Information We Collect
Some of the Services require us to know who you are so that we can best meet your needs. When you access these Services, we may ask you to voluntarily provide us certain information that personally identifies (or could be used to personally identify) you (“Personal Information”). Personal Information includes some of the following categories of information: (1) contact data (such as your email address and phone number); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors or other health care providers (“Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us), and (5) other information that you voluntarily choose to provide to us, including without limitation SSN, unique identifiers such as passwords, and Personal Information in emails or letters that you send to us. You may still access and use some of the Services if you choose not to provide us with any Personal Information, but the features of the Services that require your Personal Information will not be accessible to you.
We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.
We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent and share this information with our business partners for the sole purpose of providing the Services to you.
How We Collect Information
We collect information, including Personal Information and Traffic Data, when you use and interact with the Services, such as:
When you use the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms ("Medical History Forms") prior to Healthcare Provider appointments.
When you voluntarily provide information in freeform text boxes through the Services and through responses to surveys, questionnaires and the like;
If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information that lets Quartet know when you are logged on and available to receive update or alert notices;
Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.
We also may collect information about you from third party sources.
Tracking Tools and “Do Not Track”
The Tracking Tools that we may use and how we may use them include:
For more information on cookies, visit http://www.allaboutcookies.org.
Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to monitor how many people are using the Services, using the selected advertisers' websites or opening our emails, and for what purpose, and also allows us to enhance our interestbased advertising.
Website Analytics: We may use thirdparty website analytics services in connection with the Services, including, for example, to record mouse clicks, mouse movements, scrolling activity and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites which do not use their services. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 6 (Use of Information).
How Quartet Responds to Browser “Do Not Track” Signals.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including Quartet, do not take action to respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.
Options for Opting out of Cookies.
Some web browsers (including some mobile web browsers) allow you to reject Cookies or to alert you when a Cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Quartet’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.
You may opt out of receiving certain Cookies and certain trackers by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) consumer optout page. When you use these optout features, an “optout” Cookie will be placed on your computer or tablet indicating that you do not want to receive interestbased advertising from NAI or DAA member companies. If you delete Cookies on your computer or tablet, you may need to opt out again. For information about how to opt out of interestbased advertising on mobile device identifiers, please visithttp://www.applicationprivacy.org/expressingyourbehavioraladvertis... amobiledevice. Please note that opting out of interestbased advertising does not mean you will no longer see Quartet’s advertisements; rather, opting out means that the advertisements that you do see are not interestbased advertisements. Also, opting out does not mean that Quartet is no longer using Tracking Tools Quartet still may collect information about your use of the Services even after you have opted out of interest based advertisements.
Information Provided by or on Behalf of Children
The Services are not intended for use by children and children are prohibited from using the Services. Quartet does not knowingly collect any information from children, nor are the Services directed to children.
By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age 13. If we learn that we have received any information directly from a child under age 13 without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services and subsequently we will delete that information.
If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information as otherwise provided herein.
Use of Information
We use your information, including Personal Information, to provide the Services to you and to help improve them, including to:
provide you with the products, services and information you request and respond to correspondence that we receive from you;
provide, maintain, administer or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
notify you about certain resources or Healthcare Providers we think you may be interested in learning more;
send you information about Quartet or our products or Services;
contact you when necessary or requested by phone, email or text message, including to remind you of an upcoming appointment;
customize and tailor your experience of the Services;
send emails and other communications that display content that we think will interest you and according to your preferences;
use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
prevent, detect and investigate security breaches and potentially illegal or prohibited activities.
We may use information that is neither Personal Information nor PHI (including nonPHI Personal Information that has been deidentified and/or aggregated) for any reason at our sole discretion.
Disclosure of Information
We may disclose certain information that we collect from you:
We may share your Personal Information with Healthcare Providers with which you choose to schedule through the Services. For example, if you elect to complete a Medical History Form using the Services in advance of an appointment, we may share your Medical History Form with your Healthcare Providers. You also may choose to store but not share with Quartet your Medical History Form.
We may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments, provided that you choose to use the applicable Services.
We may share your Personal Information with Healthcare Providers in the event of an emergency.
We may also share your Personal Information with organizations that collect, aggregate and organize your information so they can make it more easily accessible to your Healthcare Providers.
We may share your email address with our business partners to enable them to help Quartet customize our advertising, e.g., to enable us to contact you on non Quartet websites. We do not sell email addresses to third parties.
We may share your Personal Information and Traffic Data with our business partners who perform core services (such as hosting, billing, fulfillment, data storage or security) related to our operation of the Services and/or by making certain features available to our users.
We may share with the insurance provider you identify to us (via our business partners) your insurancerelated Personal Information for the purposes of determining eligibility and costsharing obligations, and otherwise obtaining benefit plan information.
