Last Modified: April 9th 2025
Spaces Communications, Inc.
These Terms and Conditions (“Terms”) govern your use of Spaces' subscription-based content, services and products (collectively, the “Services”) made available via our website (the “Website”). As used in these Terms, “Spaces”, “we”, “us”, and “our” refer to Spaces Communications, Inc., and “Customer”, “you” and “your” refer to the subscriber.
These Terms are effective as of the date above. Please review these Terms carefully. If you do not agree with these Terms, you should not use any of our Services. From time to time, we may modify, add to, supplement or delete portions of these Terms, so we encourage you to review periodically these Terms and the Terms of Use applicable to each Service you use. If you continue to use the Services after we change these Terms, you accept all changes.
By using the Services and/or clicking the box to indicate that you agree to these Terms, you confirm that you have read and agree to our Privacy Policy, Terms of Use, and these Terms.
If you are agreeing to be bound by these Terms on behalf of your employer, organization or another entity, you represent and warrant that: (a) you have full legal authority to bind your employer, organization or the applicable entity to these Terms; (b) you have read and understand these Terms; and (c) you agree, on behalf of the party that you represent, to these Terms. If you do not have the legal authority to bind your employer, organization or the applicable entity, please do not use the Services on its behalf.
Your Use of the Services
Upon using the Services, certain users authorized by you (“Authorized Personnel”) may be able to use Spaces’ web application available on our Website to chat with your internal staff and partners or third parties that you serve (collectively, “End Users”). Authorized Personnel and End Users are referred to, collectively, herein as “Users”.
You will be required to provide a valid email address and create a password (collectively, the “Account Credentials”), and provide to Spaces certain additional information to access and use the Services. It is your responsibility to ensure that your Account Credentials are used only by you, and you agree to protect the confidentiality of your Account Credentials. All activity and use of the Services under your Account Credentials will be deemed to be authorized by you, and you will be responsible for all activity and use of the Services under your Account Credentials. You assume the entire risk for the fraudulent or unauthorized use of your Account Credentials.
All electronic data or information submitted via the Services, including data and information related to or provided by Users, is referred to herein as “Customer Data”.You are solely responsible for the content of all Customer Data.
Customer Obligations
You agree to use the Services solely in accordance with these Terms: (a) for your internal business purposes; and (b) to allow Users to communicate with one another via the Services.
You are responsible for all Users’ access to and use of the Services, as well as their compliance with these Terms and all of your obligations set forth herein, and you expressly assume liability for any violations of these Terms caused by any of your Users. This includes any acts by a User that, if they were your acts, would be a violation of these Terms by you.
You will secure and maintain all rights in Customer Data necessary for us to provide the Services to you without violating the rights of any third party or otherwise obligating Spaces to you or to any third party. Spaces does not and will not assume any obligations with respect to Customer Data or to your use of the Services other than as expressly set forth in these Terms or as required by applicable law.
In addition, you shall: (i) have sole responsibility for the accuracy, quality, and legality of all Customer Data; (ii) use best efforts to prevent unauthorized access to, or use of, the Services; and (iii) notify Spaces promptly of any such unauthorized access or use of which you become aware.
License To Use the Services
Subject to your compliance with these Terms, Spaces hereby grants to you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services in the United States solely for your own internal business purposes. Subject to the limited rights expressly granted hereunder, Spaces reserves all right, title and interest in and to the Services, including all related intellectual property rights. No rights are granted to you hereunder other than as expressly set forth herein and all other rights are expressly reserved.
Third Party Services and Additional Software
Certain Services incorporate, connect to or integrate with products or services offered by third parties which are resold or sublicensed by Spaces (“Third Party Services”). In order to access and use such Third Party Services, you may be required to agree to certain additional terms and conditions and your access and use of such Third Party Services will be subject to such additional terms and conditions. You acknowledge and agree that you have been given the opportunity to review, analyze and confirm the operation of such Third Party Services (including any algorithms or similar technology used in connection with such Third Party Services), and have determined that such Third Party Services are appropriate for your use.
