Legal

Terms of Use (Primary User)

Last Modified: 07/26/2021

IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, PLEASE CONTACT YOUR LOCAL EMERGENCY SERVICES OR DIAL 9-1-1 ON YOUR TELEPHONE. ALLEVIA DOES NOT PROVIDE EMERGENCY SERVICES.
 

Acceptance of the Terms of Use

These terms of use are entered into by and between you (“you” or the “Primary User”) and Valhalla Healthcare, Inc. (“Company”, “Valhalla,” “we” or “us”). The following terms and conditions, together with any documents they expressly incorporate by reference (collectively, the “Terms of Use”), govern your access to and use of the Company’s website, the Allevia website application (“Allevia”), and all related products, including any content, functionality, and services offered on or through Allevia.

Please read the Terms of Use carefully before you start to use Allevia. This is a legally binding agreement and the equivalent of a signed, written contract.

By clicking to agree to the Terms of Use when this option is made available to you, you represent that you have read and considered these Terms of Use, and that you accept and agree to be bound and abide by these Terms of Use.

Following your agreement to the Terms of Use, you will be asked to review, consider, and agree to two additional documents: our Privacy Policy (which can be viewed by clicking here), and an Authorization to Use and Disclose PHI (which can be viewed by clicking here), both of which (along with any revisions thereto) are incorporated herein by reference. Once you have indicated your agreement to all three documents, a copy of each will be sent to the email address that you provided.

You will not be allowed to access or use Allevia unless you indicate your agreement to all three documents. Following any revision to the Terms of Use, Privacy Policy, or Authorization to Use and Disclose PHI, you will not be allowed to continue to access or use Allevia unless you indicate your agreement to all three documents.

If you do not want to agree to these Terms of Use, the Privacy Policy, or the Authorization to Use and Disclose PHI, or to any revision of any of these documents, then you must not access or use Allevia.

Allevia is offered and available to users who are 18 years of age or older, and reside in the United States or any of its territories or possessions. By using Allevia, you represent and warrant that you are of legal age to form a binding contract with the Company and meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use Allevia.
 

Definitions

Allevia. Allevia is a software application that uses artificial intelligence and machine learning to streamline the clinical documentation process.

Network. Your Network is made up of the Primary User and any Providers whom the Primary User has invited to participate in the Primary User’s Network. The Primary User and the Providers in that Primary User’s Network are the “Network Members.”

Health Profile. A Health Profile is a document that analyzes and summarizes the information that the Primary User communicates to Allevia. Allevia will take that information and assemble it into a summary for the Primary User to review and (if necessary) correct. Allevia will then transform that into a clinical summary for Providers to use. That clinical summary is the Health Profile.

Primary User. You are the Primary User – the individual who will interact with Allevia to create a Health Profile for transmission to a Provider.

Primary User Information. All information and documents that are communicated or uploaded to Allevia by Network Members, and all information and documents that Allevia develops as a result, comprise the Primary User Information. Primary User Information also includes, without limitation, the Primary User’s account information and Health Profiles.

Provider. A Provider is any healthcare provider, healthcare practice, or hospital that the Primary User authorizes to receive his/her Health Profile.
 

The Company and Allevia Are Not Health Care Providers

Allevia facilitates the clinical documentation process by receiving information from a Primary User, transforming it into an easy-to-use clinical document format, and providing it to the authorized Provider(s). The Company is not a health care provider, and we will not provide you with health care advice. Any health care advice that a Provider communicates to you is solely the responsibility of that Provider. You agree that you shall not rely on the Company, and that the Company shall have no responsibility or liability, for the truth, accuracy, or efficacy of any diagnosis, treatment plan, prescription, treatment (as well as any decision not to conduct treatment), or any other form of medical or health care that is developed, discussed, or otherwise communicated or conducted by means of or in connection with Allevia.
 

Do Not Use Allevia To Obtain Emergency Services or Urgent Care

Allevia does not provide or facilitate emergency services or urgent care. If you are experiencing a medical emergency or other urgent health issue, do NOT attempt to obtain emergency or urgent medical care through Allevia. Please call 9-1-1 on your telephone, or contact your local emergency or urgent care service providers directly by phone.
 

Changes to the Terms of Use

We may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of Allevia thereafter.

We will notify you of changes to the Terms of Use by means of the email address that you have provided. To continue using or accessing Allevia, you will be required to agree to such revised Terms of Use.
 

Company’s License to You

Company grants you a single, non-exclusive, non-transferable, and limited personal license to access and use Allevia. This license is conditioned on your continued compliance with this Terms of Use. You may not rent, lease, lend, sell, transfer, redistribute, or sublicense Allevia and if you sell or otherwise transfer a device on which Allevia is installed to a third party, you must remove Allevia from such device before doing so. You may not copy, decompile, reverse-engineer, disassemble, attempt to derive the source code of, modify, or create derivative works of Allevia, any updates, or any part thereof (except as and only to the extent that any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open-sourced components included with Allevia).
 

Your Network

The main purpose of Allevia is to help create preliminary clinical documentation about a Primary User for use by Providers. To do so, Allevia will ask the Primary User questions to elicit personal information, including health information, and may ask the Primary User to upload health-related documents. Such information may be protected by the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996, as amended). To permit Allevia to do so, you must review, agree to, and electronically sign the Authorization to Use and Disclose PHI, which you may view by clicking here, before you may use Allevia.

As the Primary User, you will have the opportunity to invite your healthcare providers to join your Network as “Providers.” For the protection of your personal health information, we will not permit any Provider to join your Network unless they agree to the Terms of Use applicable to them, to the Privacy Policy, and to the Business Associate Agreement that HIPAA requires.

Each Provider will have access to all documents and information that you provide Allevia. Except for certain Company administrators who are bound to confidentiality agreements, no one outside your Network will have access to these documents and information.

The information and documents that you communicate to Allevia and your Health Profile – collectively, the “Primary User Information” – shall be considered confidential and potentially a part of your digital health record. We will treat all Primary User Information, including without limitation communications that contain Protected Health Information (as that term is defined by HIPAA), as highly confidential and subject to protections under HIPAA. All Primary User Information shall be encrypted. In particular, only identity-verified Providers may view a Primary User’s Health Profiles. The Company shall not view the content of any Primary User Information except for account information.

We cannot, however, ensure that your Providers will comply with the Terms of Use or maintain the privacy or confidentiality of your private information. By agreeing to these Terms of Use, you accept the risk that the privacy and confidentiality of your personal information may be violated by your Providers, and you acknowledge and agree that the Company will bear no responsibility for the conduct of your Providers.

To view the Terms of Use applicable to Providers, click here. To view the Business Associate Agreement, click here.
 

Electronic Signatures

You agree to be bound by any affirmance, assent, or agreement that you transmit to Company using Allevia, including but not limited to any consent you give to receive communications from Company solely through electronic transmission. You agree that, when in the future you click on an “I agree,” “I consent,” or other similarly worded “button” or entry field in Allevia, your agreement or consent will be legally binding and enforceable and the legal equivalent of your handwritten signature.
 

Carrier Charges

Your carrier’s data rates may apply to your use of Allevia.
 

Accessing Allevia and Account Security  

We reserve the right to withdraw or amend Allevia, and any service or material we provide on Allevia, in our sole discretion without notice. We will not be liable if for any reason all or any part of Allevia is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Allevia, or the entire App, to users, including registered users.

You are responsible for:

  • Making all arrangements necessary for you to have access to Allevia.

  • Ensuring that all persons who access Allevia through your internet or cellular data connection are aware of these Terms of Use and comply with them.

  • Ensuring that we have your correct contact information, including your email address, phone number, and mailing address, and that you inform us promptly of any changes in your contact information. Failure to do so may cause you not to receive critical information about your health care, and critical notifications about changes to the Terms of Use or other policies that govern your use of Allevia.

 

You acknowledge and agree that we are not responsible and shall not be liable for any injury, inconvenience, or other damages caused by your failure to maintain accurate and current contact information.

You may obtain a free copy of all the data in your account, including all Primary User Information and uploaded data, as a secure download by following the instructions on this page. This right is subject to the Company’s right to delete the information associated with your account, as permitted by law, described below.  

To access Allevia or some of the resources it offers, you may be asked to provide certain registration details or other information. It is a condition of your use of Allevia that all the information you provide on Allevia is correct, current, and complete. You agree that all information you provide to register with Allevia or otherwise, including but not limited to through the use of any interactive features on Allevia, is governed by our Privacy Policy and the Authorization to Use and Disclose PHI, and you consent to all actions we take with respect to your information that are consistent with those documents.

If you choose, or are provided with, a user name, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to Allevia or portions of it using your user name, password, or other security information. You agree to notify us immediately if there is any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a computer or mobile device that is not your own, so that others are not able to view or record your password or other personal information.

We have the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms of Use.
 

Intellectual Property Rights

Allevia and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof), are owned by the Company, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.

These Terms of Use permit you to use Allevia for your personal, non-commercial use only. You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our App, including without limitation any text, illustrations, photographs, graphics, video, or audio sequences (“Content”), except as follows:

  • Your computer or mobile device may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.

  • You may store files that are automatically cached by your Web browser for display enhancement purposes.

  • You may download a single copy of Allevia to your computer or mobile device solely for your own personal, non-commercial use, not for further reproduction, publication, or distribution.

  • You may download secure copies of the data associated with your account, including Primary User Information and uploaded data, as described above.

 

You must not:

  • Modify copies of any materials from Allevia.

  • Use any Content from Allevia in any context except within Allevia; provided that you shall be permitted to modify and use any Content created by you or another member of your Network that does not violate the intellectual property rights of any third party.

  • Delete or alter any copyright, trademark, or other proprietary rights notices from copies of materials from this site.

 

You must not access or use for any purposes, commercial or otherwise, any part of Allevia or any services or materials available through Allevia, except for the intended purposes as described in these Terms of Use.

If you print, copy, modify, download, or otherwise use or provide any other person with access to any part of Allevia except as expressly permitted by the Terms of Use, your right to use Allevia will cease immediately. No right, title, or interest in or to Allevia or any content on Allevia is transferred to you, and all rights not expressly granted are reserved by the Company. Any use of Allevia not expressly permitted by these Terms of Use is a breach of these Terms of Use and may violate copyright, trademark, and other laws.
 

Trademarks  

“Allevia,” the Company name, the Allevia logo, the Company logo, and all related names, logos, product and service names, designs, and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs, and slogans on Allevia are the trademarks of their respective owners.
 

Prohibited Uses

You may use Allevia only for lawful purposes and in accordance with these Terms of Use. You agree that:

  • You will not use Allevia in any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries, and any law governing the privacy or security of health information, such as HIPAA, or that would cause the Company to violate any such law or regulation.

  • You will not use Allevia to exploit, harm, or attempt to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information, or otherwise.

  • You will not use any electronic communication feature of Allevia for any purpose that is unlawful, tortious, abusive, intrusive on another’s privacy, harassing, libelous, defamatory, embarrassing, obscene, threatening, or hateful.

  • You will not use Allevia to upload, post, reproduce, or distribute any information, software, or other material protected by copyright or any other intellectual property right (as well as rights of publicity and privacy) without first obtaining the permission of the owner of such rights.

  • You will only use Allevia to collect or store information about yourself, the Primary User of the account.

  • You will not use Allevia for any commercial purpose not expressly approved by Company in writing. You will not use Allevia to upload, post, email, or otherwise transmit any advertising or promotional materials, including without limitation “junk mail,” “surveys,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation or unauthorized communication.

  • You will not upload, post, email, or otherwise transmit any material that contains viruses or any other computer code, files, or programs that might interrupt, limit, or interfere with the functionality of any computer software or hardware or telecommunications equipment.

  • You will not use Allevia when you are driving a motor vehicle, even if doing so is legally permitted in your location.

  • You will not impersonate or attempt to impersonate the Company, a Company employee, another user, or any other person or entity (including without limitation by using e-mail addresses or screen names associated with any of the foregoing).

  • You will not engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Allevia, or that, as determined by us, may harm the Company or users of Allevia or expose them to liability.

 

Additionally, you agree not to:

  • Use Allevia in any manner that could disable, overburden, damage, or impair the site or interfere with any other party’s use of Allevia, including their ability to engage in real time activities through Allevia.

  • Use any robot, spider, or other automatic device, process, or means to access Allevia for any purpose, including monitoring or copying any of the material on Allevia.

  • Use any manual process to monitor or copy any of the material on Allevia or for any other unauthorized purpose without our prior written consent.

  • Use any device, software, or routine that interferes with the proper working of Allevia.

  • Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Allevia, the server on which Allevia is stored, or any server, computer, or database connected to Allevia.

  • Attack the Company or Allevia via a denial-of-service attack or a distributed denial-of-service attack.

