EVEXIADIRECT TERMS OF USE AND SALE

 

 

THIS DOCUMENT CONTAINS VERY IMPORTANT INFORMATION REGARDING YOUR RIGHTS AND OBLIGATIONS, AS WELL AS CONDITIONS, LIMITATIONS, AND EXCLUSIONS THAT MIGHT APPLY TO YOU. PLEASE READ IT CAREFULLY. 

These EvexiaDirect Terms of Use and Sale (these “Terms”) apply to use of (and the purchase and sale of products and services through) the www.EvexiaDirect.com website and any associated mobile applications (the “Site”). The Site is made available by Evexia Diagnostics, Inc., a wholly owned subsidiary of Evexia Holdings, Inc. (“Evexia”) (referred to as “EDI”, “us”, “we”, or “our” as the context may require). You should also carefully review our Privacy Policy before placing an order for products or services through this Site.

By using the Site, by clicking to accept or agree to these Terms when this option is made available to you, or by placing an order for products or services through the Site, you accept and agree to be bound and abide by these Terms. 

YOU MAY NOT USE THIS SITE OR ORDER OR OBTAIN PRODUCTS OR SERVICES FROM THIS SITE IF YOU (A) DO NOT AGREE TO THESE TERMS, (B) ARE NOT THE OLDER OF (i) AT LEAST 18 YEARS OF AGE OR (ii) LEGAL AGE TO FORM A BINDING CONTRACT WITH EDI, OR (C) ARE PROHIBITED FROM ACCESSING OR USING THIS SITE OR ANY OF THIS SITE’S CONTENTS, GOODS OR SERVICES BY APPLICABLE LAW. HEALTHCARE PRACTIONERS USING THE SITE ON BEHALF OF PATIENTS ARE SUBJECT TO ADDITIONAL REQUIREMENTS AS PROVIDED IN THESE TERMS.

1. Changes to These Terms. These Terms are subject to change by us at any time and without prior notice, in our sole discretion. Any changes to these Terms will be in effect as of the “Last Modified” date referenced on the Site. You should review these Terms prior to purchasing any product or services that are available through this Site. Your continued use of this Site after the “Last Modified” date will constitute your acceptance of, and agreement to, such changes.
2. NO MEDICAL ADVICE . Through the Site, we offer an online service to help healthcare practitioners order specialty lab-work more efficiently for their patients. We are not doctors, we do not act or operate as a healthcare practice, nor do we provide medical care. We do not partner with or hire practitioners: they simply use our software to order products.
3. NOT AVAILABLE FOR BENEFICIARIES OF INSURANCE OR MEDICARE/MEDICAID. Patients may not use EvexiaDirect for any lab tests/panels that are subject to, or will be paid by, any insurance company or any federal health care program, including Medicaid or Medicare.  Patients who are eligible for Medicaid or Medicare may still use EvexiaDirect, but only if the Registered Patient agrees to waive any federal health care program coverage for the panels/tests administered under EvexiaDirect.
4. Accessing the Site and Account Security. We reserve the right to withdraw or amend the Site, and any service or products we provide through the Site, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Site is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Site, or the entire Site, to users, including registered users. To access the Site or some of the resources it offers, you may be asked to provide certain registration details or other information. All the information you provide on the Site must be correct, current, and complete. You agree that all information you provide to register with or use this Site is governed by our Privacy Policy , and you consent to all actions we take with respect to your information consistent with our Privacy Policy.
1. If you choose, or are provided with, a username, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Site or portions of it using your username, password, or other security information. You agree to notify us immediately of any unauthorized access to or use of your username or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
2. We have the right to disable any username, password, or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms.

* * * Sections 5-9 apply to  healthcare practitioners  using the Site to place orders for patients. * * *