Restrictions
You and your Users shall not:
(a)
modify, copy or create any derivative works based on the Website or the Services;
(b)
license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau mode, or otherwise make the Website or the Services available to any third party, other than to Users as permitted herein;
(c)
frame or mirror any content forming part of the Website or the Services;
(d)
reverse engineer or decompile any portion of the Website or the Services, including but not limited to, any algorithms or software utilized by Spaces in the provision of the Website or the Services;
(e)
access the Website or the Services in order to build any commercially available product or service;
(f)
copy any features, functions, integrations, interfaces or graphics of the Website or the Services;
(g)
remove any proprietary notices or legends from the Website or the Services;
(h)
use the Website or the Services in violation of applicable law;
(i)
send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights, in connection with the Website or the Services;
(j)
send or store malicious code in connection with the Website or the Services;
(k)
interfere with or disrupt performance of the Website or the Services or the data contained therein; or
(l)
attempt to gain access to the Website or the Services or its related systems or networks in a manner not set forth in these Terms.
Intellectual Property
Except for the limiting license granted herein, these Terms do not transfer from Spaces to you any Spaces or third party intellectual property rights, and all right, title and interest in and to the Website and the Services will remain (as between you and Spaces) solely with Spaces. Spaces, the Website, the Spaces logo, and all other trademarks, service marks, graphics and logos used in connection with the Services are trademarks of Spaces or its licensors. Your use of the Services grants you no right or license to reproduce or otherwise use any Spaces or third party trademarks.
Ownership
As between you and Spaces, you own your Customer Data. During the time period in which you are using the Services, you grant to Spaces a non-exclusive license to access and use your Customer Data solely for the purpose of providing the Services in accordance with these Terms.
Spaces owns the aggregated and statistical data (collectively, “Aggregated Data”) derived from the operation of the Services, including, without limitation, the number of records in the Services, the number and types of transactions processed using the Services and the performance results for the Services. Nothing herein shall be construed as prohibiting Spaces from utilizing the Aggregated Data for purposes of operating Spaces’ business. Notwithstanding the foregoing, in no event whatsoever will Spaces disclose to any third party any Aggregated Data that reveals any PHI or other personally identifiable information of a User, whether directly or indirectly.
Fees & Payment
You agree to pay to Spaces the subscription fees associated with Services and the plan you selected. If you have contracted for the Services through an authorized reseller of Spaces (a “Reseller”), you will pay subscription fees to the Reseller in accordance with your agreement with such Reseller. All payment obligations are non-cancelable, and all payments made are non-refundable and not redeemable for any other form of compensation, credit, or cash. No unused portion of a subscription term will be refunded. No credit is offered for interruptions. Notwithstanding the foregoing, we reserve the right to issue refunds or credits under certain limited circumstances. In all circumstances, the availability and amount of a refund or credit is subject to Spaces’ sole and absolute discretion.
You will be billed on a recurring basis and you authorize us to charge your payment method with the then-current subscription fee in accordance with our normal billing period. All fees and all other charges are exclusive of sales or similar taxes which are or may be applicable. All amounts due to be paid to Spaces under these Terms shall be paid in full, without set-off or counterclaim and free and clear of and without any deduction or withholding for, or on account of, any present or future taxes, duties, levies, imposts or charges of any nature.
Should you have any dispute as to the fees associated with your account, please contact us at support@chat.space within thirty (30) days of the date of the activity that generated such dispute, and we will attempt to resolve the matter. Disputes older than thirty (30) days shall not be entitled to any refunds.
Business Associate Agreement
Spaces acknowledges that certain Customer Data may also be considered PHI. As used herein, “PHI” means protected health information as defined under the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act (commonly referred to as the “HITECH Act”), and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services (collectively, as amended from time to time, “HIPAA”).
When you access or use the Services, you automatically enter into the business associate agreement (“BAA”) attached hereto as Exhibit A with Spaces. In the event of any conflict between these Terms and the BAA as to any PHI, the terms of the BAA shall control.
You acknowledge and agree that you are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules including, but not limited to, HIPAA and HITECH in connection with your security and dissemination of any PHI on your website or with which you come into contact while using the Services.
Suspension Of Services
Spaces may, in its sole discretion, temporarily or permanently suspend your access to the Services without prior notice if: (a) payments related to your account are more than thirty (30) days past due; (b) your use (or your Users' use) of the Services violates these Terms; or (c) your use of the Services subjects Spaces or its other customers to a heightened risk of breach of its security.
Disclaimers
Spaces has taken reasonable measures to ensure that the Services are virus-free from virus, bugs, defects, and malfunctions but no warranty is given to this effect and Spaces shall have no liability if this is not the case.