  • Otherwise attempt to interfere with the proper working of Allevia.


Your Right to Terminate         

You may terminate your Valhalla account for any reason and at any time by notifying us at support@valhalla.healthcare. Please keep in mind that terminating your Valhalla account may affect your ability to receive medical care.
 

Monitoring and Enforcement; Termination by Valhalla  

We have the right to:

  • Take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of Allevia.

  • Terminate or suspend your access to all or part of Allevia for any or no reason, including without limitation, any violation of these Terms of Use.

 

Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone posting any materials on or through Allevia. YOU WAIVE AND HOLD HARMLESS THE COMPANY FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY THE COMPANY DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER THE COMPANY OR LAW ENFORCEMENT AUTHORITIES.

All electronic communications using Allevia shall be encrypted. You acknowledge that there is nevertheless a risk that data, including email, electronic communications, and personal data, may be accessed by unauthorized third parties when communicated between you and Company or between you and other parties.

Company and its affiliates and agents may monitor your use of Allevia to evaluate the quality of service you receive, your compliance with the Terms of Use, the security of Allevia, or for other reasons. You agree that such monitoring activities will not entitle you to any cause of action or other right with respect to the manner in which Company or its affiliates or agents monitor your use of Allevia and enforces or fails to enforce the Terms of Use or any other agreement. In no event will Company or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by Company or its affiliates or agents.

However, we cannot review all material before it is posted on Allevia, and cannot ensure prompt removal of objectionable material after it has been posted. Accordingly, we assume no liability for any action or inaction regarding transmissions, communications, or content provided by any user or third party. We have no liability or responsibility to anyone for performance or nonperformance of the activities described in this section.

The Company may terminate your account and your use of Allevia for any reason, including, among other things: your non-payment; your decision to cancel; the Company’s dissolution; and your violation of the Terms of Use. If your account is terminated, Company may, in its sole discretion, delete and destroy any or all data associated with your account, including without limitation Primary User Information, to the extent allowed by law. 
 

Obtaining your Health Data

At any time prior to the termination of your account, you may obtain a full copy of your Primary User Information for free by following the instructions listed here.

After termination of your account, your Primary User Information may no longer be available. It is very important to make sure that you and/or your Provider(s) obtain from Valhalla whatever records you wish to keep before your account is terminated.
 

Content Standards

All Primary User Information and use of Allevia must comply with these Content Standards. Primary User Information must in its entirety comply with all applicable federal, state, local, and international laws and regulations. Without limiting the foregoing, Primary User Information must not:

  • Contain any material that is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory or otherwise objectionable.

  • Promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.

  • Infringe any patent, trademark, trade secret, copyright or other intellectual property or other rights of any other person.

  • Violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with these Terms of Use and our Privacy Policy.

  • Be likely to deceive any person.

  • Promote any illegal activity, or advocate, promote, or assist any unlawful act.

  • Cause annoyance, inconvenience or needless anxiety or be likely to upset, embarrass, alarm or annoy any other person.

  • Impersonate any person, or misrepresent your identity or affiliation with any person or organization.

  • Involve commercial activities or sales, such as contests, sweepstakes, and other sales promotions, barter, or advertising.

  • Give the impression that they emanate from or are endorsed by us or any other person or entity, if this is not the case.
     

Reliance on Information Posted

Except for information about your account and the status of membership in your Network, the information and other content that you may encounter or obtain through your use of Allevia is created entirely by third parties within your Network, not by the Company. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to Allevia, or by anyone who may be informed of any of its contents.

Allevia may include content provided by third parties, including materials provided by other users, bloggers and third-party licensors, syndicators, aggregators and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by the Company, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of the Company. We are not responsible or liable to you or any third party for the content or accuracy of any materials provided by any third parties.

Information About You and Your Use of Allevia  

All information we collect on Allevia is subject to our Privacy Policy, Authorizations to Use and Disclose PHI, and Business Associate Agreements. By using Allevia, you consent to all actions taken by us with respect to your information in compliance with these documents.

Geographic Restrictions 

The Company that owns Allevia is based in the State of Texas in the United States. We provide Allevia for use only by persons located in the United States. We make no claims that Allevia or any of its content is accessible or appropriate outside of the United States. Access to Allevia may not be legal by certain persons or in certain countries. If you access Allevia from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

Disclaimer of Warranties  

YOUR USE OF ALLEVIA, ITS CONTENT, AND ANY INFORMATION OR SERVICES OBTAINED THROUGH ALLEVIA IS AT YOUR OWN RISK. ALLEVIA, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH ALLEVIA ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF ALLEVIA OR ANY INFORMATION OR SERVICES TRANSMITTED OR OBTAINED BY MEANS OF ALLEVIA. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT ALLEVIA, ITS CONTENT, OR ANY INFORMATION OR SERVICES OBTAINED THROUGH ALLEVIA WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, OR THAT ALLEVIA OR ANY INFORMATION OR SERVICES OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Indemnification and Covenant Not To Sue

You agree to defend, indemnify and hold harmless the Company, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, penalties, audits, consent decrees, or fees (including attorneys’ fees) arising out of or relating to (i) your negligence or willful misconduct, (ii) your breach or violation of any of the Terms of Use, the Authorization to Use and Disclose PHI, or any other agreement, (iii) your failure to maintain the secrecy and security of your login information (such as your username and password) or any Primary User Information, or (iv) your use of Allevia, including, but not limited to, any use of Allevia’s content, services, and products other than as expressly authorized in these Terms of Use, or your use of any information obtained from Allevia.

You further agree to indemnify, defend, and hold Company harmless from and against any claims, suits, actions, causes of action, losses, or the like, (collectively, “Claims”), including without limitation legal fees and costs, brought against Company by any third party or parties, in connection with any claim for liability (including without limitation medical malpractice liability) arising from or relating to the provision of medical or health care, including without limitation any diagnosis, prescription, treatment plan, or treatment (including the failure to provide treatment), whether or not developed, discussed, or otherwise communicated or conducted by means of Allevia.

You agree that you, and your agents, representatives, estate, successors, and assigns, shall not seek, sue to obtain, or obtain compensation, damages, indemnification, contribution, or other remedy from Company for any losses, injuries, harm, or other liabilities that arise from or relate to the use of Allevia by you or any other person or entity in connection with your health care, your diagnosis, your treatment plan, or the provision of treatment (or failure to provide treatment) to you, whether or not the result of professional malpractice, and including (without limitation) losses, injuries, harm, and other liabilities caused by the failure by you or any other member of your Network to communicate with each other effectively, accurately, timely, or at all.
 

Limitation on Liability

IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, ALLEVIA, ANY WEBSITES LINKED TO IT, ANY CONTENT ON ALLEVIA OR LINKED WEBSITES, OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH ALLEVIA OR SUCH LINKED WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT, OR OTHERWISE, EVEN IF FORESEEABLE, IN EXCESS OF THE AMOUNT THAT YOU HAVE PAID TO THE COMPANY.

THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
 

Governing Law and Jurisdiction

All matters relating to Allevia and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule.

All matters relating to Allevia and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims) shall be determined by binding arbitration before a single arbitrator carried out in accordance with the commercial dispute rules of the American Arbitration Association. Such arbitration shall be heard in Houston, Texas, and either party may enter the final ruling of the arbitrator for judgment in a court of competent jurisdiction. The fees of the Association and the arbitrator shall be divided equally between the parties, and each party otherwise shall pay its own legal fees and related expenses. The arbitrator shall have the authority to order any remedies, legal or equitable, which a party could obtain from a court of competent jurisdiction based on the claims asserted (except attorneys’ fees and costs), and nothing more; provided, however, there shall be no authority for a dispute to be arbitrated on a class action basis, nor shall consolidation or joinder with the claims of another person be permitted. The arbitrator shall prepare a written decision setting forth his or her findings of fact and law. Subject to the FAA and other applicable law, the arbitrator’s award shall be final and binding, without right of appeal. Any party may seek to have judgment entered upon the award by a court of competent jurisdiction.
 

Limitation on Time to File Claims

ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR ALLEVIA MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES, OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.

Waiver and Severability

No waiver of by the Company of any term or condition set forth in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision.

If any provision of these Terms of Use is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.
 

Entire Agreement

The Terms of Use, our Privacy Policy, the Authorization to Use and Disclose PHI, and any relevant agreement or terms of use to which you have agreed pursuant to your decision to download Allevia, constitute the sole and entire agreement between you and Valhalla, Inc., with respect to Allevia and supersede all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to Allevia. ‌
 

Your Comments and Concerns

All other feedback, comments, requests for technical support and other communications relating to Allevia should be directed to: support@valhalla.healthcare.

 

Privacy Policy (Primary User)

Last modified: 12/05/2017

 

1.         Introduction

This Privacy Policy describes how Valhalla Healthcare, Inc. (“Company”, “Valhalla,” “we” or “us”) protects your information, and your patients’ information, when you use the Company’s website, the Allevia web-based application (“Allevia”), and all related products and services. All references to you include your employees (if any) who you authorize to access your Allevia account. We respect our users’ privacy and are committed to protecting it through our compliance with this policy. This policy describes:

  • The types of information we may collect or that you and your patients may provide when you purchase, download, install, register with, access, or use Allevia.

  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

 

This policy applies to services that we provide through Allevia, and to information we collect in Allevia and in other electronic communications sent through Allevia. This policy also applies to any other products, services, or platforms we may provide or make available to you from time to time, as well as your general dealings with us – including through our website and any other online or mobile platforms (collectively, the “Services”).

This policy does not apply to information that you provide to or that is collected by any third party.

Please read the Privacy Policy carefully before you start to use Allevia. This is a legally binding agreement and the equivalent of a signed, written contract.

By clicking to agree to the Privacy Policy when this option is made available to you, you represent that you have read and considered this Privacy Policy, are 18 years of age or older, live in the United States, and accept and agree to be bound and abide by this Privacy Policy.

You will not be allowed to access or use Allevia unless you indicate your agreement to this Privacy Policy. Following any revision to the Privacy Policy, you will not be allowed to continue to access or use Allevia unless you indicate your agreement to the revised version.

If you do not wish to agree to this Privacy Policy or to any revision thereof, then you must not access or use Allevia.

Allevia is offered and available to users who are 18 years of age or older, are competent to enter into agreements, and reside in the United States or any of its territories or possessions. If you do not meet all of these requirements, you must not access or use Allevia.

2.         Summary of Data Practices

 

 Uses/Disclosures of Information

Types of Information

Primary User Information (including Health Data, Personal Information, and Activity Logs)

De-Identified Aggregate Data

Do we disclose your information for the following purposes?

  • Marketing and advertising third party products and services

No

No

  • Marketing and advertising Allevia

No

Yes

  • Medical and pharmaceutical research

No

No

  • Creating Reports about our company and our user activity

No

Yes

  • Improving Allevia features to create a better user experience

No

Yes

  • To the Primary User’s insurer or employer

No

No

  • For developing software applications

No

Yes

Do we require our third party Service Providers to enter agreements that restrict what they can do with your Personal Information?

Yes

N/A

Do we stop all disclosure of the Primary User’s Primary User Information if the Primary User closes his/her account?

Yes

N/A

Do we stop all disclosure of Primary User Information if you close your account?

No

N/A

Do we have Security Measures that are reasonable and appropriate to protect Primary User Information, in any form, from unauthorized access, disclosure, or use?

Yes

Yes

Do we store Primary User Information in the U.S. only?

Yes

Yes

Do we keep Activity Logs for review?

Yes 

N/A

 

3.         Definitions

Activity Logs 

Activity Logs are the Company’s records of when you interact with or through Allevia. This may include when you create, access, modify, delete, release, or export Primary User Information in or from Allevia.

De-Identified Aggregate Data 

De-Identified Aggregate Data is Primary User Information that is: (1) grouped so it does not connect to you as an individual; and (2) has names and other identifiers removed or altered. In other words, De-Identified Aggregate Data is de-identified data and cannot be used to identify individuals. For example, De-Identified Aggregate Data might include statistical data that is calculated from a combination of your patient’s Health Data and the Health Data of other Primary Users. It is “de-identified” and cannot ever be connected to any individual personally.

Health Data

Health Data is a patient’s health information that you, the Primary User, and the other members of the Primary User’s Network collect, manage, and share via Allevia.

Health Profile

A Health Profile is a document that analyzes and summarizes the Health Data that the Primary User communicates to Allevia. Allevia will take the Health Data and assemble it into a summary for the Primary User to review and (if necessary) correct. Allevia will then transform that into a clinical summary for Providers to use. That clinical summary is the Health Profile.

