BSI SUBSCRIPTION TERMS OF SERVICE
These Terms of Service constitute a legally binding agreement between you (“you” or “Subscriber”) and
Bflow Solutions, Inc., a California corporation (“we” or “BSI”) governing your use and access of BSI’s
billing and compliance management software platform (the “Platform”) and the software and services
made available through the Platform (collectively the “Services”).
you agree to be bound by these Terms of Service.
These Terms of Service including provisions for individual, binding arbitration – the parties are waiving
their right to a class action or to have their disputes resolved by a judge and/or jury. See Section 25 for
Internet technology, and the applicable laws, rules and regulations change frequently. We reserve the
right to make changes to these Terms of Service at any time. Continued access and/or use of the
Platform in any manner constitutes assent to any new Terms of Service that may be posted on the
1. Platform Services. BSI is in the business of providing revenue cycle consulting, billing and
compliance management software platform, including organizational and claims review services for
healthcare companies providing care, treatment or services to Medicare, Medicaid, Commercial
insurance, and cash paying customers and beneficiaries (collectively referred to as “Payors” or
“Payor”). Subscriber provides medical supplies to Payor beneficiaries and enters into this agreement
with BSI obtain billing and compliance management software subscription services from BSI.
2. Definitions. The following terms shall be capitalized throughout this Agreement and shall be
defined as follows:
1. Authorized Users. The term “Authorized Users” refers to all individuals authorized by Subscriber
to access Subscriber’s account and selected Services.
2. Content. The term “Content” shall mean any and all text, data, code, software, graphics,
information, Service Data, images or other materials submitted, uploaded, imported,
communicated or exchanged with Subscriber to facilitate the provision of Services under this
3. De-Identified Data. The term “De-Identified Data” refers to personally identifiable data that has
been de-identified in accordance with the Standards for Privacy of Individually Identifiable Health
Information at 45 CFR part 160 and part 164, subparts A and E.
4. PHI. The term “PHI” refers to a patient’s protected health information (“PHI”) as defined by the
Health Information Portability and Accountability Act of 1996 (“HIPPA”).
5. Service Data. The term “Service Data” means all medical practice operational, financial, medical
services, patient and insurance-related data input by Subscriber, including PHI.
6. Subscription Fees. The term “Subscription Fees” refers to the fees associated with the
Subscription Tier selected on the Platform.
7. Subscription Tier. The term “Subscription Tier” refers to the services and pricing package
provided by BSI to Subscriber upon selection and purchase by Subscriber.
8. Subscriber’s Trademarks. The term “Subscriber’s Trademarks” shall mean any trademarks,
service marks, design marks, symbols, logos and/or other indicia of source owned or used under
license by Subscriber, and all goodwill associated therewith.
9. Annual Fee Adjustments. All Fees are for the life of the contract and are also effective for
additional users added after the effective date of this agreement, except for periodic fee increases
not to exceed 15% per calendar year.
10. Free Trial Users. If you are a trial user your subscription will become activated, unless you cancel
prior to the end of your trial period.
3. Subscription Services. BSI will provide Services to Subscriber in accordance with the terms and
conditions of the Subscription Tier selected by Subscriber on the Platform. Subscription Tier services
and pricing shall be confirmed by BSI and Subscriber in writing through BSI’s Fee Schedule and
Business Services Election Form, which is incorporated by reference as though fully set forth herein.
BSI may from time to time issue updated versions of the software and Services. You consent to such
automatic updates and agree that this Agreement will apply to all such updates.
4. Your BSI Account. To be eligible to use the Services, you must (a) be at least 18 years of age or
have the legal capacity to enter into a binding contract in your country of residence, (b) establish an
online account and accept this Terms of Service, and (c) execute BSI’s Business Associates
5. Authorized Access. BSI will permit account access to the Authorized Users provided administrative
log-in credentials by Subscriber. Users are entirely responsible for maintaining the confidentiality and
security of their login information. Subscriber is responsible and shall be liable for any and all
activities that occur under Subscriber’s account. Subscriber must immediately notify BSI of any
change in authorization, any unauthorized use of Subscriber’s account or, or other account related
security breach of which Subscriber becomes aware. BSI will not be liable for any loss or damage
arising from your failure to keep your login and account secure.