THE SERVICES ARE PROVIDED "AS IS". EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPACES AND ITS SUPPLIERS AND LICENSORS (INCLUDING PROVIDERS OF THIRD PARTY SERVICES) MAKE NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICES AND/OR WEBSITE. NEITHER SPACES NOR ITS SUPPLIERS AND LICENSORS (INCLUDING PROVIDERS OF THIRD PARTY SERVICES) WARRANT THAT THE SERVICES OR WEBSITE WILL BE ERROR FREE OR UNINTERRUPTED.
SPACES DOES NOT, AND THE SERVICES DO NOT, PROVIDE ANY MEDICAL ADVICE WHATSOEVER. ANY INFORMATION OR CONTENT PROVIDED BY SPACES IN CONNECTION WITH THE SERVICES IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THE INFORMATION PRESENTED BY SPACES THROUGH THE SERVICES (A) IS NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT, AND (B) IS NOT INTENDED, AND MUST NOT BE INTENDED, TO REPLACE MEDICAL ADVICE, DIAGNOSIS OR TREATMENT FROM CAPABLE MEDICAL EXPERTS. YOU AND YOUR AUTHORIZED PERSONNEL ALONE SHALL BE RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS THAT WERE BASED ON THE SERVICES OR ANY INFORMATION PROVIDED BY THE SERVICES AND ANY DECISIONS, ACTIONS AND/OR OMISSIONS THAT DERIVE FROM THE USE OF THE SERVICES OR THE INFORMATION PROVIDED, INCLUDING ANY DECISION NOT TO SEEK MEDICAL ADVICE, TREATMENT OR DIAGNOSIS.
Without limiting the foregoing, you acknowledge and agree that you are solely and fully assuming the risks of using the Services to conduct your business activities, services or transactions, including interacting with Users through the Website and the Services, and that you are solely responsible for complying with all applicable professional standards and obligations.
Indemnity
Spaces agrees to defend, indemnify and hold you harmless against: (a) any claim, demand, suit, or proceeding (“Claim”) made or brought by a third party against you alleging that the use of the Services as contemplated hereunder infringes a valid U.S. copyright or patent, and (b) all damages associated with such Claim finally adjudicated against you for the Claim; provided, however, that you: (i) promptly give written notice of the Claim to Spaces; (ii) make no admission of liability and give Spaces sole authority, at Spaces’ expense, to direct and control all defense, settlement, and compromise negotiations; and (iii) provide to Spaces, at Spaces’ cost, all reasonable assistance and provide Spaces with full disclosure, in each case that may be reasonably required to defend any such Claim. Notwithstanding the foregoing, Customer may participate in the defense of any Claim with counsel of its own choosing at its own expense.
You agree to defend, indemnify and hold Spaces and its employees, officers, directors, agents, and any provider of Third Party Services harmless from and against any and all Claims, damages, costs and expenses, including reasonable attorney's fees, arising from or related to: (a) your use of the Services; (b) a breach of these Terms by you and/or any User; (c) allegations that your Customer Data infringes, violates, or misappropriates the rights of, or has caused harm to, a third party; or (d) any tortious act or omission of you or any Authorized Personnel in the provision of care to an End User while using the Services. Spaces will not be responsible for any loss, damage, costs, expenses or other claims of the Customer, User, or any third party resulting from suspension of the Services.
Limitation On Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL SPACES OR ANY PROVIDER OF THIRD PARTY SERVICES HAVE ANY LIABILITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICES, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF SPACES OR SPACES' LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL SPACES'S LIABILITY, OR THE LIABILITY OF ANY PROVIDER OF THIRD PARTY SERVICES, FOR ANY AND ALL OF YOUR CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR YOUR USE OF THE SERVICES, OR THE CONTENTS THEREOF EXCEED THE AMOUNTS ACTUALLY PAID BY YOU TO SPACES DURING THE 3-MONTH PERIOD IMMEDIATELY PRECEDING THE OCCURRENCE OF THE EVENTS GIVING RISE TO THE CLAIM.
Termination
All subscriptions are CONTINUOUS, which means your subscription will continue and you will be billed until you cancel the subscription. We reserve the right to increase rates at any time. You will be notified in advance of any change in rates.
