend this Agreement to the extent necessary to comply with such amendments or interpretations.

    2. Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA and the HITECH Act.

    3. Conflicting Terms. In the event that any terms of this Agreement conflict with any terms of the Service Agreement, the terms of this Agreement shall govern and control.

    4. Notices. Any notices pertaining to this Agreement shall be given in writing and shall be deemed duly given when personally delivered to a Party or a Party's authorized representative as listed below or sent by means of a reputable overnight carrier, or sent by means of certified mail, return receipt requested, postage prepaid. Notices shall be deemed given upon receipt. Notices shall be addressed to the appropriate Party as follows:

      If to Covered Entity:

      [COVERED ENTITY]
      [ADDRESS]
      Attn: [CONTACT]

      If to Business Associate:

      CareLinx, Inc.
      1350 Old Bayshore Hwy, Suite 850
      Burlingame, CA 94010
      Attn: Chief Security Officer

    5. Severability. The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein.

Version 1.1
Last Revised: Oct 1, 2019

©2024 Sharecare, Inc.

COOKIES
YOUR PRIVACY CHOICES
PRIVACY
TERMS
App StoreGoogle Play

ABOUT

AboutSharecareResourcesHelp/ContactusPrivacy policyTerms

CareLinx does not employ or recommend any care provider or care seeker nor is it responsible for the conduct of any care provider or care seeker. The CareLinx website is a venue that provides tools to help care seekers and care providers connect online. Each individual is solely responsible for selecting a care provider or care seeker for themselves or their families and for complying with all laws in connection with any employment relationship they establish.

AARP member benefits are provided by third parties, not by AARP or its affiliates. Providers pay a royalty fee to AARP for the use of its intellectual property. These fees are used for the general purposes of AARP. Some provider offers are subject to change and may have restrictions. Please contact the provider directly for details.