This RMD Platform Service Agreement including all exhibits and attachments hereto (the “Agreement”) is by and between RubiconMD, Inc., located at 330 Hudson St, Suite 302, New York, NY 10013 (“RMD”) and the party clicking through to accept this Agreement (“CUSTOMER”), and constitutes a binding agreement between RMD and CUSTOMER. RMD and CUSTOMER are sometimes hereinafter collectively referred to as the “Parties” and individually as a “Party.” By accepting this Agreement, CUSTOMER agrees to be bound by the terms of this Agreement. This Agreement shall be effective on the date on which CUSTOMER clicks through to accept this Agreement (the “Effective Date”).
If an individual is entering into this Agreement on behalf of a company, organization or another legal entity (an “Entity”), such individual is agreeing to this Agreement for that Entity and representing to RMD that such individual has the authority to bind such Entity and its affiliates to these Terms, in which case the term “CUSTOMER” as used herein will refer to such Entity and its affiliates.
NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and of other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereby agree as follows:
1. EFFECTIVE DATE AND TERM. The term of this Agreement will commence on the Effective Date and last for one year (the “Initial Term”). This Agreement shall be priced according to the Fee schedule below and will automatically renew for additional one-year terms, unless either Party delivers to the other Party a written notice of non-renewal no later than 30 days before the end of the then-current term, subject to earlier termination in accordance with Section 4.
2. PLATFORM Generally, CUSTOMER is a primary care provider delivering primary care to patients in a convenient, affordable manner. RMD can make available access to specialists (“Specialists”) for remote information questions (the “Platform” or the “RMD platform” or the “platform”), to CUSTOMER’s clinical providers (the “Users” or “users”) to request, view and learn from specialist opinions on questions related to their patient population.
RMD may, in its discretion, also make available access to the Platform to Users’ non-clinical medical support staff (“Drafters”) to submit eConsults on behalf of Users. However, Drafters must be authorized by CUSTOMER and Users to access the Platform, and CUSTOMER and Users retain full responsibility for all information provided on the Platform by any Drafter, as well as full responsibility for the diagnosis and treatment of patients about whom eConsults are submitted by Drafters.
Should CUSTOMER wish to integrate the RMD platform with its electronic medical record system, this change will require written approval from RMD.
Interactions and data are securely stored for easy access and analysis. RMD systems can be deployed for each participating CUSTOMER provider once a Business Associate Agreement (“BAA”) has been signed with RMD and CUSTOMER.
Appropriate Use of the RMD Platform is governed by the RMD Service Agreement available to all Users and Drafters at http://rubiconmd.com/terms. Users and Drafters are required to comply with the RMD Service Agreement in order to use the Platform.
3. FEES. In consideration for the Platform and other services offered by RMD hereunder, CUSTOMER will pay to RMD the following fees:
3.1. A service access fee of $250 per User per month will be charged to CUSTOMER’s credit card monthly, and grant access and use of platform to each enabled User.
3.2. RMD will not limit the number of consults unless inappropriate usage, as determined by RMD in its sole discretion, is detected.
3.3.Payment Terms: CUSTOMER’s credit card will be charged monthly on the first of each month.
3.4.Suspension: CUSTOMER may elect to suspend its access to the platform for up to 90 days by informing RMD. CUSTOMER will not be charged during that time. RMD reserves the right to suspend CUSTOMER’s access to the platform if CUSTOMER is more than 60 days late on any invoice payment.
CUSTOMER’s access will be suspended until CUSTOMER’s invoices are paid in full.
4. Termination: Either party may terminate this Agreement at any time, with or without cause, upon 30 days’ written notice to the other party. Upon termination of this agreement for any reason, each party shall return to the other party or destroy any Confidential Information obtained from the other party.
6. Hardware: CUSTOMER will provide the hardware and computer systems to access RMD’s software Platform. To use RMD platform, CUSTOMER hardware must have Internet Access with the most modern or updated version of one of the following web browsers:
7. Use: CUSTOMER will make reasonable efforts to ensure that use of the Platform is as intended by RMD for the purposes laid out in this Agreement.
8. Compliance with the Law: Both Parties agree that they will comply with all applicable legal requirements, including but not limited to the Federal Anti-kickback statute, the Stark Law, and, any federal and state privacy laws applicable to this Agreement. CUSTOMER agrees not to bill federal or state healthcare programs for use of the Platform.
