Before accessing and using the services available on the web application, through the domain and/or its subdomains, and/or on the Nutrium mobile application, Professionals should carefully read these Terms and Conditions of Use (hereinafter, "Terms of Use"; "Terms"; "Conditions"; "Terms and Conditions"), which stipulate the terms under which Nutrium's service is used, and also define the rules of participation for Professionals registered with said service.

Title 1: General Conditions

1.1. Who are we?

HEALTHIUM - Healthcare Software Solutions, S.A., (henceforth, "Healthium") is dedicated to the development of cloud-based software, Nutrium, with connection to mobile applications, aimed at Nutrition Professionals and Clinics, which allows them to simplify their most complex tasks, such as the management and analysis of their clients' nutritional information, the planning, analysis and creation of meal plans and the direct and permanent monitoring of the Client. In addition to these features, the service's most distinctive characteristic is that it facilitates and improves the nutritional monitoring of the Client by their Nutrition Professional. Thus, through the Nutrium mobile application, at the end of each nutrition consultation, the Client will have their meal plan prescribed by the Professional available on their mobile device, which can be readjusted both in real time and at the next appointment.

In this way, Nutrium promotes, facilitates and simplifies the relationship between the Client and their Nutrition Professional, enabling:

  1. a) the Client, contact with a Nutrition Professional who will directly monitor their physical and nutritional progress and performance;
  2. b) the Professional, a tool capable of simplifying the most complex tasks, such as managing and analyzing their Client's nutritional information, planning, analyzing and creating dietary plans and direct and permanent monitoring of the Client.

1.2. Definition of Terms

"Software" shall mean the web and mobile applications developed by Healthium, the distribution and use of which is subject to these Terms of Use.

"Professional" shall mean anyone who, by any means, has access to the reserved Client and appointment management area via the web version of the software or the corresponding mobile application.

“Parties” shall mean Healthium and the Professional jointly, and the obligations and rights set out herein shall apply to both entities.

"Client" shall mean anyone who, by any means, has access to the mobile version of the software for nutritional monitoring or to the corresponding web version.

"Active Client" is a Client whose profile is edited directly by the Professional in a given month, in any of the sections of their Client Profile.

"Secretary" shall mean anyone who has, by any means, access to the restricted web version of the software made available by the Professional to that third party for the purposes of managing and scheduling their appointments and Clients.

"Payment Processing Entity" shall mean third-party entities, with no direct commercial connection to Healthium and the Nutrium service, which provide payment services and process payments for appointments between Clients and Professionals.

"Intellectual Property Rights" shall mean all rights relating to scientific works, inventions in all fields of human activity, scientific discoveries, designs, industrial models, industrial trademarks, commercial and service marks and protection against unfair competition, as well as all other rights inherent to intellectual activity in the industrial and scientific fields.

1.3. Conditions of Acceptance

Registration in the Nutrium mobile application and the provision of the service by Healthium is dependent on full acceptance of these conditions, and any Professional who does not agree or does not undertake to behave in accordance with them may not use said service.

There are additional policies and other agreements that integrate these Terms, providing supplementary clauses and conditions related to the specific services made available on the Nutrium Website. In this sense, for each individual who, in fact, is considered a Nutrium service Professional, it is assumed, at the time of registration or subsequently, that they have read and fully understood the following policies and agreements. These are intrinsically linked to these Terms and are expressly accepted:

Healthium reserves the right to change the Terms and Conditions (partially or totally) at any time, notifying the Professional in advance, with each new version of the Terms and Conditions coming into force after publication on the Nutrium website. By accepting these Terms and Conditions, users undertake to visit and study these terms regularly. Finally, Healthium also reserves the right to interrupt or even terminate the services at any time, if it deems it necessary, without prejudice to the return of amounts paid in advance by the Client pro-rata to the use of the services.

1.4. Binding to these Provisions

These provisions contractually bind the Professional to Healthium. As such, from the moment the Professional accepts these Terms, he/she is legally bound by its stipulations, agreeing to submit to the most current versions of these terms, the Privacy Policy and the Data Processing Agreement.

