Sikka Software Corporation
Software License Agreement for Sikka Platform Utility and Cloud
Updated September 17, 2024
Please read this software license agreement (“License” or “Agreement”) carefully before downloading, installing or using the Sikka Software Corporation (“we”, “us”, “Sikka” or “our”) SPC as defined below. By clicking “I agree”, You (or “Client”) are agreeing to be bound by the terms of this License. If You do not agree to the terms of this License, click “disagree,” “decline” or the similar words and do not download, install or use the software.
Our Privacy Policy: (https://www.sikka.ai/privacy-policy).
For API or OEM Licensees please also refer to the agreement below.
https://www.sikka.ai/api-license-agreement/
-
License Grant and Ownership
-
The Sikka and any third party software and any documentation accompanying this License whether on disk, in read only memory, on any other media or in any other form (collectively the “SPC”) are licensed, not sold, to You by Sikka for use only under the terms of this License, and Sikka reserves all rights not expressly granted to You. The terms of this License will govern any software upgrades provided by Sikka that replace and/or supplement the original SPC product, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern.
-
Title and intellectual property rights in and to any content displayed by or accessed through the SPC belongs to the respective content owner. Such content may be protected by copyright or other intellectual property laws and treaties, and may be subject to terms of use of Sikka (where it is acting as the licensor) or the third party providing such content. This License does not grant You any rights to use such content.
-
Permitted License Uses and Restrictions
-
Subject to the terms and conditions of this License, You (or Client or Customer or Partner enabling the Customer) are granted a limited, nonexclusive, non refundable license to install and use the SPC. You may not make the SPC available over a network where it could be used by multiple computers at the same time. You may make one copy of the SPC in machine-readable form for backup purposes only; provided that the backup copy must include all copyright or other proprietary notices contained on the original. Each one (1) license may be used by up to three (3) licensed providers who work on patients (each a “Provider”).
-
You may not and You agree not to, or to enable others to, copy (except as expressly permitted by this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, create derivative works of the SPC, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by licensing terms governing use of open-sourced components included with the SPC). Any attempt to do so is a violation of the rights of Sikka and its licensors of the SPC.
-
You may not rent, lease, lend, redistribute or sublicense the SPC. You may, however, make a one-time permanent transfer of all of your license rights to the SPC to another party, provided that: (a) the transfer must include all of the Sikka SPC software, including all its component parts, original media (if any), printed materials and this License; (b) You do not retain any copies of the SPC, full or partial, including copies stored on a computer or other storage device; and (c) the party receiving the Sikka SPC software reads and agrees to accept the terms and conditions of this License.
-
Consent to Use of Data
-
Diagnostic and Usage Data. By using the SPC, You agree that Sikka and its subsidiaries and agents may collect, maintain, process and use diagnostic, technical, usage and related information, including but not limited to information about your computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the SPC, and to verify compliance with the terms of this License. Sikka may use this information to provide and improve Sikka’s products and services.
-
Remote Login Authorization. In connection with its provision of technical support, training and other services, You agree that Sikka may remotely log-in to your computers, devices and systems for purposes of providing the support, training or other services, including, without limitation, technical trouble shooting, answering questions, benchmarking and providing training to the provider or the provider’s personnel. Remote login may be conducted through the use of established, secure, HIPAA (or applicable local legislation)-compliant third party entities. You further agree that Sikka may also remotely log-in at any time as necessary or appropriate to maintain the software and keep it functioning effectively.
-
Remote Update Permission. You agree that Sikka may automatically check the version of its software that You are utilizing. Installation of updates or upgrades to software remotely via the Internet is typically by You, and may be at your request to Sikka where You consent to the receipt of updates or upgrades by means of download to your computers and systems.
-
Permission for Data Gathering. By using the SPC you give Sikka consent to collect, process, store, use, and sell information collected or accessed by the SPC to the extent permitted by applicable laws and in accordance with Sikka’s Privacy Policy and You acknowledge that Sikka may receive remuneration for such uses.