6. End-User License Agreement (“EULA”). BSI hereby grants to Subscriber a limited, non-exclusive,
non-sublicensable, non-transferable, revocable license to access and utilize the Services during the
Subscription Term. Unless otherwise stated herein, nothing in this Terms of Service gives Subscriber
or its Authorized Users a right or license to use any of BSI’s copyrights, trade names, trademarks,
service marks, logos, domain names, or any other intellectual property rights.
7. Use Restrictions. Subscriber will not, directly or indirectly, reverse engineer, decompile,
disassemble or otherwise attempt to discover or otherwise disclose to any third party that competes
with BSI, the source code, object code or underlying structure, ideas, know-how or algorithms relevant
to the Services or any software, documentation or data related to the Services. Subscriber will not
make the Services, software, documentation or data available for the benefit of any third party, or sell,
resell, license, sublicense, distribute, rent or lease the Services, software, documentation or data to
any third party for any purpose, commercial or otherwise.
8. Content License. Subscriber retains all right, title and license in its Content and Service Data,
including the medical practice operational, financial, patient, medical services and insurance-related
data generated by Subscriber in its use of the Services. Subscriber hereby grants to BSI a nonexclusive,
perpetual, sublicenseable, irrevocable, royalty-free, worldwide right and license to collect,
process, store, host, copy, transmit, display, distribute, disseminate, modify, and create derivative
works of any and all Subscriber Content for (a) the purposes of providing the Services, (b) to deidentify
the Service Data, and (c) to perform analytics on anonymized Service Data at the aggregate
9. De-Identified Data & Transactional Data. BSI shall own all right, title and license to any De-
Identified Data created, generated and/or derived from the Service Data by BSI as well as any
anonymized transactional data generated and/or derived from the Service Data by BSI for analytic and
benchmarking purposes (‘Transactional Data”). BSI shall retain the unrestricted right, in its sole and
absolute discretion, to utilize such De-Identified and Transactional Data for any purpose whatsoever,
both commercial and non-commercial, without compensation or accounting to Subscriber. If BSI does
not automatically own such De-Identified and Transactional Data upon its creation, Subscriber hereby
assigns all right, title and interest in and to such De-Identified and Transactional Data to BSI.
10. Feedback License. BSI consider any suggestions, ideas, proposals or other comments or materials
submitted by Subscriber and its Authorized Users, whether solicited or unsolicited, (collectively, the
“Feedback”) to be non-confidential and non-proprietary. We shall not be liable for the disclosure, use
or exploitation of such Feedback. You hereby grant to BSI a worldwide, non-exclusive, perpetual,
irrevocable, royalty-free and transferable right and license to incorporate, use, publish and exploit the
Feedback for any purpose whatsoever, commercial or otherwise, without compensation or accounting.
11. Promotional License. Subscriber grants to BSI a license to use Subscriber’s Trademarks to market
and promote the Services. This includes the worldwide right to copy, translate, broadcast, transmit,
distribute, exhibit, perform, publish and display Subscriber’s Trademarks as incorporated into BSI’s
marketing and promotional materials. BSI is granted no other rights to Subscriber’s Trademarks and
acknowledges that it shall not gain any proprietary interest in Subscriber’s Trademarks. BSI is under
no obligation to make use of or to provide compensation for any of the rights or permissions granted
herein. BSI shall be the exclusive owner of all right, title, and interest, including copyright, in BSI
marketing and promotional materials. Subscriber’s permission for BSI to use Subscriber’s Trademarks
may be terminated at any time with thirty (30) days written notice to firstname.lastname@example.org.
12. Third Party Account Credentials & Authorization. To enable BSI to import/extract Content on behalf
of Subscriber, Subscriber shall provide to BSI the account credentials for applicable third party
services and applications (“Third Party Platforms”) and hereby authorizes BSI to utilize Subscriber’s
account credentials for purposes of providing the Services under this Terms of Service. BSI shall not
be liable to Subscriber for any damages in the event any Third Party Platforms terminates
Subscriber’s account or access to their services as a result of providing BSI with the authorization to
access Subscriber’s accounts.
13. Subscription Fees and Term. Fee-based subscription Services are quoted in U.S. dollars on the
Platform, pursuant to the following terms:
14. Payment: You expressly authorize us to charge the applicable Subscription Fees pursuant to the
Subscription Tier selected by you and itemized in the Fee Schedule and Business Services Election
Form. Subscriber authorizes payment of all applicable fees through the payment method selected by
Subscriber on the Platform.
