Independent Health Employer Group Portal User Agreement

THIS IS A LEGALLY BINDING AGREEMENT between by Independent Health Association, Inc., its affiliates and subsidiaries including Nova Healthcare Administrators, Inc. and Independent Health Corporation d/b/a Independent Health Self-Funded Services ("we," "us," "our" or "Independent Health") and you. BY CLICKING “I AGREE,” OR BY ACCESSING OR USING THE SERVICES, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS EMPLOYER GROUP PORTAL USER AGREEMENT (“AGREEMENT”). You and we are collectively referred to as the “Parties.”

1. Definitions

For the purposes of this Agreement, the terms set forth in this Section 1 have the meanings assigned to them below.

“Administrator” means a Group Administrator or Third Party Administrator. Administrators will have Administrative Rights with respect to the Group’s use of the Services.

“Administrative Rights” means the rights to administer and direct the use of a Group’s account, including the authority to provide, request, issue, administer, limit and revoke Users’ access to the Services, other, rights to issue and administer Credentials to Users, and rights to execute enrollment and other transactions on behalf of the Group.

“Confidential Information” means any information relating to our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, product plans, designs, prices, marketing plans, strategies, processes, data, business requirements, technologies, software functionality and code, and included Derivatives. “Confidential Information” also includes any of other information that is treated or designated by us as confidential or proprietary, or would reasonably be viewed as confidential or as having value to our competitors. “Confidential Information” does not include information that we make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by you.

“Consent” means consent or authorization by a user of the Services allowing us to take actions described under this Agreement, which the user of the Services may give in an electronic communication to us or by use of the features of the Services (such as “share,” “transmit,” “refer,” “authorize,” “opt-in,” “agree” or toggling or selecting an action through a settings or activation page located within the Service, and the like). Such Consent may apply to an individual case or situation, or may apply globally or programmatically based on variables that apply to an overall situation or circumstance (whether through a settings or preference page, a global “opt-in” or otherwise).

“Credentials” means any unique identifier, password, token, credential, any combination thereof, or other means we may utilize from time to time for authorizing access to all, or any portion of, the Services.

“Group Administrator” means one or more individuals within your organization designated as having employer portal administration privileges on the HIPAA Plan Sponsor Certification Form, or similar document, delivered by your Group to Independent Health in connection with your use of the Services.

“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.

“HITECH Act” means the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

“Personal Information” means information that includes an individual’s name, contact information, government identifiers, or includes identifiers that could reasonably be anticipated to identify an individual personally by an anticipated recipient.

“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the Services, as changed from time to time and as posted electronically on our Internet website.

“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as amended.

“Protected Health Information” has the meaning given it in the Privacy Rule.

“Group” means an employer or other party that has entered into a contract with us for insurance coverage or for administrative services related to a self-funded employer health plan.

“Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C, as amended.

“Services” means the Independent Health employer group portal, and the information, enrollment claims and other services provided by us to you via the Independent Health employer group portal.

“Third Party Administrator” means one or more third parties designated by the Group as having employer portal administration privileges on the HIPAA Plan Sponsor Certification Form, or similar document, delivered by your Group to Independent Health in connection with your use of the Services.

“User” (capitalized) means those persons who are the Group’s employees or agents, and who an Administrator has authorized to access the Services on Group’s behalf through issuance of Credentials.

“user” (un-capitalized) shall mean any user of the Services.

“Your Health Information” means Protected Health Information that a Group, its Administrators and Users may input or upload onto the Services, or that we receive on a Group’s behalf from patients, service Groups, or our third party partners.

“Your Information” means information that a Group, its Administrators and Users may input or upload onto the Services, including Your Personal Information and Your Health Information.

“Your Personal Information” means Personal Information that a Group, its Administrators and Users may enter or upload onto the Services.

In addition, the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation.” The word “will” shall be construed to have the same meaning and effect as the word “shall.” The word “or” shall be construed to have the same meaning and effect as “and/or.” The words “herein,” “hereof” and “hereunder,” and words of similar import, shall be construed to refer to these Terms of Use. The headings used in this Agreement are used for convenience only and are not to be considered in construing or interpreting this Agreement.

