Last Modified: September 2021
THIS AGREEMENT CONTAINS A MANDATORY ARBITRATION OF DISPUTES PROVISION THAT REQUIRES THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTIONS.
Accessing the Site and Account Security
Intellectual Property Rights
Protected Health Information
You may be provided by Company with or have access to “Protected Health Information” and “Electronic Health Information”. The term “Protected Health Information” (hereinafter “PHI”) has the same meaning given to such term in 45 C.F.R. §160.103 and is limited to the information you received from or created or received on behalf of Company or one of Company’s clients. “PHI” includes without limitation “Electronic Protected Health Information”, which term means PHI which is transmitted by Electronic Media (as defined in the HIPAA Security and Privacy Rule) or maintained in Electronic Media. The term “HIPAA Security and Privacy Rule” refers to 45 C.F.R. Parts 160 and 164, as modified by the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5), pursuant to Title XIII of Division A and Title IV of Division B, called the “Health Information Technology for Economic and Clinical Health” (“HITECH”) Act and any accompanying regulations and any other subsequently adopted amendments or regulations. The term “breach” shall have the same meaning given such term in 45 C.F.R. §160.
Availability of PHI
You agree to comply with any requests for restrictions on certain disclosures of PHI pursuant to Section 164.522 of the HIPAA Security and Privacy Rule to which Company or its clients has agreed and of which you are notified by Company. You shall make available PHI to the extent and in the manner required by Section 164.524 of the HIPAA Security and Privacy Rule. If you maintain PHI electronically, you agree to make such PHI electronically available to the applicable individual. You agree to make PHI available for amendment and incorporate any amendments to PHI in accordance with the requirements of 45 C.F.R. § 164.526 of the HIPAA Security and Privacy Rule. In addition, you agree to make PHI available for purposes of accounting of disclosures, as required by Section 164.528 of the HIPAA Security and Privacy Rule and Section 13405(c)(3) of the HITECH Act. You and Company shall cooperate in providing any accounting required on a timely basis.
Confidentiality and Security of Protected Health Information
If you receive PHI, you agree
- following the discovery of a breach of unsecured PHI, as defined in 45 C.F.R. §164.402, to notify the Company of such breach pursuant to the terms of 45 C.F.R. § 164.410 and cooperate in the breach analysis procedures of Company and/or its clients, including risk assessment, if requested. A breach shall be treated as discovered by you as of the first day on which such breach is known to you or, by exercising reasonable diligence, would have been known to you. You will provide such notification to Company without unreasonable delay and in no event later than five (5) business days after discovery of the breach. Such notification will contain the elements required in 45 C.F.R. § 164.410; and
- pursuant to the HITECH Act and its implementing regulations, to comply with all additional applicable requirements of the Privacy Rule, including those contained in 45 C.F.R. §§ 164.502(e) and 164.504(e)(1)(ii), at such time as the requirements are applicable to you. You will not directly or indirectly receive remuneration in exchange for any PHI, subject to the exceptions contained in the HITECH Act, without a valid authorization from the applicable individual. You will not engage in any communication which might be deemed to be “marketing” under the HITECH Act. In addition, you will, pursuant to the HITECH Act and its implementing regulations, comply with all applicable requirements of the Security Rule, contained in 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316, at such time as the requirements are applicable to you.
- if necessary, for the proper management and administration of your entity or to carry out your legal responsibilities, provided that as to any such disclosure, the following requirements are met:
- the disclosure is required by law; or
- you obtain reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies you of any instances of which it is aware in which the confidentiality of the information has been breached.
You shall not de-identify or aggregate PHI, except as reasonably necessary for underwriting purposes on behalf of Company’s clients.
You will provide the following information to Company regarding any unauthorized PHI or security incident:
- The date and time that the event was discovered;
- Contact information for communication purposes;
- A complete description of the incident, its cause, and the effect it had on systems and data;
- A description of the initial mitigation steps taken to contain the incident;
- An assessment of the level of compromise to the data of Company and/or its clients;
- Identify the nature of the disclosure;
- Identify the specific PHI used or disclosed, including the names of the individuals whose PHI was breached;
- Identify who made the use or disclosure and who received the PHI;
- The action(s) taken by you to mitigate any deleterious effect(s) of use or disclosure;
- The corrective action(s) taken or planned to prevent further breaches; and
- Any other information reasonably requested by Company.