15. Declined Credit Card Charges. Declined credit card charges shall incur a $60.00 fee due
immediately. In addition to any other rights or remedies available to BSI, three consecutive months of
declined charges will result in the suspension or termination of your Services.
16. Late Payments. In the event BSI is unable to process payment of the applicable fees, BSI reserves
the right to suspend or terminate services for payments that are more than fifteen (15) days past
due. Past due payments will accrue interest at the greater of 1.5% monthly or the highest interest rate
allowable under applicable law.
17. Subscription Term: The term of the subscription will commence on the date the subscription is
selected and shall continue for one year (“Subscription Term”), and any renewal thereof, until
terminated pursuant this Agreement.
18. Monthly Maintenance Fee. The term “maintenance fee” refers to the services provided by BSI for
the maintenance of the subscriber’s platform(s). Fees are charged per NPI number and shall be billed
quarterly beginning January 1, 2018.
19. No Refunds: Subscriber shall be responsible for all fees for the entire Subscription Term. Fees will
not be prorated upon cancellation and/or termination and all fees paid through the date of termination
20. Liquidated Damages. In the event the Services are terminated by Subscriber prior to the expiration
of the initial, or any renewal, Subscription Term, Subscriber shall within ten (10) days of the effective
date pay to BSI a termination fee as liquidated damages equal to: (a) 100% of the Total User Fees
Per Month and Total Monthly Service Fees, as set forth in the applicable Fee Schedule and Business
Services Election Form, that would have been paid for the Services had the Services been provided
for the entire duration of the then current Subscription Term, and (b) 100% of the total Per Transaction
Fees paid by Subscriber in three (3) highest grossing months of Per Transaction Fees paid to BSI in
the 12 months preceding Subscriber’s early termination or $5500.00, whichever is greater (collectively
the “Termination Fee”). BSI and Subscriber acknowledge and agree that the Termination Fee reflects
a reasonable measure of the actual damages incurred by BSI and do not intend for it to be a penalty
for early termination.
21. Fair Use of BSI under Subscription Fees and Term. If Subscriber exceeds 1,000 healthcare
transactions, subscriber shall be billed $85 per each additional 1,000 transactions.
22. Subscription Automatic Renewal- Your Subscription Will Renew Unless You Cancel: BSI shall
automatically renew Subscriber’s subscription and charge Subscriber’s account on the last day of the
applicable Subscription Term (the “Renewal Date”), unless Subscriber PROVIDES WRITTEN NOTICE
OF CANCELLATION BY EMAIL NO SOONER THAN 120 DAYS BEFORE THE RENEWAL DATE
AND NO LATER THAN 90 DAYS BEFORE THE RENEWAL DATE at email@example.com.
The renewal fees will be the current rate then in effect at the time of renewal.
23. Confidentiality & Non-Disclosure.
24. BSI’s Confidential Information. Subscriber shall not disclose BSI’s financial terms, source code,
object code or underlying structure, ideas, know-how or algorithms relevant to the Services, any
software, documentation or data related to the Services and any and all information defined as “Trade
Secrets” under the Uniform Trade Secrets Act (“BSI Confidential Information”) to any third party
without BSI’s prior written consent or authorization under this Agreement. Subscriber shall not use
any Confidential Information for any purpose outside the scope of this Terms of Service.
25. Subscriber’s Confidential Information. BSI shall not disclose any Content (excluding De-Identified
Data) generated by Subscriber in its use of the Services to any third party for any purpose outside the
scope of this Terms of Service.
26. Notice. In the event either Party is requested or required by legal process to disclose any of the
other Parties’ Confidential Information, the receiving party shall give the disclosing party prompt notice
so that it may seek a protective order or other appropriate relief prior to any such disclosure.
27. Equitable Relief. Both parties agree that money damages will not be a sufficient remedy for any
breach by the receiving party of this Section 15 and that the disclosing party will be entitled to seek
equitable relief, including injunction and specific performance, as a remedy for any such breach,
without having to post any bond or any other form of security, without having to show any likelihood of
irreparable harm, and without having to prove that money damages would be an inadequate remedy.
28. Authorization to Disclose to Third Party Channel Partners/Service Providers. You hereby authorize
BSI to disclose, request and receive PHI and related patient and medical services information on your
behalf from BSI’s third party service providers and channel partners who facilitate the provision of
Services pursuant to this Terms of Service.
29. HIPPA Compliance.
30. By Subscriber:
31. Compliance. Subscriber shall comply with all state and federal laws pertaining to the
protection of their patient’s PHI, including a Notice of Privacy Practices in compliance with HIPPA, and
the regulations promulgated thereunder.