Professionals may withdraw their consent at any time, and it is certain that doing so will result in the revocation of this contract, and they will not be entitled to any compensation or return of amounts already paid, nor will they be allowed access to Nutrium, and their personal data will be deleted.

These provisions shall remain in force between the Parties for the duration of the contract, which shall be determined in accordance with the service contract agreed between the Parties.

1.5. Legal Capacity for Software Registration

In order to use the Nutrium software, the Professional must be eighteen years of age or older, if the legal age in force in their country is higher.

Therefore, by accessing, using or creating an account in the Nutrium software, the Professional guarantees that he/she has the legal capacity to carry out the legal acts of civil life, being fully aware of the legal sanctions provided for in the Civil Code.

1.6. Liability of the Professional

By accepting these Terms, the Professional undertakes to only adopt behavior that does not infringe the current legal system or in any way harm legally protected positions.

These Terms apply to all use of the application, whether in code, binary or any other form.

1.7. Registration

There is data that is considered indispensable for the regular fulfillment not only of the contractual relationship between the Professional and Healthium, within the scope of the provision of this service, but also of the pre-contractual relationship between the Client and the Professional that is formed with the appointment. Depending on the service, we may request the following registration data: full name, gender, country of residence, date of birth, email address and cell phone number. In addition, data and certificates attesting to the Professional's due registration with the relevant health regulatory authorities are required, where applicable.

When registering and using the software and services, Professionals must provide accurate, precise, and truthful information. Professionals also guarantee and are responsible, in any case, for the veracity, accuracy and authenticity of their personal data entered, and Healthium is not responsible for the veracity or correctness thereof.

Registrations are personal and non-transferable, and the holder is solely responsible for the actions taken with their registration. Only one registration may correspond to each Professional, and Healthium may cancel any subsequent registration made by the same individual.

Healthium shall not be held liable for any eventuality resulting from the Professional's inability to register. Healthium also undertakes to ensure that the services provided are offered and can be used without fail, but reserves the right to temporarily suspend its operations for technical reasons or causes beyond its control.

Title 2: Specific Terms of Use for Professionals

2.1. Terms of Service

By signing up and using the Nutrium software, namely through the online platform, Professionals will be subscribing to tools that will simplify their most complex tasks, such as planning, analyzing, and creating meal plans, nutritional calculations, managing and analyzing information, among others. In addition to these features, the service's most distinctive characteristic is that it facilitates and improves the nutritional monitoring of its clients - Nutrium Clients. Professionals are constantly connected to their clients, thus facilitating access to their progress and direct communication by message. This feature means that the Client can be monitored more closely, as it allows the Professional to change meal plans in real time, answer questions raised by the Client and schedule appointments.

2.2. Liability of the Professional

By accepting these Terms and Conditions, the Professional undertakes to only adopt behaviors that do not infringe the current legal system or in any way harm legally protected positions. In this regard, Professionals undertake to:

  • Respect our policies, the rights of third parties and any laws, such as the applicable Codes of Ethics;
  • Thoroughly follow European legislation on the protection of personal data, such as the General Data Protection Regulation, ensuring that clients and secretaries are provided with the appropriate information, consents and access to their rights;
  • Comply with the services requested;
  • Not transfer their account or access to third parties without our consent;
  • Not distribute or send spam, unsolicited electronic communications, or other types of harmful communications;
  • Not distribute viruses or any other technologies that may harm the Website, Healthium, or the interests of Clients (including their intellectual property rights, among others);
  • Not to publish or distribute content that is unlawful, threatening, abusive, defamatory, invasive of privacy, vulgar, obscene, profane or which may harass or cause distress or inconvenience to any person;
  • Not to reproduce or incorporate any part of the platforms owned by Healthium on any other website without its prior written authorization;
  • Not attempt to modify, translate, adapt, edit, decompile or reverse engineer any services used or made available by us in connection with the services provided by Healthium;
  • Not to copy, modify or distribute rights or content from the Platforms or Healthium's copyrights and trademarks;
  • Not collect personal information about Clients without their consent and/or beyond what is strictly necessary for the provision of the services.

Healthium may close, suspend or limit, with immediate effect and without prior notice, access to the Professional's account and to the services whenever the stipulations identified above are violated.