Either party may terminate these Terms by providing the other party at least thirty (30) days' written notice of such termination. The Services will not be terminated for a subscription period that has already initiated and you will not be entitled to a refund for that subscription period. Written notice of such termination may be sent to support@chat.space. Notwithstanding the foregoing, if you purchased Services through a Reseller, these Terms will terminate when your agreement with such Reseller terminates.
Without limiting any other termination rights of Spaces hereunder, Spaces may immediately cease providing any Services that incorporate, integrate with or otherwise uses a Third Party Service if the applicable third party provider ceases providing such Third Party Service to Spaces, or if Spaces is no longer authorized to resell or sublicense such Third Party Service.
Upon request by Customer made within thirty (30) days after any termination of the Services, to the extent Spaces has any stored Customer Data, Spaces will make such Customer Data available to Customer for download. After such thirty (30)-day period, Spaces and its hosted service provider shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.
The following provisions of these Terms shall survive termination of these Terms: Intellectual Property, Ownership, Fees & Payment, Disclaimer, Indemnity, Limitation on Liability, Termination, Governing Law and Entire Agreement, and any other provision which by its terms should survive termination.
Assignability
Customer may not assign at law or in equity any benefit or otherwise transfer, delegate or sub-contract any of its duties or obligations under these Terms without the prior written consent of Spaces. Spaces may assign at law or in equity any benefit or transfer, delegate or sub-contract any of its duties or obligations under these Terms to any affiliate of Spaces without the prior written consent of Customer.
Publicity
You agree that Spaces may reference you as a customer of Spaces’ products and Services, including a brief description of such Services. This includes referring to you for marketing purposes, such as material on the Website, presentations, outreach, and any material displayed publicly. Any other use of your name, logo or trademarks by Spaces will require your prior written approval.
Force Majeure
Spaces will not be liable for any failure in performance due to causes beyond Spaces’ reasonable control (such as fire, explosion, power blackout, earthquake, flood, severe storms, strike, embargo, labor disputes, acts of civil or military authority, war, terrorism (including cyber terrorism), acts of God, acts or omissions of Internet traffic carriers, actions or omissions of regulatory or governmental bodies (including the passage of laws or regulations or other acts of government that impact the delivery of Services)).
Governing Law
You agree that the laws of the State of North Carolina, without regard to principles of conflicts of laws, will govern these Terms and any dispute of any sort that might arise between you and Spaces. You agree that the exclusive jurisdiction (personal and, as allowed, subject matter) and venue for any action relating to these Terms shall be the state or federal course located in Charlotte, North Carolina, and you hereby consent to such jurisdiction and venue.
Severability
If any provision of these Terms is found to be void or unenforceable the remainder of these Terms shall not be affected and the parties hereby agree that they will replace any such void or unenforceable provision with a new provision that achieves substantially the same practical or economic effect and which is valid and enforceable.
Entire Agreement
These Terms constitute the entire agreement between you and Spaces. We reserve the right to change, add to or otherwise update these Terms from time to time upon reasonable notice to you. When we do, we will also revise the "last updated" date located at the top of these Terms. Your continued use of the Services after such posting will constitute acceptance by you of such changes, additions or other updates.
Nothing in these Terms shall be deemed to create any partnership, principal/agent or joint venture relationship between the parties. Neither party is granted any authority or power to bind the other or to contract in the name of or create a liability against or otherwise act as the representative of the other in any matter whatsoever. Spaces shall provide the Services under these Terms on a non-exclusive basis.
EXHIBIT A -- BUSINESS ASSOCIATE AGREEMENT
All use of the Services is subject to this Business Associate Agreement (“BAA”), which is entered into by you (the “Covered Entity”) and Spaces (the “Business Associate”).
WHEREAS, Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, known as “the Administrative Simplification provisions,” direct the Department of Health and Human Services to develop standards to protect the security, confidentiality and integrity of health information, and the “Health Information Technology for Economic and Clinical Health” (“HITECH”) Act (Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5)) modified and amended the Administrative Simplification provisions;
WHEREAS, pursuant to the Administrative Simplification provisions, the Secretary of Health and Human Services issued regulations modifying 45 CFR Parts 160 and 164 (the “HIPAA Rules”), as further amended by the Omnibus Final Rule (78 Fed. Reg. 5566), (hereinafter, the Administrative Simplification provisions, HITECH, such rules, amendments, and modifications, including any that are subsequently adopted, will be collectively referred to as “HIPAA”); and
WHEREAS, the parties wish to enter into or have entered into an arrangement whereby Business Associate will provide certain services and/or products to Covered Entity (the agreement evidencing such arrangement is the Terms and Conditions, hereby referred to as the “Terms”), and Business Associate may create, receive, or maintain Protected Health Information of Covered Entity in fulfilling Business Associate's responsibilities to Covered Entity pursuant to the Terms of Use, and therefore Business Associate may be considered a “business associate” of Covered Entity as defined by HIPAA.