We may share your Personal Information and Traffic Data with our business partners who perform the Website analytics set forth in Section 4.1 (Tracking Tools)
We may transfer information about you, including your Personal Information, to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of Quartet (whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of Quartet or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates thirdparty rights.
We may disclose information that is neither Personal Information nor PHI (including non PHI Personal Information that has been deidentified and/or aggregated) for any reason at our sole discretion.
We store and process your information on our servers in the United States. We may store all information indefinitely.
Any information that you may reveal in a review posting or online discussion or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Information in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.
Storage and Security of Information
The security of your Personal Information is important to us. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using secure socket layer technology.
Controlling Your Personal Information
If you are a registered user of the Services, you can modify some of the Personal Information you have included in your profile or change your username by logging in and accessing your account. If you wish to close your account, please email us at firstname.lastname@example.org. Quartet will delete your account and the information in your account as soon as reasonably possible. Please note, however, that Quartet reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law.
You must promptly notify us if any of your account data is lost, stolen or used without permission.
Links to Other Websites
Quartet Health, Inc.
114 West 41st Street, Fourth floor
New York, NY 10036
Quartet Health offers services, such as helping you to find and learn about nearby healthcare providers, arranging appointments with the healthcare provider(s) of your choice (each, "Your Healthcare Provider") and forwarding your health-related information to share with Your Healthcare Providers ("Quartet Services"). As part of providing the Quartet Services, Quartet may collect, use, share, and exchange your health history forms and other health-related information with Your Healthcare Providers. Under a federal law called the Health Insurance Portability and Accountability Act ("HIPAA"), some of this health and health-related information may be considered "protected health information" or "PHI" if such information is received from or on behalf of Your Healthcare Providers.
Safeguards for PHI
HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers and by health plans (called "Covered Entities") as well as companies, like Quartet, that provide certain types of assistance to Covered Entities (called "Business Associates"). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like Your Healthcare Provider(s), can disclose protected health information to a third party.
Non-Protected Health Information
Your PHI Authorization
The purpose of this Quartet Health Authorization ("Authorization") is to request your written permission to allow Quartet to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If Quartet is a Business Associate of Your Healthcare Providers, then Quartet needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI when Quartet is not working on behalf of Your Healthcare Providers, but is instead working on its own behalf. Therefore, when Quartet relies on this Authorization, and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures.
If you e-sign this Authorization, you give your permission to Quartet to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed.
Specifically, you agree that Quartet can use your PHI to: enable and customize your use of the Quartet Health Services; provide you alerts or other Quartet Health Services regarding future appointments; notify you regarding providers we think you may be interested in learning more about; share information with you regarding services, products or resources about which we think you may be interested in learning more; provide you with updates and information about the Quartet Health Services; market to you about Quartet and third party products and services; conduct analysis for Quartet's business purposes; support development of the Quartet Health Services; and create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts. You also agree that Quartet can disclose your PHI to: third parties assisting Quartet with any of the uses described above; Your Healthcare Providers to enable them to refer you to, and make appointments with, other providers on your behalf, or to perform an analysis on potential health issues or treatments, provided that you choose to use the applicable Quartet Health Service; a third party as part of a potential merger, sale or acquisition of Quartet; our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when Quartet is no longer working on behalf of Your Healthcare Providers; a provider of medical services, in the event of an emergency; and organizations that collect, aggregate and organize your information so they can make it more easily accessible to your providers.
If Quartet discloses your PHI, Quartet will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to Quartet or for the permitted purpose of the disclosure (as described above).
Quartet cannot, however, guarantee that any such person or entity to which Quartet discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.
Expiration and Revocation of Authorization
Your Authorization remains in effect until you provide written notice of revocation to Quartet.
YOU CAN CHANGE YOUR MIND AND REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY (OR NO) REASON.
If you wish to revoke this Authorization, you must notify Quartet by submitting a revocation through via email to email@example.com. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain of the Quartet Health Services. A Revocation of Authorization is effective after you submit it to Quartet, but it does not have any effect on Quartet's prior actions taken in reliance on the Authorization before revoked.
Once Quartet receives your Revocation of Authorization, Quartet can only use and disclose your PHI as permitted in Quartet's agreements with Your Healthcare Provider(s). Your Revocation of Authorization does not affect Quartet's use of your Non-PHI.
We will make available to Your Healthcare Provider(s), current and past, your agreement to or revocation of this Authorization.