You will maintain a log of each report filed.
Termination of Access
The Company name, the terms “Reform Labs”, “Reform Health”, “mewa.io”, the Company logo, and all related product and service names, designs, and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company.
Additionally, you agree not to:
- Use any robot, spider, or other automatic device, process, or means to access the Site for any purpose, including monitoring or copying any of the material on the Site.
- Introduce any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful.
- Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Site, the server on which the Site is stored, or any server, computer, or database connected to the Site.
- Otherwise attempt to interfere with the proper working of the Site.
Information About You and Your Visits to the Site
Links from the Site
If the Site contains links to other sites and resources provided by third parties, these links are provided for your convenience only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to this Site, you do so entirely at your own risk and subject to the terms and conditions of use for such websites.
The owner of the Site is based in the State of Delaware in the United States. We provide this Site for use only by persons located in the United States. We make no claims that the Site or any of its content is accessible or appropriate outside of the United States. Access to the Site may not be legal by certain persons or in certain countries. If you access the Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.
Disclaimer of Warranties
You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Site will be free of viruses or other destructive code. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to our site for any reconstruction of any lost data. TO THE FULLEST EXTENT PROVIDED BY LAW, WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES, OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA, OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE SITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY SITE LINKED TO IT.
YOUR USE OF THE SITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE SITE IS AT YOUR OWN RISK. THE SITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE SITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE SITE, ITS CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SITE WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT THE SITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
TO THE FULLEST EXTENT PROVIDED BY LAW, THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
Exclusion of Damages; Limitation on Liability
IN NO EVENT WILL REFORM LABS, ITS AFFILIATES, AND ITS AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUCCESSORS AND ASSIGNS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, FOR ANY: (a) LOSS OF BUSINESS, REVENUE OR PROFIT OR DIMINUTION IN VALUE; (b) INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES, (c) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY, OR (d) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
THE TOTAL LIABILITY OF REFORM LABS AND ITS AND THEIR AFFILIATES, DIRECTORS, OFFICERS AND EMPLOYEES UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, SHALL BE LIMITED IN THE AGGREGATE TO FIFTY DOLLARS (US $50). THE FOREGOING LIMITATION APPLIES NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
Governing Law and Jurisdiction
EXCEPT FOR DISPUTES THAT QUALIFY FOR SMALL CLAIMS COURT, ALL DISPUTES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ANY ASPECT OF THE RELATIONSHIP BETWEEN YOU, ON THE ONE HAND, AND REFORM LABS OR ITS SUPPLIERS OR VENDORS, ON THE OTHER HAND, WHETHER BASED IN CONTRACT, TORT, STATUTE, FRAUD, MISREPRESENTATION OR ANY OTHER LEGAL THEORY, WILL BE RESOLVED THROUGH FINAL AND BINDING ARBITRATION BEFORE A NEUTRAL ARBITRATOR INSTEAD OF IN A COURT BY A JUDGE OR JURY AND YOU AGREE THAT REFORM LABS AND YOU ARE EACH WAIVING THE RIGHT TO TRIAL BY A JURY. YOU AGREE THAT ANY ARBITRATION UNDER THIS AGREEMENT WILL TAKE PLACE ON AN INDIVIDUAL BASIS; CLASS ARBITRATIONS AND CLASS ACTIONS ARE NOT PERMITTED AND YOU ARE AGREEING TO GIVE UP THE ABILITY TO PARTICIPATE IN A CLASS ACTION. The arbitration will be administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules applying Ohio law. Notwithstanding the foregoing, Company retains all rights to seek injunctive relief to prevent or stop the unauthorized use or disclosure of PHI provided by, or obtained on behalf of, Company by you or your officers, employees, subcontractors, or agents.
Limitation on Time to File Claims
Waiver and Severability