32. Written Authorization. Subscriber shall obtain from its patients written authorization to
disclose PHI to BSI for purposes of providing the Services, including the express disclosure that BSI
shall share PHI with third party service providers and channel partners whom facilitate the provision of
iii. Business Associate Agreement. Subscriber shall execute BSI’s Business Associate Addendum prior
to utilizing the Services.
1. By BSI: BSI shall comply with all state and federal laws pertaining to the protection of Subscriber’s
patients’ PHI, including, but not limited to, HIPPA, and the regulations promulgated thereunder.
2. Privacy. Each Party shall comply with any and all privacy rules or regulations and/or data collection
laws or regulations applicable to use of the Content submitted in connection with the use of the
3. Representations and Warranties:
4. By Each Party: Each Party represents and warrants that each Party (i) is a business duly
incorporated and in good standing under the laws of its state of incorporation, (ii) has all requisite
corporate power and authority to execute, deliver, and perform its obligations under this Terms of
Service, and (iii) shall comply with all federal or state laws or regulations applicable to the performance
of its obligations under this Terms of Service.
5. By Subscriber: Subscriber represents and warrants: (i) it is not the subject of any existing
investigation regarding its processing and handling of Payors claims; (ii) (3) it is active and in good
standing in any state claims in which claims are to be submitted; (iii) it has a valid and legally effective:
(1) Provider/supplier number; (2) accreditation; and (3) surety bond required by Medicare.
6. Export Compliance. Services may be subject to export laws and regulations of the United States and
other jurisdictions. Each party represents and warrants that it is not named on any U.S. government
denied-party list. Subscriber shall not permit access or use any Services in a U.S. embargoed
country or in violation of any U.S. export law or regulation.
7. Termination. This Terms of Service shall automatically terminate upon the bankruptcy or insolvency
of either party. Either party may terminate this Terms of Service if the other party breaches any
material provisions of this Terms of Service and fails to cure such breach within fifteen (15) days after
receipt of written notice of such breach. The following Sections survive termination of this Terms of
Service: Individual Arbitration, Content License, Feedback License, Promotional License, Liquidated
Damages, Confidentiality & Non-Disclosure, Disclaimer of Warranties, Disclaimer of Third Party
Conduct, Limitation of Liability, Indemnity, and Governing Law.
8. Post-Termination Service Data Access. For a period of sixty (60) days following termination or
expiration of the Subscription Term, Subscriber may, for an additional charge as agreed to in writing
by the parties, retain BSI to extract the Service Data and transfer to a mutually agreed upon digital
depository. After expiration of the sixty-day period, BSI, shall, without liability or obligation of further
notice to Subscriber, delete Subscriber’s account and destroy all Service Data in accordance with the
provisions of HIPPA and the Business Associate Addendum.
9. Security. All Service Data is stored in highly secure data centers. BSI shall protect the security of all
Service Data pursuant to commercially acceptable standards, but in no case less than reasonable
care. BSI will implement, maintain and use appropriate administrative, technical and physical security
measures to preserve the confidentiality, integrity and availability of the Service Data.
10. Back Up Data Responsibility. BSI will use good faith commercially reasonable efforts to backup data
periodically. BSI cannot guarantee that a backup of data input by Subscriber in the 24 hours prior to
any outage will be available for restore upon your request and shall not be liable for any such loss of
data or damages arising therefrom.
11. Customer Questions. Subscriber questions or issues may be directed by email at
firstname.lastname@example.org to address any issues you may have regarding your use of the
Platform. Most concerns can be quickly resolved in this matter.
12. Individual Binding Arbitration.
EXCEPT AS OTHERWISE STATED HEREIN, any claim or controversy with BSI arising out of or relating
to the Platform, Services and/or this Agreement (including its formation, interpretation, performance,
enforceability and breach) shall be settled by binding arbitration administered by the American Arbitration
Association in accordance with its Commercial Arbitration Rules, excluding any rules or procedures
governing or permitting class actions. Any judgment on the award rendered by the arbitrator(s) may be
entered in any court having jurisdiction thereof. The Federal Arbitration Act shall govern the interpretation
and enforcement of this Agreement.