Software Services and License Agreement
THIS SOFTWARE SERVICES AND LICENSE AGREEMENT (the "Agreement"), dated upon the date of your completion of the registration process (the "Effective Date"), is entered into between Quartet Health, Inc. ("Quartet"), a Delaware corporation, and You, a health care provider practice. "You", "your", "yourself", or "Practice" means you, as an individual, and the legal entity on behalf of which you are acting as the authorized agent or legal representative as identified by you during registration with the Software, if applicable. Quartet and You may be referred to individually as " Party" and collectively as "Parties". BY CLICKING "I AGREE," OR BY OTHERWISE SIGNING-UP OR FOR AN ACCOUNT, OR BY ACCESSING OR USING THE SERVICES (DEFINED BELOW), YOU ARE ENTERING INTO THIS AGREEMENT AND YOU AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS . Please read this Agreement carefully, and do not sign-up for an account or use the Services if you are unwilling or unable to be bound by this Agreement.
Who is Quartet? Quartet owns a suite of software-as-a-service products designed to (a) facilitate spaner coordination and collaboration between medical providers, behavioral health providers and their patients; and to (b) assist with improving patient outcomes and reducing overall health care expenditures (collectively, the "Platform").
What is Quartet's relationship with its health plan customers? Quartet provides behavioral health care coordination services and other permitted Health Care Operations to certain health plan customers whose members may be patients of Yours ("Member Patients"). Attachment A of this agreement identifies Quartet's health plan customers (each a "Customer Plan").
What is the purpose of this Agreement? You wish Quartet to provide You with behavioral health care coordination services and other permitted Health Care Operations described on Attachment B (together with the Platform, the "Services") for Your patients that are not Members of a Quartet Customer Plan (each a "Non-Member Patient"). You also wish Quartet to grant You a license to access and use the Platform for both: (a) Your Non-Member Patients for whom Quartet provides you Services and (b) Your Member Patients for whom Quartet provides services to Quartet's Customer Plans.
Whose Protected Health Information (PHI) does the Member Patient and Non-Member Patient belong to? The PHI of the Member Patient belongs to Quartet's Customer Plan because Quartet is providing care coordination services and other permitted Health Care Operations to the Customer Plan. The PHI of the Non-Member Patient belong to You because this Agreement enables Quartet to provide care coordination services and Health Care Operations to You.
What happens if Quartet contracts with a new health plan customer? In the event that Quartet enters into an agreement at any time with a new health plan customer that would result in a Non-Member Patient becoming a Member Patient, You agree to use all reasonable efforts to assist Quartet and the new health plan customer with this transition.
For purposes of this Agreement, capitalized terms that are not defined shall have the meaning set forth in HIPAA.
- Services. This Agreement describes the terms and conditions of the Services Quartet agrees to provide You. Quartet may reasonably supplement, modify, substitute or otherwise alter the Services, from time to time. Quartet will provide You with thirty (30) days' written notice prior to implementing any material change, as determined exclusively by Quartet, with respect to the Services.
- Required Permissions. You and each of your Authorized Users (as defined below) will obtain all necessary consents, HIPAA Authorizations, or other permissions and acknowledgments from a Non-Member Patient or Member Patient required for the performance of each Party's obligations pursuant to this Agreement before using the Services.
- License to Create Deidentified Data. You grant to Quartet and its affiliates an exclusive, royalty free, perpetual, irrevocable, worldwide, assignable and sub-licensable right and license to aggregate, compile, decompile, manipulate, reproduce, modify, supplement, adapt, translate, create derivative works from, display, perform, distribute, publish, disclose and otherwise use Practice Data to perform the Services and to create Deidentified Data.
- Ownership of Deidentified Data. In consideration for Quartet's provision of the Services to You, you hereby transfer and assign to Quartet and its affiliates a right to aggregate, compile, decompile, manipulate, reproduce, modify, supplement, adapt, translate, create derivative works from, display, perform, distribute, publish, disclose and otherwise use Deidentified Data for all purposes, commercial or otherwise. You agree that Quartet may use, disclose, market, license and sell such De-Identified Information for any purpose without restriction, and that you have no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof.
- Quartet Data Intellectual Property. You acknowledge and agree that all derivative works or modifications of the Data are the intellectual property of, and owned solely and exclusively by, Quartet ("Quartet Data Intellectual Property"). To the extent You have any right, title or interest in or to any Quartet Data Intellectual Property, You hereby assign, and agree to assign, all rights, title and interests, including all copyright and other intellectual property and proprietary rights, in and to such Quartet Data Intellectual Property to Quartet.
- For purposes of this Agreement, "Deidentified Data" means Your Data that Quartet de-identifies in accordance with HIPAA.
- For purposes of this Agreement, "Practice Data" means all data, including PHI and information that you input or upload onto the Platform, and all binary text, sound, image, video or other files, including, applications, that are submitted by or on behalf of and/or made accessible by or on behalf of You or any of Your Authorized Users in connection with or through Your or any of Your Authorized User's use of the Services, including any of the foregoing that is created by a Party or any Authorized User through use of the Platform.