-
In order for Sikka to gather accurate data, You agree to keep powered on during the services runtimes that You specify, all of your computers on which the SPC is installed. Additionally, your practice management software must always be accessible by the SPC. The computer on which the SPC is installed must always be online. You must also add the SPC to the “allowed” list of programs so that your firewall and anti-virus software programs do not block the SPC Software’s run time. It is your responsibility to contact Sikka if You are upgrading or changing your computer systems.
-
Confidentiality and Privacy Policy
-
Each party agrees, both during and after the term of this Agreement, to hold the Confidential Information of the other party in the confidence and not to use or disclose such Confidential Information to any third party, except as otherwise expressly provided by this Agreement. Each party shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees, or contractors, all on a need-to-know basis, on condition that such individuals or entities are under obligations of confidentiality that require them to protect the Confidential Information to the same extent as required under this Agreement. Each party shall employ reasonable steps to protect the Confidential Information from unauthorized or inadvertent disclosure or use, including, without limitation, the steps that it takes to protect its own information of like kind. The recipient shall give the discloser notice immediately upon learning of any unauthorized use or disclosure of the discloser’s Confidential Information. The obligations set forth in this Section do not apply to any portion of the Confidential Information where the recipient establishes that:
-
the recipient already possessed the information at the time of disclosure (other than the API Data),
-
the recipient received the information in good faith on a non-confidential basis from a third party lawfully in possession thereof;
-
the information was publicly known or available at the time of its receipt by the recipient or becomes publicly known or available other than by a breach of this Agreement or in violation of any confidentiality obligation applicable to such information;
-
the information is independently developed by the recipient without use of, or reference to, the discloser’s Confidential Information; or
-
the rightfully information is provided or made available to a third party free of an obligation of confidentiality.
-
A disclosure of Confidential Information required by applicable statute or regulation or by judicial or administrative process shall not be considered a breach of this Section, provided that the recipient notifies the discloser of such requirements at least 15 days in advance so as to provide the discloser the opportunity to obtain such protective orders or confidential treatment or otherwise limit or prevent the disclosure.
-
The parties agree that the terms and conditions of this Agreement shall be treated as confidential information of both parties and shall not be disclosed to any third party; provided, however, that a party may disclose a copy of this Agreement and provide information concerning this Agreement:
-
as required by any court or other governmental body;
-
as otherwise required by law (including filings to Securities Exchange Commission);
-
to its own accountants, advisors and legal counsel who have a need to know;
-
as required in connection with a public offering or securities filing;
-
in confidence, to accountants, banks and financing sources and their advisors in connection with the due diligence review of such party with respect to its prospective debt or equity financing;
-
in connection with the enforcement of this Agreement or rights under this Agreement or any defenses or claims hereunder (including counterclaims); and
-
in confidence, in connection with the due diligence review of such party with respect to a bona fide prospective merger, acquisition or proposed merger, acquisition or the like.
-
At all times your information will be treated in accordance with Sikka’s privacy policy, which is incorporated by reference into this License. See the link above.
-
Sikka Portal and other Services
-
This SPC enables access to Sikka’s Portal, if available, which offers downloads of an app store and other Sikka and third party services and web sites (collectively and individually, “Services”). Use of the Services requires Internet access and use of certain Services may require a Sikka ID which may require You to accept additional terms of service and may be subject to additional fees. If applicable, Sikka will be responsible for the security of Cardholder Data (as defined in the Payment Card Industry Data Security Standard’s latest version and any successor standards, collectively “PCI DSS”) and Sensitive Authentication Data (as defined in PCI DSS) that it handles, has access to, or otherwise stores, processes or transmits. To be clear, it is not Sikka’s policy to store any credit card data, and payment card industry data is not stored or processed on the SPU/SPC (no Track 2 data, no PIN data, no credit card numbers or CVV data).