2.3. Modalities of Subscription

Healthium offers different subscription plans with all the features offered by the mobile app and the web version. The content and monetary value of each subscription depends on the number of Active Clients per month and the subscription period.

Depending on the country and region, Professionals can opt for monthly or annual subscriptions, which must be combined with the desired number of clients, namely the option of “10 Active Clients” per month or “unlimited clients”.

By selecting the "10 Active Clients" option, the Professional assumes the exclusive and non-transferable role of activating and managing their clients. Therefore they acknowledge that any change to a Client's profile in various sections of the profile (e.g. the personal information section, the measurements section, the planning section, etc.) constitutes the activation of that Client as an Active Client for the current month.

With the arrival of each new month, the number of Active Clients under the Professional's responsibility is reset to zero, giving them the opportunity to readjust the clients they wish to activate during the following period. Through its web interface for professionals, the Healthium platform offers a tool for checking which clients have already been activated in the current month.

Once the maximum number of 10 Active Clients has been reached within a single month, the Professional is unable to activate new clients in that timeframe. However, they reserve the right to choose to subscribe to the unlimited customers mode at any time, in accordance with the additional terms and conditions established by Healthium.

2.4. Automatic Renewal of Subscription

Without prejudice to the Professional's objection, by accepting these Terms, the Professional accepts and agrees to the automatic renewal of his/her subscription, authorizing the appropriate amounts to be charged through the payment information previously made available.

Title 3: Payment System

3.1. General Conditions

Depending on the country, there may be a payment service between the Professional and the Client provided by a Payment Processing Entity, thus giving the Professional the possibility of using their accounts in these services to send links, emails and easy billing messages to their Clients and process the corresponding credit and debit card transactions and other payment methods.

By using these payment methods, the Professional agrees to the Terms and Conditions established by the Payment Processor. Healthium, and the Nutrium service, are not a party to these Terms and, accordingly, have no obligation or liability to you for any services the Payment Processor provides or additional amounts it charges you. If the Merchant has any related questions, he/she should contact the respective Payment Processor via its contact details.

The Professional is solely and exclusively responsible for all transactions, including refunds, cancellations and associated disputes, processed through Nutrium and/or the Payment Processor.

Accordingly, Healthium shall not be liable for any loss or damage resulting from erroneous or invalid transactions processed by the Professional or the Client. This includes transactions that were not processed due to network communication errors, or any other reason, including refusals of reimbursement by the Professional. If a transaction is carried out, it is the Professional's responsibility to check with the Payment Processor that it has been successful.

3.2. Preliminary Definitions

"Available balance" shall mean the monetary amounts in the Professional's Nutrium account that are available for withdrawal and movement;

"Pending balance" shall mean the amounts held captive - but already effectively paid to the Professional - because they are in a processing period, as defined in this article;

"Service fee" shall mean the fixed percentage charged by Healthium on each payment actually received in the Professional's Nutrium account, as defined in this article;

"Minimum withdrawal amount" shall mean the amount previously determined by Healthium from which the Professional may transfer his/her entire available Balance, as defined in this article;

"Withdrawal fee" shall mean the fixed amount charged by Healthium for each transfer of a certain amount of available Balance to a bank account defined by the Professional for this purpose, as defined in this article;

"Minimum payment" shall mean the minimum amount of charges allowed, as defined in this article;

3.3. Special conditions

The payment system has its own characteristics and operating mechanisms, and its use is not free of charge, entailing the payment of fees to Healthium under the terms set out below. By using this payment service, the Professional declares that he/she is aware of and agrees to the aforementioned values and service operating mechanisms.

The payment system implies valid registration with the Payment Processing Entity, so only after verification of the account by this entity can the Professional freely carry out transactions and withdraw their balance. This registration is the sole responsibility of the Professional and is mandatory for the use of the services described here and for the interconnection between the Nutrium account and the Professional's account with the respective Payment Processing Entity.

The use of the payment system allows the Professional to send payment requests to Clients and collect them. The use of these mechanisms is, however, subject to a minimum payment amount and the charging of a service fee for each payment actually received.