Quartet grants You a non-exclusive license during the term of the Agreement to access and use the Platform in connection with Your receipt of the Services and to provide health care services to Non-Member Patients or to Member Patients of Quartet's Customer Plan, as well as to permit Your employees and agents, authorized by You, who provide health care services on Your behalf in connection with Non-Member Patients and Member Patients (each an "Authorized User") to do the same, subject to all of the conditions and restrictions set forth in the License Addendum, which is attached hereto as Attachment C and hereby incorporated herein. For avoidance of doubt, You are responsible for ensuring that each Authorized User complies with the terms of this Agreement and the License Addendum. In the event of a conflict between the License Addendum and this Agreement, the more stringent requirements will prevail over less stringent provisions.
TERM AND TERMINATION.
The term of this Agreement begins on the Effective Date and continues for a period of one (1) year unless terminated earlier as provided in this Agreement. Thereafter, the Agreement will be automatically extended for additional one-year terms. This Agreement may be terminated by either Party, with or without cause and without penalty, upon the provision of thirty (30) days written notice. The termination of this Agreement will not release or discharge either Party from any obligation, debt or liability existing under this Agreement as of the effective date of termination.
You represent and warrant that, at all times during the term of this Agreement that (a) each Authorized User and, if a licensed professional, then the Authorized User (i) possesses valid and unrestricted licenses to practice medicine in the state or states in which they practice; (ii) is licensed or certified to prescribe medications in the same jurisdiction(s); (iii) is eligible to participate in applicable state or federal healthcare programs, including Medicare and Medicaid; and (iv) is insured against professional liability at a level not less than $1,000,000 per occurrence and $3,000,000 in the aggregate, (b) You have all rights, necessary authority, and permission to convey to Quartet the rights set forth in Section 5 above including any and all required physician and employee rights or permissions under applicable state laws and regulations or Your internal policies, (c) Your use of the Services and performance under this Agreement will not conflict with or result in a breach of any applicable law or contract (including third-party payer agreements) by which You are bound.
Each Party will comply with the terms of the HIPAA Business Associate Addendum, attached and incorporated hereto as Attachment D, and will at all times comply with the applicable provisions of the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. §§ 1320d, et seq., as amended by the Health Information Technology for Economic and Clinical Health Act and the respective implementing regulations (collectively, "HIPAA") and all applicable non-HIPAA pre-empted federal, state and local laws and regulations in connection with the use and disclosure of personally identifiable information.
INDEPENDENCE OF PROFESSIONAL JUDGMENT.
You acknowledge and agree that Quartet does not engage in the practice of medicine, nursing, social work, mental health or other clinical service and that the Services are not designed to prevent, diagnose, or treat disease. Quartet will not exercise any control or direction over how You or any Authorized User practices medicine or provides care to a Non-Member Patient or Member Patient. For avoidance of doubt, You and each Authorized User will be solely and exclusively responsible for all medical care provided to a Non-Member Patient or Member Patient. Further, Quartet will not be responsible or liable for any medical advice or opinions provided by behavioral healthcare providers to whom a Non-Member Patient or Member Patient is referred through the Your or Authorized User's use of the Services. Nothing contained in this Agreement will require referrals to specific health care facilities, interfere with patients' choice of medical treatment, or interfere with the any physician's independent medical judgment. Nothing in this Agreement will be construed to alter or otherwise affect the legal, ethical or professional relationships between and among You and any of Your Non-Member or Member Patients, nor does anything in this Agreement abrogate any right, privilege or obligation arising from or related to the doctor-patient relationship.
COMPLIANCE WITH LAWS.
The Parties will comply with all applicable federal, state and local laws and regulations in performing their obligations under this Agreement and providing the Services as contemplated in this Agreement.
CONFIDENTIAL AND PROPRIETARY INFORMATION.
Neither Party may disclose any Confidential Information, as hereinafter defined, of the other Party without the other Party's express written authorization (with the exception of Quartet's use of the You Data and the Deidentified Data pursuant to Section 3). Confidential Information will not be used in any way directly or indirectly detrimental to the disclosing Party and each Party will keep the other Party's Confidential Information confidential and will ensure that its employees and agents who have access to such Confidential Information comply with these nondisclosure obligations. "Confidential Information" includes Your records, Quartet records, and all other confidential information of either Party (whether written or oral), including all confidential notes, studies, forms, business or management methods, marketing data, or trade secrets of such Party, except for information that is available to and known by the public (other than as a result of an unpermitted disclosure directly or indirectly by the receiving Party or its representatives). The obligation to maintain the confidentiality of Confidential Information will survive termination of this Agreement.