-
Initially You may be charged a setup fee and the first monthly charge at the agreed upon monthly recurring rate for your App/Service subscription. Your Term will start on the date You sign the contract and Sikka will bill you immediately. Please note that it is your responsibility to quickly install, implement, and activate your subscription to ensure maximum benefit. Charges will automatically recur monthly unless You terminate your subscription in writing, specifying which locations or practices are being terminated. Pricing is based on the current market conditions. Licensor may update pricing anytime upon demonstrable changes in market conditions, such as pricing dictated or agreements changed by third-party practice management systems. E.g. if a practice management system provider increases their fees to Sikka, Sikka will pass those fees to Licensee in addition to its existing fee. Please refer to the following example: Billing terms.
-
By using this software in connection with a Sikka ID or account, You agree to the applicable terms and conditions for that account. If You do not agree to the applicable terms and conditions for such an account, do not use the SPC.
-
Certain Services may display, include or make available content, data, information, applications or materials from third parties (“Third Party Materials”) or provide links to certain third-party web sites. By using the Services, You acknowledge and agree that Sikka is not responsible for examining or evaluating the content, accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect of such Third Party Materials or web sites. Sikka, its officers, and its affiliates do not warrant or endorse and do not assume and will not have any liability or responsibility to You or any other person for any third-party Services, Third Party Materials or web sites, or for any other materials, products, or services of third parties. Third Party Materials and links to other web sites are provided solely as a convenience to You. You agree that You will not use any Third Party Materials in a manner that would infringe or violate the rights of any other party, and that Sikka is not in any way responsible for any such use by You.
-
You agree that the Services, including, but not limited to, software, information, graphics, audio clips, and content, contain proprietary content, information, and material that is owned by Sikka and/or its licensors, and is protected by applicable intellectual property and other laws, including but not limited to copyright. You agree that You will not use such proprietary content, information or materials other than for permitted use of the Services or in any manner that is inconsistent with the terms of this License or that infringes any intellectual property rights of a third party or Sikka. No portion of the Services may be reproduced in any form or by any means. You agree not to modify, rent, lease, loan, sell, distribute, or create derivative works based on the Services, in any manner, and You shall not exploit the Services in any unauthorized way whatsoever, including but not limited to, using the Services to transmit any computer viruses, worms, trojan horses or other malware, or by trespass or burdening network capacity. You further agree not to use the Services in any manner to harass, abuse, stalk, threaten, defame or otherwise infringe or violate the rights of any other party, and that Sikka is not in any way responsible for any such use by You, nor for any harassing, threatening, defamatory, offensive, infringing or illegal messages or transmissions that You may receive as a result of using any of the Services.
-
Open Source. Any open source software that may be provided as part of or in connection with the SPC is licensed under the terms of the applicable third party open source license, which can be found in any applicable “README” file, documentation or other materials accompanying the SPC (the “Open Source Terms”). Copyrights to the Open Source Software are held by copyright holders indicated in the Open Source Terms. Any terms of this License that conflict with the terms of any license agreements for Open Source Software will not apply to such Open Source Software.
-
Termination
-
All Sikka Apps for which a fee is paid can be terminated by You with a 30 day written termination notice and fees will cease on the first day of the following month. Please contact your Customer Success Representative or email your written cancellation request to: support@sikkasoftware.com.
-
Notwithstanding the foregoing, Sikka may terminate this Agreement at any time upon notice.
-
Your rights under this License will terminate automatically without notice from Sikka upon termination or if You fail to comply with any term(s) of this License. Upon the termination of this License, You must cease all use of the SPC and destroy all copies, full or partial.
-
Either party may terminate this Agreement:
-
if the other party materially breaches this Agreement and does not remedy the breach within 30 days after its receipt of written notice of such breach, except that the cure period for non-payment is five days; or
-
if the other party terminates its business activities or is adjudicated insolvent, admits in writing to inability to pay its debts as they mature, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or similar authority.
-
Disclaimer of Warranties
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, USE OF THE SPC AND SERVICES IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU.
