DEEPSCRIBE TERMS AND CONDITIONS
These Terms and Conditions (“Terms”) describe the rights and obligations of Deepscribe Inc., a Delaware corporation (“ DeepScribe”) and DeepScribe’s customer (the “Customer”) (collectively, the “Parties”) related to DeepScribe’s provision to Customer, and Customer’s use of, DeepScribe’s Services (as defined below). Details related to the Services, including payment amounts, usage limitations, and other terms, shall be set forth in one or more separate statements of work, purchase orders, or other related purchasing documents previously executed by the Parties or to be executed by the Parties (each, an “SOW” and, together with these Terms, the “Agreement”). Each SOW is subject to these Terms. The terms of an SOW shall govern in the event of a conflict between these Terms and an SOW. The Agreement shall be effective upon Customer’s execution of the initial SOW (the “Effective Date”).
RECITALS. Customer desires to license from DeepScribe its artificial intelligence-based medical scribe software (the “Software”) for use by Customer’s healthcare employees or contractors (the “ Providers”) to facilitate the recording, storage, transmission and delivery of the Customer’s transcripts. Providers will dictate patient-provider conversations to be recorded through the Software (the “Recordings”).
AGREEMENT . The Parties agree as follows:
1.1. Services. DeepScribe will provide Customer the following services (collectively, the “Services”): (a) use of its Software and Hardware as specified in this Section 1 and in the applicable SOW; (b) the schedule of deliverables as set forth in the SOW (the “Deliverables”); (c) support installation, set-up, and testing of the Hardware in designated rooms within Customer’s designated locations as set forth in the SOW (the “Locations”); (d) onboarding, training, and on-going support as set forth below; and (e) development and support for the Electronic Health Record (EHR) integration (“EHR Integration”), if specified in the SOW.
1.2. Use of Software. Subject to the other limitations on use described in this Agreement, Customer is hereby authorized to use the number of licenses of the Software as set forth in the SOW (the “Licenses”). Customer and its Providers may use the Software solely for the purposes and pursuant to the terms and conditions set forth in this Agreement, and shall not, without the prior written approval of DeepScribe, allow any other party to use the Software for any other purpose or for the benefit of any such party. DeepScribe will comply with the terms and conditions of the Business Associate Agreement (the “BAA”), attached hereto as Exhibit A, as it relates to Customer’s use of the Software. DeepScribe will use commercially reasonable efforts to provide Customer the Software in accordance with the Service Level Standards attached hereto as Exhibit B.
1.3. Hardware. Unless otherwise indicated on an SOW, Customer shall be solely responsible for providing and furnishing any mobile phone, audio recording device and/or other equipment necessary to utilize the Software (the “Hardware”). If indicated on the applicable SOW that DeepScribe will provide the Hardware, DeepScribe shall furnish Customer the type and quantity of Hardware as set forth in such SOW solely for Customer’s use in connection with the Services. Customer agrees that its use of any Hardware provided by DeepScribe shall be subject to the terms and conditions of this Agreement.
1.4. IT Support. DeepScribe will provide Customer with reasonable IT Support as needed via phone and/or email during DeepScribe’s standard business hours.
1.5. Software Changes. DeepScribe reserves the right to make changes to the Software from time to time including upgrades, enhancements, bug-fixes, and other modifications to improve the Software, provided that such changes shall not eliminate or materially interfere with the core functionality of the Software.
2. Term and Termination.
2.1. Term. Each SOW will have a term applicable to such SOW, as set forth therein. This Agreement will commence on the Effective Date and will continue until the completion of any SOWs executed hereunder (the “Term ”). In the event that the Term expires and any subsequent SOWs are executed, the term of this Agreement shall automatically renew for the duration of such subsequent SOW(s).
2.2. Termination. Notwithstanding Section 2.1, this Agreement may be terminated as follows:
2.2.1. Early Termination Option . Only if an Early Termination Period applies to this Agreement, as indicated in an SOW, then Customer may terminate this Agreement and/or the applicable SOW within the Early Termination Period as specified therein; provided, however, that any such termination shall be effective as of the following billing cycle.
2.2.2. Material Breach . Either Party may terminate this Agreement in the event the other Party breaches any material provision of this Agreement and fails to cure such breach within thirty (30) days after receipt from the breaching Party of notice specifying the breach requiring its remedy, unless such material breach cannot be cured, in which case the non-breaching Party can terminate this Agreement with immediate effect.