INDEMNIFICATION; LIMITATION OF LIABILITY
- Indemnity by You. You will indemnify, defend and hold harmless Quartet, its directors, officers, employees, affiliates, agents, representatives, and permitted successors and assigns, from and against all liabilities, losses, damages, penalties, judgments, suits, claims, costs and expenses of any kind or nature (including, without limitation, reasonable attorneys' fees and court costs) ("Losses") arising out of or result from any claim of a third party arising out of or occurring in connection with: (i) the material inaccuracy of any representation or material breach of warranty by You contained in this Agreement; (ii) the material breach of any covenant by You contained in this Agreement; or (iii) the conduct of You or an Authorized User in providing medical care to Non-Member Patients or otherwise utilizing the Services. You shall not enter into any settlement without Quartet's prior written consent.
- LIMITATION OF LIABILITY. IN NO EVENT WILL QUARTET BE LIABLE TO YOU OR TO ANY THIRD PARTY UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL THE AGGREGATE LIABILITY OF QUARTET UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, EXCEED $1,000.
The relationship between the Parties under this Agreement is solely that of independent contractors entering into a services agreement. Neither Party may make a representations or assertions or take any action that could imply or establish any joint venture, partnership, employment or trust relationship between the Parties with respect to the subject matter of this Agreement.
Except as otherwise provided herein, You may not assign, transfer or sublicense this Agreement or Your rights granted herein without the express prior written consent of Quartet. The Platform and Your account therein cannot be assigned, transferred or used by anyone other than You or an Authorized User without Quartet's written permission. Quartet may assign its rights, obligations or interest under this Agreement to any third party that assumes responsibility for fulfilling this Agreement in accordance with its terms and conditions. All provisions of this Agreement are binding upon the Parties hereto, their respective successors, legal representatives and assigns.
- Exclusions. Use of the Services by You and each Authorized User is not conditioned upon a requirement that You or an Authorized User make referrals to, be in a position to make or influence referrals to, or otherwise generate business for Quartet or any of its affiliates or a requirement that Quartet or any of its affiliates make referrals to, be in a position to make or influence referrals to, or otherwise generate business for You or an Authorized User.
- Choice of Law. This Agreement will be governed by, and construed in accordance with the laws of the State of Delaware, excluding any law or conflicts of law principle that would apply the law of another jurisdiction.
- Waiver. No waiver by any Party of any of its rights, under this Agreement will be effective unless in writing and signed by the Party waiving such right.
- Notices. All notices, requests, or consents sent to Quartet that are required or permitted under this Agreement must be in writing (including electronic form) and must be delivered to the address designated below and will be deemed effective upon receipt if delivered by nationally recognized overnight courier service or by email, upon confirmation of receipt by the other party in writing by return email.
Quartet Health, Inc.
114 West 41st Street, 5th Floor
New York, NY 10036
List of Quartet Customer Plans
You acknowledge and agree that this list of Quartet Customer Plans may be amended or revised solely by Quartet from time to time and will be provided to you upon reasonable notice:
- Highmark Blue Cross Blue Shield (PA)
- Premera Blue Cross (WA)
- Blue Cross Blue Shield of Massachusetts (MA)
- Steward Heath Care (MA)
- Lahey Hospital and Medical Center (MA)
Quartet will provide the following Services to You, which may be amended from time to time as mutually agreed upon by both Parties:
- Care Coordination. Quartet will provide care coordination services for Non-Member Patients to coordinate their health services with health care providers and to help better achieve the goals of treatment and care by You.
- Practice Management Services/Tools. Quartet will make available certain practice management services or practice management tools, from time to time.
- Primary Care Provider Consultations: Quartet will provide a service to enable You to communicate on a consultation initiated by primary care providers.
- Virtual Capabilities. Quartet will provide virtual capabilities in order for You to provide virtual health care services, if available.
- Support. Quartet will provide a centralized support team and in-market assistance to support Your access and use of the Platform as well as support in connection to the Services provided by Quartet.
You agree to work with Quartet to obtain all necessary consents, HIPAA Authorizations, or other permissions and acknowledgments from a Non-Member Patient or Member Patient required for the performance of each Party's obligations pursuant to this Agreement before using the Services, including, but not limited, to:
- Consent in connection with confidentiality of alcohol and drug abuse patient records under 42 Code of Federal Regulations Part 2.
- Consent in connection with the Telephone Consumer Protection Act.
- Consent and authorizations required under specific State law.
- HIPAA Authorizations and consent to disclosure of PHI.