THE SPC AND SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND SIKKA AND SIKKA’S LICENSORS (COLLECTIVELY REFERRED TO AS “SIKKA” FOR THE PURPOSES OF SECTIONS 6 AND 7) HEREBY DISCLAIM TO THE FULLEST EXTENT ALLOWABLE UNDER THE LAW, ALL REPRESENTATIONS, WARRANTIES, GUARANTEES AND CONDITIONS WITH RESPECT TO THE SPC AND SERVICES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED REPRESENTATIONS, WARRANTIES, GUARANTEES AND/OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, QUIET ENJOYMENT, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS.
SIKKA DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE SPC AND SERVICES, THAT THE FUNCTIONS CONTAINED IN OR SERVICES PERFORMED BY THE SPC WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE SPC AND SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ANY SERVICE WILL CONTINUE TO BE MADE AVAILABLE, THAT DEFECTS IN THE SPC OR SERVICES WILL BE CORRECTED, OR THAT THE SPC WILL BE COMPATIBLE OR WORK WITH ANY THIRD PARTY SOFTWARE, APPLICATIONS OR THIRD PARTY SERVICES. INSTALLATION OF THIS SOFTWARE MAY AFFECT THE USABILITY OF THIRD PARTY SOFTWARE, APPLICATIONS OR THIRD PARTY SERVICES.
YOU FURTHER ACKNOWLEDGE THAT THE SPC AND SERVICES ARE NOT INTENDED OR SUITABLE FOR USE IN SITUATIONS OR ENVIRONMENTS WHERE THE FAILURE OR TIME DELAYS OF, OR ERRORS OR INACCURACIES IN, THE CONTENT, DATA OR INFORMATION PROVIDED BY THE SPC OR SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.
NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY SIKKA OR A SIKKA AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY.
SHOULD THE SIKKA SOFTWARE OR SERVICES PROVE DEFECTIVE, YOU ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
Limitation of Liability
IN NO EVENT SHALL SIKKA BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF TIME, LOSS OF PROFITS, CORRUPTION OR LOSS OF DATA, LOSS OR REVENUE, LOSS OF PATIENTS, DECREASE IN PROFITABILITY, LOSS OF THE USE OF SOFTWARE OR SERVICES, FAILURE TO TRANSMIT OR RECEIVE ANY DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SPC OR SERVICES OR ANY THIRD PARTY SOFTWARE OR APPLICATIONS IN CONJUNCTION WITH THE SIKKA SOFTWARE, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT (INCLUDING NEGLIGENCE), CONTRACTUAL OR EXTRA CONTRACTUAL CIVIL LIABILITY OR OTHERWISE) AND EVEN IF SIKKA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SIKKA’S MAXIMUM LIABILITY FOR DAMAGES UNDER THIS LICENSE IS LIMITED TO THE AMOUNTS PAID TO SIKKA IN THE SIX MONTHS IMMEDIATELY PRIOR TO THE EVENT FIRST GIVING RISE TO THE LIABILITY.
The foregoing limitations will apply even if the above-stated remedy fails its essential purpose.
-
General Provisions
-
Export Control. You may not use or otherwise export or re-export the SPC except as authorized by United States law and the laws of the jurisdiction in which the SPC was obtained. In particular, but without limitation, the SPC may not be exported or re-exported (a) into any U.S. embargoed countries or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By using the SPC, You represent and warrant that You are not located in any such country or on any such list. You also agree that You will not use the SPC for any purposes prohibited by United States or applicable law, including, without limitation, the development, design, manufacture or production of missiles, or nuclear, chemical or biological weapons. Notwithstanding the above, if you are a user located in Canada, you will never be required to take or refrain from taking any action which would be in violation of the applicable laws of Canada relating to export controls.
-
Government End Users. The SPC and related documentation are “Commercial Items”, as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation”, as such terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202, as applicable. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished- rights reserved under the copyright laws of the United States.