9. Cooperation Generally: Both Parties will reasonably cooperate with one another in good faith and in all commercially reasonable ways necessary or desirable for the Parties to discharge their respective duties and obligations, to carry out the intent and purpose of this Agreement.
10. Referred Customer: CUSTOMER shall be willing to share its experience using RMD platform with future RMD customers as a reference if provided with advanced notice.
11. CONFIDENTIAL INFORMATION; PUBLICITY.
11.1. Confidential Information: Each Party acknowledges that, in performing its duties and obligations under this Agreement, it may receive disclosure of the valuable, confidential, unique, and proprietary information of the other Party (“Confidential Information”). Except as provided in this Agreement or as reasonably required to perform its duties and obligations under this Agreement or as otherwise required by applicable law, legal process, regulation or stock exchange rule, neither Party will, directly or indirectly, disclose, sell or otherwise transfer or make available to any third party, or use for any purpose, any Confidential Information. Each Party will either (i) return or (ii) destroy all copies of Confidential Information of the other Party upon written request of the other Party and, if requested in writing, provide an officers’ certification that such destruction has occurred. Confidential Information will not include (a) any information that is or becomes generally available to the public, other than as a result of a breach of this Agreement, (b) any information that is lawfully obtained from a third party with the right to disclose such information, (c) information independently developed by a recipient of such information without use of or reference to such information, (d) any information required to be disclosed pursuant to applicable legal law, legal process, regulation or stock exchange rule, or (e) information otherwise agreed to in writing by the parties.
Notwithstanding anything in this Agreement to the contrary, no Party shall be required to destroy or erase any general electronic archive or back-up tapes that are routinely kept by such Party or its representatives in the ordinary course of business pursuant to records retention policies or “litigation holds” on destruction of documents imposed by its counsel in connection with pending or threatened litigation. Any Confidential Information that is not returned or destroyed, including without limitation any oral Confidential Information, shall remain subject to the confidentiality obligations set forth in this Agreement.
11.2. Public Statements: RMD will have the right to:
(a) Refer to CUSTOMER in its general course of business, including but not limited to sales presentations and marketing materials; and
(b) Work in a reasonably cooperative manner with CUSTOMER in the publishing of a mutually agreed-upon press release or website case study announcing the relationship created by this Agreement and the participation of CUSTOMER on RMD’s Platform.
12. OWNERSHIP RIGHTS: RMD owns all right, title and interest in and to the Platform, the platform offerings, the software, marketing materials, and data generated, including without limitation all de-identified Protected Health Information (as defined in the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164), all upgrades, updates, enhancements, modifications, and derivative works thereof, and all Intellectual Property Rights (as defined below) therein.
13. INTELLECTUAL PROPERTY: CUSTOMER will not knowingly infringe or encourage, permit or facilitate the infringement of the Intellectual Property Rights of RMD. For the purposes of this Agreement, Intellectual Property Rights means all proprietary rights of every kind and nature, whether now existing or hereinafter created, including all rights and interests pertaining to or deriving from (a) patents, copyrights, inventions, works, know-how, processes, procedures, methods, trade secrets, technology, proprietary information, databases, software, and web-sites; (b) trademarks, trade names, service marks, service names, brands, trade dress and logos, and goodwill and activities associated therewith; (c) domain names, rights of privacy and publicity, moral rights, and proprietary rights of any kind or nature; and (d) any and all registrations, applications, recordings, licenses, common-law rights relating to any of the foregoing, and all rights to obtain renewals, continuations, divisions or other extensions of legal protections pertaining thereto.
14. INDEMNIFICATION; LIMITATION OF LIABILITY:
14.1. General Indemnity: RMD and CUSTOMER will each indemnify, defend and hold harmless the other and its officers, directors, employees, agents and Specialists from and against any and all direct third party claims, costs or expenses (including reasonable out-of-pocket attorneys’ fees), and payment of damages awarded by a court of competent jurisdiction in a non-appealable final judgment or agreed to in settlement (“Claims”), resulting from the gross negligence or willful misconduct of the indemnifying party; provided, that the indemnified party promptly notifies the indemnifying party of the Claim, gives the indemnifying party sole control over the defense and settlement of the Claim, and reasonably assists the indemnifying party in the defense of the Claim at the indemnifying party’s expense, provided such settlement provides for a full release of all Claims against the indemnifying party and its affiliates. For clarity, CUSTOMER’s indemnification obligation will include indemnification for the gross negligence or willful misconduct of all of the Users and Drafters.