2. Grant of Right to Use the Services

2.1 We grant to you and you accept a non-exclusive, personal, non-transferable limited right to access and use the Services, and a non-exclusive, personal, non-transferable, limited license to use any computer software or data furnished by us for access to or use of or in connection with the Services, in each case, until this Agreement is terminated by either party as set forth in Section 3.1.3 below and subject to your full compliance with the terms and conditions set forth in this Agreement and with our Policies and Procedures. You will obtain no rights to the Services, software or data furnished by us except for the limited rights to use the Services expressly granted by this Agreement.

3.1 Access Rights of Groups and their Users.

3.1.1 Group . We offer the Services to Groups, their Administrators and their Users, as more fully described in this Section 3.1. We treat the Group as the owner of all Administrator and User accounts associated with such Group. An Administrator of the Group must notify Independent Health immediately concerning any change in the Group’s Administrator(s). Such notice may be given by sending an email to sales.administration@independenthealth.com and completing a new HIPAA Plan Sponsor Certification Form, or similar document, as the same may be amended from time to time.

Although a User (including Administrators) may agree to the terms of this Agreement in connection with their use of the Services on behalf of the Group, only the Group (and not individual Users or Administrators) is entitled to any of the rights, remedies or benefits under this Agreement and ultimate control over the Administrative Rights. Notwithstanding the Users’ obligations under Section 3.1.3, the Group is subject to, and we may enforce against it, all of the covenants, obligations, restrictions, limitations, acknowledgements, consents, representations, warranties, waivers and releases included in this Agreement, and shall be responsible for all activity of its Administrator(s) and Users in using the Service.

3.1.2 Administrators. An Administrator of a Group may obtain an account on behalf of such Group. If you are establishing an account or taking any action with respect to a Group’s account as an r Administrator, you represent and warrant that (a) you have the authority to act on such Group’s behalf, (b) the information you submit is complete and accurate, and (c) you have the authority to enter into this Agreement on behalf of such Group and bind such Group to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in this Agreement. If you are a Third Party Administrator, you further represent and warrant that you have authority to enter into this Agreement on behalf of the entity providing services to such Group, and to bind such entity to the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations, warranties, grants, waivers and releases contained in this Agreement.

3.1.3 User. If a Group has authorized you to access the Services by issuing Credentials to you, then you are authorized under this Agreement to access and use the Services solely on behalf and at the direction of such Group. Subject to applicable law and the HIPAA Plan Sponsor Certification Form, you consent to and authorize the disclosure to such Group (whether via its Administrators or otherwise) any content related to, or otherwise generated by your use of the Services. You hereby agree and acknowledge that you are subject to, and we may enforce against you, all of the covenants, obligations, restrictions, limitations, acknowledgements, Consents, representations and warranties set forth in this Agreement that are applicable to Users under this Agreement, and you hereby grant and make all rights, waivers and releases set forth in this Agreement that are granted and made by Users under this Agreement. You acknowledge and agree that your access to the Services may be terminated by the Group (whether via Administrators or otherwise) or us at any time, for any reason or no reason at all, with or without notice. By (i) accessing any of the Services under a Group’s account(s), you represent and warrant that all information provided by you is true, complete and correct, and that you have the authority to effect any transactions you may effect, whether on behalf of yourself or any other person or entity.

3.3 Verification. You agree that your use of the Services, or certain features or functionality of the Services, may be subject to verification by us of your identity and credentials as an Administrator or User. You authorize such third parties to disclose to us such information as we may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information.

3.4 Use of the Services.

3.4.1 You will agree that you will not use the Services for any purpose that is prohibited by applicable law or regulation. In addition, you will not:

(a) reproduce, publish, or distribute content in connection with the Services that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right; nor

(b) use the Services to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material.