- All rights not expressly granted to You by the Services Agreement (including this Attachment C) are reserved for Quartet. Without limiting the generality of the previous sentence, and except to the extent specifically permitted in this Attachment C, You may not: (a) modify the Platform or separate out any of its components for use with other software; (b) permit another person other than Your designees to use the Platform; (c) decompile, disassemble, or otherwise reverse engineer the Platform; (d) remove, obscure or alter any notice of copyright, trademark or other proprietary right present on or in the Platform or (e) resell the Platform or provide the Platform to or on behalf of other entities. You understand that the Platform is licensed to You and not sold. Quartet retains title to and ownership of all right, title and interest, including all intellectual property rights in and with respect to the Platform, materials and documentation.
- Without limiting foregoing, You acknowledge that the Platform represents and will continue to represent the valuable, confidential and proprietary property of Quartet and its affiliates. Quartet is not conveying to You any proprietary or other rights (including any patent rights, copyrights, trade secrets, trademarks, service marks and related goodwill) in the Platform, except as expressly set forth in this Attachment C.
- Use of the Platform will involve transmitting information about Practice Data through the Platform and may involve listing Your participation in relevant directories or marketing materials. You hereby expressly grant Quartet and its affiliates permission to use this information for such use and listings.
- Quartet may occasionally provide updates and modifications to the Platform in its sole and absolute discretion. Quartet does not warrant that there will be any specified number of updates or modifications, if at all, to the Platform, or that any or all errors will be addressed or resolved by an update or modification. Quartet has no obligation to notify You of any modifications or changes to the system.
- You agree to use the Platform provided by Quartet only for lawful purposes. Transmission or publication of any information, data or material in violation of any U.S. Federal, state or foreign regulation or law, including export control laws, is prohibited. This includes, but is not limited to, material protected by copyright, trade secret, privacy rights, or any other statute.
- The Platform is provided to You "AS-IS" and Quartet makes no warranties of any kind, whether expressed or implied, for the Platform or any other service Quartet provides You. Quartet also disclaims any warranty of merchantability, fitness for a particular purpose, title and non-infringement. Quartet is not responsible for damages You suffers from use of the Platform, including loss of data resulting from delays, non-deliveries, misdeliveries, data-entry errors, incorrect diagnoses (including by Your agents or other representatives), service interruptions or security breaches, whether caused by Your or Quartet's negligence, Your errors or omissions, or due to the fault of third parties. Neither Quartet nor its affiliates or agents shall be liable for any lost profits, lost data, special, incidental, consequential, indirect or exemplary damages, even if advised of the possibility of such damages.
- Quartet does not and cannot control the flow of data to or from the Platform. Such flow depends in large part on the performance of internet service providers or is otherwise controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt or slow connections to the Internet (or portions thereof). Although Quartet will use commercially reasonable efforts to remedy such events, Quartet cannot guarantee that such events will not occur. Accordingly, Quartet disclaims any and all liability, express or implied, resulting from or related to communication or data transmission failures or latencies or security breaches.
- You acknowledge and agree that the provisions under this Attachment C that limit liability, disclaim warranties, or exclude consequential damages or other damages or remedies are essential terms of this Agreement that are fundamental to the Parties' understanding regarding allocation of risk. Accordingly, such provisions shall be severable and independent of any other provisions and shall be enforced as such, regardless of any breach or other occurrence hereunder. Without limiting the generality of the foregoing, You agree that all limitations of liability, disclaimers of warranties, and exclusions of consequential damages or other damages or remedies shall remain fully valid, effective and enforceable in accordance with their respective terms, even under circumstances that cause any exclusive remedy under the Agreement to fail of its essential purpose.
- Notwithstanding anything to the contrary in the Agreement, upon notice, published online by Quartet, by email to You, or through whatever other means as determined by Quartet, Quartet may modify the terms and conditions of this license, as well as discontinue or change the Services offered. Your continued use of the Platform after the effective date of any such notice constitutes acceptance of the terms of this Attachment C, as modified.
- Through use of the Platform, Quartet and its service providers may collect and track certain information such as browser type, time spent on the Platform, pages visited, language preferences, and other anonymous traffic data, using cookies or other similar technologies and such information shall not constitute Practice Data. Quartet and our service providers may use this information for security purposes, to facilitate navigation, display information more effectively, and to personalize the You experience while using the Platform.
BUSINESS ASSOCIATE ADDENDUM
In accordance with the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations as amended from time to time (collectively, "HIPAA"), You ("Covered Entity") and Quartet Health, Inc., ("Business Associate") hereby enter into this Business Associate Addendum ("BA Addendum") on the effective date of the Services Agreement described below (the "Effective Date"). Covered Entity and Business Associate are each referred to in this BA Addendum individually as a "Party", and collectively as the "Parties."