14.2. CUSTOMER Indemnity: CUSTOMER will indemnify, defend and hold RMD, its officers, directors, employees, agents, and specialists harmless from and against any and all Claims that may be made by a third party (including specialists) for (a) injuries (including death) to persons or loss or damage to property, or (b) under any applicable laws or otherwise arising out of or in connection with the obligations of CUSTOMER contemplated by this Agreement resulting in whole or in part from any diagnosis, treatment, or other acts or omissions of CUSTOMER, its clinicians or any employees, agents, contractors, representatives of CUSTOMER, or any Users or Drafters. RMD will promptly notify CUSTOMER of any such Claim, give CUSTOMER sole control over the defense and settlement of such Claim, and reasonably assist CUSTOMER in the defense of such Claim, at CUSTOMER’s reasonable expense, provided such settlement provides for a full release of all Claims against RMD and its affiliates.
14.3. Limitation of Liability: RMD SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOST DATA, PERSONAL INJURY, OR PROPERTY DAMAGE RELATED TO, IN CONNECTION WITH, OR OTHERWISE RESULTING FROM PROVIDER’S USEOF THE PLATFORM, EVEN IF RMD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OTHER THAN
FOR (A) A PARTY’S GROSS NEGLIGENCE OR WILFUL MISCONDUCT, (B) CLAIMS SUBJECT TO THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 14.1 AND 14.2, OR (C) A BREACH OF SECTION 11.1 (CONFIDENTIAL INFORMATION), IN NO EVENT SHALL EITHER PARTY’S OR ITS LICENSORS’ TOTAL CUMULATIVE LIABILITY FOR ANY DAMAGES TO THE OTHER PARTY EXCEED THE AGGREGATE FEES PAID BY CUSTOMER TO RMD IN THE TWELVE MONTHS IMMEDIATELY PRECEDING THE DATE THE CAUSE OF ACTION AROSE.
15. Disclaimer: RMD disclaims all warranties of any kind express or implied or statutory with respect to the Program, the software and the services provided under this Agreement, including without limitation, any implied warranty of title, merchantability, NON-infringement, system integration or data accuracy or any warranties arising out of a course of performance, dealing or trade usage and their equivalents under the laws of any jurisdiction except as expressly provided in this Agreement. The platform is made available to CUSTOMER and its participating companies on an “as-is”, “as available” and “with-all-faults” basis. RMD does not and cannot guarantee the availability of the platform or the software or the accuracy or appropriateness of information provided via the platform. CUSTOMER has not relied on any representation or warranty of RMD, and no oral or written advice or information provided by RMD shall create any representation or warranty.
RMD is not a healthcare provider and the opinions provided by its specialists are not medical diagnoses, treatments or prescriptions of any kind. In addition, RMD specialists never establish a doctor to patient relationship. Any information provided through the platform is merely educational material for the clinician or user of the service to be able to better understand how a relevant specialist would approach a similar case and use the information for his or her own knowledge. RMD makes no representations regarding the quality of the information provided by its specialists. RMD’s specialists are not officers, directors, agents, members, or employees of RMD. For the avoidance of doubt, specialists are not included in the definitions of “RMD”, “party,” Party,” “parties,” or “Parties” as they are used in this agreement.
The clinician or User of the Platform shall not use the information provided through the platform as a diagnosis, treatment, prescription, or supervision, and he or she shall determine the diagnosis, treatment and prescription for himself/herself and shall independently comply with all applicable supervision requirements. The clinician or User may consider the information provided through the platform, but must use his or her independent medical judgment in determining how to care for his or her patient. CUSTOMER and Users are responsible for all content uploaded by Users or by Drafters, and retain full and sole responsibility for the diagnosis, treatment, and prescription of their patients, regardless of whether the eConsult was submitted by a User or a Drafter. Independent medical judgment must be exercised by Users on all cases, regardless of whether the cases were submitted by Users or Drafters.
RMD validates and affirms only the identity and medical credentials of its specialists. Anyone using the platform to provide information and context about a case and receive opinions and/or feedback understands and agrees that neither RMD nor the specialists will have any liability for the opinions and/or feedback provided since these specialists never establish a doctor to patient relationship. Therefore, as between RMD and the User, CUSTOMER agrees that CUSTOMER and its Users agree to be solely liable for the diagnosis and treatment of the patient as well as for any prescriptions issued by the user, regardless of whether the eConsult was submitted by the User or a Drafter. Users and Drafters certify that they will not bill for any services provided via the RMD platform.