(c) abuse or misuse the Services, including gaining or attempting to gain unauthorized access to the Services, or altering or destroying information housed in the Services;

(d) use the Services in a manner that interferes with other users’ use of the Services;

(e) use the Services in any manner that violates this Agreement or our Policies and Procedures;

(f) circumvent any technical measures we have put in place to safeguard the Services or the confidentiality, integrity or accessibility of any information housed thereon, or any technical measures we have put in place to restrict access to the Services solely to the class of persons expressly so authorized pursuant to Section 3;

(g) access any portion of the Services other than with a commercial browser (such as Internet Explorer, Mozilla Firefox or Chrome) or mobile applications developed and operated by us;

(h) decompile, reverse engineer or otherwise attempt to derive the source code for the Service;

(i) modify, combine, integrate, render interoperable, or otherwise access for purposes of automating data conversion or transfer, the Services or associated software with any other software or services not provided or approved by us; or

(j) redistribute, sell, rent, lease, sublicense, or otherwise transfer rights to the Service.

3.5 Safeguards.

3.5.1 The Group and all Third Party Administrators will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Services. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, and other applicable provisions of HIPAA and the HITECH Act. The Group and all Third Party Administrators will maintain appropriate security with regard to all personnel, systems, and administrative processes used by the Group, its Administrators and Users to transmit, store and process information and materials through the use of the Services; provided, that in no event shall such safeguards involve less than reasonable care.

3.5.2 The Group (via its Administrators or otherwise) and each User will: (i) immediately notify us of any breach or suspected breach of the security of the Services of which such persons become aware, or any unauthorized use of the Services, or any unauthorized use or disclosure of information within or obtained from the Services; (ii) take such actions to mitigate the breach, suspected breach, or unauthorized use or disclosure of information within or obtained from the Services as we may direct; and (iii) cooperate with us in investigating and mitigating the same.

3.7 User Identification.

We authorize each Administrator, and User to use the Credentials uniquely assigned to, or selected by, each such person. You acquire no ownership rights in any such Credentials, and such Credentials may be revoked, reset or changed at any time in the discretion of us or an Administrator. You will adopt and maintain reasonable and appropriate security precautions for your Credentials to prevent their disclosure to or use by unauthorized persons. Each Administrator and User shall have and use a unique identifier and password. You will not share your Credentials with any other person. You assume all responsibilities for and all risks of loss from your Credentials to any third party, including any website that spoofs or otherwise imitates the Service, or by linking to third party websites from unauthorized Email, and you hereby release us from all liabilities and obligations in connection with such actions. To help safeguard your security, you should change your password frequently. Administrators will ensure that no User uses Credentials assigned to another User.

3.8 No Unauthorized Access.

Except as required by law, the Group will not permit any person other than an Administrator or User to use or access the Services without our prior written agreement. Neither the Group, nor its Administrators will authorize or assist any person or entity in accessing, or attempting to access, any portion of the Services via any means other than as permitted by Section 3.4(g) above. The Group (via its Administrators or otherwise) will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the Services. The Group, its Administrators, Users, and other employees and agents will cooperate fully with us in connection with any such demand. The Group (via its Administrators or otherwise) and each User will also notify us in the event that any person or entity, whether or not a User, (a) attempts to access the Services by any means other than a commercial browser, (b) claims to offer a service or system that “integrates with” our Services or (c) requests to use your Credentials or requests that you obtain Credentials in order to access the Services in a manner that would violate this Agreement if you engaged in such activity.

3.9 Administrators and Users.

The Group may permit only its Administrators and Users to use the Services on its behalf, subject to the terms of this Agreement. The Group, via its Administrators or otherwise, will:

3.9.1 require each Administrator and User to have unique Credentials, and will provide the legal name, email address and other contact information reasonably requested by Independent Health for each such person for whom the Group is seeking Credentials;

3.9.2 train all Administrators(s) and Users in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the Services, and ensure that they comply with such requirements;

3.9.3 take appropriate disciplinary action against any Administrator or User who violates the terms of this Agreement or the Policies and Procedures;

3.9.4 ensure that only the person to whom a specific set of Credentials have been assigned accesses the Services with such Credentials;

3.9.5 immediately notify us of its withdrawal of authorization of any Administrator to access or use the Service, whether due to termination of employment or otherwise; and

3.9.6 immediately terminate each the access of any User whose authorization to access or use the Services has been withdrawn by the Group, whether due to termination of employment or otherwise.