WHEREAS , the Parties have entered into, or are entering into contemporaneously with this BA Addendum, or may subsequently enter into, agreements or other documented arrangements (collectively, the "Services Arrangements") pursuant to which Business Associate assists the Covered Entity with the Covered Entity's recognized Health Care Operations (as such term is defined by HIPAA) and such assistance requires Business Associate to create, receive, maintain, transmit, use or disclose PHI;
WHEREAS , in order to protect the privacy and security of PHI created, received, maintained, or transmitted by or on behalf of the Covered Entity by Business Associate, HIPAA requires the Parties to enter into this BA Addendum; and
WHEREAS , it is the intent of the Parties to amend the Services Arrangements, as described in this BA Addendum, in order for the Parties to comply with HIPAA.
NOW THEREFORE , in consideration of the mutual promises set forth in this BA Addendum and the Services Arrangements, and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
- Effect . In the event of any conflict between the terms of this BA Addendum and the terms of the Services Arrangements, the terms of this BA Addendum shall control with respect to the use and disclosure of PHI by Business Associate unless the Parties specify otherwise in writing. This BA Addendum shall not modify or supersede any other provision of the Services Arrangements.
- Definitions . All capitalized terms not otherwise defined in this BA Addendum shall have the meanings set forth in the Services Arrangements or in HIPAA. All references to PHI herein shall be construed to include EPHI and shall be limited to the PHI received from or on behalf of Covered Entity.
- Business Associate Obligations . Except as otherwise permitted by law and this BA Addendum, Business Associate shall only use or disclose PHI in compliance with HIPAA, and shall not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 (the "Privacy Rule") if done by Covered Entity. To the extent that Business Associate is to carry out one or more of Covered Entity's responsibilities under the Privacy Rule, Business Associate shall comply with the requirements of the Privacy Rule that are apply to the Covered Entity in performance of such obligation(s).
- Uses of PHI . Business Associate may use PHI: (i) for the purpose of performing services for Covered Entity as such services are defined in the Services Arrangements, (ii) as necessary for the proper management and administration of the Business Associate, or to carry out its legal responsibilities, (iii) to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under the Services Arrangements, and (iv) to create de-identified health information in accordance with the HIPAA de-identification requirements. Business Associate may use and disclose health information that has been de-identified in accordance with HIPAA for any purpose permitted by applicable law.
- Disclosures of PHI . Subject to any limitations in this BA Addendum, Business Associate may disclose PHI as necessary to perform its obligations under the Services Arrangements. Further, Business Associate may disclose PHI for its proper management and administration, provided that (i) such disclosures are required by law, or (ii) Business Associate: (a) obtains reasonable assurances from any third party to whom the information is disclosed that it will be held confidential and further used and disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to promptly notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
- Qualified Service Organization . Business Associate acknowledges that in receiving, storing, processing or otherwise dealing with any patient records from the Covered Entity's substance abuse treatment Program (as such term is defined by 42 C.F.R. Part 2), it is fully bound by 42 C.F.R. Part 2. If necessary, Business Associate will resist in judicial proceedings any efforts to obtain access to such patient records except as permitted by 42 C.F.R. Part 2.
- Minimum Necessary . To the extent required by the "minimum necessary" requirements of HIPAA, the Parties shall only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure.
- Subcontractors . Business Associate shall enter into a written agreement meeting the requirements of HIPAA with all Subcontractors (including, without limitation, a Subcontractor that is an agent under applicable law) that create, receive, maintain, or transmit PHI on the Business Associate's behalf. Business Associate shall ensure that the written agreement with each Subcontractor obligates the Subcontractor to comply with the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.
- Reporting Noncompliance . Business Associate shall report to Covered Entity any use or disclosure of PHI not permitted by this BA Addendum or HIPAA by Business Associate, its employees, other agents or contractors, or by any third party to which Business Associate disclosed PHI. In addition to Business Associate's obligations under Section 14, Business Associate agrees to mitigate, to the extent practical, any harmful effect that is known to Business Associate and is the result of a use or disclosure of PHI in violation of this BA Addendum.
- Individual Rights Regarding Designated Record Sets
10.1 Within fifteen (15) business days of a request by Covered Entity for access to PHI about an Individual contained in any Designated Record Set maintained by Business Associate, Business Associate shall make available to Covered Entity such PHI for so long as Business Associate maintains such information in the Designated Record Set.
10.2 Within fifteen (15) business days of receipt of a request from Covered Entity for the amendment of an Individual's PHI contained in any Designated Record Set maintained by Business Associate, Business Associate shall provide such PHI to Covered Entity for amendment and incorporate any such amendments in the PHI (for so long as Business Associate maintains such information in the Designated Record Set) as required by HIPAA. Covered Entity shall have the sole responsibility to determine whether to grant or deny any request for amendment requested by the Individual.