5. Practitioner Terms – Compliance, Ethics & Credentialing.  
1. Most jurisdictions require that health professionals making recommendations to patients on health-related matters have an appropriate license to offer those recommendations. Regulating entities with jurisdiction over health professionals may also require that certain ethical standards be followed. You may also be required to make certain disclosures to patients or be limited in your ability to charge patients more than the manufacturer’s suggested retail price (MSRP) for products, including products you order from the Site. You agree to act in accordance with all licensing and ethical standards applicable to you as a health professional. 
2. You – and not EDI – are solely responsible for all of your compliance obligations. We do not offer any advice about potentially applicable laws or compliance with them. We also do not express any opinions about whether the products are appropriate for your patients. 
3. To use the Site to place product or service orders for patients, you must have – and you represent that you do have – appropriate authorization or license from government authorities or regulatory agencies applicable to you and your practice of medicine (or another healthcare profession). By placing any order through the Site, you certify that you are licensed to practice and order lab testing in your state. To confirm this, we may ask you for various information needed to verify your identity and qualifications to provide healthcare services (or order lab testing). This may include requirements for you to provide us with your National Provider Identifier (NPI), a copy of your driver’s license, documents confirming your education and training, licenses, or specialty certificates, etc.
6. Practitioner Terms – Signatures. On placing your first order for a patient, you will be required to provide EDI with an e-signature. EDI will then use this e-signature to generate requisitions for orders placed under your account, have lab companies bill EDI for orders placed under your account, register you under EDI’s account with our partner labs, and receive your patients’ results for your review. By providing EDI with your e-signature, you consent to these uses of your signature by EDI for all orders placed under your account. You may withdraw your consent at any time by providing notice to EDI at info@evexiadiagnostics.com, and that withdrawal will become effective within five business days. But, if you withdraw your consent, your account will be deactivated, and you will no longer be permitted to place orders through the Site.
7. Practitioner Terms – Fees for Products & Statements About Products. 
1. For products and services that you obtain via the Site, you may not charge patients more than is permitted under the laws applicable to you and your practice or where the patient resides.
2. You shall not make any representations, warranties, guarantees, indemnities, commitments, or other similar claims actually, apparently, or ostensibly on behalf of EDI, any lab or product manufacturer or distributor that are inconsistent with these Terms.
3. You shall not make any claims regarding the use of EDI’s products which do not explicitly appear on the label of products or the product listing on the Site.
4. You are exclusively responsible for, and EDI and its lab, supplier, and distributor partners, disclaim any and all liability for, any statements that you may make regarding the products to patients, including any claims that a product diagnoses or treats specific diseases or conditions that do not explicitly appear on the product label.
8. Practitioner Terms – Business Associate Terms.  If you are a practitioner that is a Covered Entity under HIPAA (or you are an employee or other workforce member of a physician practice or other entity that is a Covered Entity), then (a) the Business Associate Terms attached to these Terms (“ BA Terms ”) apply to you, and (b) you Practice hereby agree to the BA Terms, which are incorporated by reference.
9.   NOT AVAILABLE FOR BENEFICIARIES OF INSURANCE OR MEDICARE/MEDICAID —Client/Practitioner will not use EvexiaDirect for any lab tests/panels that are subject to, or will be paid by, any insurance company or any federal health care program, including Medicaid or Medicare, and Client/Practitioner agrees not to refer any patient to the program who may be expecting any federal health care program to reimburse them for fees paid to EDI. Patients who are eligible for Medicaid or Medicare may still use EvexiaDirect, but only if they agree to waive any federal health care program coverage for the lab panels/tests administered under EvexiaDirect.

* * * The remaining sections of these Terms apply to all Site users, whether patients or practitioners. * * *

10. Intellectual Property Rights. 
1. The Site and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by EDI, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws. These Terms permit you to use the Site for your use only. 
2. The EDI and EDI Health names and all related names, logos, product and service names, designs, and slogans are trademarks of EDI or its affiliates or licensors. You must not use such marks without first obtaining EDI’s written permission. All other names, logos, product and service names, designs, and slogans on this Site are the trademarks of their respective owners.
11. Prohibited Uses. You may use the Site only for lawful purposes and in accordance with these Terms. You agree not to use the Site:

• In any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries). 
• For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information, or otherwise.
• To send, knowingly receive, upload, download, use, or re-use any material that is offensive, harmful, infringing, obscene, defamatory, abusive, deceptive, untrue, misrepresentative, or illegal.
• To transmit, or procure the sending of, any advertising or promotional material.
• To impersonate or attempt to impersonate EDI, an EDI employee, another user, or any other person or entity.
• To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of the Site, or which, as determined by us, may harm EDI or users of the Site, or expose them to liability.

Additionally, you agree not to:

• Use the Site in any manner that could disable, overburden, damage, or impair the Site or interfere with any other party’s use of the Site.
• Use any robot, spider, or other automatic device, process, or means to access the Site for any purpose, including monitoring or copying any of the material on the Site.
• Use any manual process to monitor or copy any of the material on the Site, or for any other purpose not expressly authorized in these Terms, without our prior written consent.
• Use any device, software, or routine that interferes with the proper working of the Site.
• Introduce any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful.
• Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Site, the server on which the Site is stored, or any server, computer, or database connected to the Site. 
• Attack the Site via a denial-of-service attack or a distributed denial-of-service attack.
• Otherwise attempt to interfere with the proper working of the Site.