Personal Information 

Personal Information means demographic information about you by which you may be personally identified, such as your name, postal address, e-mail address, telephone number, medical record number, and other identifiers and information, not specifically about your health that Allevia collects that are defined as personal or personally identifiable information under an applicable law. Personal Information may also include but is not limited to your financial information or social security number. Personal Information does not include Health Data. Allevia will collect your Personal Information as well the Primary User’s Personal Information.

Primary User

A Primary User is the individual at the heart of each Valhalla Network – the person whose health care all members of the Network are working to protect and improve. You have been invited to participate as a Provider in a Primary User’s Network.

Primary User Information

When a patient signs up for and use Allevia, that patient provides information about him/herself, and authorizes his/her Network Members to provide information about that patient to Allevia. This information, including the Primary User’s Personal Information, Activity Logs, and Health Data, is Primary User Information. Primary User Information includes any information collected or developed by Allevia that can be connected with the Primary User personally. Primary User Information does not include De-Identified Aggregate Data, which cannot be connected with any individual.

Primary User Information also does not include the Provider’s Personal Information.  

Examples of Primary User Information include:

  • The Primary User’s name and contact information, such as address, phone number, or email address

  • The Primary User’s Health Data

  • The Primary User’s Health Profile

  • The Primary User’s medical history, conditions, treatments, medications, and health insurance information

  • The Primary User’s Personal Information (non-health information that may be used to identify the Primary User, such as age, gender, ethnicity, and occupation

  • Information that is collected automatically when the Primary User uses Allevia, such as Activity Logs, IP address, and “cookie” preferences

 

As described further below, we may use a Primary User Information to achieve the following:

  • Operate, improve and manage Allevia’s platform, software, and website

  • Maintain and protect our computer systems

  • Offer you resources for a better user experience and to improve the Primary User’s health, which may include (for examples) disease-specific education, links to relevant medical supplies, or suggested educational resources.

  • Comply with the law, such as responding to subpoenas and search warrants.

 

Provider 

A Provider is any healthcare provider, healthcare practice, or hospital that accepts a Primary User’s invitation to access and interact with the Primary User’s Health Data and Health Profile. You are signing up as a Provider.

Reporting 

Valhalla and our Service Providers might report about business activities and users of Allevia to others, such as investors, auditors, potential business partners, or public communities. Such Reports would only include De-Identified Aggregate Data.

Service Provider

A Service Provider is an entity that is hired to perform certain functions for Valhalla to support the development, maintenance, and implementation of Allevia. Service Providers may include software or website designers and data storage providers.

Security Measures     

Security Measures include computer safeguards, secured files, encryption, physical safeguards, and employee security training. Valhalla may be required by law to notify you about particular data breaches, if any occur.

 

4.         Information We Collect and How We Collect It

We collect information from and about users of Allevia:

  • Directly from you, other Providers, and the Primary Users when it is entered into Allevia.

  • From other apps that a Primary User may use (such as fitness and health trackers) when a Primary User provides approval for Allevia to synchronize with and/or obtain information from such other apps.

  • Automatically when you use Allevia.

 

We Collect: Information That You and Your Patients Provide to Us. 

When you download, register with, or use Allevia, we may ask you provide information:

  • Personal Information (defined above).

  • That is about you but individually does not identify you, such as your smart phone model and operating system version, your IP address, your internet browser type.

 

This information includes:

  • Information that you provide by filling in forms within Allevia. This includes information provided at the time of registering to use Allevia, subscribing to our service, posting material, entering Health Data, and requesting further services. We may also ask you for information when you report a problem with Allevia.

  • Records and copies of your correspondence (including e-mail addresses and phone numbers), if you contact us.

  • Your responses to surveys that we might ask you to complete for research purposes.

  • Your search queries on Allevia.

 

We Collect: Primary Users’ Health Data

Allevia’s main purpose is to facilitate the transmission of medical information between a Primary User and the Providers in his/her Network. This includes the information that a Primary User provides in response to Allevia’s questions and forms, as well as health-related documents that you may upload. In addition, members of a Primary User’s Network can add information about the Primary User’s health, add items to a Primary User’s Medications Lists, view the Symptom Lists, upload laboratory results, radiology reports, health forms, and data from health-tracking applications that you choose to link, and anything else related to a Primary User’s health care that you or other Providers choose to communicate. These types of information are, collectively, Health Data.

We will treat all Primary User Health Data (and the Health Profile that Allevia automatically assembles from Health Data) as private and highly confidential, and will implement strong Security Measures to safeguard it. Please be aware that no security measures are perfect or impenetrable.

We Collect: Information Via Automatic Collection And Tracking.  

When you download, access, and use Allevia, it may use technology to automatically collect:

  • Activity Logs. When you access and use Allevia, we will automatically collect certain details of your access to and use of Allevia (your Activity Log), including traffic data and other communication data and the resources that you access and use on or through Allevia.

  • Device Information. We may collect information about your mobile device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.

  • Stored Information and Files. With your in-app approval, Allevia also may access metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts, and address book information.

 

If you do not want us to collect the information described above, please do not download Allevia or, if already downloaded, delete it from your device. For more information, see the section titled “Your Choices about Our Collection, Use and Disclosure of Your Information.”

We also may use these technologies to collect information about your activities over time and across third-party websites, apps, or other online services (so-called “behavioral tracking”).

Information Collection And Tracking Technologies. We may use certain technologies for automatic information collection:

  • Allevia, a web application, does not use “web beacons.” It does employ “cookies.” A cookie is a small file, placed on your computer or mobile device, that contains information such as your site preferences or login status. If you do not wish to accept cookies when you visit our website, it may be possible to reject or disable them by activating appropriate setting on your browser or smartphone. However, this may prevent you from accessing parts of the website and receiving the full benefit of the Service.

 

NOTE: Children under the Age of 13

Allevia is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: office@valhalla.healthcare.


5.         Information Collection from Providers

In general, Valhalla collects all information that you supply directly to Allevia. We also may collect information from you about Primary Users who expressly authorized you to join their Networks. When a Primary User invites you, a Provider, to join his/her Network, the Primary User also authorizes us to collect information about the Primary User from you, from your support staff, and from other practitioners affiliated with your and your practice.

6.         Automatic Information Collection by Third Parties

When you use your device to visit a website or run any software application, including Allevia and our website, please be aware that certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:

  • Advertisers, ad networks, and ad servers.

  • Analytics companies.

  • Your mobile device manufacturer.

  • Your mobile service provider.

 

These third parties may use tracking technologies to collect information about you when you use Allevia. The information they collect may be associated with you, or they may collect information about your online activities over time and across different websites, apps and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.  

 

Click here for information on how you can opt out of behavioral tracking and behavioral marketing on or through Allevia and how we respond to browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

7.         How We Use Your Information; How We Use the Primary User’s Health Data

Valhalla uses your Personal Information, as well as the Primary User’s Primary User Information, to provide the Services as described on our website and in our Terms of Use, as well as to enhance the performance of the Services and/or create new services. We will not use your Personal Information for product development or product enhancement without your express, written permission.

If you accept a Primary User’s invitation to join his/her Network and agree to this Privacy Policy, then Valhalla may use your information to facilitate the exchange of information and communication between you, the Primary User, and anyone else in the Primary User’s Network.

By agreeing to this Privacy Policy, you delegate to Valhalla the right to use, disclose, and obtain Protected Health Information (“PHI,” as defined under the Health Information Portability and Accountability Act of 1996 (“HIPAA”)) from the Primary User on your behalf for the purpose of facilitating health care communications and coordination between and among members of the Primary User’s Network, to the fullest extent permitted by law. You hereby consent to allow Valhalla to transfer possession, custody, or control of such PHI to any other person or entity, including without limitation to the members of a Network, to the fullest extent permitted by law.

Each time an additional Provider is invited to join a Network, that new user may be provided with certain elements of your Personal Information (including your name and the name and location of your practice).

By inviting Providers to your Network, each Primary User must acknowledge and agree that some or all of the Primary User’s Health Data and Health Profile may be sent to his/her Provider Network through the Services or through interfaces with other Providers’ information systems. To use the Services, the Primary User must understand and acknowledge that such Health Data and Health Profile may be incorporated into the health record that you (and other Providers in the Network) maintain.  

By agreeing to this Privacy Policy, and pursuant to the terms of (a) the Primary User’s Authorization to Use and Disclose PHI and (b) the Business Associate Agreement between you and Valhalla, you acknowledge and agree that Valhalla may disclose any information in a Primary User’s Health Data and Health Profile (including without limitation PHI) to all other Network Members in the Primary User’s Network, and may transfer possession, custody, and/or control of such Health Data and Health Profile (including without limitation PHI) to subcontractors (such as cloud storage providers) who have been made to enter into a Business Associate Agreement.

As a Provider, it will be your decision whether to incorporate some or all of a Primary User’s Health Data or Health Profile into the medical records that you maintain for that Primary User, and to comply with all regulations regarding the privacy, security, and custody/maintenance of such records.

Valhalla will not share the content of your Primary User Information except as permitted under this Privacy Policy, the Terms of Use, an Authorization to Use and Disclose Protected Health Information, a Business Associate Agreement, or as required by law, unless all relevant parties expressly consent to or authorize disclosure.

We will never sell or rent your Personal Information without your written consent. We will not use or disclose your Personal Information, except as described in this Privacy Policy, the Terms of Use, or as permitted or required by law.

We will not use, sell, or disclose any Primary User Information – the Primary User’s Personal Information, Activity Logs, Health Data, and Health Profile – to market products or services. We may use De-Identified Aggregate Data for the limited purpose of promoting Allevia itself. (For example, we may use statistics derived from De-Identified Aggregate Data to demonstrate that Allevia has positive effect on the health of its users.)

We may use the information that we collect to tell you about products and services that are directly related to Allevia, such as notifications of new features and software updates.

Allevia may also send you non-sponsored, marketing-free, and advertisement-free educational materials. Allevia would select the recipients of educational materials automatically, based on the medical conditions that you selected in your profile. The automatic process will be “blind” – we will not have access to the list of recipients of any educational material, or identifying information about any recipient in connection with any diagnosis code.

We may use your Personal Information – name, account information, contact information, etc. – to:

  • Provide you with Allevia and its contents, the Services, and any other information, products, or services that you request from us.

  • Facilitate your communications with other Network Members.

  • Fulfill any other purpose for which you provide it.

  • Give you notices about your account, including expiration and renewal notices.

  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • Notify you when Allevia updates are available, and of changes to any products or services we offer or provide through it.

 

Each Primary User has been notified that the Providers in his/her Network may use the Primary User’s Health Data and Health Profile to facilitate the Primary User’s health care, develop his/her medical record, bill governmental and private payers, and other purposes in the Provider’s discretion.

The usage information we collect (including Activity Logs) helps us to improve Allevia and to deliver a better and more personalized experience by enabling us to:

  • Estimate our audience size and usage patterns.

  • Store information about your preferences, allowing us to customize Allevia according to your individual interests.

  • Speed up your user experience.

  • Recognize you when you use Allevia.

 

8.         Disclosure of Your Information

We may disclose aggregated information about our users that does not identify any individual or device – that is, De-Identified Aggregate Data – without restriction, except as otherwise stated in this Privacy Policy.

We may disclose the Primary User Information – that is, Personal Information, Health Data, Health Profile, and Activity Logs – that we collect from the Primary User or that you or another Provider in your Network provides:

  • To fulfill the purpose for which you provide it. For example, if you use a feature on Allevia that asks a patient to join Allevia and invite you to his/her Network, we will include your name and email address in the notification that we send your Provider.

  • For any other purpose disclosed by us when you provide the information.

  • With your consent.

  • To other Members of a Primary User’s Network.

  • To Valhalla’s subsidiaries and affiliates (Applies to Personal Information only; we will not disclose Health Data or Activity Logs to these entities).

  • To Valhalla’s Service Providers and other third parties we use to provide technical support and other services and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information that we hold about Allevia users is among the assets transferred. (In such case, your Primary User Information would remain subject to the provisions of the Valhalla Privacy Policy that was in effect immediately prior to the transfer unless we provide you notice otherwise.)

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • To enforce our rights arising from any contracts entered into between you and us, including without limitation the Terms of Use, and for billing and collection.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Valhalla Healthcare, Inc., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and risk reduction.

 

Each Primary User has been notified that the Providers in his/her Network may disclose the Primary User’s Health Data and Health Profile to facilitate his/her health care, develop his/her medical record, bill governmental and private payers, and other purposes in the Provider’s discretion.

 

9.         Your Choices about Our Collection, Use, and Disclosure of Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of over your information.

  • Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.

  • Advertising and Marketing. We will not advertise or market products or services to you. If we ever change our policy about that, we will notify you and will provide you with the opportunity to refuse advertising and marketing communications at that time.