Once the amounts charged to the Client have been received, the amount in question will appear in the Professional's Nutrium account under the designation Pending balance until the transaction is confirmed, after which time it will become Available balance.

The Available Balance can be transferred to a bank account of the Professional's choice as soon as the Minimum Withdrawal Amount is reached, subject to a Withdrawal Fee. The Available Balance can only be kept in the account for a maximum of 90 days and must also be withdrawn when the Professional's Nutrium account is deleted.

Healthium does not charge any other fees for the use of this service, namely membership fees or monthly fees, however, ancillary fees may be payable in the event of disputes.

3.4. Disputes

A dispute occurs when a Client, holder of the card with which they paid the Professional, questions the legitimacy of the transaction with the card issuer, i.e. their bank.

In these cases, the issuer will trigger an automatic mechanism that immediately reverses the payment, returning the amount paid to the Client while the legitimacy of the dispute is analyzed and discussed between the Parties. Healthium therefore reserves the right to deduct and charge the Professional any amounts necessary to resolve the dispute. In this sense, when a dispute is opened, the amount of the payment, together with a dispute fee, will automatically be deducted from the balance of the Professional's account, and it will then be up to the Professional to submit to Healthium all the evidence necessary for the proper resolution of the dispute. Detailed information on dispute fees can be found on the Payment Processing Entities' pages.

By proceeding with this service, the Professional declares that he/she is aware of these terms and expressly accepts them.

Title 4: Final Provisions

4.1. Account Access Policy

Healthium reserves the right to prevent access and delete Professionals' accounts at any time, without prior written notice, in cases where the Professional offends or violates any of these Terms or the conditions contained in the Privacy Policy or the Data Processing Agreement, as well as in cases where there is an offense or violation of the rules of Civil Law.

Healthium reserves the right to prevent access and delete Professionals' accounts, with prior written notice of 30 days in the event of unjustified cases. In such cases, Healthium undertakes to adopt appropriate measures so as not to harm Professionals.

Professionals have the right to request the cancellation of their Healthium account through the contacts available on the Software itself. In the event of termination: (i) the Professional shall remain liable for all amounts owed to Healthium or to third parties; and (ii) Healthium shall verify any amounts legally owed to the Professional and undertakes to make the relevant payments in a timely manner.

4.2. Intellectual Property

The applications produced by Healthium are intellectual works protected by Intellectual Property Law and are protected by the applicable legislation, namely Decree-Law no. 252/94, of October 20, on the Legal Protection of Computer Services, as well as by Community Directives and International Treaties. Each of its component elements (such as design, texts, videos, music, graphics, images, information, applications, sounds, colors, logos, web page layout, applications and tools, among others) are the exclusive property of Healthium, which is the only one entitled to use the intellectual property rights of personality measured therein.

Any reproduction and/or full or partial representation, use, adaptation or modification of the applications or any of their component elements, on any medium whatsoever, or in any form whatsoever, for other purposes, including commercial purposes, is expressly prohibited.

4.3. Exclusion of Guarantees

The Professional expressly accepts that use of the software is at his/her own risk and is his/her sole responsibility.

The Professional declares and acknowledges that they are legally fit, able and authorized to provide nutrition consultations, and therefore cannot hold Healthium responsible for any errors arising from their participation in activities related to the provision of nutrition services.

Healthium does not provide any guarantee regarding: the correspondence of the software with the requirements of the Professionals; the absence of errors in the software; the reliability, timeliness or performance of the software.

No advice or information, whether oral or written, obtained by the Professional from Healthium or any third party associated with Healthium shall constitute a warranty not expressly referred to in these Terms of Use.

4.4. Limitation of Liability

The Professional expressly understands and agrees that Healthium cannot be held liable for any direct, indirect, incidental or special damages arising from the use of the software. Nor can Healthium be held liable for failure to comply with the obligations legally imposed on the Professional, namely those arising from the General Data Protection Regulation.

4.5. System Failures

The use of any device, software, or other resource that interferes with the activities and operations of Healthium and its software, Nutrium, is not permitted. Any intrusion, attempt, or activity that violates or contravenes intellectual property laws and/or the prohibitions stipulated in these Software Terms of Use, will render the responsible party liable to the relevant legal actions, as well as being liable for compensation for any damages caused.