12. Order Acceptance and Cancellation. You agree that your order is an offer for you as a practitioner (or an invitation to your patient) to buy, under these Terms, all products and services listed in your order. All orders must be accepted by the applicable patient (if that patient is paying for the products through EDI) and EDI, or we will not be obligated to sell the products or services to the practitioner or the patient, as applicable. We may choose not to accept orders at our sole discretion, even after we send a confirmation email with your order number and details of the items you have ordered. 
13. Product Descriptions. Product descriptions are provided by the labs or manufacturers of the various tests available for sale through the Site. We work with the manufacturers to confirm that the test descriptions are accurate, but we cannot guarantee that they are accurate, complete or up-to-date. Including a product description on the Site does not mean that product is or will be available at any given time.
14. Prices and Payment Terms. 
1. All prices, discounts, and promotions posted on this Site are subject to change without notice. The price charged for a product or service will be the price in effect at the time the order is placed and will be set out in your order confirmation email. Price increases will only apply to orders placed after such changes. Posted prices include taxes, but may not include charges for shipping and handling. All such charges will be added to your merchandise total, and where shipping is separately charged, it will be itemized in your shopping cart and in your order confirmation email. We strive to display accurate price information, however we may, on occasion, make inadvertent typographical errors, inaccuracies or omissions related to pricing and availability. We reserve the right to correct any errors, inaccuracies, or omissions at any time and to cancel any orders arising from such occurrences.
2. We may offer from time-to-time promotions on the Site that may affect pricing and that are governed by terms and conditions separate from these Terms. If there is a conflict between the terms for a promotion and these Terms, the promotion terms will govern. 
3. Terms of payment are within our sole discretion and, unless otherwise agreed by us in writing, payment must be received by us before our acceptance of an order. We accept credit and debit cards for all purchases and HSA and FSA payment methods for eligible purchases. You may also apply for an extended payment plan. You represent and warrant that (i) the credit card or other payment information you supply to us is true, correct and complete, (ii) you are duly authorized to use such credit card or payment method for the purchase, (iii) charges incurred by you will be honored by your credit card company, and (iv) you will pay charges incurred by you at the posted prices, including shipping and handling charges and all applicable taxes, if any, regardless of the amount quoted on the Site at the time of your order. 
15. Shipments; Delivery; Title and Risk of Loss. 
1. We will arrange for shipment of the products to you. Typically, products are drop-shipped from our partner labs directly to the patient. Please check the individual product page for specific delivery options. You will pay all shipping and handling charges specified during the ordering process. Shipping and handling charges are reimbursement for the costs we incur in the processing, handling, packing, shipping, and delivery of your order. 
2. Title and risk of loss pass to you upon transfer of the products to the carrier. Shipping and delivery dates are estimates only and cannot be guaranteed. We are not liable for any delays in shipments.
16. Phlebotomy Services. EDI may offer a list of blood draw centers in the patient’s area, or mobile phlebotomists who can come directly to the patient; however, these phlebotomists are not EDI’s employees and EDI is not responsible for the services provided by, or acts or omissions of, the phlebotomists or blood draw centers. The patient’s relationship is directly with the phlebotomist, and any issues with the phlebotomist’s service should be addressed directly with the phlebotomist. 
17. Cancellations and Refunds. Please see our Refund Policy for details on product cancellations. 
18. Manufacturer’s Warranty and Disclaimers. We do not manufacture or control any of the products or services offered on our Site. The availability of products or services through our Site does not indicate an affiliation with or endorsement of any product, service or manufacturer. Accordingly, we do not provide any warranties with respect to the products or services offered on our Site. However, the products and services offered on our Site may be covered by the lab’s or manufacturer’s warranty as detailed in the product’s description on our Site and included with the product. To obtain warranty service for defective products, please follow the instructions included in the manufacturer’s warranty. 

ALL PRODUCTS AND SERVICES OFFERED ON THIS SITE ARE PROVIDED “AS IS” WITHOUT ANY WARRANTY WHATSOEVER, INCLUDING, WITHOUT LIMITATION, ANY (A) WARRANTY OF MERCHANTABILITY; (B) WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE; OR (C) WARRANTY AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OF A THIRD PARTY; WHETHER EXPRESS OR IMPLIED BY LAW, COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE. 