 

The Primary User in a Network may revoke any Provider's membership in that Network. If that should happen, you, as the Provider, may no longer access or use the Services with respect to that Primary User’s Network and Primary User Information. Please keep this in mind when determining whether and when to include certain Primary User Information in the medical records that you keep for a Primary User.

10.       Data Security

We have implemented Security Measures designed to secure your Primary User Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions and individual health information will be encrypted in transmission with SSL technology, and will be encrypted at rest with AES-256.

The safety and security of your information ­– and the information of the Primary User – also depends on you. Where we have given you (or where you have chosen) a password for access to Allevia, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of your information transmitted through Allevia. Any transmission of information is at your own risk. We are not responsible for circumvention of any privacy settings or Security Measures we provide.

When a Primary User invites you into his/her Network, the Primary User has given you access to the Primary User’s confidential health information, including the Health Data and Health Profile. It is extremely important that you take the utmost care to maintain and protect the confidentiality of that information. This includes, but is not limited to, compliance with all requirements of HIPAA. In addition, be aware that a Primary User may choose to share the communications and information transmitted between you and the Primary User with other members of that Primary User’s Network. If, in your judgment, such sharing would be inappropriate in a particular situation, it is your responsibility to take proper precautions. Such precautions may include instructing the Primary User not to share certain information with other Network Members, or transmitting highly sensitive information to the Primary User offline (i.e. not by means of Allevia). You agree that you will not seek to hold us liable for any damages that you may suffer as a result of the conduct of the Primary User or other Network Members.  

11.       Changes to Our Privacy Policy

The date the Privacy Policy was last revised is identified at the top of the page. We may update our Privacy Policy from time to time. If we make material changes to how we treat our users’ information, we will post the new Privacy Policy on this page with a notice that the Privacy Policy has been updated. We will also notify you through an in-app alert the first time you use Allevia after we make the change.

 

12.       Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

Email: support@valhalla.healthcare
Phone: (781) 366-0310

 

Terms of Use (Provider)

Last Modified: 07/28/2021

IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, PLEASE CONTACT YOUR LOCAL EMERGENCY SERVICES OR DIAL 9-1-1 ON YOUR TELEPHONE. ALLEVIA DOES NOT PROVIDE EMERGENCY SERVICES.
 

Acceptance of the Terms of Use

These terms of use are entered into by and between you (“you” or the “Primary User”) and Valhalla Healthcare, Inc. (“Company”, “Valhalla,” “we” or “us”). The following terms and conditions, together with any documents they expressly incorporate by reference (collectively, the “Terms of Use”), govern your access to and use of the  Company’s website, the Allevia website application (“Allevia”), and all related products, including any content, functionality, and services offered on or through Allevia.

Please read the Terms of Use carefully before you start to use Allevia. This is a legally binding agreement and the equivalent of a signed, written contract.

By clicking to agree to the Terms of Use when this option is made available to you, you represent that you have read and considered these Terms of Use, and that you accept and agree to be bound and abide by these Terms of Use.

Following your agreement to the Terms of Use, you will be asked to review, consider, and agree to two additional documents: our Privacy Policy (which can be viewed by clicking here), and a Business Associate Agreement (which can be viewed by clicking here), both of which (along with any revisions thereto) are incorporated herein by reference. Once you have indicated your agreement to all three documents, a copy of each will be sent to the email address that you provided.

You will not be allowed to access or use Allevia unless you indicate your agreement to all three documents. Following any revision to the Terms of Use, Privacy Policy, or Authorization to Use and Disclose PHI, you will not be allowed to continue to access or use Allevia unless you indicate your agreement to all three documents.

If you do not want to agree to these Terms of Use, the Privacy Policy, or the Business Associate Agreement, or to any revision of any of these documents, then you must not access or use Allevia.

Allevia is offered and available to users who are 18 years of age or older, and reside in the United States or any of its territories or possessions. By using Allevia, you represent and warrant that you are of legal age to form a binding contract with the Company and meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use Allevia.


Important Note for Providers

You are registering for a “Provider” account. By clicking to agree to the Terms of Use, you represent that you are a physician or other health care professional, fully licensed to practice in your state, with all required controlled substances registrations (if applicable) and with at least the minimum legally required professional liability insurance coverage. If you experience a change in licensure, insurance, or controlled substances registration in future, please contact Customer Service immediately for further instruction.
 

Definitions

Allevia. Allevia is a software application that uses artificial intelligence and machine learning to streamline the clinical documentation process.

Network. Your Network is made up of the Primary User and any Providers whom the Primary User has invited to participate in the Primary User’s Network. The Primary User and the Providers in that Primary User’s Network are the “Network Members.”

Health Profile. A Health Profile is a document that analyzes and summarizes the information that the Primary User communicates to Allevia. Allevia will take that information and assemble it into a summary for the Primary User to review and (if necessary) correct. Allevia will then transform that into a clinical summary for Providers to use. That clinical summary is the Health Profile.

Primary User. You are the Primary User – the individual who will interact with Allevia to create a Health Profile for transmission to a Provider.

Primary User Information. All information and documents that are communicated or uploaded to Allevia by Network Members, and all information and documents that Allevia develops as a result, comprise the Primary User Information. Primary User Information also includes, without limitation, the Primary User’s account information and Health Profiles.

Provider. A Provider is any healthcare provider, healthcare practice, or hospital that the Primary User authorizes to receive his/her Health Profile.
 

The Company and Allevia Are Not Health Care Providers

Allevia facilitates the clinical documentation process by receiving information from a Primary User, transforming it into an easy-to-use clinical document format, and providing it to the authorized Provider(s). The Company is not a health care provider, and we will not provide you with health care advice. As a Provider, any health care advice, diagnosis, treatment, or consultation that you communicate by means of Allevia shall be the product of your professional medical judgment, and is solely your responsibility. You agree that you shall not rely on the Company, and that the Company shall have no responsibility or liability, for the truth, accuracy, or efficacy of any diagnosis, treatment plan, prescription, treatment (as well as any decision not to conduct treatment), or any other form of medical or health care that is developed, discussed, or otherwise communicated or conducted by means of or in connection with Allevia.
 

Do Not Use Allevia To Obtain Emergency Services or Urgent Care

Allevia does not provide or facilitate emergency services or urgent care. If your patient (or anyone else) is experiencing a medical emergency or other urgent health issue, do NOT attempt to obtain emergency or urgent medical care through Allevia. Please call 9-1-1 on your telephone, contact your local emergency or urgent care service providers directly by phone, or proceed as you determine in your medical judgment.
 

Use Allevia Ethically and Within Your Scope of Professional Practice

As a licensed health professional, you understand the importance of caring for patients in compliance with laws, rules, regulations, and codes of ethics, and within the permitted scope of your licensed practice.

By agreeing to these Terms of Use, you represent and warrant that you will only use Allevia in ways that comply with the statutes, rules, regulations, and codes of ethics that govern your profession in your state, and that you will only use Allevia to provide services that are within the scope of practice that your licensure permits.
 

Use of Allevia May Be Regulated By Your State’s Telemedicine/Telehealth Laws

Many states have begun to regulate the provision of clinical care (such as diagnosis, consultation, and treatment) by telephone, interactive audio or video, email, and other methods of electronic communication. For example, certain states require that you be present in the same state as your patient; some states require that you have a minimum level of personal contact with your patient in addition to electronic communications.

Valhalla cannot, and does not, guarantee that your particular use of Allevia will be in compliance with telemedicine/telehealth laws and regulations. It is your responsibility to assure that you are in compliance with the laws and regulations in your jurisdiction.

If you have questions about how to be certain that you are complying with the relevant telemedicine/telehealth laws and regulations, please call your governing medical licensing board(s). 
 

Changes to the Terms of Use

We may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of Allevia thereafter.

We will notify you of changes to the Terms of Use by means of the email address that you have provided. To continue using or accessing Allevia, you will be required to agree to such revised Terms of Use.
 

Company’s License to You

Company grants you a single, non-exclusive, non-transferable, and limited personal license to access and use Allevia. This license is conditioned on your continued compliance with this Terms of Use. You may not rent, lease, lend, sell, transfer, redistribute, or sublicense Allevia and if you sell or otherwise transfer a device on which Allevia is installed to a third party, you must remove Allevia from such device before doing so. You may not copy, decompile, reverse-engineer, disassemble, attempt to derive the source code of, modify, or create derivative works of Allevia, any updates, or any part thereof (except as and only to the extent that any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open-sourced components included with Allevia).
 

Electronic Signatures

You agree to be bound by any affirmance, assent, or agreement that you transmit to Company using Allevia, including but not limited to any consent you give to receive communications from Company solely through electronic transmission. You agree that, when in the future you click on an “I agree,” “I consent,” or other similarly worded “button” or entry field in Allevia, your agreement or consent will be legally binding and enforceable and the legal equivalent of your handwritten signature.
 

Carrier Charges

Your carrier’s data rates may apply to your use of Allevia.
 

Accessing Allevia and Account Security  

We reserve the right to withdraw or amend Allevia, and any service or material we provide on Allevia, in our sole discretion without notice. We will not be liable if for any reason all or any part of Allevia is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Allevia, or the entire App, to users, including registered users.

You are responsible for:

  • Making all arrangements necessary for you to have access to Allevia.

  • Ensuring that all persons who access Allevia through your internet or cellular data connection are aware of these Terms of Use and comply with them.

  • Ensuring that we have your correct contact information, including your email address, phone number, and mailing address, and that you inform us promptly of any changes in your contact information. Failure to do so may cause you not to receive critical information about the Primary User’s health care, and critical notifications about changes to the Terms of Use or other policies that govern your use of Allevia.

 

You acknowledge and agree that we are not responsible and shall not be liable for any injury, inconvenience, or other damages caused by your failure to maintain accurate and current contact information.

You may obtain a free copy of all the data in your account, including all Primary User Information and uploaded data, as a secure download by following the instructions on this page. This right is subject to the Company’s right to delete the information associated with your account, as permitted by law, described below.  

To access Allevia or some of the resources it offers, you may be asked to provide certain registration details or other information. It is a condition of your use of Allevia that all the information you provide on Allevia is correct, current, and complete. You agree that all information you provide to register with Allevia or otherwise, including but not limited to through the use of any interactive features on Allevia, is governed by our Privacy Policy and Business Associate Agreement, and you consent to all actions we take with respect to your information that are consistent with those documents.

If you choose, or are provided with, a user name, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to Allevia or portions of it using your user name, password, or other security information. You agree to notify us immediately if there is any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a computer or mobile device that is not your own, so that others are not able to view or record your password or other personal information.

We have the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms of Use.
 

Intellectual Property Rights  

Allevia and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof), are owned by the Company, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.

These Terms of Use permit you to use Allevia for your personal, non-commercial use only. (This prohibition on non-commercial use does not prohibit your use of Allevia to communicate with Network Members.) You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our App, including without limitation any text, illustrations, photographs, graphics, video, or audio sequences (“Content”), except as follows:

  • Your computer or mobile device may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.

  • You may store files that are automatically cached by your Web browser for display enhancement purposes.

  • You may download a single copy of Allevia to your computer or mobile device solely for your own personal, non-commercial use, not for further reproduction, publication, or distribution.

  • You may download secure copies of the data associated with your account, including Primary User Information and uploaded data, as described above.

 

You must not:

  • Modify copies of any materials from Allevia.

  • Use any Content from Allevia in any context except within Allevia; provided that you shall be permitted to modify and use any Content created by you or another member of your Network that does not violate the intellectual property rights of any third party.

  • Delete or alter any copyright, trademark, or other proprietary rights notices from copies of materials from this site.

 

You must not access or use for any purposes, commercial or otherwise, any part of Allevia or any services or materials available through Allevia, except for the intended purposes as described in these Terms of Use.

If you print, copy, modify, download, or otherwise use or provide any other person with access to any part of Allevia except as expressly permitted by the Terms of Use, your right to use Allevia will cease immediately. No right, title, or interest in or to Allevia or any content on Allevia is transferred to you, and all rights not expressly granted are reserved by the Company. Any use of Allevia not expressly permitted by these Terms of Use is a breach of these Terms of Use and may violate copyright, trademark, and other laws.
 

Trademarks  

“Allevia,” the Company name, the Allevia logo, the Company logo, and all related names, logos, product and service names, designs, and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs, and slogans on Allevia are the trademarks of their respective owners.
 

Prohibited Uses

You may use Allevia only for lawful purposes and in accordance with these Terms of Use. You agree that:

  • You will not use Allevia in any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries, any laws or regulations governing telemedicine or telehealth, and any law governing the privacy or security of health information, such as HIPAA, or that would cause the Company to violate any such law or regulation.

  • You will not use Allevia to communicate or store “psychotherapy notes,” as that phrase is defined by HIPAA.