ANY ARBITRATION UNDER THIS AGREEMENT WILL BE ON AN INDIVIDUAL BASIS ONLY. THE
PARTIES EXPRESSLY WAIVE THEIR RIGHT TO FILE OR JOIN A CLASS ACTION OR PRIVATE
ATTORNEY GENERAL ACTION, OR TO CONSOLIDATE THEIR ARBITRATION WITH OTHER
ARBITRATIONS. YOU ARE WAIVING YOUR RIGHTS TO HAVE YOUR CASE DECIDED BY A JUDGE
OR JURY. IF ANY PROVISION OF THIS ARBITRATION AGREEMENT IS FOUND UNENFORCEABLE,
THE UNENFORCEABLE PROVISION SHALL BE SEVERED AND THE REMAINING PROVISIONS
SHALL REMAIN ENFORCEABLE.
The AAA’s rules, as well as forms for initiating arbitration proceedings, are available
at www.adr.org. When initiating a request to arbitrate with the AAA, you must also send a copy of the
completed form to: 8050 North Palm Avenue, Suite 300, Fresno, California 93711.
Exception – Small Claims Court Claims. Notwithstanding the parties’ agreement to resolve all disputes
through arbitration, either party may seek relief in small claims courts for disputes or claims within the
scope of that court’s jurisdiction.
28. The Platform ’s Intellectual Property
29. Copyrights. The Platform ’s logos, design, text, graphics, and other files, and the selection
arrangement and organization thereof, are owned by BSI. 2017 Bflow Solutions, Inc. ALL RIGHTS
30. Trademarks: The Platform and its logos, page headers, custom graphics, button icons and scripts
are trademarks or trade dress of BSI.
31. Ownership and Use: Unless otherwise stated herein, nothing in this Agreement or your use of the
Platform and Services gives you a right or license to use any of our copyrights, trade names,
trademarks, service marks, logos, domain names, or any other intellectual property rights.
32. Future Functionality. Subscriber agrees that Subscription to the Services is not contingent on the
delivery of any future functionality or features, or dependent on any oral or written public comments
made by BSI regarding future functionality or features.
33. DISCLAIMER OF WARRANTIES. TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE
PLATFORM OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU
THROUGH THIS TERMS OF SERVICE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE”
BASIS. BSI DOES NOT REPRESENT OR WARRANT THAT THE SERVICES (I) WILL BE
UNINTERRUPTED, TIMELY OR SECURE, (II) WILL BE FREE OF DEFECTS, INACCURACIES OR
ERRORS, (III) WILL MEET YOUR REQUIREMENTS, OR (IV) WILL OPERATE IN THE
CONFIGURATION OR WITH OTHER HARDWARE OR SOFTWARE YOU USE. BSI EXPRESSLY
DISCLAIMS ANY AND ALL REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF
FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY AND NON-INFRINGEMENT.
34. DISCLAIMER OF THIRD PARTY CONDUCT. BSI DISCLAIMS ANY AND ALL LIABILITY FOR THE
ACTS, OMISSIONS AND CONDUCT OF ANY THIRD PARTIES, INCLUDING THIRD PARTY
SERVICE PROVIDERS AND CHANNEL PARTNERS WHOM PROVIDE THE SERVICES SELECTED
BY SUBSCRIBER. TO THE EXTENT PERMITTED BY APPLICABLE LAW, BSI MAKES NO
WARRANTIES REGARDING THIRD PARTY SERVICES, GOODS, RESOURCES AND
INFORMATION INCLUDING, WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A
PARTICULAR PURPOSE, MERCHANTABILITY AND NON-INFRINGEMENT AND WILL NOT BE
LIABLE FOR YOUR USE OF OR RELIANCE ON SUCH THIRD PARTY SERVICES, GOODS,
RESOURCES OR INFORMATION.
35. DISCLAIMER OF LIABILITY: BSI shall not be liable for any delays in claim processing or otherwise
as a result of non-compliant, late submissions or non-submission of information or claims by
Subscriber. BSI does not warrant that noncompliant claims can be corrected for subsequent billing
submission. Subscriber is responsible for verifying the accuracy of all claims processed through the
Platform. BSI shall not be liable for any errors or inaccuracies in any claims processed through the
36. LIMITATION OF LIABILITY. SUBSCRIBER’S USE OF THE SERVICES IS AT ITS SOLE RISK. TO
THE EXTENT PERMITTED BY APPLICABLE LAW, NEITHER BSI NOR ANY OTHER PARTY
INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES WILL BE LIABLE TO
YOU OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT,
EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES (INCLUDING DAMAGES FOR LOST PROFITS,
SECURITY BREACH, LOST DATA OR LOSS OF GOODWILL) ARISING OUT OF, RELATING TO
OR CONNECTED WITH THE USE OF THE SERVICES, EVEN IF BSI HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL BSI’S AGGREGATE LIABILITY, OR THAT
OF ITS OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS, ARISING OUT OF OR IN
CONNECTION WITH YOUR USE OF, OR OF THE INABILITY TO USE, THE PLATFORM OR
SERVICES, EXCEED THE FEES PAID TO BSI IN THE THREE (3) MONTHS PRIOR TO THE
EVENT GIVING RISE TO YOUR CLAIM.