2.2.3. Insolvency . In the event Customer files for protection of bankruptcy laws, makes an assignment for the benefit of creditors, appoints or suffers appointment of a receiver or trustee over its property, files a petition under any bankruptcy or insolvency act or has any such petition filed against it which is not discharged within sixty (60) days of the filing thereof, then DeepScribe may terminate this Agreement effective immediately upon written notice to Customer.
2.3. Effect of Termination. On the effective date of any termination of this Agreement (“ Termination Date”), Customer will cease any and all further use of the Services and will certify to DeepScribe in writing that the Software has been removed from Customer’s internal systems and is no longer accessible. All Fees (as defined below) earned prior to the Termination Date shall be immediately due and payable. Customer will return any DeepScribe-provided Hardware to DeepScribe at the destination designated by DeepScribe within thirty (30) days of the Termination Date. Customer shall be responsible for any risk of loss, damage or destruction of such Hardware while in transit to DeepScribe and until it has been received by DeepScribe. Any DeepScribe-provided Hardware that is either not returned within the thirty (30) day return period or is damaged such that it is not suitable for reuse (as reasonably determined by DeepScribe) will incur a Replacement Fee as set forth in the SOW.
2.4. Survival. All sections of this Agreement that by their nature and context are intended to survive termination, including but not limited to Sections 2.3, 2.4, and 4 through 9, shall survive any expiration or termination of this Agreement.
3. Payment of Fees.
3.1. EHR Integration Fees. If the Software does not support the EHR, then DeepScribe will provide the Customer dedicated staff as necessary to develop EHR Integration between the Software and the EHR. Customer may be subject to an “ EHR Integration Fee” at the hourly rate set forth in the SOW. The total Integration Fees may vary depending on the complexity of the integration.
3.2. Monthly Fees. Customer shall pay to DeepScribe the monthly fees (“Monthly Fees ”) as set forth in the applicable SOW. If Customer’s use of the Services exceeds the number of Licenses set forth in the SOW, the Monthly Fees set forth in SOW will be adjusted accordingly.
3.3. Additional Fees. If DeepScribe provides Customer any additional services as mutually agreed upon by the Parties (the “Additional Services”), then additional fees may apply (the “Additional Fees” and together with the EHR Integration Fee and the Monthly Fees, the “Fees”) as set forth in the SOW.
3.4. Late Fees. Any Fees that are unpaid, in part or in full, past the applicable due date will incur interest at the lesser of one percent (1%) per month or the maximum rate permitted by law. Customer shall be responsible for any costs and expenses resulting from or arising out of any overdue balance (including, but not limited to, reasonable attorneys’ fees).
3.5. Payment Method. All Fees shall be charged to the payment method designated by Customer upon signing up for the Services. Customer hereby authorizes DeepScribe to automatically process the Fees as they become due. Customer is responsible for providing DeepScribe with an accurate, complete, and up-to-date payment method at all times. Customer agrees and acknowledges that DeepScribe uses third-party payment processors, and that Customer will have to agree to the terms and conditions of such third-party payment processors.
3.6. Taxes. The Fees do not include taxes and other governmental charges, as may be appropriate under law, which will be charged to Customer in addition to the Fees.
4. Proprietary Rights.
4.1. Software. DeepScribe owns and retains all right, title and interest in and to: (a) the Software, all improvements, enhancements or modifications thereto; (b) any software, applications, inventions or other technology developed in connection with the Services; and (c) all intellectual property rights related to any of the foregoing. Subject to the terms and conditions of this Agreement, DeepScribe hereby grants to Customer a non-perpetual, non-exclusive, non-transferable, non-sublicensable right and license, during the Term, to access and use the Software, and all of its features and functionality, solely for the purposes set forth in this Agreement. Subject to Customer’s confidentiality obligations hereunder, Customer may make reasonable use of the data resulting from the use of the Software as necessary to support its use of the Services under this Agreement.