Healthium shall not be liable for any damage, injury or loss to the Professional's equipment caused by system, server or Internet failures. Professionals may not hold Healthium liable or demand payment for loss of profit due to damage resulting from technical difficulties or system or Internet failures. Healthium does not guarantee continuous or uninterrupted access to and use of its application.

Occasionally, the system may not be available due to technical reasons or Internet failures, or any other circumstances beyond Healthium's control.

4.6. Notifications

Professionals agree to receive communications from Healthium, namely notifications related to the Nutrium service and software, including, by way of example, any changes to these Terms of Use, the Privacy Policy or the Data Processing Agreement, among other communications, to the email box associated with their registration or by any other form of communication that seems relevant, namely the address associated with their registration.

Professionals who wish to contact Healthium may do so through the means provided in the Software, by sending communications to the Nutrium support team's email inbox, or to Nutrium's address at Rua Andrade Corvo, 242, Room 106, postal code 4700-204, city of Braga.

4.7. Hyperlinks

The web and mobile applications may contain hyperlinks to other applications or websites over which Healthium has no control. The inclusion of hyperlinks to other applications or websites is for information purposes only, and Healthium is entirely unrelated to their content, services and/or products offered, and cannot be held responsible for their content.

4.8. Partial Invalidity

If any provision of the Terms and Conditions is held to be invalid or unenforceable for any reason or to any extent, such invalidity or unenforceability shall not in any way affect or render invalid or unenforceable the remaining provisions of the Terms and Conditions and enforcement of such provision shall be to the extent permitted by law.

4.9. Applicable Law and Jurisdiction

These Terms and Conditions of Use are subject to Portuguese law and for all matters arising therefrom the Parties elect the jurisdiction of the District Court of Braga.

Healthium HIPAA Business Associate Agreement ("BAA")

If you are subject to United States federal, state, or local law, the terms of this Business Associate Agreement ("BAA") shall govern your access to and use of our service and your relationship with Healthium under the scope of the Health Insurance Portability and Accountability Act ("HIPAA"), as better defined below. By using the Nutrium service, you agree to be bound by these terms, if applicable to you.

This HIPAA Business Associate Agreement (this "BAA") defines the rights and responsibilities of Provider and Customer with respect to Protected Health Information (PHI) as defined in the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder, including the HITECH Act and Omnibus Rule, as each may be amended from time to time (collectively, "HIPAA"). This BAA shall be applicable only in the event and to the extent Provider meets, with respect to Customer, the definition of a Business Associate set forth at 45 C.F.R. §160.103, or applicable successor provisions. This BAA shall only be applicable to Customer's use of the Platform and as specified in the General Terms and Conditions (the "main Agreement") to which this BAA is attached and fully referenced and incorporated. This BAA is intended to ensure that Business Associate and Customer will establish and implement appropriate safeguards where Business Associate may receive, create, maintain, use or disclose in connection with the functions, activities and services that Business Associate performs on behalf of Customer solely to perform its duties and responsibilities under the main Agreement.

1. Applicability and Definitions. This BAA applies only where:

  • Customer uses the Services to store or transmit any PHI as defined in 45 C.F.R. §160.103
  • Customer has applied the required security configurations, as specified in Section 5.2 of this BAA to Customer's Applications. Customer acknowledges that this BAA does not apply to any other accounts it may have now or in the future. Unless otherwise expressly defined in this BAA, all capitalized terms in this BAA will have the meanings set forth in the main Agreement or in HIPAA.

2. Additional Meanings.

  • "Business Associate" shall mean Provider, or Healthium - Healthcare Software Solutions, S.A.
  • "HITECH ACT" shall mean the Health Information Technology for Economic and Clinical Health Act.
  • "Individual" shall have the same meaning as the term "individual" in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).
  • "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.
  • "Protected Health Information" or "PHI" shall have the same meaning as the term "protected health information" in 45 CFR § 160.103, limited to the information received by Business Associate from or on behalf of Customer.
  • "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.103.
  • "Security Rule" shall mean the Security Standards for the Protection of Electronic Protected Health Information, located at 45 CFR Part 160 and Subparts A and C of Part 164.