37. INDEMNITY. To the maximum extent permitted by law, Subscriber agrees to indemnify, defend and
hold harmless BSI, and its subsidiaries, affiliates, officers, directors, shareholders, employees,
representatives, agents, volunteers, attorneys, managers, licensors, business partners and each of
their respective successors and assigns (the “Indemnified Parties”) from and against all damages,
losses, liabilities, claims, expenses, fees or costs (including, without limitation, reasonable attorneys’
fees and costs) incurred in connection with any claim, demand or action brought or asserted against
any of the Indemnified Parties arising out of or relating to Subscriber’s (a) use of the Services (b)
breach of this Terms of Service, (c) violation of its HIPPA and related obligations under state and
federal law, (d) violation of any other state or federal law, including, without limitation, any applicable
privacy or data security laws, (e) violation of any third party right, including without limitation any
intellectual property right, publicity, property or privacy right, and/or (e) a breach of Subscriber’s
representation or warranties under this Terms of Service.
38. Miscellaneous Provisions.
39. Force Majeure. BSI will not be liable or responsible for any delays in providing the Services, or for
failing to provide the Services, as a result of any event beyond its reasonable control, including,
without limitation, adverse weather conditions, internet outage or interruption of service,
telecommunications or power outage, fire, flood, civil disobedience, labor disruptions, strikes, lockouts,
freight, embargoes, terrorism, natural disaster, war or acts of God.
40. Severability. The validity or unenforceability of any provision of this Terms of Service shall not
affect the validity or enforceability of any other provision of this Terms of Service.
41. Modifications. Our employees, volunteers or agents are not authorized to vary our Terms of
Service. No modification of these Terms of Service shall be effective unless it is in writing and either
signed by an authorized representative of BSI or posted on the Platform.
42. Choice of Law. This Terms of Service shall be governed by and construed and enforced in
accordance with the laws of the State of California, without regard to or application of California’s
conflict of law principles. The parties consent to the jurisdiction of the State of California, and venue in
the County of Fresno, with regard to any controversy or claim arising out of or relating to this Terms of
Service, or the breach thereof.
43. Assignment. You shall not assign any of the rights or obligations under this Term of Service without
the prior written consent of BSI. BSI may at any time assign, transfer or subcontract any or all of its
rights or obligations under these Terms of Service without your consent. This Terms of Service is
binding on and inures to the benefit of the Parties and their respective successors and permitted
44. No Waiver. No failure or delay by a party exercising any right, power or privilege under this Terms
of Service will operate as a waiver thereof.
45. No Agency. No agency, partnership, joint venture, employee-employer, or franchiser-franchisee
relationship is intended or created by this Terms of Service.
46. Interpretation. Headings are for reference purposes only and do not limit the scope or extent of
47. Notices. All notices required or permitted to be given under this Terms of Service will be in writing
and delivered to: BSI at 8050 North Palm Avenue, Suite 300, Fresno, California. All notices will be
sent to you by email or will be conspicuously posted on the Platform.
48. Entire Agreement. This Terms of Service comprises the entire agreement between the parties and
supersedes all prior or contemporaneous agreements, written or oral, between the parties regarding
the subject matter contained herein.