SOME JURISDICTIONS LIMIT OR DO NOT ALLOW THE DISCLAIMER OF IMPLIED OR OTHER WARRANTIES SO THE ABOVE DISCLAIMER MAY NOT APPLY TO YOU. 

YOU AFFIRM THAT EDI SHALL NOT BE LIABLE, UNDER ANY CIRCUMSTANCES, FOR ANY BREACH OF WARRANTY CLAIMS OR FOR ANY DAMAGES ARISING OUT OF THE LAB’S OR MANUFACTURER’S FAILURE TO HONOR ANY WARRANTY OBLIGATIONS IT MAY HAVE TO YOU.

19. Limitation of Liability.   IN NO EVENT SHALL WE BE LIABLE TO YOU OR ANY THIRD PARTY FOR CONSEQUENTIAL, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR ENHANCED DAMAGES, LOST PROFITS OR REVENUES, ARISING OUT OF, OR RELATING TO, OR IN CONNECTION WITH YOUR USE OF THE SITE OR ANY BREACH OF THESE TERMS, REGARDLESS OF (A) WHETHER SUCH DAMAGES WERE FORESEEABLE, (B) WHETHER OR NOT WE WERE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND (C) THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.

OUR SOLE AND ENTIRE MAXIMUM LIABILITY, FOR ANY REASON, AND YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY CAUSE WHATSOEVER, SHALL BE LIMITED TO THE ACTUAL AMOUNT PAID BY YOU FOR THE PRODUCTS AND SERVICES YOU HAVE ORDERED THROUGH OUR SITE. 

The limitation of liability set forth above shall only apply to the extent permitted by law.

20. Goods Not for Resale or Export. You represent and warrant that you are buying products or services from the Site for your or your patient’s own personal or household use only, and not for further resale or export. You further represent and warrant that all purchases are intended for final delivery to locations within the United States, but excluding New Jersey, New York, and Rhode Island. 
21. Privacy. Our  Privacy Policy  governs the processing of all personal data collected from you in connection with your use of the Site.
22. Force Majeure. We will not be liable or responsible to you, nor be deemed to have defaulted or breached these Terms, for any failure or delay in our performance under these Terms when and to the extent such failure or delay is caused by or results from acts or circumstances beyond our reasonable control, including, without limitation, acts of God, flood, fire, earthquake, explosion, governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest, national emergency, revolution, insurrection, epidemic, pandemic, lockouts, strikes or other labor disputes (whether or not relating to our workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials, materials or telecommunication breakdown or power outage.
23. Governing Law and Jurisdiction. This Site is operated from the US. All matters arising out of or relating to these Terms are governed by and construed in accordance with the internal laws of the State of Connecticut without giving effect to any choice or conflict of law provision or rule (whether of the State of Connecticut or any other jurisdiction) that would cause the application of the laws of any jurisdiction other than those of the State of Connecticut.

24. Assignment. You will not assign any of your rights or delegate any of your obligations under these Terms without our prior written consent. Any purported assignment or delegation in violation of this Section is null and void. No assignment or delegation relieves you of any of your obligations under these Terms.
25. No Waivers. The failure by us to enforce any right or provision of these Terms will not constitute a waiver of future enforcement of that right or provision. The waiver of any right or provision will be effective only if in writing and signed by a duly authorized representative of EDI.
26. No Third-Party Beneficiaries. These Terms do not and are not intended to confer any rights or remedies upon any person other than you.
27. Notices.
1. To You. We may provide any notice to you under these Terms by: (i) sending a message to the email address you provide or (ii) by posting to the Site. Notices sent by email will be effective when we send the email and notices we provide by posting will be effective upon posting. It is your responsibility to keep your email address current.
2. To Us. To give us notice under these Terms, you must contact us as follows: email us at info@evexiadiagnostics.com or contact us by US postal mail at P.O. Box 1272 Washington, CT 06793. We may update the email address or address for notices to us by posting a notice on the Site. Notices provided by personal delivery will be effective immediately. Notices provided by email or overnight courier will be effective one business day after they are sent. Notices provided by registered or certified mail will be effective three business days after they are sent.
28. Severability. If any provision of these Terms is invalid, illegal, void or unenforceable, then that provision will be deemed severed from these Terms and will not affect the validity or enforceability of the remaining provisions of these Terms.
29. Entire Agreement. Our order confirmation and these Terms will be deemed the final and integrated agreement between you and us on the matters contained in these Terms.