  • You will not use Allevia to exploit, harm, or attempt to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information, or otherwise.

  • You will not use any electronic communication feature of Allevia for any purpose that is unlawful, tortious, abusive, intrusive on another’s privacy, harassing, libelous, defamatory, embarrassing, obscene, threatening, or hateful.

  • You will not use Allevia to upload, post, reproduce, or distribute any information, software, or other material protected by copyright or any other intellectual property right (as well as rights of publicity and privacy) without first obtaining the permission of the owner of such rights.

  • You will only use Allevia to collect or store information about the Primary User in a Network to which you have been invited.

  • You will not use Allevia for any commercial purpose not expressly approved by Company in writing. You will not use Allevia to upload, post, email, or otherwise transmit any advertising or promotional materials, including without limitation “junk mail,” “surveys,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation or unauthorized communication.

  • You will not upload, post, email, or otherwise transmit any material that contains viruses or any other computer code, files, or programs that might interrupt, limit, or interfere with the functionality of any computer software or hardware or telecommunications equipment.

  • You will not use Allevia when you are driving a motor vehicle, even if doing so is legally permitted in your location.

  • You will not impersonate or attempt to impersonate the Company, a Company employee, another user, or any other person or entity (including without limitation by using e-mail addresses or screen names associated with any of the foregoing).

  • You will not engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Allevia, or that, as determined by us, may harm the Company or users of Allevia or expose them to liability.

 

Additionally, you agree not to:

  • Use Allevia in any manner that could disable, overburden, damage, or impair the site or interfere with any other party’s use of Allevia, including their ability to engage in real time activities through Allevia.

  • Use any robot, spider, or other automatic device, process, or means to access Allevia for any purpose, including monitoring or copying any of the material on Allevia.

  • Use any manual process to monitor or copy any of the material on Allevia or for any other unauthorized purpose without our prior written consent.

  • Use any device, software, or routine that interferes with the proper working of Allevia.

  • Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Allevia, the server on which Allevia is stored, or any server, computer, or database connected to Allevia.

  • Attack the Company or Allevia via a denial-of-service attack or a distributed denial-of-service attack.

  • Otherwise attempt to interfere with the proper working of Allevia.


Your Right to Terminate         

You may terminate your Valhalla account for any reason and at any time by notifying us at support@valhalla.healthcare. Please keep in mind that terminating your Valhalla account may affect your ability to provide continuous care to your patients. It is your responsibility to assure that you meet all your obligations in connection with patient care and patient communications.
 

Monitoring and Enforcement; Termination by Valhalla  

We have the right to:

  • Take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of Allevia.

  • Terminate or suspend your access to all or part of Allevia for any or no reason, including without limitation, any violation of these Terms of Use.

 

Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone posting any materials on or through Allevia. YOU WAIVE AND HOLD HARMLESS THE COMPANY FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY THE COMPANY DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER THE COMPANY OR LAW ENFORCEMENT AUTHORITIES.

All electronic communications using Allevia shall be encrypted. You acknowledge that there is nevertheless a risk that data, including email, electronic communications, and personal data, may be accessed by unauthorized third parties when communicated between you and Company or between you and other parties.

The Company, its affiliates, and its agents may monitor your use of Allevia to evaluate the quality of service you receive, your compliance with the Terms of Use, the security of Allevia, or for other reasons. You agree that such monitoring activities will not entitle you to any cause of action or other right with respect to the manner in which Company or its affiliates or agents monitor your use of Allevia and enforces or fails to enforce the Terms of Use or any other agreement. In no event will Company or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by Company or its affiliates or agents.

However, we cannot review all material before it is posted on Allevia, and cannot ensure prompt removal of objectionable material after it has been posted. Accordingly, we assume no liability for any action or inaction regarding transmissions, communications, or content provided by any user or third party. We have no liability or responsibility to anyone for performance or nonperformance of the activities described in this section.

The Company may terminate your account and your use of Allevia for any reason, including, among other things: your non-payment; your decision to cancel; the Company’s dissolution; and your violation of the Terms of Use. If your account is terminated, Company may, in its sole discretion, delete and destroy any or all data associated with your account, including without limitation Primary User Information, to the extent allowed by law. 
 

Obtaining your Health Data

At any time prior to the termination of your account, you may obtain a full copy of your Primary User Information for free by following the instructions listed here.

After termination of your account, your Primary User Information may no longer be available. It is very important to make sure that you and/or your Provider(s) obtain from Valhalla whatever records you wish to keep before your account is terminated.
 

Content Standards  

All Primary User Information and use of Allevia must comply with these Content Standards. Primary User Information must in its entirety comply with all applicable federal, state, local, and international laws and regulations. Without limiting the foregoing, Primary User Information must not:

  • Contain any material that is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory or otherwise objectionable.

  • Promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.

  • Infringe any patent, trademark, trade secret, copyright or other intellectual property or other rights of any other person.

  • Violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with these Terms of Use and our Privacy Policy. [ER6] 

  • Be likely to deceive any person.

  • Promote any illegal activity, or advocate, promote, or assist any unlawful act.

  • Cause annoyance, inconvenience or needless anxiety or be likely to upset, embarrass, alarm or annoy any other person.

  • Impersonate any person, or misrepresent your identity or affiliation with any person or organization.

  • Involve commercial activities or sales, such as contests, sweepstakes, and other sales promotions, barter, or advertising.

  • Give the impression that they emanate from or are endorsed by us or any other person or entity, if this is not the case.
     

Reliance on Information Posted  

Except for information about your account and the status of membership in your Network, the information and other content that you may encounter or obtain through your use of Allevia is created entirely by third parties within your Network, not by the Company. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to Allevia, or by anyone who may be informed of any of its contents.

 Allevia may include content provided by third parties, including materials provided by other users, bloggers and third-party licensors, syndicators, aggregators and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by the Company, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of the Company. We are not responsible or liable to you or any third party for the content or accuracy of any materials provided by any third parties.

Information About You and Your Use of Allevia  

All information we collect on Allevia is subject to our Privacy Policy, Authorizations to Use and Disclose PHI, and Business Associate Agreements. By using Allevia, you consent to all actions taken by us with respect to your information in compliance with these documents.

Geographic Restrictions  

The Company that owns Allevia is based in the State of Texas in the United States. We provide Allevia for use only by persons located in the United States. We make no claims that Allevia or any of its content is accessible or appropriate outside of the United States. Access to Allevia may not be legal by certain persons or in certain countries. If you access Allevia from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

Disclaimer of Warranties  

YOUR USE OF ALLEVIA, ITS CONTENT, AND ANY INFORMATION OR SERVICES OBTAINED THROUGH ALLEVIA IS AT YOUR OWN RISK. ALLEVIA, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH ALLEVIA ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF ALLEVIA OR ANY INFORMATION OR SERVICES TRANSMITTED OR OBTAINED BY MEANS OF ALLEVIA. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT ALLEVIA, ITS CONTENT, OR ANY INFORMATION OR SERVICES OBTAINED THROUGH ALLEVIA WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, OR THAT ALLEVIA OR ANY INFORMATION OR SERVICES OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Indemnification and Covenant Not To Sue  

You agree to defend, indemnify and hold harmless the Company, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, penalties, audits, consent decrees, or fees (including attorneys’ fees) arising out of or relating to (i) your negligence or willful misconduct, including without limitation your professional malpractice, (ii) your breach or violation of any of the Terms of Use, the Privacy Policy, the Business Associate Agreement, or any other agreement, (iii) your failure to maintain the secrecy and security of your login information (such as your username and password) or any Primary User Information, or (iv) your failure to comply with HIPAA, (v) the unauthorized disclosure or breach of any Protected Health Information (as defined under HIPAA), or (vi) your use of Allevia, including, but not limited to, any use of Allevia’s content, services, and products other than as expressly authorized in these Terms of Use, or your use of any information obtained from Allevia.

You further agree to indemnify, defend, and hold Company harmless from and against any claims, suits, actions, causes of action, losses, or the like, (collectively, “Claims”), including without limitation legal fees and costs, brought against Company by any third party or parties, in connection with any claim for liability (including without limitation medical malpractice liability) arising from or relating to the provision of medical or health care, including without limitation any diagnosis, prescription, treatment plan, or treatment (including the failure to provide treatment), whether or not developed, discussed, or otherwise communicated or conducted by means of Allevia.

You agree that you, and your agents, representatives, estate, successors, and assigns, shall not seek, sue to obtain, or obtain compensation, damages, indemnification, contribution, or other remedy from Company for any losses, injuries, harm, or other liabilities that arise from or relate to the use of Allevia by you or any other person or entity in connection with a patient’s health care, diagnosis, treatment plan, or the provision of treatment (or failure to provide treatment), whether or not the result of professional malpractice, and including (without limitation) losses, injuries, harm, and other liabilities caused by the failure by you or any other member of a Primary User’s Network to communicate with each other effectively, accurately, timely, or at all.
 

Limitation on Liability  

IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, ALLEVIA, ANY WEBSITES LINKED TO IT, ANY CONTENT ON ALLEVIA OR LINKED WEBSITES, OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH ALLEVIA OR SUCH LINKED WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT, OR OTHERWISE, EVEN IF FORESEEABLE, IN EXCESS OF THE AMOUNT THAT YOU HAVE PAID TO THE COMPANY.

THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
 

Governing Law and Jurisdiction  

All matters relating to Allevia and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule.

All matters relating to Allevia and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims) shall be determined by binding arbitration before a single arbitrator carried out in accordance with the commercial dispute rules of the American Arbitration Association. Such arbitration shall be heard in Houston, Texas, and either party may enter the final ruling of the arbitrator for judgment in a court of competent jurisdiction. The fees of the Association and the arbitrator shall be divided equally between the parties, and each party otherwise shall pay its own legal fees and related expenses. The arbitrator shall have the authority to order any remedies, legal or equitable, which a party could obtain from a court of competent jurisdiction based on the claims asserted (except attorneys’ fees and costs), and nothing more; provided, however, there shall be no authority for a dispute to be arbitrated on a class action basis, nor shall consolidation or joinder with the claims of another person be permitted. The arbitrator shall prepare a written decision setting forth his or her findings of fact and law. Subject to the FAA and other applicable law, the arbitrator’s award shall be final and binding, without right of appeal. Any party may seek to have judgment entered upon the award by a court of competent jurisdiction.
 

Limitation on Time to File Claims  

ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR ALLEVIA MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES, OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.

Waiver and Severability  

No waiver of by the Company of any term or condition set forth in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision.

If any provision of these Terms of Use is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.
 

Entire Agreement  

The Terms of Use, our Privacy Policy, the Authorization to Use and Disclose PHI, and any relevant agreement or terms of use to which you have agreed pursuant to your decision to download Allevia, constitute the sole and entire agreement between you and Valhalla, Inc., with respect to Allevia and supersede all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to Allevia. ‌
 

Your Comments and Concerns  

All other feedback, comments, requests for technical support and other communications relating to Allevia should be directed to: support@valhalla.healthcare.

 

 

Privacy Policy (Provider)

 

Last modified: 03/13/2018

 

1.         Introduction

This Privacy Policy describes how Valhalla Healthcare, Inc. (“Company”, “Valhalla,” “we” or “us”) protects your information when you use the Company’s website, the Allevia website application (“Allevia”), and all related products and services. We respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes:

  • The types of information we may collect or that you may provide when you purchase, download, install, register with, access, or use Allevia.

  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

 

This policy applies to services that we provide through Allevia, and to information we collect in Allevia and in other electronic communications sent through Allevia. This policy also applies to any other products, services, or platforms we may provide or make available to you from time to time, as well as your general dealings with us – including through our website and any other online or mobile platforms (collectively, the “Services”).

This policy does not apply to information that you provide to or that is collected by any third party.

Please read the Privacy Policy carefully before you start to use Allevia. This is a legally binding agreement and the equivalent of a signed, written contract.

By clicking to agree to the Privacy Policy when this option is made available to you, you represent that you have read and considered this Privacy Policy, are 18 years of age or older, live in the United States, and accept and agree to be bound and abide by this Privacy Policy.

You will not be allowed to access or use Allevia unless you indicate your agreement to this Privacy Policy. Following any revision to the Privacy Policy, you will not be allowed to continue to access or use Allevia unless you indicate your agreement to the revised version.

 

If you do not wish to agree to this Privacy Policy or to any revision thereof, then you must not access or use Allevia.

Allevia is offered and available to users who are 18 years of age or older, are competent to enter into agreements, and reside in the United States or any of its territories or possessions. If you do not meet all of these requirements, you must not access or use Allevia.