4.2. Hardware . This Section shall apply only with respect to DeepScribe-provided Hardware, if any, as specified in Section 1.3. Title to the Hardware shall at all times remain with DeepScribe. The Parties agree that, subject to the terms and conditions of this Agreement, DeepScribe is leasing the Hardware to Customer during the Term for the purpose set forth herein. Customer will bear the risk of loss or damage to the Hardware at all times, including if the Hardware is damaged, lost or stolen and regardless of cause or fault, and Customer will be solely responsible for maintaining all risk property insurance providing coverage for the Hardware while the Hardware is in the Customer’s possession. In the event that any of the Hardware is materially damaged, lost, or stolen while in Customer’s possession, due to any cause, then Customer shall pay DeepScribe for the cost to repair or replace the damaged Hardware in the amount as reasonably determined by DeepScribe. The following shall be determined in the reasonable discretion of DeepScribe: (a) whether the Hardware is materially damaged, lost, or stolen; (b) whether such Hardware must be repaired or replaced; and (c) the cost to repair or replace such damaged Hardware. The cost for ordinary wear and tear to the Hardware that is expected to occur when the Hardware is used for its ordinary and intended purpose shall not be charged to Customer. Customer must report any accidents, damages, or incidents of theft or vandalism to DeepScribe as soon as any such event is discovered by Customer.
4.3. DeepScribe Content. DeepScribe will retain all right, title and interest it may have in and to the Recordings and any written transcripts, reports, notes, requirements documents, specifications, materials, flow charts, notes, outlines and the like, and any data contained in any of the foregoing (collectively, “DeepScribe Content”), in each case that are developed, conceived or made by DeepScribe or the Software in connection with Customer’s use of the Services. Customer has no right to use or disclose any DeepScribe Content except for use of the Services as set forth in this Agreement. Subject to DeepScribe’s compliance with the terms of the BAA, DeepScribe shall have the right to collect and analyze data and other information relating to the provision, use, and performance of various aspects of the Services and related technologies (including, without limitation, information concerning DeepScribe Content and data contained therein), and DeepScribe will be free to: (a) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other DeepScribe offerings; and (b) disclose such data solely in aggregate or other anonymized, de-identified form in connection with its business.
4.4. Feedback. Customer and its personnel (including the Providers) may provide ideas, suggestions, comments, or other feedback regarding any part of the Services, including ideas for new or improved products or technologies, product enhancements, processes, materials, marketing plans or new product names relating to the Services (collectively “Feedback ”). DeepScribe shall own any and all Feedback provided to DeepScribe. To the extent that DeepScribe does not own any Feedback, Customer hereby grants to DeepScribe an exclusive, perpetual, royalty-free license to use the Feedback for its business purposes, and neither Customer nor its personnel shall not be entitled to any compensation for such Feedback.
4.5. Publicity Consent. Unless otherwise agreed to by the Parties in writing, DeepScribe may use Customer’s name and/or logo to refer to Customer as a customer of DeepScribe on its website and other marketing materials.
5. Restrictions; Representation & Warranties; Responsibilities.
5.1. Restrictions. Customer will not, under any circumstances, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or the Software, or any documentation or data related to the Services or the Software; modify, translate, or create derivative works based on the Services or the Software (except to the extent expressly permitted by DeepScribe or authorized within the Services or the Software); use the Services or the Software for the benefit of a third party; or remove any proprietary notices or labels from the Services or the Software.
5.2. Customer’s Representations and Warranties. Customer represents, covenants, and warrants that Customer will use the Services and the Software only in compliance with the terms of this Agreement and any instructions provided by DeepScribe. Although DeepScribe has no obligation to monitor Customer’s use of the Services or the Software, DeepScribe may do so and may prohibit any use of the Services or the Software it believes may be (or alleged to be) in violation of this Agreement.
5.3. Customer’s Responsibilities.
5.3.1. Assistance . Customer shall: (a) ensure that DeepScribe’s technical specifications requirements are met for the Sandbox environment prior to the Installation Start Date (as defined in the SOW); (b) provide reasonable assistance for EHR Integration; (c) provide on-site access for DeepScribe to perform installation, testing, onboarding and support; (d) provide reasonable assistance for Provider’s on-boarding process; and (e) track and produce internally generated KPIs reports to DeepScribe for evaluation decisions.
5.3.2. Customer Equipment. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access, or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Customer Equipment”). Customer shall also be responsible for maintaining the security of the Customer Equipment, any customer accounts, passwords and files for all uses related to the Services.