* * * * *

Business Associate Terms for Practitioners

1. General Provisions
1. Applicability of these Business Associate Terms. If you are a practitioner that is a Covered Entity or you are an employee or other workforce member of a physician practice or other entity that is a Covered Entity (“Your Covered Entity”) under the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act and their implementing regulations as amended from time to time (collectively, “HIPAA”), then these Business Associate Terms for Practitioners (these “BA Terms”) are part of the Terms between you and EDI. These BA Terms apply when EDI creates, receives, maintains, transmits, uses or discloses Protected Health Information on behalf of Your Covered Entity (“PHI”) as a Business Associate. 
2. Authority. If you are a workforce member of Your Covered Entity, then you represent and warrant that you are authorized by Your Covered Entity to enter into these BA Terms. 
3. Effect. To the extent that EDI receives PHI in order to perform activities as a Business Associate, the terms and provisions of these BA Terms shall supersede any conflicting or inconsistent terms and provisions in the Terms to the extent of such conflict or inconsistency.
4. Defined Terms. Capitalized terms used in these BA Terms without definition shall have the respective meanings assigned to such terms by HIPAA.

Obligations of EDI  

1. Use and Disclosure of PHI. EDI may use and disclose PHI as permitted or required under the Terms, including these BA Terms, or as Required by Law, but shall not otherwise use or disclose any PHI. EDI shall not use or disclose PHI received from Your Covered Entity in any manner that would constitute a violation of HIPAA if so used or disclosed by Your Covered Entity (except as set forth in Sections 2.1(a), (b) and (c) below). To the extent EDI carries out any of Your Covered Entity’s obligations under the HIPAA privacy standards, EDI shall comply with the requirements of the HIPAA privacy standards that apply to Your Covered Entity in the performance of such obligations. Without limiting the generality of the foregoing, EDI is permitted to use or disclose PHI as set forth below:
1. EDI may use PHI internally for EDI’s proper management and administration or to carry out EDI’s legal responsibilities; 
2. EDI may disclose PHI to a third party for EDI’s proper management and administration, provided that the disclosure is Required by Law or EDI obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as Required by Law or for the purpose for which the PHI was disclosed to the third party and (3) notify Your Covered Entity of any instances of which the third party is aware in which the confidentiality of the PHI has been breached;
3. EDI may use PHI to provide Data Aggregation services relating to the Health Care Operations of Your Covered Entity if required or permitted under the Terms; 
4. EDI may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. EDI may disclose de-identified health information for any purpose permitted by law;
5. EDI may use and disclose PHI to request an authorization, consent or other form of permission from an Individual and may use and disclose PHI in accordance with any such permission obtained from an Individual; and
6. EDI may use and disclose PHI (including, without limitation, a Limited Data Set) for Research as permitted by HIPAA and other applicable law.
2. Safeguards. EDI shall use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted or required by these BA Terms. In addition, EDI shall implement Administrative Safeguards, Physical Safeguards and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of PHI transmitted or maintained in Electronic Media (“EPHI”) that it creates, receives, maintains or transmits on behalf of Your Covered Entity. EDI shall comply with the HIPAA Security Rule with respect to EPHI.
3. Minimum Necessary Standard. To the extent required by the “minimum necessary” requirements of HIPAA, EDI shall only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure. 
4. Mitigation. EDI shall take reasonable steps to mitigate, to the extent practicable, any harmful effect (that is known to EDI) of a use or disclosure of PHI by EDI in violation of these BA Terms.
5. Trading Partner Agreement. EDI shall not take any of the following actions: (a) change the definition, Data Condition, or use of a Data Element or Segment in a Standard, except where necessary to implement state or federal law, or to protect against fraud and abuse, (b) add any Data Elements or Segments to the maximum defined Data Set, (c) use any code or Data Elements that are either marked “not used” in the Standard’s Implementation Specification or are not in the Standard’s Implementation Specification(s), or (d) change the meaning or intent of the Standard’s Implementation Specification(s). 
6. Subcontractors. EDI shall enter into a written agreement meeting the requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor that creates, receives, maintains or transmits PHI on behalf of EDI. EDI shall ensure that the written agreement with each Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive as the restrictions and conditions that apply to EDI under these BA Terms.
7. Reporting Requirements. 
1. If EDI becomes aware of a use or disclosure of PHI in violation of these BA Terms by EDI or a third party to which EDI disclosed PHI, EDI shall report the use or disclosure to Your Covered Entity without unreasonable delay. 
2. EDI shall report any Security Incident involving EPHI of which it becomes aware in the following manner: (1) any actual, successful Security Incident will be reported to Your Covered Entity in writing without unreasonable delay and in no case later than 60 days after discovery of the Security Incident, and (2) all attempted, unsuccessful Security Incidents (e.g., unsuccessful log-in attempts) are hereby deemed reported to Your Covered Entity. 
3. EDI shall, following the discovery of a Breach of Unsecured PHI, notify Your Covered Entity of the Breach in accordance with 45 C.F.R. § 164.410 without unreasonable delay and in no case later than 60 days after discovery of the Breach. 
8. Access to PHI. Within 15 business days of a written request by Your Covered Entity for access to PHI about an Individual contained in any Designated Record Set of Your Covered Entity maintained by EDI, if any, EDI shall make available to Your Covered Entity such PHI for so long as EDI maintains such information in the Designated Record Set. If EDI receives a request for access to PHI directly from an Individual, EDI shall forward such request to Your Covered Entity within ten business days. Your Covered Entity shall have the sole responsibility to make decisions regarding whether to approve a request for access to PHI.
9. Availability of PHI for Amendment. Within 15 business days of receipt of a written request from Your Covered Entity for the amendment of an Individual’s PHI contained in any Designated Record Set of Your Covered Entity maintained by EDI, if any, EDI shall provide such information to Your Covered Entity for amendment and incorporate any such amendments in the PHI (for so long as EDI maintains such information in the Designated Record Set) as required by 45 C.F.R. § 164.526. If EDI receives a request for amendment to PHI directly from an Individual, EDI shall forward such request to Your Covered Entity within ten business days. Your Covered Entity shall have the sole responsibility to make decisions regarding whether to approve a request for an amendment to PHI. 
10. Accounting of Disclosures. Within 30 business days of written notice by Your Covered Entity to EDI that it has received a request for an accounting of disclosures of PHI (other than disclosures to which an exception to the accounting requirement applies), EDI shall make available to Your Covered Entity such information as is in EDI’s possession and is required for Your Covered Entity to make the accounting required by 45 C.F.R. § 164.528. If EDI receives a request for an accounting directly from an Individual, EDI shall forward such request to Your Covered Entity within ten business days. Your Covered Entity shall have the sole responsibility to provide an accounting of disclosures to the Individual.
11. Availability of Books and Records. Following reasonable advance written notice, EDI shall make EDI’s internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by EDI on behalf of, Your Covered Entity available to the Secretary for purposes of determining Your Covered Entity’s compliance with HIPAA.