EXHIBIT C – HIPAA BUSINESS ASSOCIATE ADDENDUM
This HIPAA Business Associate Addendum (“Addendum’) supplements and is made a part of the Billing Services Agreement (“BSA”) by and between Client and BSI, and is effective as of the compliance date of the Privacy and Security Rules, defined below (the “Addendum Effective Date”) RECITALS A. Client wishes to disclose certain information to BSI pursuant to the terms of the Agreement, some of which may constitute protected health Information (“PHI’) (defined below). B. Client and BSI intend to protect the privacy and provide for the security of PHI disclosed to BSI pursuant to the Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and regulations promulgated thereunder by the U.S. Department of Health and Human Services (the “HIPAA Regulations”) and other applicable laws, all as may be amended from time to time. C. As part of the HIPAA Regulations, the Privacy Rule requires Client to enter into an agreement with BSI containing specific requirements prior to the disclosure of PHI and electronic PHI, as set forth in, but not limited to, Title 45, Sections 164.308(b)(1), 164.314(a), 164.502(e) and 164.504(e) of the Code of Federal Regulation (“CFR’) and contained in this Addendum. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, the parties agree as follows. 1. DEFINITIONS A. “Business Associate” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103. B. “Covered Entity” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103. C. “Data, Aggregation” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 164.501 D. “Designated Record Set” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section, 164-501 E. “Health Care Operation” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 164.501 F. “Privacy Rule” shall mean the HIPAA Regulation that is codified at 45 CFR Parts 160 and 164 G. “Protected Health Information” or PHI means any information, whether oral or recorded in any form or medium, that (I) relates to the past, present or future physical or mental condition of an individual, the provision of health care to an Individual, or the past, present or future payment for the provision of health care to an individual; and (ii) identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individuals; and (iii) otherwise conforms to the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103 H. “Protected Information” shall mean PHI provided by Client to BSI, or created or received by BSI on Clients behalf. I. “Security Incident”, as provided in 45 C.F.R 164.304, shall mean the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operation in an information system. J. “Security Rule” shall mean the Standards for Privacy of Individually identifiable Health Information codified at 45 C.F.R. Part 160 and part 164. Subparts A and C. 2. OBLIGATION OF BSI A. Permitted Uses, BSI shall not use Protected Health Information except for the purpose of performing BSI’s obligations under the Agreement and as permitted under the Agreement, including this Addendum. Further BSI shall not use Protected Health Information in any manner that would constitute a violation of the Privacy Rule. If so used by Client, except that BSI may use Protected Health Information (1) for the proper management and administration of BSI, or (2) to carry out the legal responsibilities of BSI. B. Permitted Disclosures. BSI shall not disclose Protected Health Information in any manner that would constitute a violation of the privacy rule if disclosed by client, except that BSI may disclose Protected health information (1) in a manner permitted pursuant to the Agreement including this Addendum, (2) for the proper management and administration of BSI, or (3) as required by law. C. Appropriate Safeguards. BSI shall implement such appropriate safeguards as are necessary to prevent the use or disclosure of Protected Health Information other than as permitted by the Agreement, within (5) days of becoming aware of such use or disclosure. D. Reporting of Improper Use or Disclosure. BSI shall report to Client any use or disclosure of Protected Health Information otherwise then as provided for by the Agreement. Including this addendum, within (5) days of becoming aware of such use or disclosure. E. BSI Agents. BSI shall ensure that any agents, including subcontractors, to whom it provides protected health information, agree in writing to the same restrictions and conditions that apply to BSI with respect to such PHI. F. Access to PHI. BSI shall make PHI maintained by BSI or its agents or subcontractors in Designated Record Sets available to client for inspection and copying within (10) days of a request by Client to enable client to fulfill its obligations under the Privacy Rule, including, but not limited to , 45 CFR Section 164.524. G. Amendment of PHI. Within (10) days of receipt of a request from Client for an amendment of PHI or a record about an individual contained in a designated record set. BSI or its agents or subcontractors shall make such PHI available to Client for amendment and incorporate any such amendment to enable Client to fulfill its obligations under the Privacy Rule, 45 CFR Section 164.526. H. Accounting Rights. Within ten (10) days of notice by Client of a request for an accounting of disclosures of PHI, BSI and its agents or subcontractors shall make available to Client the information required to provide an accounting of disclosure to enable Client to fulfill its obligations under the privacy rule, 45 CFR Section 164.528. As set forth in, and as limited by 45, CFR Section 164.528, BSI shall not provide an accounting to Client of disclosures: (1) to carry out treatment, payment or health care operations, as set forth in 45 CFR Section164.502; (2) to individuals of PHI about them as set forth in 45 CFR 164.502; (3) to persons involved in the individual’s care or for other notification purposes as set forth in 45 CFR Section 164.510; (4) for national security or intelligence purposes as set forth in 45 CFR Section 164.512(k)(2); (5) to