THEREFORE, in consideration of the parties' continuing obligations under the Terms, compliance with HIPAA, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, and intending to be legally bound, the parties agree to the provisions of this BAA in order to address the requirements of HIPAA and to protect the interests of both parties.
Definitions
Except as otherwise defined herein, any and all capitalized terms in this BAA shall have the definitions set forth by HIPAA. For purposes of this BAA, the term “Protected Health Information” shall have the same meaning as that term is defined at 45 C.F.R. § 160.103, limited to the information received, maintained, transmitted or created by the Business Associate from or on behalf of the Covered Entity. In the event of an inconsistency between the provisions of this BAA and mandatory provisions of HIPAA, HIPAA shall control. Where provisions of this BAA are different from those mandated by HIPAA, but are nonetheless permitted by HIPAA, the provisions of this BAA shall control.
Business Associate Obligations
Business Associate acknowledges and agrees that all Protected Health Information that is created, maintained, transmitted or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate, or Protected Health Information which, on behalf of Covered Entity, is created, maintained, transmitted or received by Business Associate or a Subcontractor, shall be subject to this BAA.
(a) Business Associate agrees:
(i) it is aware of and will comply with all provisions of HIPAA that are directly applicable to business associates;
(ii) in the event it enters into an agreement with a Subcontractor under which Protected Health Information could or would be disclosed or made available to the Subcontractor, to have in place an appropriate Business Associate Agreement with the Subcontractor before any Protected Health Information is disclosed or made available to the Subcontractor;
(iii) to use or disclose any Protected Health Information solely as would be permitted by HIPAA if such use or disclosure were made by Covered Entity: (1) for meeting its obligations as set forth in the Terms, or any other agreements between the parties evidencing their business relationship or (2) as required by applicable law, rule or regulation, or as otherwise permitted under this BAA, the Terms (if consistent with this BAA and HIPAA), or HIPAA;
(iv) at the request of the Secretary, to comply with any investigations and compliance reviews, permit access to information, provide records and compliance reports, and cooperate with any complaints, pursuant to 45 CFR § 160.310;
(v) at termination of this BAA or the Terms, or upon request of Covered Entity, whichever occurs first, if feasible, Business Associate will return or destroy all Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, Business Associate will extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible;
(vi) to ensure that its Subcontractors to whom it provides Protected Health Information received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, agree to the same (or greater) restrictions and conditions that apply to Business Associate with respect to such information, and agrees to, pursuant to 45 CFR § 164.314, implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity and ensure that any Subcontractors to whom it provides such information agree to implement reasonable and appropriate safeguards to protect it;
(vii) Business Associate shall, following the discovery of a breach of unsecured Protected Health Information (as defined in HIPAA) notify Covered Entity of such breach of unsecured Protected Health Information pursuant to the terms of 45 CFR § 164.410 and cooperate in Covered Entity's breach analysis procedures, including risk assessment, if requested. A breach of unsecured Protected Health Information shall be treated as discovered by Business Associate as of the first day on which such breach is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. Business Associate will provide such notification to Covered Entity without unreasonable delay. Such notification will contain the elements required in 45 CFR § 164.410, to the extent known. Covered Entity shall be solely responsible to determine any required actions with respect to any such breach of unsecured Protected Health Information, and Business Associate shall reasonably cooperate with Covered Entity and comply with such actions; and
(b) Notwithstanding the prohibitions set forth in this BAA, Business Associate may use and disclose Protected Health Information as follows:
(i) if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met:
(A) the disclosure is required by law; or
(B) Business Associate obtains satisfactory assurances through a written Business Associate Agreement from the Subcontractor to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the Subcontractor, and the Subcontractor notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached;
(ii) for Data Aggregation services, if to be provided by Business Associate for the Health Care Operations of Covered Entity pursuant to the Terms or any other agreements between the parties evidencing their business relationship.
(iii) Business Associate and its Subcontractors may disclose information that is not individually identifiable health information provided that the disclosed information does not include a key or other mechanism that would enable the information to be identified.