5.3.3. Compliance . Customer shall ensure that its use of the Software and the Services complies with all applicable laws, including, without limitation, the Health Insurance Portability and Accountability Act (“HIPAA”) and other data privacy laws. Without limiting the generality of the foregoing, Customer shall not request DeepScribe to use or disclose Protected Health Information (as defined in the BAA) in any manner that would not be permissible under HIPAA if done by Customer (unless permitted by HIPAA for a Business Associate).
5.4. Suspension of Services. Notwithstanding anything to the contrary in this Agreement, DeepScribe may temporarily suspend, or permanently revoke, Customer's access to any portion or all of the Services if DeepScribe reasonably determines that: (a) there is a threat or attack on the Software; (b) Customer's use of the Software disrupts or poses a security risk to the Software; or (c) Customer is using the Software for fraudulent or illegal activities or otherwise in violation of the terms of this Agreement (any such temporary suspension, a "Suspension" and any such revocation, a "Revocation"). DeepScribe shall use commercially reasonable efforts to provide three (3) days’ written notice of any Suspension or Revocation to Customer and, in cases of Suspensions, to provide updates regarding resumption of access to the Software following any Suspension. In cases of Suspensions, DeepScribe shall use commercially reasonable efforts to resume providing access to the Software as soon as reasonably practicable after the event giving rise to the Suspension is cured. DeepScribe shall have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any third party may incur as a result of a Suspension or Revocation, and Customer shall not be entitled to any refunds of any Fees on account of any Suspension or Revocation.
6.1. Confidential Information. During the course of this Agreement, each Party (the “Disclosing Party”) may disclose to the other Party (the “ Receiving Party”) certain non-public information or materials relating to the Disclosing Party’s products, intellectual property, business, business plans, marketing programs and efforts, customer lists, customer information, financial information and other confidential information and trade secrets (“ Confidential Information”). Confidential Information shall also include DeepScribe Content.
6.2. Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available through no breach by the Receiving Party of this Agreement; (b) was previously known to the Receiving Party prior to the date of disclosure, as evidenced by contemporaneous written records; (c) was acquired from a third party without any breach of any obligation of confidentiality; (d) was independently developed by the Receiving Party hereto without reference to Confidential Information of the Disclosing Party; or (e) is required to be disclosed pursuant to a subpoena or other similar order of any court or government agency, provided, however, that the Receiving Party upon receiving such subpoena or order shall: (i) promptly inform the Disclosing Party in writing and provide a copy thereof; (ii) reasonably cooperate with the Disclosing Party in limiting disclosure of the Disclosing Party’s Confidential Information; and (iii) only disclose that Confidential Information necessary to comply with such subpoena or order.
6.3. Protection of Confidential Information. Except as expressly provided herein, the Receiving Party will not use or disclose any Confidential Information of the Disclosing Party without the Disclosing Party’s prior written consent, except disclosure to and subsequent uses by the Receiving Party’s authorized employees, consultants, attorneys, accountants and other representatives (collectively, the “Representatives”) on a need-to-know basis, provided that such Representatives are, by virtue of written agreements or legal obligations, such to confidentiality obligations with respect to the Confidential Information that are at least as restrictive as the Receiving Party’s obligations under this Section 6. Subject to the foregoing nondisclosure and non-use obligations, the Receiving Party agrees to use at least the same care and precaution in protecting such Confidential Information as the Receiving Party uses to protect the Receiving Party’s own Confidential Information and trade secrets, and in no event less than reasonable care. Each Party acknowledges that due to the unique nature of the other Party’s Confidential Information, the Disclosing Party will not have an adequate remedy in money or damages in the event of any unauthorized use or disclosure of its Confidential Information. In addition to any other remedies that may be available in law, in equity or otherwise, the Disclosing Party shall be entitled to seek injunctive relief to prevent such unauthorized use or disclosure. Neither Party shall remove or alter any proprietary markings (e.g., copyright and trademark notices) on the other Party’s Confidential Information.