correctional institutions or law enforcement officials as set forth in 45 CFR Section164.514(e). BSI agrees to implement a process that allows for an accounting to be collected and maintained by BSI and its agents or subcontractors for at least (6) years prior to the request, but not before the compliance date of the privacy rule. At a minimum, such information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received Protected information and, if known, the address of the entity or person; (iii) a brief description of protected information disclosed and (iv) a brief statement of purpose of the disclosure that reasonably informs the individual of the basis for the disclosure, or a copy of the individual’s authorization, or a copy of the written request for disclosure, as applicable. I. Governmental Access to records. BSI shall make its internal practices, books and records relating to the use and disclosure of protected information available to the Secretary of the US Department of Health and Human Services (the “Secretary”) for the purposes of determining compliance with the Privacy Rule. J. Minimum Necessary. BSI and its subcontractors or agents shall only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure. K. Retention of PHI. BSI and its subcontractors or agents shall retain all PHI throughout the term of the Agreement, and shall continue to maintain the information required under Section 2(h) of this Addendum for a period of six (6) years prior to the request. L. Notification of breach. During the term of this agreement, BSI shall notify Client within twenty-four (24) hours of any suspected or actual breach of security, intrusion or unauthorized use or disclosure of PHI, or any actual or suspected use or disclosure of data in violation of any applicable federal or state law or regulations. BSI shall take (1) prompt corrective action to cure any deficiencies, and (2) any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. M. Audits, inspections and enforcement. Within ten (10) days of a written request by client; BSI and its agents or subcontractors shall allow client to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies and procedures relating to the use or disclosure of PHI pursuant to this addendum for the purpose of determining whether BSI has complied with this addendum; provided however, that (1) BSI and Client shall mutually agree in advance upon the scope, timing and location of such an inspection; (2) Client and its agents shall protect the confidentiality of all confidential and proprietary information of BSI to which client has access during the course of such inspection; and (3) Client shall execute a nondisclosure agreement with terms mutually agreed upon by the parties, if requested by BSI. N. Security standards. BSI shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic PHI that it creates, receives, maintains or transmits on behalf of Client. O. Notification of security breach. BSI shall promptly report to client any security incident with respect to Client electronic PHI of which it becomes aware. 3. TERMINATION A. Material breach. A breech by BSI of any material provision of this addendum shall constitute a material breach of the Agreement and shall provide grounds for immediate termination of the Agreement by Client pursuant to Section 7 of the Agreement. B. Reasonable steps to cure breach. If Client knows of a pattern of activity or practice of BSI that constitutes a material breach or violation of BSI’s obligations under the provisions of this addendum or other arrangement and does not terminate this agreement pursuant to 3(A), then the client shall take reasonable steps to cure either (1) terminate the agreement, if feasible, or (2) if termination is not feasible, Client shall report BSI’s breach or violation to the Secretary of the Department of Health and Human Services. C. Effect of Termination. Upon termination of the Agreement for any reason, BSI shall return or destroy all PHI that BSI or its agents or subcontractors still maintain in any form, and shall retain no copies of such PHI. If return or destruction is not feasible, BSI shall continue to extend the protections of sections 2(A), 2(B), 2(C), and 2(E) of this addendum to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. If BSI elects to destroy the PHI, BSI shall certify in writing to client that such PHI has been destroyed. 4. Amendment to comply with law. The parties acknowledge that state and federal laws relating to data security and privacy of health information are rapidly evolving and that this addendum may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the privacy rule, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the other party agrees to promptly enter into negotiations concerning the terms of an amendment to this addendum embodying written assurances consistent with the standards and requirements of HIPAA, the privacy rule or other applicable laws. Client may terminate this agreement upon thirty (30) days prior written notice in the event BSI (1) does not promptly enter into negotiations to amend this agreement when requested by client pursuant to this section; or (2) does not enter into an amendment to this Agreement providing assurances regarding the safeguarding of PHI sufficient to satisfy the standards and requirements of HIPAA and the Privacy Rule. 5. No third party beneficiaries. Nothing express or implied in this agreement is intended to confer, nor shall anything herein confer, upon any person other than the client, BSI and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 6. Interpretation. The provision of this Addendum shall prevail over any provisions in the Agreement that may conflict or appear inconsistent with any provision in this Addendum. This Addendum and the Agreement shall be interpreted as broadly as necessary to implement and comply with HIPAA and the Privacy Rule. The parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with HIPAA and the Privacy Rule.
VERSION: October 29, 2019