Business Associate will implement appropriate safeguards, and comply, where applicable, with Subpart C of 45 CFR 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of Protected Health Information other than as permitted in this BAA.
The Secretary of Health and Human Services shall have the right to audit Business Associate's records and practices related to the use and disclosure of Protected Health Information to ensure Covered Entity's and Business Associate's compliance with the terms of HIPAA.
Business Associate shall report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware promptly and in the manner required by Covered Entity to permit compliance with the requirements of HIPAA. The parties agree that this section satisfies any notices necessary by the Business Associate to the Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to the Covered Entity shall be required. For purposes of this BAA, “Unsuccessful Security Incidents” include activity such as pings and other broadcast attacks on the firewall of the Business Associate, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Electronic Protected Health Information.
Obligations Of Covered Entity
In addition to any other obligation set forth in the Terms, Covered Entity agrees that it will: (i) not make any disclosure of PHI to Business Associate if such disclosure would violate HIPAA or any applicable federal or state law or regulation; (ii) not request Business Associate to use or make any disclosure of PHI in any manner that would not be permissible under HIPAA or any applicable federal or state law or regulation if such use or disclosure were done by Covered Entity; and (iii) limit any disclosure of PHI to Business Associate to the minimum necessary to accomplish the intended purpose of such disclosure. Further, Covered Entity agrees that it is solely responsible to comply with HIPAA and any other federal or state law or regulation applicable to the operation of its business or the performance of its obligations under the Terms. Additionally, Covered Entity represents that the Covered Entity has not sought any Individual consents or authorizations or agreed to any restrictions requested by Individuals, and will not seek any Individual consents or authorizations or agree to any such restrictions in the future, which consents, authorizations or restrictions would restrict Business Associate's ability to provide items and services under the Terms or otherwise restrict Business Associate's ability to use and disclose Protected Health Information as permitted under this BAA. Without limiting the foregoing, Covered Entity shall immediately notify Business Associate in writing of any change in, or the withdrawal of, the consent or authorization of an Individual regarding the use or disclosure of Protected Health Information to the extent that such change or withdrawal may affect Business Associate's use or disclosure of Protected Health Information.
Availability Of Protected Health Information
Business Associate agrees to make available Protected Health Information to the extent and in the manner required by 45 CFR § 164.524. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information electronically available to the applicable individual. Business Associate agrees to make Protected Health Information available for amendment and incorporate any amendments to Protected Health Information as directed by Covered Entity in accordance with the requirements of 45 CFR § 164.526. In addition, Business Associate agrees to make Protected Health Information available for purposes of accounting of disclosures, as required by 45 CFR § 164.528. Business Associate and Covered Entity shall cooperate in providing any accounting required on a timely basis.
Termination
If Covered Entity reasonably determines that Business Associate has materially breached this BAA, Covered Entity shall provide Business Associate with written notice of the alleged material breach of this BAA and if such breach is not cured by Business Associate within a reasonable period, not to be less than thirty (30) days, following receipt of notice of breach from the Covered Entity, Covered Entity may immediately terminate this BAA.
Miscellaneous
Except as expressly stated herein or in HIPAA, the parties to this BAA do not intend to create any rights in any third parties. The obligations of Business Associate under this Section shall survive the expiration, termination, or cancellation of this BAA, the Terms and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein.
None of the provisions of this BAA are intended to create, nor will they be deemed to create any relationship between the parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this BAA and any other agreements between the parties evidencing their business relationship. This BAA will be governed by the laws of the State of North Carolina. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion.
Any provision of the Terms of Use that contradicts one or more terms of this BAA shall be superseded by the terms of this BAA to the extent and only to the extent of the contradiction. The terms of this BAA, to the extent they are unclear, shall be construed to allow for compliance by Business Associate and Covered Entity with HIPAA and HITECH.
In the event that any provision of this BAA is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this BAA will remain in full force and effect. In addition, in the event a party believes in good faith that any provision of this BAA fails to comply with the then-current requirements of HIPAA, such party shall notify the other party in writing. For a period of up to thirty (30) days, the parties shall address such concern and negotiate in good faith to amend the terms of this BAA, if necessary to bring it into compliance. If, after such thirty-day period, the parties fail to negotiate an amendment intended to comply with HIPAA, then either party has the right to terminate upon written notice to the other party.