2.         Summary of Data Practices

 Uses/Disclosures of Information

Types of Information

  • Primary User Information (including Health Data, Personal Information, and Activity Logs)

  • De-Identified Aggregate Data

 

Do we disclose your information for the following purposes?

  • Marketing and advertising third party products and services

No

No

  • Marketing and advertising Allevia

No

Yes

  • Medical and pharmaceutical research

No

No

  • Creating Reports about our company and our user activity

No

Yes

  • Improving Allevia features to create a better user experience

No

Yes

  • To your insurer or employer

No

No

  • For developing software applications

No

Yes

 

Do we require our third party Service Providers to enter agreements that restrict what they can do with your Personal Information?

Yes

N/A

 

Do we stop all disclosure of your Primary User Information if you close your account?

Yes

N/A

 

Do we have Security Measures that are reasonable and appropriate to protect Primary User Information, in any form, from unauthorized access, disclosure, or use?

Yes

Yes

 

Do we store Primary User Information in the U.S. only?

Yes

Yes

 

Do we keep Activity Logs for your review?

Yes 

N/A

 

3.         Definitions

Activity Logs 

Activity Logs are the Company’s records of when you interact with or through Allevia. This may include when you create, access, modify, delete, release, or export Primary User Information in or from Allevia.

De-Identified Aggregate Data 

De-Identified Aggregate Data is Primary User Information that is: (1) grouped so it does not connect to you as an individual; and (2) has names and other identifiers removed or altered. In other words, De-Identified Aggregate Data is de-identified data and cannot be used to identify you as an individual. For example, De-Identified Aggregate Data might include statistical data that is calculated from a combination of your Health Data and the Health Data of other Primary Users. It is “de-identified” and cannot ever be connected to you personally.

Health Data

Health Data is the health information that you and the members of your Network collect, manage, and share via Allevia.

Health Profile

A Health Profile is a document that analyzes and summarizes the Health Data that the Primary User communicates to Allevia. Allevia will take the Health Data and assemble it into a summary for the Primary User to review and (if necessary) correct. Allevia will then transform that into a clinical summary for Providers to use. That clinical summary is the Health Profile.

Personal Information 

Personal Information means demographic information about you by which you may be personally identified, such as your name, postal address, e-mail address, telephone number, medical record number, and other identifiers and information, not specifically about your health that Allevia collects that are defined as personal or personally identifiable information under an applicable law. Personal Information may also include but is not limited to your financial information or social security number. Personal Information does not include your Health Data.

 

Primary User

A Primary User is the individual at the heart of each Valhalla Network – the person whose health care all members of the Network are working to protect and improve. You are signing up to be the Primary User.

Primary User Information

When you sign up for and use Allevia, you provide information about yourself, and you authorize your Network Members to provide information about you to Allevia. This information, including your Personal Information, Activity Logs, and Health Data, is Primary User Information. Primary User Information includes any information collected or developed by Allevia that can be connected with you personally. Primary User Information does not include De-Identified Aggregate Data, which cannot be connected with you.

 

Examples of Primary User Information include:

  • Your name and contact information, such as your address, phone number, or email address

  • Your Health Data

  • Your Health Profile

  • Your medical history, conditions, treatments, medications, and health insurance information

  • Your Personal Information (non-health information that may be used to identify you, such as your age, gender, ethnicity, and occupation

  • Information that is collected automatically when you use Allevia, such as your Activity Logs, your IP address, and “cookie” preferences

 

As described further below, we may use your Primary User Information to achieve the following:

  • Operate, improve and manage Allevia’s platform, software, and website

  • Maintain and protect our computer systems

  • Offer you resources for a better user experience and to improve your health, which may include (for examples) disease-specific education, links to relevant medical supplies, or suggested educational resources.

  • Comply with the law, such as responding to subpoenas and search warrants.

 

Provider 

A Provider is any healthcare provider, healthcare practice, or hospital that accepts your invitation to access and interact with your Health Data and Health Profile. You and your Providers form your “Network.”

Reporting 

Valhalla and our Service Providers might report about business activities and users of Allevia to others, such as investors, auditors, potential business partners, or public communities. Such Reports would only include De-Identified Aggregate Data.

Service Provider

A Service Provider is an entity that is hired to perform certain functions for Valhalla to support the development, maintenance, and implementation of Allevia. Service Providers may include software or website designers and data storage providers.

Security Measures     

Security Measures include computer safeguards, secured files, encryption, physical safeguards, and employee security training. Valhalla may be required by law to notify you about particular data breaches, if any occur.

 

4.         Information We Collect and How We Collect It

We collect information from and about users of Allevia:

  • Directly from you when you enter it into Allevia.

  • Directly from the Providers in your Network.

  • From other apps that you may use (such as fitness and health trackers) when you provide approval for Allevia to synchronize with and/or obtain information from such other apps.

  • Automatically when you use Allevia.

 

We Collect: Information That You Provide to Us. 

When you download, register with, or use Allevia, we may ask you provide information:

  • That is Health Data.

  • Personal Information (defined above).

  • That is about you but individually does not identify you, such as your smart phone model and operating system version, your IP address, your internet browser type.

This information includes:

  • Information that you provide by filling in forms within Allevia. This includes information provided at the time of registering to use Allevia, subscribing to our service, posting material, entering Health Data, and requesting further services. We may also ask you for information when you report a problem with Allevia.

  • Records and copies of your correspondence (including e-mail addresses and phone numbers), if you contact us.

  • Your responses to surveys that we might ask you to complete for research purposes.

  • Your search queries on Allevia.

 

We Collect: Your Health Data

Allevia’s main purpose is to facilitate the transmission of medical information between the Primary User and the Providers in his/her Network. This includes the information that you provide in response to Allevia’s questions and forms, as well as health-related documents that you may upload. In addition, members of your Network can add information about your health, add items to your Medications List, view your Symptom List, upload laboratory results, radiology reports, health forms, and data from health-tracking applications that you choose to link, and anything else related to your health care that you or your Providers choose to communicate. These types of information are, collectively, your Health Data.

We will treat your Health Data (and the Health Profile that Allevia automatically assembles from your Health Data) as private and highly confidential, and will implement strong Security Measures to safeguard it. Please be aware that no security measures are perfect or impenetrable.

In addition, we cannot control and are not responsible for the conduct of the Providers in your Network. By using Allevia and choosing whom to invite to your Network, you accept and assume the risk that the confidentiality of your Primary User Information may be breached by your Network Members.

We Collect: Information Via Automatic Collection And Tracking.  

When you download, access, and use Allevia, it may use technology to automatically collect:

  • Activity Logs. When you access and use Allevia, we will automatically collect certain details of your access to and use of Allevia (your Activity Log), including traffic data and other communication data and the resources that you access and use on or through Allevia.

  • Device Information. We may collect information about your mobile device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.

  • Stored Information and Files. With your in-app approval, Allevia also may access metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts, and address book information.

 

If you do not want us to collect the information described above, please do not download Allevia or, if already downloaded, delete it from your device. For more information, see the section titled “Your Choices about Our Collection, Use and Disclosure of Your Information.”

We also may use these technologies to collect information about your activities over time and across third-party websites, apps, or other online services (so-called “behavioral tracking”).

Information Collection And Tracking Technologies. We may use certain technologies for automatic information collection:

  • Allevia, a web application, does not use “web beacons.” It does employ “cookies.” A cookie is a small file, placed on your computer or mobile device, that contains information such as your site preferences or login status. If you do not wish to accept cookies when you visit our website, it may be possible to reject or disable them by activating appropriate setting on your browser or smartphone. However, this may prevent you from accessing parts of the website and receiving the full benefit of the Service.

 

NOTE: Children under the Age of 13

Allevia is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: office@valhalla.healthcare.


5.         Information Collection from Providers

In general, Valhalla collects all information that you supply directly to Allevia. We also may collect information from your Providers whom you expressly authorize to use Allevia with respect to you and your information. By authorizing a Provider to join your Network, you also authorize us to collect information about you from your Provider's support staff and from other practitioners affiliated with your Provider or in your Provider's practice. Further, we may collect information from other third party information providers that you expressly authorize to send information to your Valhalla account.

6.         Automatic Information Collection by Third Parties

When you use your device to visit a website or run any software application, including Allevia and our website, please be aware that certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:

  • Advertisers, ad networks, and ad servers.

  • Analytics companies.

  • Your mobile device manufacturer.

  • Your mobile service provider.

 

These third parties may use tracking technologies to collect information about you when you use Allevia. The information they collect may be associated with you, or they may collect information about your online activities over time and across different websites, apps and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.  

 

Click here for information on how you can opt out of behavioral tracking and behavioral marketing on or through Allevia and how we respond to browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

7.         How We Use Your Information

Valhalla uses your Primary User Information to provide the Services as described on our website and in our Terms of Use, as well as to enhance the performance of the Services and/or create new services. We will not use your Primary User Information for product development or product enhancement without your express, written permission.

If you choose to invite a Provider to your Network and participate in the Services with you, then Valhalla may use your information to facilitate the exchange of information and communication between you and your Network.

By inviting Providers to your Network, you acknowledge and agree that some or all of your Health Data and Health Profile may be sent to your Provider Network through the Services or through interfaces with other Providers’ information systems, and you understand that such Health Data and Health Profile may be incorporated into your health record maintained by your Provider.

Valhalla will not share the content of your Primary User Information except as permitted under this Privacy Policy, the Terms of Use, an Authorization to Use and Disclose Protected Health Information, a Business Associate Agreement, or as required by law, unless all relevant parties expressly consent to or authorize disclosure.

We will not use, sell, or disclose any of your Primary User Information – your Personal Information, Activity Logs, Health Data, and Health Profile – to market products or services. We may use De-Identified Aggregate Data for the limited purpose of promoting Allevia itself. (For example, we may use statistics derived from De-Identified Aggregate Data to demonstrate that Allevia has positive effect on the health of its users.)

We may, however, use Primary User Information to tell you about products and services that are directly related to Allevia, such as notifications of new features and software updates.

Allevia may also send you non-sponsored, marketing-free, and advertisement-free educational materials. Allevia would select the recipients of educational materials automatically, based on the medical conditions that you selected in your profile. The automatic process will be “blind” – we will not have access to the list of recipients of any educational material, or identifying information about any recipient in connection with any diagnosis code.

We may use your Personal Information – name, account information, contact information, etc. – to:

  • Provide you with Allevia and its contents, the Services, and any other information, products, or services that you request from us.

  • Facilitate your communications with other Network Members.

  • Fulfill any other purpose for which you provide it.

  • Give you notices about your account, including expiration and renewal notices.

  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • Notify you when Allevia updates are available, and of changes to any products or services we offer or provide through it.

 

In addition, Providers in your Network may use your Health Data and Health Profile to facilitate your health care, develop your medical record, bill governmental and private payers, and other purposes in their discretion.

The usage information we collect (including Activity Logs) helps us to improve Allevia and to deliver a better and more personalized experience by enabling us to:

  • Estimate our audience size and usage patterns.

  • Store information about your preferences, allowing us to customize Allevia according to your individual interests.

  • Speed up your user experience.

  • Recognize you when you use Allevia.

 

8.         Disclosure of Your Information

We may disclose aggregated information about our users that does not identify any individual or device – that is, De-Identified Aggregate Data – without restriction, except as otherwise stated in this Privacy Policy.

We may disclose your Primary User Information – that is, your Personal Information, Health Data, Health Profile, and Activity Logs – that we collect or that you or a Provider in your Network provides:

  • To fulfill the purpose for which you provide it. For example, if you use the feature on Allevia or website that asks Valhalla to invite a Provider to join your Network, we will include your name and email address in the notification that we send your Provider.

  • For any other purpose disclosed by us when you provide the information.

  • With your consent.

  • To third parties participating in the Services whom you authorize – that is, the Providers in your Network.

  • To Valhalla’s subsidiaries and affiliates (Applies to Personal Information only; we will not disclose your Health Data or Activity Logs to these entities).

  • To Valhalla’s Service Providers and other third parties we use to provide technical support and other services and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information that we hold about Allevia users is among the assets transferred. (In such case, your Primary User Information would remain subject to the provisions of the Valhalla Privacy Policy that was in effect immediately prior to the transfer unless we provide you notice otherwise.)

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • To enforce our rights arising from any contracts entered into between you and us, including without limitation the Terms of Use, and for billing and collection.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Valhalla Healthcare, Inc., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and risk reduction.

 

In addition, Providers in your Network may disclose your Health Data to facilitate your health care, develop your medical record, bill governmental and private payers, and other purposes in their discretion.

 

9.         Your Choices about Our Collection, Use, and Disclosure of Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of over your information.

  • Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.

  • Advertising and Marketing. We will not advertise or market products or services to you. If we ever change our policy about that, we will notify you and will provide you with the opportunity to refuse advertising and marketing communications at that time.