3. Permitted and Required Uses and Disclosures.

  • Service Offerings. Business Associate may use or disclose PHI for or on behalf of Customer as defined in the main Agreement.
  • Administration and Management of Services. Business Associate may Use and Disclose PHI as necessary for the sole purpose of the proper management and administration of the Services. Any disclosures under this section will be made only if Business Associate obtains reasonable assurances from the recipient of the PHI that (i) the recipient will hold the PHI confidentially and will use or disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and (ii) the recipient will notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

4. Obligations of Business Associate.

  • Limit on Uses and Disclosures. Business Associate will use or disclose PHI only as permitted by this BAA or as required by law, provided that any such use or disclosure would not violate HIPAA if done by a Covered Entity, unless permitted for a Business Associate under HIPAA.
  • Safeguards. Business Associate will use reasonable and appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this BAA, consistent with the requirements of Subpart C of 45 C.F.R. Part 164 (with respect to Electronic PHI) as determined by Business Associate Policies and as reflected in the main Agreement, which includes Disk Encryption and Encryption In-Transit services.
  • Reporting. For all reporting obligations under this BAA, the parties acknowledge that, because Business Associate does not know the details of PHI contained in any of Customer Account, there will be no obligation on the Business Associate to provide information about the identities of the Individuals who may have been affected, or a description of the type of information that may have been subject to a Security Incident, Impermissible Use or Disclosure, or Breach. Business Associate will ensure Customer access to Audit Logging, when applicable, to help Customer in addressing Customer's obligations for reporting under this BAA. Customer acknowledges Business Associate is under no obligation to provide additional support for Customer's BAA reporting obligations but may choose to provide such additional services at its sole discretion or at Customer expense.
  • Reporting of Impermissible Uses and Disclosures. Business Associate will report to Customer any Use or Disclosure of PHI not permitted or required by this BAA of which Business Associate becomes aware.
  • Reporting of Security Incidents. Business Associate will report to Customer on no less than fourteen business (14) days from the date any Security Incidents involving PHI of which Business Associate becomes aware in which there is a successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an Information System in a manner that risks the confidentiality, integrity, or availability of such information. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful attempts at such unauthorized access, use, disclosure, modification, or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above.
  • Reporting of Breaches. Business Associate will report to Customer any Breach of Customer's Unsecured PHI that Business Associate may discover to the extent required by 45 C.F.R. § 164.410. Business Associate will make such report without unreasonable delay, and in no case later than forty-eight (48) hours after discovery of such Breach. Business Associate undertakes no obligation to report network security related incidents which occur on its managed network but does not directly involve Customer's use of Services.
  • Subcontractors. Business Associate will ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to restrictions and conditions at least as stringent as those found in this BAA, and agree to implement reasonable and appropriate safeguards to protect PHI.
  • Access to PHI. Customer acknowledges that Business Associate is not required by this BAA to make disclosures of PHI to Individuals or any person other than Customer, and that Business Associate does not, therefore, expect to maintain documentation of such disclosure as described in 45 CFR § 164.528. In the event that Business Associate does make such disclosure, it shall document the disclosure as would be required for Customer to respond to a request by an Individual for an accounting of disclosures in accordance with 45 CFR §164.504(e)(2)(ii)(G) and §164.528, and shall provide such documentation to Customer promptly on Customer's request. In the event that a request for an accounting is made directly to Business Associate shall, within 5 Business Days, forward such request to Customer.
  • Accounting of Disclosures. Business Associate will make available to Customer the information required to provide an accounting of Disclosures in accordance with 45 C.F.R. § 164.528 of which Business Associate is aware, if requested by Customer. Because Business Associate cannot readily identify which Individuals are identified or what types of PHI are included in Customer Content, Customer will be solely responsible for identifying which Individuals, if any, may have been included in Customer Content that Provider has disclosed and for providing a brief description of the PHI disclosed.
  • Internal Records. Provider will make its internal practices, books, and records relating to the Use and Disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services ("HHS") for purposes of determining Customer compliance with HIPAA. Nothing in this section will waive any applicable privilege or protection, including with respect to trade secrets and confidential commercial information.