3.10 Compliance with Law.

You are solely responsible for ensuring that your use of the Services complies with applicable law, including laws relating to the maintenance of the privacy, security, and confidentiality of patient and other health information. The Administrator will not grant any User any rights to access or use our Services that they would not be allowed to have under applicable laws. We offer no assurance that your use of the Services under the terms of this Agreement will not violate any law or regulation applicable to you

3.11 Cooperation.

You will cooperate with us in the delivery of the Services, including providing reasonable assistance in evaluating the Services and collecting and reporting data requested by us for purposes of administering the Services.

3.12 Indemnification.

The Group hereby agrees to indemnify, defend, and hold harmless us and other users, and our and their respective affiliates, officers, directors, employees and agents, from and against any claim, cost or liability, including reasonable attorneys’ fees, arising out of or relating to: (a) the use of the Services by your Administrators and Users; (b) any breach by you or your Administrators or Users of any representations, warranties or agreements contained in this Agreement; (c) the actions of any person gaining access to the Services under Credentials assigned to your Administrators or Users; (d) the actions of anyone using Credentials assigned to your Administrators or Users that adversely affects the Services or any information accessed through the Services; and (e) your, or your Administrators’ or Users’ negligence, recklessness or willful misconduct. Your indemnification obligations in this Agreement (including this Section 3.12) are cumulative, and are not intended to, nor do they, limit your indemnification obligations elsewhere in this Agreement or at law, even if such obligations arise or are occasioned or triggered by a single assertion, claim, circumstance, action, event or transaction.

Use of Information

4.1 Reporting, Analysis and Aggregation.

The purpose of the Services is to exchange and transmit information between Independent Health and the Group, including Your Information and other Confidential Information, and to make such information available to the Group, its Administrators and its Users. By uploading, submitting, storing with, or sending information to Independent Health through the Service, Group hereby grants Independent Health the right to use, host, store, reproduce, modify, de-identify in accordance with 45 CFR § 164.514(b), aggregate, and create derivative works of such information (collectively, “Derivatives”). Such Derivatives shall be the property of Independent Health.

4.2 Other Uses.



Independent Health may use Your Information for the management, administration, analysis and improvement of the Services and our business, and to carry out our legal responsibilities. Without limiting the foregoing, we may permit access to the system by our contracted system developers and service Groups. We may also use or disclose Your Information for other purposes, as from time to time described in our Policies and Procedures; provided that we will not make or permit any such use or disclosure that would violate applicable law or regulation. Please see our Privacy Policy for more information on how we may use Your Information.

4.3 Responsibility for Misuse by Other Users.

The Group acknowledges that in granting access to Administrators and Users, Independent Health will rely on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the Services, and (iii) the nature and extent of the information to which they will have access. Groups, Administrators and Users agree that we will not be responsible for any unlawful access to or use the Services by any user resulting from the user’s misrepresentation to us, or breach of this Agreement or our Policies and Procedures.

5. Computer Systems

You agree and acknowledge that you will be required to acquire, install, configure and maintain all hardware, software and communications systems necessary to access the Services (your “Implementation”). Your Implementation will comply with the specifications from time to time established by us. You will ensure that your Implementation is compatible with the Services.

6. Confidential Information

6.1 You may not disclose our Confidential Information to any other person, and you may not use any Confidential Information except for the purpose of using the Services in accordance with the terms of this Agreement. Except as otherwise provided in this Agreement, you may not, without our prior written consent, at any time, directly or indirectly, divulge or disclose Confidential Information for any purpose. You will disclose Confidential Information only to members of the Group’s workforce who have a need to use it for the purposes of this Agreement. You will hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You will inform all such recipients of the confidential nature of Confidential Information and will instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You will promptly advise us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to your attention.

6.2 You agree that we will suffer irreparable harm if you fail to comply with your obligations set forth in Section 6.1, and you further agree that monetary damages will be inadequate to compensate us for any such breach. Accordingly, you agree that we will, in addition to any other remedies available to us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.

7. No Warranties

ACCESS TO THE SERVICES AND THE INFORMATION CONTAINED ON THE SERVICES IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, AND WE DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SERVICES OR THE INFORMATION IN THE SERVICES, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SERVICES.