 

You may revoke any Provider's authorization to access your Network. You may do so by selecting the option within Allevia to remove that Provider from your Network. Once revoked, the Provider may no longer access or use the Services with respect to you and your Primary User Information. Please keep in mind that Valhalla cannot undo or retrieve any disclosure of your Primary User Information that was made before you revoke an authorization.

 

10.       Data Security

We have implemented Security Measures designed to secure your Primary User Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions and individual health information will be encrypted in transmission with SSL technology, and will be encrypted at rest with AES-256.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to Allevia, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of your information transmitted through Allevia. Any transmission of information is at your own risk. We are not responsible for circumvention of any privacy settings or Security Measures we provide.

By inviting Providers into your Network, you are authorizing us to give them full access to all of your Health Data and Health Profile.

For this reason, please be very careful about whom you invite to join your Network. We cannot control what your Providers will do with your Health Data. While Providers have a legal obligation to protect the confidentiality of your health information, we cannot guarantee that they will uphold their obligations. It is your responsibility to decide whether you wish to entrust any Provider with your confidential information by inviting them to join your Network. You acknowledge and agree that we are not responsible for the actions and omissions of the members of your Provider Network, and you will not sue or seek to hold Valhalla liable for any damages that you may suffer as a result of the conduct of your Providers.

11.       Changes to Our Privacy Policy

The date the Privacy Policy was last revised is identified at the top of the page. We may update our Privacy Policy from time to time. If we make material changes to how we treat our users’ information, we will post the new Privacy Policy on this page with a notice that the Privacy Policy has been updated. We will also notify you through an in-app alert the first time you use Allevia after we make the change.

 

12.       Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

Email: legal@valhalla.healthcare
Phone: (781) 366-0310
Address: 1334  Brittmoore Rd, Houston, TX 77043

Master Subscription License Agreement

 

1.    THIS MASTER SUBSCRIPTION AGREEMENT GOVERNS CUSTOMER’S ACQUISITION AND USE OF ALLEVIA, A SOFTWARE AS A SERVICE PROGRAM OWNED BY VALHALLA HEALTHCARE, INC. (“VAHALLA”) IF CUSTOMER REGISTERS FOR A FREE TRIAL OF ALLEVIA OR FOR FREE SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL OR THOSE FREE SERVICES. BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX INDICATING ACCEPTANCE, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR (3) USING FREE SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. 


2.    VALHALLA’s direct competitors are prohibited from accessing the Services, except with VALHALLA’s prior written consent. In addition, the Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes. This Agreement was last updated on January 1, 2019. It is effective between Customer and VALHALLA as of the date of Customer’s accepting this Agreement.  “Customer” means in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (for so long as they remain Affiliates) which have entered into Order Forms.

 
3.    VALHALLA RESPONSIBILITIES
a.    Provision of Purchased Services. VALHALLA will (a) make the Services and Content available to Customer pursuant to this Agreement, and the applicable Order Forms and Documentation, (b) provide applicable VALHALLA standard support for the Purchased Services to Customer at no additional charge, and/or upgraded support if purchased, (c) use commercially reasonable efforts to make the online Purchased Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which VALHALLA shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond VALHALLA’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving VALHALLA employees), Internet service provider failure or delay, Non-VALHALLA Application, or denial of service attack, and (d) provide the Services in accordance with laws and government regulations applicable to VALHALLA’s provision of its Services to its customers generally (i.e., without regard for Customer’s particular use of the Services), and subject to Customer’s use of the Services in accordance with this Agreement, the Documentation and the applicable Order Form.
b.    Protection of Customer Data. VALHALLA will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer data. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, VALHALLA will make Customer data available to Customer for export or download. After such 30-day period, VALHALLA will have no obligation to maintain or provide any Customer data, and will thereafter delete or destroy all copies of Customer data in its systems or otherwise in its possession or control, unless legally prohibited.
c.    VALHALLA Personnel. VALHALLA will be responsible for the performance of its personnel (including its employees and contractors) and their compliance with VALHALLA’s obligations under this agreement, except as otherwise specified in this Agreement.
d.    Beta Services. From time to time, VALHALLA may make Beta Services available to Customer at no charge. Customer may choose to try such Beta Services or not in its sole discretion. Any use of Beta Services is subject to the Beta Services terms at  https://www.valhalla.healthcare/company/legal/agreements.jsp.
e.    Free Trial. If Customer registers on VALHALLA’s website for a free trial, VALHALLA will make the applicable Service(s) available to Customer on a trial basis free of charge until the earlier of (a) the end of the free trial period for which Customer registered to use the applicable Service(s), or (b) the start date of any Purchased Service subscriptions ordered by Customer for such Service(s), or (c) termination by VALHALLA in its sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.


4.    ANY DATA CUSTOMER ENTERS INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY  OR  FOR  CUSTOMER,  DURING  CUSTOMER’S  FREE  TRIAL  WILL  BE  PERMANENTLY  LOST  UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL, PURCHASES APPLICABLE UPGRADED SERVICES, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD.  NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY VALHALLA” SECTION BELOW, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND VALHALLA SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SERVICES FOR THE FREE TRIAL PERIOD.  


5.    USE OF SERVICES AND CONTENT
a.    Subscriptions.  Unless otherwise provided in the applicable Order Form or Documentation, (a) Purchased Services and access to Content are purchased as subscriptions for the term stated in the applicable Order Form or in the applicable online purchasing portal, (b) subscriptions for Purchased Services may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added, and (c) any added subscriptions will terminate on the same date as the underlying subscriptions. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by VALHALLA regarding future functionality or features.
b.    Usage Limits. Services and Content are subject to usage limits specified in Order Forms and Documentation. If Customer exceeds a contractual usage limit, VALHALLA may work with Customer to seek to reduce Customer’s usage so that it conforms to that limit. If, notwithstanding VALHALLA’s efforts, Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of the applicable Services or Content promptly upon VALHALLA’s request, and/or pay any invoice for excess usage in accordance with the “Invoicing and Payment” section below.
c.    Customer Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement, Documentation and Order Forms, (b) be responsible for the accuracy, quality and legality of Customer Data, the means by which Customer acquired Customer Data, Customer’s use of Customer Data with the Services, and the interoperation of any Non-VALHALLA Applications with which Customer uses Services or Content, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services and Content, and notify VALHALLA promptly of any such unauthorized access or use, (d) use Services and Content only in accordance with this Agreement, Documentation, the Acceptable Use and External Facing Services Policy at  https://www.allevia.md/company/legal/agreements    Order Forms and applicable laws and government regulations, and (e) comply with terms of service of any Non-VALHALLA Applications with which Customer uses Services or Content. Any use of the Services in breach of the foregoing by Customer or Users that in VALHALLA’s judgment threatens the security, integrity or availability of VALHALLA’s services, may result in VALHALLA’s immediate suspension of the Services.
d.    Usage Restrictions. Customer will not (a) make any Service or Content available to anyone other than Customer or Users, or use any Service or Content for the benefit of anyone other than Customer or its Affiliates, unless expressly stated otherwise in an Order Form or the Documentation, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any Service or Content, or include any Service or Content in a service bureau or outsourcing offering, (c) use a Service or Non-VALHALLA Application to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Service or Non-VALHALLA Application to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or Content or its related systems or networks, (g) permit direct or indirect access to or use of any Services or Content in a way that circumvents a contractual usage limit,\.
e.    Removal of Content and Non-VALHALLA Applications. If Customer receives notice that Content or a Non-VALHALLA Application must be removed, modified and/or disabled to avoid violating applicable law, third-party rights, or the Acceptable Use and External Facing Services Policy, Customer will promptly do so. If Customer does not take required action in accordance with the above, or if in VALHALLA’s judgment continued violation is likely to reoccur, VALHALLA may disable the applicable Content, Service and/or Non- VALHALLA Application.  If VALHALLA is required by any third party rights holder to remove Content, or receives information that Content provided to Customer may violate applicable law or third-party rights, VALHALLA may discontinue Customer’s access to Content through the Services.


6.    FEES AND PAYMENT
a.    Fees. Customer will pay all fees specified in Order Forms. Except as otherwise specified herein or in an Order Form, (i) fees are based on Services and Content subscriptions purchased and not actual usage, (ii) payment obligations are non- cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term.
b.    Invoicing and Payment. Customer will provide VALHALLA with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to VALHALLA. If Customer provides credit card information to VALHALLA, Customer authorizes VALHALLA to charge such credit card for all Purchased Services listed in the Order Form for the initial subscription term and any renewal subscription term(s) as set forth in the “Term of Purchased Subscriptions” section below. Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, VALHALLA will invoice Customer in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced fees are due net 30 days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to VALHALLA and notifying VALHALLA of any changes to such information.
c.    Overdue Charges. If any invoiced amount is not received by VALHALLA by the due date, then without limiting VALHALLA’s rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and/or (b) VALHALLA may condition future subscription renewals and Order Forms on payment terms shorter than those specified in the “Invoicing and Payment” section below.
d.    Suspension of Service and Acceleration. If any charge owing by Customer under this or any other agreement for services is 30 days or more overdue, (or 10 or more days overdue in the case of amounts Customer has authorized VALHALLA to charge to Customer’s credit card), VALHALLA may, without limiting its other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Services until such amounts are paid in full, provided that, other than for customers paying by credit card or direct debit whose payment has been declined, VALHALLA will give Customer at least 10 days’ prior notice that its account is overdue, in accordance with the “Manner of Giving Notice” section below for billing notices, before suspending services to Customer.
e.    Payment Disputes. VALHALLA will not exercise its rights under the “Overdue Charges” or “Suspension of Service” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.
f.    Taxes. VALHALLA's fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If VALHALLA has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, VALHALLA will invoice Customer and Customer will pay that amount unless Customer provides VALHALLA with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, VALHALLA is solely responsible for taxes assessable against it based on its income, property and employees.


7.    PROPRIETARY RIGHTS AND LICENSES
a.    Reservation of Rights. Subject to the limited rights expressly granted hereunder, VALHALLA, its Affiliates, its licensors and Content Providers reserve all of their right, title and interest in and to the Services and Content, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.
b.    Access to and Use of Content. Customer has the right to access and use applicable Content subject to the terms of applicable Order Forms, this Agreement and the Documentation.
c.    License by Customer to VALHALLA. Customer grants VALHALLA, its Affiliates and applicable contractors a worldwide, limited-term license to host, copy, use, transmit, and display any Non-VALHALLA Applications and program code created by or for Customer using a Service or for use by Customer with the Services, and Customer Data, each as appropriate for VALHALLA to provide and ensure proper operation of, the Services and associated systems in accordance with this Agreement. If Customer chooses to use a Non- VALHALLA Application with a Service, Customer grants VALHALLA permission to allow the Non-VALHALLA Application and its provider to access Customer Data and information about Customer’s usage of the Non-VALHALLA Application as appropriate for the interoperation of that Non-VALHALLA Application with the Service. Subject to the limited licenses granted herein, VALHALLA acquires no right, title or interest from Customer or its licensors under this Agreement in or to any Customer Data, Non-VALHALLA Application or such program code.
d.    License by Customer to Use Feedback. Customer grants to VALHALLA and its Affiliates a worldwide, perpetual, irrevocable, royalty- free license to use and incorporate into its services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users relating to the operation of VALHALLA’s or its Affiliates’ services. 


8.    CONFIDENTIALITY
a.    Definition of Confidential Information. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. 
b.    Protection of Confidential Information. As between the parties, each party retains all ownership rights in and to its Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind. 


9.    REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS
a.    Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
b.    VALHALLA Warranties. VALHALLA warrants that during an applicable subscription term (a) this Agreement, the Order Forms and the Documentation will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, (b) VALHALLA will not materially decrease the overall security of the Services, (c) the Services will perform materially in accordance with the applicable Documentation, and (d) subject to the “Integration with Non-VALHALLA Applications” section above, VALHALLA will not materially decrease the overall functionality of the Services. For any breach of a warranty above, Customer’s exclusive remedies are those described in the “Termination” and “Refund or Payment upon Termination” sections below.
c.    Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT AND BETA SERVICES ARE PROVIDED “AS IS,” AND AS AVAILABLE EXCLUSIVE OF ANY WARRANTY WHATSOEVER.

 

10.    LIMITATION OF LIABILITY
a.    Limitation of Liability. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER AND ITS AFFILIATES HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. 
b.    Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES.


11.    TERM AND TERMINATION
a.    Term of Agreement. This Agreement commences on the date Customer first accepts it and continues until all subscriptions hereunder have expired or have been terminated.
b.    Term of Purchased Subscriptions. The term of each subscription shall be as specified in the applicable Order Form.  
c.    Termination. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
d.    Refund or Payment upon Termination. If this Agreement is terminated by Customer in accordance with the “Termination” section above, VALHALLA will refund Customer any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by VALHALLA in accordance with the “Termination” section above, Customer will pay any unpaid fees covering the remainder of the term of all Order Forms to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees payable to VALHALLA for the period prior to the effective date of termination.