16. Consequential and Other Damages: In no event shall either party or any licensors of either party be liable to the other party for any special, incidental, indirect, punitive, exemplary or consequential damages, whether foreseeable or unforeseeable, which may arise out of or in connection with this agreement, regardless of whether either party has been apprised of the possibility or likelihood of such damages occurring, or whether claims are based or remedies are sought in contract or tort or otherwise.
17. Governing Law; Jurisdiction: This Agreement shall be governed by and construed in accordance with the laws of New York without regard to the choice of law provisions thereof, and the Parties agree to the exclusive jurisdiction and venue of the federal and state courts located in New York City, New York with respect to any dispute arising in connection herewith.
Notices: All notices under this Agreement shall be in writing and shall be deemed given when personally delivered, or three days after being sent by prepaid certified or registered U.S. mail to the address of the party to be noticed as set forth herein or to such other address as such party last provided to the other by written notice.
18. Entire Agreement: This Agreement contains the entire written agreement of the Parties in connection with the subject matter hereof, and supersedes all prior and contemporaneous oral and written agreements, understandings and negotiations.
19. Binding Effect: This Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective successors, heirs, personal representatives, legal representatives, and permitted assigns.
20. Waiver, Amendment or Modification: The waiver, amendment or modification of any provision of this Agreement or any right, power or remedy hereunder will not be effective unless made in writing and signed by both Parties.
21. Relationship Between the Parties: Nothing contained in this Agreement will be construed to make one party the partner, principal, agent or employee of the other party hereto. Neither party will have the express or implied authority to act for or on behalf of the other party.
22. Counterparts/Facsimile/PDF Transmission: This Agreement may be executed in any number of counterparts, each of which will be considered an original, with the same effect as if the Parties or their representatives signed the same instrument. The exchange of copies of this Agreement and of signature pages by facsimile transmission or PDF shall constitute effective execution and delivery of this Agreement as to the parties and may be used in lieu of the original Agreement for all purposes. Signatures of the parties transmitted by facsimile shall be deemed to be their original signatures for all purposes.
23. Assignment: This Agreement is not assignable, transferable or sub licensable by either party except with the other party’s prior written consent. Notwithstanding the foregoing, either party may assign this Agreement without the written consent of the other party to a corporation or other business entity succeeding to all or substantially all the assets and business of the assigning party by purchase, merger or operation of law.
24. Severability: In the event that any one or more of the provisions contained in this Agreement shall be declared invalid, void or unenforceable, the remainder of the provisions of this Agreement shall remain in full force and effect, and such invalid, void or unenforceable provision shall be interpreted as closely as possible to the manner in which it was written. It is the desire and intent of the parties that the provisions of this Agreement be enforced to the fullest extent permissible under the laws and public policies of each jurisdiction in which enforcement is sought. If any provision of thisAgreement relating to a time period or scope of activities is declared by a court of competent jurisdiction to exceed the maximum permissible time period or scope of activities, as the case may be, the time period or scope of activities shall be reduced to the maximum which such court deems enforceable.
Platform and Security
Servers – RMD servers are housed in state-of-the-art data centers (AWS) that have been certified for security to Service Organization Controls SOC 2 Type II and SOC 3, in addition to complying with the ISO 27001 standard. Access to all servers is tightly controlled via IP based access control list (ACL), and SSH using public/private key pairs. BAAs are in place.
Network – All requests to and from our system are encrypted with security certificates, specifically 256-bit secure socket layer (SSL) encryption. Continuous monitoring will be in place for the duration of the service, ensuring uptime, response time and usability metrics are collected 24X7.
*More information on HIPAA/HITECH compliance can be provided if requested by CUSTOMER.
Business Associate Agreement
This Business Associate Agreement (the “Agreement”) is by and between RubiconMD, Inc. (“us,” “we,” the “Business Associate,” “RMD”) and the party clicking through to accept this Agreement (“CUSTOMER”, “you,” the “Covered Entity,” and together with Business Associate, the “Parties”) and constitutes a binding agreement among the Parties. By accepting this Agreement, CUSTOMER agrees to be bound by the terms of this Agreement. This Agreement shall be effective on the date on which CUSTOMER clicks through to accept this Agreement (the “Effective Date”).