8. Modification; Suspension

8.1 Modification.

We may update or change the Services or the terms set forth in this Agreement from time to time. Accordingly, we recommend that you review the Agreement on a regular basis. You understand and agree that your continued use of the Services after the Agreement has been updated or changed constitutes your acceptance of the revised Agreement.

8.2 Suspension of Access.

We may suspend access to the Services by any of your Administrators or Users immediately pending your cure of any breach of this Agreement, or in the event we determine in our sole discretion that access to or use of the Services by any Administrator or User may jeopardize the Services or the confidentiality, privacy, security, integrity or availability of information within the Services, or that any Administrator or User has violated or may violate this Agreement or our Policies and Procedures, or has jeopardized or may jeopardize the rights of any third party, or that any person is or may be making unauthorized use of the Services with any Credentials assigned to any Administrator or User. Our election to suspend the Services shall not waive or affect our rights to terminate this Agreement as permitted under this Agreement.

9. Entire Agreement

This Agreement, together with the Policies and Procedures, sets forth the entire agreement between the parties respecting use of the Services, and supersedes all prior negotiation and agreements between the parties relating to the subject of this Agreement. In the event of any conflict between the terms of this Agreement and any insurance or administrative services agreement between the Group and Independent Health, the terms of such insurance contract or administrative services agreement shall prevail.

10. Governing Law

This Agreement shall be governed by the laws of the State of New York, notwithstanding conflict of law rules.

11. Dispute Resolution

Any controversy or claim arising out of or relating to this Agreement shall be finally settled by arbitration under the rules and procedures of the American Health Lawyers Association (“AHLA”) Dispute Resolution Service utilizing one neutral arbitrator who shall be chosen from a list of arbitrators maintained by the AHLA. Arbitration shall be heard in the County of Erie, New York. Judgment upon any award(s) rendered by the arbitrator may be entered in any court having jurisdiction thereof. Each party shall bear its own costs and expenses, including attorneys’ fees, in connection with any such dispute. Any arbitration shall be confidential, and except as required by law, neither party may disclose the existence, content or results of any arbitration hereunder, without the prior written consent of the other party, except that disclosure is permitted to a party’s auditors and legal advisors.

12. Survival

Sections in this Agreement concerning confidentiality, indemnification, limitation of liability, arbitration, choice of law, and entire agreement shall survive the termination of this Agreement for any reason.

13. Severability

In the event any of the provisions of this Agreement shall be held to be unenforceable, the remaining provisions shall be unimpaired, and the unenforceable provision shall be replaced by such enforceable term or provision as comes closest to the intention underlying the unenforceable term or provision.

14. Electronic Communications

To the fullest extent permitted by applicable law, this Agreement and any other agreements, notices, disclosures, messages or alerts, or other communications regarding the Service (collectively referred to as "Communications"), may be provided to you electronically and you agree to receive Communications in an electronic form. Electronic Communications may be posted on the pages within this Site and/or delivered to your e-mail address on record with us. You will print a paper copy of any electronic Communication and retain it for your records. All electronic Communications will be considered to be "in writing," and to have been received and effective upon posting on this Site or dissemination to your email address, whether or not you have retrieved or read the electronic Communication. Your consent to receive Communications electronically is valid until you revoke your consent by notifying Independent Health by a paper writing of your decision to do so. If you revoke your consent to receive Communications electronically, Independent Health may terminate your right to use the Service.

15. Electronic Signatures and Records

Independent Health may adopt or accept authentication procedures and security procedures to: (a) verify the identity of a sender of agreements, disclosures, notices, records or data (“Electronic Records”) , (b) determine the Electronic Record has not been altered during electronic transmission or storage, and (c) authenticate the sender's Electronic Signature and attribute the Electronic Record to such sender, which authentication procedures may be logically associated with such Electronic Records. You may adopt as your signature an electronic identification consisting of symbol(s) or code(s) or by clicking on an "accept" or similar button ("Electronic Signatures"). To the extent permitted by applicable law, such Electronic Signature shall be sufficient to verify and authenticate your identity and to evidence your acceptance of and agreement to be bound by the terms and conditions of such Electronic Record.

16. Assignment

You may not transfer or assign this Agreement without our prior written approval, and any unauthorized assignment or transfer will be null and void. We may assign or transfer this Agreement at any time without notice or consent.