6.4. Return of Confidential Information. On the Disclosing Party’s written request or upon expiration or termination of this Agreement (unless the Parties mutually agree to enter into a continuing business relationship), the Receiving Party will promptly: (a) return or destroy, at the Disclosing Party’s option, all originals and copies of all documents and materials it has received containing the Disclosing Party’s Confidential Information; and (b) deliver or destroy, at the Disclosing Party’s option, all originals and copies of all summaries, records, descriptions, modifications, negatives, drawings, adoptions and other documents or materials, whether in writing or in machine-readable form, prepared by the Receiving Party, prepared under its direction, or at its request from the documents and materials referred to in subparagraph (a), and provide a notarized written statement to the Disclosing Party certifying that all documents and materials referred to in subparagraphs (a) and (b) have been delivered to the Disclosing Party or destroyed, as requested by the Disclosing Party. Notwithstanding the foregoing, the Receiving Party may retain a copy of the Disclosing Party’s Confidential Information solely for archival purposes or as otherwise required by law, provided that any Confidential Information so retained shall continue to be subject to the confidentiality obligations in this Section 6.
7. Disclaimer. CUSTOMER AGREES AND ACKNOWLEDGES THAT THE SERVICES AND THE SOFTWARE ARE PROVIDED “AS IS” AND DEEPSCRIBE HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY AND ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, LOSS OF DATA, ACCURACY OF RESULTS, OR OTHERWISE ARISING FROM A COURSE OF DEALING OR RELIANCE. DEEPSCRIBE DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT THE SERVICES OR THE SOFTWARE WILL BE COMPATIBLE WITH ANY PARTICULAR DEVICE, OR THAT THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES OR THE SOFTWARE OR ANY DATA PROVIDED BY DEEPSCRIBE THROUGH THE SERVICE OR THE SOFTWARE WILL BE ACCURATE. DEEPSCRIBE SPECIFICALLY DISCLAIMS ALL RESPONSIBILITY FOR ANY THIRD-PARTY HARDWARE, SOFTWARE, PRODUCTS, OR SERVICES PROVIDED WITH OR INCORPORATED INTO THE SERVICES OR THE SOFTWARE.
8. Indemnification; Limitation of Liability.
8.1. Indemnification. Customer will indemnify, defend at DeepScribe’s request, and hold harmless DeepScribe and its directors, officers, employees, agents and other representatives (“Indemnified Parties”) against any loss, damage, liability, settlements, costs or expenses (including reasonable attorneys' fees and expenses) in connection with claims, demands, suits or proceedings (“Claims”) made or brought against DeepScribe by a third party arising from or relating to: (a) any breach of any representation or warranty of Customer contained in this Agreement; (b) any bodily injury or property damage related to the provision of or use of the Hardware; (c) any breach by Customer of its obligations hereunder, including without limitation, any breach of Confidential Information of DeepScribe; or (d) the intentional or reckless acts or omissions of Customer’s personnel or of any other person or entity acting for, on behalf of, at the direction of, or under the control of Customer.
8.2. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL DEEPSCRIBE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, REVENUE, DATA, PROFITS OR GOODWILL) ARISING OUT OF THIS AGREEMENT, EVEN IF DEEPSCRIBE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND IN NO EVENT SHALL THE AGGREGATE LIABILITY OF DEEPSCRIBE ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE FEES PAID BY CUSTOMER HEREUNDER .
9.1. Authority. Each Party represents and warrants to the other that: (a) it has full power and authority to enter into and perform this Agreement and the execution and delivery of this Agreement has been duly authorized; and (b) such Party’s performance of its obligations under this Agreement will not: (i) violate any regulations or applicable law, (ii) breach any other agreement to which such Party is a party or is bound; or (iii) violate any obligation owed by such Party to any third party.
9.2. Applicable Law. This Agreement is and will be governed by and construed in accordance with the laws of the State of California, USA, without giving effect to the principles of conflicts of laws of any jurisdiction. Exclusive venue for any action, claim, proceeding or suit related to this Agreement will be the federal and state courts located in San Francisco County, State of California, USA. Customer irrevocably consents to the personal jurisdiction of such courts.
9.3. Assignment. Customer may not assign or transfer this Agreement or any rights herein or delegate any duties herein without the prior written consent of DeepScribe. DeepScribe may sublicense the Services and may assign or transfer this Agreement in connection with a merger, consolidation, reorganization, or sale of all or substantially all of its assets. Any attempted assignment, transfer or delegation in contravention of this Section is null and void. This Agreement will be binding upon and inure to the benefit of any successors and permitted assigns.