5. Customer's Obligations:

  • Appropriate Use of HIPAA Accounts. Customer is responsible for implementing appropriate privacy and security safeguards in order to protect PHI in compliance with HIPAA and this BAA. Without limitation, Customer shall: (i) not include protected health information (as defined in 45 CFR 160.103) in any Services that are not or cannot be HIPAA compliant, (ii) utilize the highest level of audit logging in connection with its use of all Customer Applications, and (iii) maintain the maximum retention of logs in connection with its use of all Services.
  • Encryption. Customer shall encrypt all PHI stored or transmitted outside the Services in accordance with the Secretary of HHS's Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals, available at %{hhs_link}, as it may be updated from time to time, and as may be made available on any successor or related site designated by HHS.
  • Necessary Consents. Customer warrants that it has obtained any necessary authorizations, consents, and other permissions that may be required under applicable law prior to placing Customer Content, including without limitation PHI, on the Services.
  • Restrictions on Disclosures. Customer shall not agree to any restriction requests or place any restrictions in any notice of privacy practices that would cause Business Associate to violate this BAA or any applicable law.
  • Compliance with HIPAA. Customer shall not request or cause Business Associate to make a Use or Disclosure of PHI in a manner that does not comply with HIPAA or this BAA.

6. Term and Termination

  • Term. The term of this BAA will commence on the main Agreement Effective Date and will remain in effect until the earlier of the termination of the main Agreement or notification by Customer that an account is no longer subject to this BAA.
  • Effect of Termination. At termination of this BAA, Business Associate, if feasible, will return or destroy all PHI that Business Associate still maintains, if any. If return or destruction is not feasible, Business Associate will extend the protections of this Agreement to the PHI, limit further uses and disclosures to those purposes that make the return of the PHI infeasible, and make no further use or disclosure of PHI.
  • If Customer requests contemporaneously with any termination event or notice, Business Associate will allow Customer to have access to Customer's account for a reasonable period of time following termination as necessary for Customer to retrieve or delete any PHI at its then current monthly recurring rate; provided, however, that if the security of Customer's servers has been compromised, or the Agreement was terminated by Customer's failure to use reasonable security precautions, Business Associate may: (i) provide Customer with restricted access via a dedicated or private link or tunnel to Customer account or (ii) refuse to allow Customer to have access to Customer's account but will use reasonable efforts to copy Customer data on to media Customer provides to Business Associate, and will ship the media to Customer at Customer expense. Business Associate's efforts to copy Customer data onto Customer media shall be billable as an Additional Service at Business Associate's then current hourly rates.

7. No Agency Relationship.

As set forth in the Agreement, nothing in this BAA is intended to make either party an agent of the other. Nothing in this BAA is intended to confer upon Customer the right or authority to control Business Associate's conduct in the course of Business Associate complying with the Agreement and BAA.

8. Nondisclosure.

Customer agrees that the terms of this BAA are not publicly known and constitute Business Associate Confidential Information under the Agreement.

9. Entire Agreement; Conflict.

Except as amended by this BAA, the Agreement will remain in full force and effect. This BAA, together with the main Agreement as amended by this BAA: (a) is intended by the parties as a final, complete and exclusive expression of the terms of their agreement; and (b) supersedes all prior agreements and understandings (whether oral or written) between the parties with respect to the subject matter hereof. If there is a conflict between the Agreement, this BAA or any other amendment or BAA to the Agreement or this BAA, the document later in time will prevail.

10. Miscellaneous.

  • Amendment. Customer and Business Associate agrees to take such action as is reasonably necessary to amend this HIPAA BAA from time to time as is necessary for either party to comply with the requirements of the Privacy Rule and related laws and regulations.
  • Survival. Customer and Business Associate's respective rights and obligations under this HIPAA BAA shall survive the termination of the Agreement.
  • Interpretation. Any ambiguity in the main Agreement shall be resolved to permit Customer to comply with HIPAA and the Privacy Rule.

Get started today!

If you can make a list or send an email, you can use Nutrium. Starting an appointment is really that simple.