-
Controlling Law and Severability. This License will be governed by and construed in accordance with the laws of the State of California, excluding its conflict of law principles. This License shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. If for any reason a court of competent jurisdiction finds any provision, or portion thereof, to be unenforceable, the remainder of this License shall continue in full force and effect.
-
Complete Agreement. This License constitutes the entire agreement between the parties with respect to the use of the SPC licensed hereunder and the Services and supersedes all prior or contemporaneous understandings regarding such subject matter, with the exception of any additional terms of service. You are required to accept if You choose to use Sikka’s online portal which will govern your use of the portal and any Services You purchase through the portal. No amendment to or modification of this License will be binding unless in writing and signed by Sikka.
-
Assignment. Except in connection with a merger, acquisition or sale of all or substantially all of its assets to which this Agreement relates where the successor or acquirer agrees in writing to be bound by this Agreement, a party may not assign its rights under, nor delegate any performance of, this Agreement without the prior written consent of the other party. Any attempt to do so without such consent is void. This Agreement will bind and inure to the benefit of the parties and their respective successors and permitted assigns.
-
Relationship of the Parties. The parties to this Agreement are independent contractors. There is no relationship of agency, partnership, joint venture, employment, or franchise between the parties. Neither party has the authority to bind the other or to incur any obligation on its behalf.
-
Force Majeure. Except for the payment of money, a party will not be deemed in default of this Agreement to the extent that any delay or failure in the performance of its obligations results from any cause beyond its reasonable control, such as acts of God, acts of civil or military authority, embargoes, epidemics, war, riots, insurrections, fires, explosions, earthquakes, floods, unusually severe weather conditions, failure of suppliers, or acts of terrorism. In the event the delay or failure continues for more than 30 days, the other party may terminate this Agreement upon written notice.
Sikka Technical Support Service Level Descriptions
Sikka will use all reasonable efforts to respond to all, non-basic (Level 1), issues reported by a partner that uses the Sikka platform to access practice data with the practice’s permission (“Partner”)) or customers in accordance with the chart set forth below. The target initial response time is based on the severity of the issue reported.
For Partner Installs and API Technical Support Issues. The Partner will
be the first line of support and provide initial troubleshooting and problem resolution with the end
user or API product.
Sikka will serve only as Tier 2 for escalations after the Partner has
completed all initial troubleshooting and problem resolution.
Such response times are guidelines and in no way constitute a guarantee
of resolution time. The customer may specify the priority; Sikka will make the ultimate
determination based on the information supplied by the customer to Sikka Technical Support/Customer
Success.
Standard Support Hours: Monday through Friday, 8:00 am to 5:00 pm
(Pacific Time), excluding U.S. Federal holidays.
Severity Level |
Description of issue, Response and Escalation |
Target initial Response Time |
Critical |
Priority 1 is reserved for complete SPU or “Platform”
failures and for emergency issues affecting production site launch schedules and must be
reported via : https://support.sikkasoft.com
If the problem is not resolved within four (4) business
hours, the Sikka customer support manager and the customer’s organization is
notified and will work with the support engineer to ensure the assignment of
relevant resources to implement an action plan.
If the problem is still not resolved within eight (8)
business hours the issue will be escalated to the Sikka TAC and will be reviewed to
ensure that the appropriate resources are allocated to resolve the issue.
|
2 Hours (business
hours only) |
Normal |
Priority 2 is for all other cases or problems that the
customer may experience with the SPU or “Platform”.
If the customer is not satisfied that the issue is being
resolved in an acceptable time period, Customer can request an escalation of the
issue using https://support.sikkasoft.com
The Customer Success Team Lead will contact the customer
to discuss the request and agree on an action plan with the customer.