9.4. Entire Agreement. This Agreement, including the Exhibits hereto, constitutes the entire agreement between the Parties relating to the subject matter hereof, and there are no other representations, understandings or agreements between the Parties relating to the subject matter hereof. The Parties may use standard business forms or other communications but use of such forms is for convenience only and does not alter the provisions of this Agreement. No modifications or amendments to this Agreement will be valid unless in writing and signed by duly authorized representatives of the Parties.
9.5. Nonwaiver. Any failure or delay by either Party to exercise or partially exercise any right, power or privilege under this Agreement will not be deemed a waiver of any such right, power or privilege. No waiver by either Party of a breach of any term, provision or condition of this Agreement by the other Party will constitute a waiver of any succeeding breach of the same or any other provision in this Agreement. No waiver will be valid unless executed in writing by the Party making the waiver.
9.6. Force Majeure. The failure to perform or delay in performance by either Party shall be excused to the extent that performance is rendered commercially impracticable by strike, fire, flood, terrorism, governmental acts or orders or restrictions, or any other reason where a Party’s failure to perform is beyond such Party’s reasonable control and not caused by the negligence of such Party (each, a “Force Majeure Event”). In the event that either Party’s performance is directly impacted by a Force Majeure Event, such Party shall provide prompt notice to the other Party.
9.7. Relationship of the Parties. Nothing in this Agreement will create, or be deemed to create, a partnership or the relationship of employer and employee between the Parties. Nothing shall prohibit either Party from entering into an agreement for the same or similar Services from any other third party.
9.8. Severability. If any term of this Agreement will to any extent be held invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement will not be affected thereby, and each term will be valid and enforceable to the fullest extent permitted by law.
9.9. Notices. Any notice required to be given hereunder may be delivered by email at the email addresses provided below the signature of the Parties at the end of this Agreement, which notice shall be deemed delivered within twenty-four (24) hours of being sent.
9.10. Counterparts. This Agreement may be executed in counterparts, each of which is an original, including scanned copies or those transmitted by facsimile, and all of which together evidence the same agreement, each of which together constitute one and the same.
9.11. Use of Headings. The headings and contained in this Agreement are for convenience of reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement.(Remainder of page intentionally left blank.)
Business Associate Agreement
1. Definitions: Capitalized terms used, but not otherwise defined herein, shall have the meaning as defined in the Terms and Conditions or in the or in 45 CFR Parts 160, 162 and 164.
1.1. “Business Associate” shall have the meaning given to such term under the Privacy and Security Rules, including but not limited to, 45 CFR §160.103.
1.2. “Covered Entity” shall have the meaning given to such term under the Privacy and Security Rules, including, but not limited to, 45 CFR §160.103.
1.3. “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
1.4. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Parts 160 and 164.
1.5. “Protected Health Information” or “PHI” means any information, transmitted or recorded in any form or medium that: (a) relates to the past, present or future physical or mental condition of an individual, the provision of health care to an individual, or the past, present or future for the provision of health care to an individual; and (b) identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and shall have the meaning given to such term under HIPAA and the HIPAA Regulations at 45 CFR Parts 160, 162 and 164, including, but not limited to 45 CFR §164.501.
1.6. “Security Rule” shall mean the Security Standards at 45 CFR Parts 160, 162 and 164.
2. Business Associate Obligations. The Parties hereby agree that Business Associate shall be permitted to access, use and/or disclose PHI provided by or obtained on behalf of Covered Entity for the following state purposes, except as otherwise limited in this BAA:
2.1. Permitted Uses and Disclosures. Business Associate contracts with and provides digital data movement, access and storage services via its desktop client and network connected voice recorder, to medical transcriptionists, medical transcription companies, health care providers, and other Covered Entities and Business Associates that use and access PHI
.2.1.1. In the course of providing services to clients, including Covered Entity, Business Associate, its employees, representatives, agents, subcontractors, and systems occasionally are required to access PHI. Business Associate ensures that in such cases its agents, subcontractors, and systems who access PHI agree to the same terms and conditions as are applicable but not limited to the Business Associate as set forth herein.
126.96.36.199. The Business Associate shall provide medical transcription and scribing services to its clients, including Covered Entity, using a proprietary automated system.