10.3 If Business Associate receives a request for access or amendment to PHI directly from an Individual, Business Associate shall forward such request to Covered Entity within ten (10) business days.
- Accounting of Disclosures . Business Associate shall make available to Covered Entity in response to a request from an Individual, information in the Business Associate's possession required for Covered Entities to make an accounting of disclosures of PHI with respect to the Individual in accordance with HIPAA. Business Associate shall provide to Covered Entity such information necessary to provide an accounting within fifteen (15) business days of notice by Covered Entity of a request for an accounting of disclosures.
- Records and Audit . Business Associate shall make available to the Secretary its internal practice, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity for the purpose of determining Covered Entity's compliance with HIPAA in a time and manner designated by the Secretary.
- Implementation of Security Standards; Notice of Security Incidents . Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of all PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate will also implement appropriate Administrative Safeguards, Physical Safeguards and Technical Safeguards and comply with Subpart C of 45 C.F.R. Part 164 (the "Security Rule") with respect to EPHI to prevent the use or disclosure of EPHI other than as expressly permitted under this BA Addendum. Business Associate shall report any Security Incident involving EPHI of which it becomes aware without unreasonable delay; provided, however, that Covered Entity acknowledges and shall be deemed to have received notice, from Business Associate by operation of this subsection, of Unsuccessful Security Incidents. Unsuccessful Security Incidents means, without limitation, pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, disclosure, modification or destruction of EPHI or intentional interference with system operations in an information system that contains EPHI.
- HIPAA Breach Notification . Business Associate shall, following the discovery of a Breach of Unsecured PHI, notify Covered Entity in accordance with HIPAA without unreasonable delay.
- Obligations of Covered Entity
15.1 Notice of Privacy Practice and Restrictions.
- Covered Entity shall notify Business Associate of any limitation(s) in Covered Entity's notice of privacy practice, to the extent that such limitation may affect Business Associate's use or disclosure of PHI.
- Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate's use or disclosure of PHI.
- Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under HIPAA, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.
15.2 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
- Term and Termination
16.1 This BA Addendum shall commence on the Effective Date and shall remain in effect until terminated in accordance with the terms of this Section 16; provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this BA Addendum prior to the effective date of termination, all of which shall continue in accordance with their terms. This BA Addendum will also terminate immediately if all Services Arrangements are terminated.
16.2 Either Party may immediately terminate this BA Addendum (the "Terminating Party") and shall have no further obligations to the other Party (the "Terminated Party") hereunder if the Terminated Party fails to observe or perform any material covenant or obligation contained in this BA Addendum, and fails to cure such failure within thirty (30) calendar days of receiving written notice by the Terminating Party.
16.3 Termination of this BA Addendum shall be cause for the Terminating Party to immediately terminate any obligation under a Services Arrangement requiring Business Associate to create, receive, maintain, or transmit PHI for, or on behalf of, Covered Entity.
16.4 Upon termination of this BA Addendum, Business Associate shall return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity and which Business Associate still maintains as PHI. Notwithstanding the foregoing, to the extent that Business Associate reasonably determines that it is not feasible to return or destroy such PHI, the terms and provisions of this BA Addendum shall survive termination of the Services Arrangements and such PHI shall be used or disclosed solely for such purpose or purposes which prevented the return or destruction of such PHI.
17.1 Notice. All notices shall be given or made in the same manner as set forth in the Software Services and License Agreement between both Parties.
17.2 Amendment. No oral modification or waiver of any of the provisions of this BA Addendum shall be binding on either Party; provided, however, that upon the enactment of any law, regulation, court decision or relevant government publication and/or interpretative guidance or policy that a Party believes in good faith will adversely impact the use or disclosure of PHI under this BA Addendum, the Party may request to amend this BA Addendum to comply with such law, regulation, court decision or government publication, guidance or policy by delivering a proposed written amendment to the other Party, which shall be effective upon the written approval of the receiving Party, not to be unreasonably withheld.
17.3 No Third Party Beneficiaries. This BA Addendum is for the benefit of, and shall be binding upon the Parties, their affiliates and respective successors and assigns. No third party shall be considered a third-party beneficiary under this BA Addendum, nor shall any third party have any rights as a result of this BA Addendum.
17.4 Nature of BA Addendum; Independent Contractor. Nothing in this BA Addendum shall be construed to create (i) a partnership, joint venture or other joint business relationship between the Parties or any of their affiliates, or (ii) a relationship of employer and employee between the Parties. Business Associate is an independent contractor, and not an agent of Covered Entity. This BA Addendum does not express or imply any commitment to purchase or sell goods or services.