|
8 Hours (business
hours only) |
Business Associate Terms Addendum
1. BUSINESS ASSOCIATE AGREEMENT UNDER HIPAA AND APPLICABLE FOREIGN LAWS.This Section 1 applies to the extent that (a) Client is a “Covered Entity” as defined in 45 CFR §160.103 (for the purposes of this Addendum, “Covered Entity” includes “health information custodians”, “trustees”, and any other similar term under local applicable legislation); (b) Sikka is, with respect to Client, a “Business Associate” as defined in 45 CFR §160.103 (for the purposes of this Policy, “Business Associate” includes “agents”, “affiliates”, “information managers”, and any other similar term under local applicable legislation); and (c) Sikka receives PHI (as defined below) from Client. The parties acknowledge that in carrying out obligations under the Software License Agreement, Sikka, and its subcontractors, employees, affiliates, agents, or representatives may have reason to collect, access, use, create, maintain, disclose or transmit PHI for or on behalf of Client. Certain PHI may be transmitted by or maintained in electronic media as Electronic PHI (as defined below). The parties agree to comply with any applicable federal, state, provincial and territorial law governing the privacy and security of the PHI and Electronic PHI including, without limitation, HIPAA and the HITECH Act (as defined below), as well as any other similar applicable legislation, in accordance with the Software License Agreement and this Addendum (the “Addendum”).
DEFINITIONS. Capitalized terms used, but not otherwise defined, in this Addendum shall have the same
meaning as those terms in the Services Agreement or applicable regulation.
“Breach”, as it relates to information, has the same meaning as the term “breach” in Section 13400 of the HITECH Act, namely the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, and any other similar term under local applicable legislation.
“Designated Record Set” has the same meaning as the term “designated record set” in 45 CFR §164.501, namely a group of records maintained by or for a Covered Entity that is either i) medical records and billing records about individuals maintained by or for a health care provider, ii) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan or iii) used, in whole or in part, by or for the Covered Entity to make decisions about individuals, and any other similar term under local applicable legislation.
“Electronic PHI” has the same meaning as the term “electronic protected health information” in 45 CFR §160.103, and any other similar term under local applicable legislation, limited to the information created or received by Sikka from or on behalf of Client.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, the Health Information
Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”), and the regulations promulgated
thereunder, as each may be amended from time to time.
“individual” has the same meaning as the term “individual” in 45 CFR §160.103, namely a person who is the subject of protected health information, and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g) and any similar term under local applicable legislation.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, and any other similar term, standards and rules under local applicable legislation.
“PHI” has the same meaning as the term “protected health information” in 45 CFR §160.103, and any other similar term under local applicable legislation, limited to the information created or received by Sikka from or on behalf of Client.
“Secretary” means the Secretary of the Department of Health and Human Services or his designee, and any other similar term, individual or regulator under local applicable legislation.
“Security Rule” means the Security Standards at 45 CFR Part 160 and Part 164, and any other similar term, standards and rules under local applicable legislation.
“Unsecured PHI” has the same meaning as the term “unsecured protected health information” in Section 13402(h) of the HITECH Act, namely PHI that is not secured through the use of a technology or methodology specified by the Secretary.
1.1. Obligations and Activities of Business Associate. As a Business Associate, Sikka shall have
the following obligations:
-
(a) Sikka agrees to not use or disclose PHI other than as permitted or required by the Services
Agreement or as Required by Law. Except as otherwise limited in the Services Agreement, Sikka
may use or disclose PHI to perform functions, activities, or services for, or on behalf of
Client as specified in Software License Agreement, provided that such use or disclosure would
not violate the Privacy Rule if done by Client or the minimum necessary policies and procedures
of Client of which Sikka has been informed.
-
(b) Sikka agrees to use appropriate safeguards to prevent use or disclosure of the PHI other
than as provided for by Services Agreement, including the implementation of administrative,
physical and technical safeguards that reasonably and appropriately protect the confidentiality,
integrity and availability of Electronic PHI as required by the Security Rule.
-
(c) Sikka agrees to mitigate, to the extent practicable, any harmful effect that is known to Sikka of a use or disclosure of PHI by Sikka in violation of the requirements of HIPAA or any other similar local applicable legislation.