  Obligations Of Your Covered Entity

1. Permissible Requests. Your Covered Entity shall not request EDI to use or disclose PHI in any manner that would not be permissible under HIPAA if done directly by Your Covered Entity (except as provided in Sections 2.1(a), (b) and (c) of these BA Terms). 
2. Minimum Necessary PHI. When Your Covered Entity discloses PHI to EDI, Your Covered Entity shall provide the minimum amount of PHI necessary for the accomplishment of EDI’s purpose. 
3. Permissions; Restrictions. Your Covered Entity represents and warrants that it has obtained and will obtain any consents, authorizations and/or other legal permissions required under HIPAA and other applicable law for the disclosure of PHI to EDI. Your Covered Entity shall notify EDI of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect EDI’s use or disclosure of PHI. Your Covered Entity shall not agree to any restriction on the use or disclosure of PHI under 45 C.F.R. § 164.522 that restricts EDI’s use or disclosure of PHI under these Terms unless such restriction is Required By Law or EDI grants EDI’s written consent, which consent shall not be unreasonably withheld.
4. Notice of Privacy Practices. Except as Required By Law, with EDI’s consent or as set forth in these Terms, Your Covered Entity shall not include any limitation in the Your Covered Entity’s notice of privacy practices that limits EDI’s use or disclosure of PHI under these Terms.

  Termination 

1. Termination for Breach. Any other provision of the Terms notwithstanding, either party may terminate the Terms upon 90 days’ advance written notice to the other party if that other party breaches these BA Terms in any material respect and such breach is not cured to the reasonable satisfaction of the party claiming breach within such 90-day period.
2. Return or Destruction of PHI upon Termination. Upon expiration or earlier termination of the Terms, EDI shall either return or destroy all PHI received from Your Covered Entity or created or received by EDI on behalf of Your Covered Entity and which EDI still maintains in any form. Notwithstanding the foregoing, to the extent that EDI determines that it is not feasible to return or destroy such PHI, the terms and provisions of these BA Terms shall survive termination of the Terms, and such PHI shall be used or disclosed solely for such purpose or purposes which prevented the return or destruction of such PHI.