If an individual is entering into this Agreement on behalf of a company, organization or another legal entity (an “Entity”), such individual is agreeing to this Agreement for that Entity and representing to Business Associate that such individual has the authority to bind such Entity and its affiliates to this Agreement, in which case the term “CUSTOMER” as used herein will refer to such Entity and its affiliates.
This Agreement, together with the RMD – CUSTOMER Service Agreement (“Service Agreement”) as amended by this Agreement, (a) is intended by the parties as a final, complete and exclusive expression of the terms of their agreement; and (b) supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof.
The parties hereby agree as follows:
(a) Business Associate. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean us.
(b) Covered Entity. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean you.
(c) HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
2. Our Obligations and Activities
We agree to:
(a) Not use or disclose protected health information other than as permitted or required by this Agreement or as required by law;
(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement or the Service Agreement;
(c) Report to you any use or disclosure of protected health information not provided for by the Agreement of which we become aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which we become aware;
(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information;
(e) Make available to you protected health information in a designated record set as necessary to satisfy your obligations under 45 CFR 164.524;
(f) Make any amendments to protected health information in a designated record set as directed or agreed to by you pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy your obligations under 45 CFR 164.526;
(g) Maintain and make available the information required to provide an accounting of disclosures to you as necessary to satisfy your obligations under 45 CFR 164.528;
(h) Comply with the requirements of Subpart E that apply to you in the performance of your obligations under Subpart E of 45 CFR Part 164, to the extent we are to carry out one or more of such obligations; and
(i) Make our internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
3. Permitted Uses and Disclosures by Business Associate
(a) We shall only use or disclose protected health information as necessary to perform the services set forth in the Service Agreement between the parties.
(b) We shall use or disclose protected health information as required by law.
(c) We agree to make uses and disclosures and requests for protected health information consistent with your minimum necessary policies and procedures.
(d) We shall not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by you, except for the specific uses and disclosures set forth below.
(e) We may use protected health information for our own proper managerial and administrative duties, or to carry out our legal responsibilities.
(f) We may disclose protected health information for our own proper managerial and administrative functions, or to carry out our legal responsibilities, provided the disclosures are required by law, or that we obtain reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies us of any instances of which it is aware in which the confidentiality of the information has been breached.
(g) We may provide data aggregation services relating to your health care operations.
(h) We may de-identify Protected Health Information in accordance with 45 C.F.R. 164.514(a)-(c). We retain full and sole ownership rights over all such de-identified Protected HealthInformation.
4. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
(a) You agree to notify us of any limitations in your notice of privacy practices under 45 CFR 164.520, to the extent that such limitation may affect our use or disclosure of protected health information.
(b) You agree to notify us of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect our use or disclosure of protected health information.
(c) You agree to notify us of any restriction on the use or disclosure of protected health information that you have agreed to or are required to abide by under 45 CFR 164.522, to the extent that such restriction may affect our use or disclosure of protected health information. We are entitled to recovery for any costs associated with such additional restrictions or requirements.
5. Permissible Requests by Covered Entity
You shall not request that we use or disclose protected health information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by you, except as specified in Section 3 of this Agreement.
6. Term and Termination
(a) Term. The Term of this Agreement shall be effective as of the Agreement Effective Date, and shall continue in perpetuity until either party terminates the agreement.
(b) Termination. Either party has the right to terminate this Agreement for any reason upon 30 days prior written notice to the other party. A material breach of this Agreement will be treated as a material breach of the Terms of Service.
(c) Obligations of Business Associate Upon Termination.
Upon termination of this Agreement for any reason, with respect to protected health information received from you, or created, maintained, or received by us on your behalf, we shall:
1. Retain only that protected health information which is necessary for us to continue to properly perform our own managerial and administrative duties, or to carry out our legal responsibilities;
2. Destroy the remaining protected health information that we still maintain in any form;
3. Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as we retain the protected health information;
4. Not use or disclose the protected health information we retain other than for the purposes for which such protected health information was originally retained, and subject to the conditions in Section 3 of this Agreement which applied prior to termination; and
5. Destroy the protected health information we retain when it is no longer needed to properly perform our own managerial and administrative duties, or to carry out our legal responsibilities.
(d) Survival. The obligations the parties under this Section shall survive the termination of this Agreement.