-
(d) Sikka agrees to report to Client any use or disclosure of the PHI that it becomes aware of that is not permitted by this Business Associate Agreement or any Breach or other type of security incident. Further, Sikka agrees to notify Client of any Breach of Unsecured PHI of which it becomes aware and otherwise comply with the notification requirements set forth in Section 45 CFR § 164.410 (or in any other similar local applicable legislation). Notwithstanding anything herein to the contrary, notice is hereby deemed provided, and no further notice will be given, with respect to ongoing unsuccessful attempts at unauthorized access to PHI that are trivial such as pings and other broadcast attacks on firewalls, denial of service attacks, failed login attempts, and port scans, unless such notice is required under local applicable legislation.
-
(e) Sikka agrees to ensure that any subcontractor to whom Sikka assigns or delegates its rights
or obligations under this Addendum or the Services Agreement has agreed in writing to the same
restrictions and conditions as Sikka with respect to PHI.
-
(f) Sikka agrees to make its internal practices, books, and records, including policies and
procedures and PHI, relating to the use and disclosure of PHI received from, or created or
received by Sikka on behalf of Client available to the Secretary, at a reasonable time
designated by the Secretary, for purposes of the Secretary determining Client’s compliance with
the Privacy Rule.
-
(g) Sikka agrees to document such disclosures of PHI and information related to such disclosures
as would be required for Client to respond to a request by an Individual for an accounting of
disclosures of PHI in accordance with 45 CFR §164.528 and any local applicable legislation.
-
(h) Sikka agrees to provide to Client or an Individual, within the time periods and in the manner provided for under local applicable law (or, in the absence of such requirements in time and manner agreed by the parties), information collected in accordance with Section 1(g) of this Addendum, to permit Client to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR §164.528 and any other similar local applicable legislation.
-
(i) Sikka agrees not to exchange any PHI of an Individual for remuneration except where Sikka
has obtained a valid authorization from the individual or as otherwise permitted under Section
13405(d) of the HITECH Act or applicable local law.
-
(j) To the extent Sikka agrees in the Services Agreement to maintain any PHI in a Designated Record Set that is not duplicative of a Designated Record Set maintained by Client, Sikka agrees to make such information available to Client pursuant to 45 CFR § 164.524 and any other similar local applicable legislation, in time and manner agreed by the parties.
Subject to applicable law, if, in the performance of its obligations set forth in Sections 1(f) through 1(j) above, Sikka expends
time and materials, Sikka will provide Client with an estimate of the fee for such time and materials.
Following agreement by the parties as to such fees, Sikka will invoice Client, and Client shall pay
Sikka such fees.
Except as otherwise limited in the Software License Agreement, and to the extent permitted by applicable law, Sikka may use or disclose PHI for the proper management and administration of the Services or to carry out Sikka’s legal obligations, provided the disclosures are required by law, or Sikka obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Sikka of any instances of which it is aware in which the confidentiality of the information has been breached.
To the extent permitted under applicable law, Sikka may use PHI to de-identify such PHI so that such information is not individually identifiable
information as provided in 45 C.F.R. § 164.514, as amended. The parties agree that such de-identified
information is not PHI and not subject to this Addendum, unless locally applicable law specifies otherwise.
Sikka may use PHI to provide data aggregation services to Client if such services are required under the
Services Agreement.
To the extent permitted by applicable law, Sikka may seek a valid authorization from an Individual for the disclosure of their PHI disclosed or
access by Sikka pursuant to this Addendum and the Software License Agreement for Sikka's business
purposes.
1.2. Obligations of Covered Entity. Client shall have the following obligations:
-
(a) Client shall use the encryption features in the Services to encrypt any and all PHI that is
provided to Sikka. In addition to the indemnification obligations set forth in the Software
License Agreement, Client shall defend and indemnify Sikka from and against any damages and
costs arising from or relating to the failure of Client to encrypt the PHI.
-
(b) To the extent permitted under applicable law, Client shall notify Sikka of any limitation(s) in its notice of privacy practices of Client in accordance with 45 CFR §164.520 and local applicable law, to the extent that such limitation may affect Sikka’s use or disclosure of PHI.