188.8.131.52. Document access will be recorded via an audit trail associated with every document, and all user access to PHI will be captured and stored within said audit trail and available to Covered Entity.
184.108.40.206. PHI will be retained in an encrypted format while residing on Amazon Web Services servers.
220.127.116.11. Audio dictations of PHI will be destroyed upon written request of Covered Entity.
18.104.22.168. PHI in document form is retained on Business Associate’s servers for the duration of relationship with Covered Entity. Upon termination of this BAA, PHI in document form will be destroyed in accordance with Section 6 of this BAA.
22.214.171.124. Business Associate will use raw data (voice recordings and PHI collected during the recordings) and secondary generated data (transcription, data labels, medical ontologies, etc.) for the following services, which include but is not limited to, medical documentation, medical transcription, quality assurance, software improvements, algorithm training, a voice analytics.
2.2. Nondisclosure. Business Associate shall not use or further disclose PHI other than as permitted or required by this BAA or as required by law.
2.3. Safeguards. Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities, including, but not limited to, the safeguards listed above.
2.4. Reporting of Disclosure; Mitigation. Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this BAA of which Business Associate becomes aware. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.
2.5. Business Associate’s Agents. Business Associate shall ensure that any agents or employees of Business Associate, including subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity pursuant to this BAA agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.
2.6. Availability of Information to Covered Entity. Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may request, and in the time and manner, to fulfill Covered Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the Privacy Rule, including, but not limited to, 45 CFR §§ 164.524 and 164.528.
2.7. Amendment of PHI. Business Associate shall make any amendments to PHI in a designated record set that the Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner to fulfill Covered Entity’s obligations (if any) to amend PHI pursuant to HIPAA and the Privacy Rule, including, but not limited to, 45 CFR §164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate.
2.8. Internal Practices. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the Privacy Rule.
2.9. Documentation of Disclosure for Accounting. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR 164.528.
2.10. Access to Documentation for Accounting. Business Associate agrees to provide to Covered Entity or an Individual information collected in accordance with Section 2.9 of this BAA in a time and manner so as to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR 164.528.
2.11. Notification of Breach. During the term of this BAA, Business Associate shall notify Covered Entity within 30 days of knowing of any suspected or actual breach of security, intrusion or unauthorized use or disclosure of PHI and/or knowing of any actual or suspected use or disclosure of data in violation of any applicable federal or state laws or regulations. Business Associate shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations.
3. Covered Entity Obligations.3.1. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the provision of Services and this BAA, in accordance with the standards and requirements of HIPAA and the Privacy Rule, until such PHI is received by Business Associate.
3.2. Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR 164.520, as well as any changes to such notice.
3.3. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.
3.4. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures.
3.5. Covered Entity shall provide Business Associate with such information as is reasonably necessary to enable Business Associate to perform its obligations under this BAA. Covered Entity may wish to provide a means for Business Associate to properly spell patient names and demographics, either by clearly spelling such information during dictation or by faxing daily patient lists. Business Associate uses commercially reasonable efforts to achieve a high level of accuracy but is not responsible for errors or omissions in the transcript.
4. Audits, Inspection & Enforcement. From time to time, but not more than once in any twelve (12) month period, unless otherwise required by HIPAA, upon reasonable notice in writing, Covered Entity may inspect the facilities, books and records of Business Associate related to Business Associate’s performance of this BAA to monitor compliance with this BAA. All such books and records of Business Associate are highly confidential and Covered Entity shall not disclose any information contained therein or with respect to Business Associate’s facilities, books and records to any third party, except as required by law. Covered Entity shall use all reasonable measures to maintain the confidentiality of Business Associate’s books and records and only allow access to Business Associate’s facilities, books and records or disclose information with respect to Business Associate’s facilities, books and records to employees that have a need to know such information. Business Associate shall promptly remedy any violation of this BAA and shall certify the same to Covered Entity in writing. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities and procedures does not relieve Business Associate of its responsibility to comply with this BAA, nor does Covered Entity’s failure to detect, or detection but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices constitute acceptance of such practice or a waiver of Covered Entity’s enforcement rights under this BAA.