-
(c) Client shall notify Sikka of any changes in, or revocation of, permission by an Individual
to use or disclose PHI, to the extent that such changes may affect Sikka’s use or disclosure of
PHI in providing the Services.
-
(d) To the extent permitted under applicable law, Client shall notify Sikka of any restriction to the use or disclosure of PHI that Client has agreed to in accordance with 45 CFR §164.522 or local applicable law, to the extent that such restriction may affect Sikka’s use or disclosure of PHI in providing the Services.
-
(e) Client shall not request Sikka to use or disclose PHI in any manner that would not be permissible under HIPAA or local applicable law if done by Client. Client shall permit Sikka to seek a valid authorization for the disclosure of PHI for Sikka's business purposes from Individuals whose PHI is accessed by or disclosed to Sikka pursuant to this Addendum and the Services Agreement
-
(f) Client represents and warrants that: (a) it has the right and authority to provide PHI to Sikka for Sikka to perform its obligations and provide the Services to Client, (b) that Sikka’s collection, storage, use and disclosure of any PHI in providing the Services to Client is permitted under Client’s privacy policy that Client maintains with its Patient and under applicable law, and (c) Client has obtained all consents from Individuals as required by applicable laws to permit the above collections, storage, uses and disclosures.
1.3. Term and Termination
-
(a) Term. The term of this Addendum shall be effective as of the Effective Date and shall
terminate when all of the PHI provided by Client to Sikka, or created or received by Sikka on
behalf of Client, is destroyed or returned to Client, or, if it is infeasible to return or
destroy PHI, protections are extended to such information, in accordance with the termination
provisions in this Section and in any local applicable legislation.
-
(b) Termination for Cause. In addition to any termination rights set forth in the Software
License Agreement and the Terms and Conditions, if Sikka materially breaches the Business
Associate Terms, Client may terminate the Services if Sikka fails to cure such breach within
thirty (30) days after receiving written notice of such breach or immediately terminate the
Services if cure is not possible.
-
(c) Effect of Termination.
-
-
(i) Except as provided in Section 1.3(c)(ii) below, upon termination of this Addendum,
for any reason, Sikka shall return or destroy all PHI received from Client, or created
or received by Sikka on behalf of Client in accordance with the terms of the Software
License Agreement. This provision shall also apply to PHI that is in the possession of
subcontractors or agents of Sikka. Sikka shall retain no copies of the PHI.
-
(ii) In the event that Sikka determines that returning or destroying the PHI is
infeasible, Sikka shall provide to Client notification of the conditions that make
return or destruction infeasible. If the return or destruction of PHI is infeasible,
Sikka shall extend the protections of this Addendum to such PHI and limit further uses
and disclosures of such PHI to those purposes that make the return or destruction
infeasible, for so long as Sikka maintains such PHI.
-
(d) Termination Upon Change in Law. If the Secretary provides guidance, clarification or interpretation of HIPAA or the HITECH Act or any local applicable legislation or there is a change in HIPAA or the HITECH Act or any local applicable legislation such that the service relationship between Sikka and Client is not considered a Business Associate relationship as defined in HIPAA or any similar local applicable legislation, this Addendum shall terminate and be null and void.
1.4. Miscellaneous
-
(a) Regulatory References. A reference in this Agreement to a section in a regulation means the
section as in effect or as amended.
-
(b) The parties agree to take such action as is necessary to amend this Agreement from time to
time as is necessary for Client to comply with the requirements of HIPAA or of any other local applicable legislation.
-
(c) In the event of a conflict between the terms of this Business Associate Agreement Terms Addendum (the “BAA” or the “Addendum”) or any other agreement or understanding between the parties and this Addendum, this BAA shall control.
-
(d) The respective rights and obligations of Sikka under this Addendum shall survive the
termination of this Agreement.
-
(e) Any ambiguity in this Addendum shall be resolved to permit Client to comply with HIPAA or other local applicable legislation.