5. Term & Termination. This BAA shall become effective on the Effective Date of the Terms and Conditions and terminate only when all PHI provided by Covered Entity or obtained by Business Associate through the Services is destroyed or returned to Covered Entity, or if infeasible to return or destroy the PHI, protections and anonymization methods are extended to the PHI that the PHI can no longer be identified in any manner. The provisions of this BAA shall survive termination of the Terms and Conditions. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section 6 shall survive the termination of the Terms and Conditions.
6. Limitation of Liability. In no event shall Business Associate (or any director, officer or employee or any entity controlling, controlled by or under common control with business associate) be liable to Covered Entity or to any third party for any special, consequential, incidental, or indirect damages, however caused and under any theory of liability arising out of this BAA, whether or not advised of the possibility of such damages, and notwithstanding any failure of essential purpose of any limited remedy. In the event that Business Associate is held liable arising out of or relating to this BAA or the obligations of Business Associate under this BAA, Business Associate’s aggregate liability under any legal theory, including tort claims, shall not exceed the Fees paid and to be paid by Covered Entity pursuant to the Terms and Conditions within the twelve (12) month period prior to such event occurring that gives rise to such liability.
7. Certification Requirements. To the extent that Covered Entity determines that such examination is necessary to comply with Covered Entity’s legal obligations pursuant to HIPAA or the Privacy Rule relating to certification of its security practices, Covered Entity or its authorized agents or contractors may, at Covered Entity’s expense, examine Business Associate’s facilities, systems, procedures and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate’s security practices comply with HIPAA, the Privacy Rule and/or this BAA.
8. Compliance Amendments. The Parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this BAA may be required to provide for procedures to ensure compliance with such developments. The Parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the Privacy Rule and other applicable laws relating to the security or confidentiality of PHI.
9. Litigation or Administrative Proceeding Assistance. Business Associate shall make itself, and any subcontractors, consultants, employees or agents assisting Business Associate
10. No Third Party Beneficiaries. Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third-party beneficiary of this BAA.
11. Interpretation. This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the Privacy Rule and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule.
12. Regulatory Reference. A reference in this BAA to a section in the Privacy Rule means the section as in effect or as amended, and for which compliance is required.(Remainder of page intentionally left blank.)
Service Level StandardsDeepScribe will provide Customer with the Service Level Standards (“ SLA”) as set forth herein. Any capitalized terms used but not defined herein shall have the meaning in the Terms and Conditions.
1. Service Levels.DeepScribe will use commercially reasonable efforts to make the Software available ninety-nine and a half percent (99.5%) or more of the time during any calendar month (“Availability Percentage”). Subject to exclusions set forth below, an outage will be defined as any time where the Software is not available due to a cause within the control of DeepScribe. The Availability Percentages does not apply to any feature of the Software that DeepScribe identifies as “beta” feature or service.
2. Service Credits.
2.1. If DeepScribe fails to achieve the Availability Percentage set forth in Section 1 above in any calendar month, Customer will be eligible to receive a credit (“Service Credit”) calculated as a percentage of the monthly recurring Fees for such month. The Service Credits increase is based on the amount of aggregate outage as set forth below.
Service Availability - Service Credit:
Less than 99.5% - 1%
Less than 98.5% - 4%
Less than 97.5% - 8%
Less than 96.5% - 10%
2.2. To receive a Service Credit, Customer must contact DeepScribe in writing within fifteen (15) days following the outage and demonstrate to DeepScribe’s reasonable satisfaction that Customer’s use of the Services was adversely affected as a result of the outage. Validated Service Credits will only be applied against the Fees for the month in which the Availability Percentage was not met. Service Credits are non-transferable.
3. Exclusions .Not included in the calculations of downtime are any times where the Software is not provided due to:
o Planned maintenance windows where notice of the planned unavailability has been given, via email, at least twenty-four (24) hours prior to the outage, unless in the case of an emergency changes;
o Any Force Majeure Event;
o Any action or inaction on Customer’s part;
o Events arising from any Customer Equipment or other Customer system;
o ISP or Internet outages outside of DeepScribe’s control; or
o Outages reasonably deemed necessary by DeepScribe; or
o Any Suspension or Revocation as defined in Section 5.4 of the Terms and Conditions.
4. Sole Remedy .Notwithstanding any terms to the contrary in this SLA, the Service Credits are Customer’s sole and exclusive remedy for any outage of the Software.(Remainder of page intentionally left blank.)