12.    GENERAL PROVISIONS
a.    Entire Agreement and Order of Precedence. This Agreement is the entire agreement between VALHALLA and Customer regarding Customer’s use of Services and Content and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter.  
b.    Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries under this Agreement.
c.    Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. 
d.    Notices, Governing Law, and Venue. Texas law will apply in any dispute or lawsuit arising out of or in connection with this Agreement, and the courts that have jurisdiction over any such dispute or lawsuit will be exclusively in Harris County, Texas,
e.    Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. 

HIPAA Compliance

Last Updated: 01/28/2019

Technical Safeguards

 

Implementation specification

Further details

How Allevia satisfies the implementation specification

Implement a means of access control

This not only means assigning a centrally-controlled unique username and PIN code for each user, but also establishing procedures to govern the release or disclosure of ePHI during an emergency.

Unique user id and identification

Access is granted only by formal request. This request can only be initiated by the appropriate department head, and must be approved by the department head and the Security Officer or appropriate personnel. Only Valhalla Healthcare staff and contractors with a legitimate need will receive a user ID to access Valhalla Healthcare systems. All requests for access by a non-employee (e.g., contractors, partners, etc.) shall be made by a Valhalla Healthcare staff member by requesting access from the Security Officer. (Turn on logging for the database to track user movements. Keep for at least a week.)

 

Unique User Identification and Password Policy:

a. Any user that requires access to any network, system, or application that access, transmits, receives, or stores EPHI, must be provided with a unique user identification string. Patients who use the client end of the system can use an email address as unique user identification string.

b. When requesting access to any network, system, or application that accesses, transmits, receives, or stores EPHI, a user must supply his or her previously assigned unique user identification in conjunction with a secure password to gain access.

c. Each user's password must meet the following minimum requirements: • Passwords must be a minimum of eight characters in length • Passwords must include at least one uppercase, one lowercase and one number

d. If a system does not support the minimum structure and complexity as detailed in the aforementioned guidelines, one of the following procedures must be implemented: • The password assigned must be adequately complex to ensure that it is not easily guessed and the complexity of the chosen alternative must be defined and documented. • The legacy system must be upgraded to support the requirements of (letter c) as soon as administratively possible. • All EPHI must be removed and relocated to a system that supports the foregoing security password structure.

e. Users must not allow another user to use their unique user identification or password.

f. Users must ensure that their user identification and password are not documented, written, or otherwise exposed in an insecure manner.

g. Each user must ensure that their User Identification and password is appropriately protected and only used for legitimate access to networks, systems, or applications.

i. If a user believes their user identification or password has been compromised, they must report that security incident to their manager, who will contact the appropriate HIPAA Officer.

 

Emergency access procedure

Management can grant emergency access via implementation of technical steps with the Valhalla Healthcare tech team according to the type of emergency and access privileges to a caregiver if:

1. Management has declared an emergency.

2. The denial or strict access to that EPHI could inhibit or negatively affect an individual’s care.

3. If emergency access has been granted, management will review the impact of emergency access and document the event within 24 hours of being granted.

4. After the emergency access event is over, the user's access is removed.

 

Remote access

Requires authorization by relevant department head and additional HIPAA training and awareness by Security Officer.

 

Introduce a mechanism to authenticate ePHI

This mechanism is essential in order to comply with HIPAA regulations as it confirms whether ePHI has been altered or destroyed in an unauthorized manner.

(Turn on logging for the database and have a backup database)

Implement tools for encryption and decryption

This guideline relates to the devices used by authorized users, which must have the functionality to encrypt messages when they are sent beyond an internal firewalled server, and decrypt those messages when they are received.

The database uses AES-256 encryption, the same encryption that is used between pages. All data is stored server side.

 

Allevia.md can only be accessed via https with a certificate issued by amazon using SHA-256 with RSA Encryption and not http.

 

Email is used to distribute usernames, forgotten password feature. (contents of emails)

Emails sent out are encrypted with TLS.

 

Introduce activity logs and audit controls

The audit controls required under the technical safeguards are there to register attempted access to ePHI and record what is done with that data once it has been accessed.

(Turn on logging for the database and have a backup database)

Facilitate automatic log-off of PCs and devices

This function logs authorized personnel off of the device they are using to access or communicate ePHI after a pre-defined period of time. This prevents unauthorized access of ePHI should the device be left unattended.

A 15 minute inactivity log-off is implemented for Allevia for both patient users and admins.

 

Servers, workstations, or other computer systems that access, transmit, receive, or store EPHI, and are located in locked or secure environments need not implement inactivity timers or automatic logoff mechanisms.

 

 

Physical Safeguards

 

Implementation specification

Further details

How Allevia satisfies the requirement

Facility controls must be implemented

Controls who has physical access to the location where ePHI is stored and includes software engineers, cleaners, etc. The procedures must also include safeguards to prevent unauthorized physical access, tampering, and theft.

AWS hosts our servers and we have a BAA signed with them. BAA with AWS updated and resigned on December 19th 2018. The physical location of the servers are located in AWS east. MI7 is used for EMR integration and we have a master agreement signed with them. MI7 related EMR communication software is hosted on the US east Northern Virginia server on AWS. The servers for the resources involved in hosting the allevia.md website and the database are hosted on US east Ohio.

Policies for the user/positioning of workstations

Policies must be devised and implemented to restrict the use of workstations that have access to ePHI, to specify the protective surrounding of a workstation and govern how functions are to be performed on the workstations.

Currently only those who have the username and password to the database and know the server where the database is hosted can access the ePHI. Currently, access to ePHI may only be conducted in offices and remote access has to follow the remote access policy.

Users may access their own ePHI via their online Allevia account.

Policies and procedures for mobile devices

If users are allowed to access ePHI from their mobile devices, policies must be devised and implemented to govern how ePHI is removed from the devices if the user leaves the organization or the device is re-used, sold, etc.

Users can access their ePHI via unique email address and secure password (at least 8 characters and use at least one lowercase, one uppercase and one number). Users are automatically logged out after 15 minutes and all PHI is stored on server side. They can request for their data to be removed.

Inventory of hardware

An inventory of all hardware must be maintained, together with a record of the movements of each item. A retrievable exact copy of ePHI must be made before any equipment is moved.

All movement of Valhalla Healthcare hardware must be documented. Current Valhalla Healthcare hardware inventory:

- One Samsung tablet.

Device and media control

 

Media included within the scope of this policy includes, but is not limited to, hard drives, solid state memory, flash drives, smart phones, digital storage cards, DVDs, CD-ROMs, and USB memory devices.

All users must be aware that sensitive data could potentially be lost or compromised when moved outside of Valhalla Healthcare networks.

The disposal or reuse for another purpose of any hardware or electronic media containing confidential information, including all forms and types, such as computers, servers, portable devices, copiers, and multifunction machines, shall include the destruction of any such confidential information before ultimate disposal or reallocation to a new use outside of Valhalla Healthcare. The destruction of electronic confidential information shall be carried out by physical or electronic means that ensures the actual destruction of the information. In order to avoid reportable information security breaches under the HIPAA Breach Notification regulations at §164.400 et seq., any and all disposal methods used must meet the requirements specified in guidance provided by the US Department of Health and Human Services (HHS), available at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html All paper which contains sensitive information that is no longer needed must be shredded before being disposed of. All employees working from home, or other non-Valhalla Healthcare work environment, MUST have direct access to a shredder.

All electronic media being disposed of must be sanitized or destroyed in accordance with HIPAA-compliant procedures. Do not throw any media containing sensitive, protected information in the trash. Return all portable media to your supervisor.

 

Record of disposal

- None yet.

Administrative Safeguards

 

Implementation specification

Further details

How Allevia satisfies the requirement

Conducting risk assessments

Among the Security Officer´s main tasks is the compilation of a risk assessment to identify every area in which ePHI is being used, and to determine all of the ways in which breaches of ePHI could occur.

Due to Valhalla Healthcare's small size, John Chen is designated the Security Officer and Privacy Officer.

 

All new PHI starts from the browser and is encrypted in transit. PHI stored between pages is kept server side and all PHI is stored in an encrypted at rest database. Members of Valhalla Healthcare, given the according access control and permissions, may download locally for research purposes.

 

Introducing a risk management policy

The risk assessment must be repeated at regular intervals with measures introduced to reduce the risks to an appropriate level. A sanctions policy for employees who fail to comply with HIPAA regulations must also be introduced.

 

Sanction policy

DEFINITION OF OFFENSE:

Class I offenses:

(1) Accessing information that you do not need to know to do your job;

(2) Sharing your computer access codes (user name & password);

(3) Leaving your computer unattended while you are logged into a PHI program;

(4) Sharing PHI with another employee without authorization;

(5) Copying PHI without authorization;

(6) Changing PHI without authorization;

(7) Discussing confidential information in a public area or in an area where the public could overhear the conversation;

(8) Discussing confidential information with an unauthorized person; or

(9) Failure to cooperate with privacy officer.

Class II offenses:

(1) Second offense of any class I offense (does not have to be the same offense);

(2) Unauthorized use or disclosure of PHI;

(3) Using another person’s computer access codes (user name & password); or

(4) Failure to comply with a resolution team resolution or recommendation.

Class III offenses:

(1) Third offense of any class I offense (does not have to be the same offense);

(2) Second offense of any class II offense (does not have to be the same offense);

(3) Obtaining PHI under false pretenses; or

(4) Using and/or disclosing PHI for commercial advantage, personal gain or malicious harm.

HIPAA SANCTIONS:

Class I offenses shall include, but are not limited to:

(a) Verbal reprimand;

(b) Written reprimand in employee’s personnel file;

(c) Retraining on HIPAA Awareness;

(d) Retraining on Company’s Privacy and Security Policy and how it impacts the said employee and said employee’s department; or

(e) Retraining on the proper use of internal forms and HIPAA required forms.

Class II offenses shall include, but are not limited to:

(a) Written reprimand in employee’s personnel file;

(b) Retraining on HIPAA Awareness;

(c) Retraining on County’s Privacy Policy and how it impacts the said employee and said employee’s department;

(d) Retraining on the proper use of internal forms and HIPAA required forms; or

(e) Suspension of employee (In reference to suspension period: minimum of one (1) day/ maximum of three (3) days).

 

Class III offenses shall include, but are not limited to:

(a) Termination of employment;

(b) Civil penalties as provided under HIPAA or other applicable Federal/State/Local law; or

(c) Criminal penalties as provided under HIPAA or other applicable Federal/State/Local law.

Training employees to be secure

Training schedules must be introduced to raise awareness of the policies and procedures governing access to ePHI and how to identify malicious software attacks and malware. All training must be documented.

All members of Valhalla Healthcare are currently aware of and involved in HIPAA related security.

Valhalla Healthcare conducts workforce wide HIPAA training annually in December.

 

Developing a contingency plan

In the event of an emergency, a contingency plan must be ready to enable the continuation of critical business processes while protecting the integrity of ePHI while an organization operates in emergency mode.

Contingency plan/Disaster recovery plan

Due to the use of AWS servers for hosting of Allevia and related databases, in the event of an emergency the following steps may be taken:

1. Clone all machines and move them to another location in AWS. If cloning is not possible then new machines are fired up from backups. Databases can be merged after the conclusion of the emergency.

2. Update website DNS to new server locations.

Testing of contingency plan and data backup

The contingency plan must be tested periodically to assess the relative criticality of specific applications. There must also be accessible backups of ePHI and procedures to restore lost data in the event of an emergency.

Databases and website resources have periodic backups on AWS which we can then restore or set up a database in a different AWS location.

Restricting third-party access

It is vital to ensure ePHI is not accessed by unauthorized parent organizations and subcontractors, and that Business Associate Agreements are signed with business partners who will have access to ePHI.

Valhalla Healthcare has signed Business Associate Agreements with Amazon, who hosts our database and website resources. Although MI7 software receives and sends information to EMRs, MI7 does not have access to the ePHI itself.

 

Reporting security incidents

The reporting of security incidents is different from the Breach Notification Rule inasmuch as incidents can be contained and data retrieved before the incident develops into a breach.

Security Incidents

The security incidents team currently consists of John Chen.

Valhalla Healthcare will adhere to its Security Incident Response Plan when dealing with suspected security incidents. A “Security Incident,” in the context of this policy, is an attempt to gain unauthorized access to a system or data, unwanted denial of service to Valhalla Healthcare’s resources, the unauthorized use of a system that processes or stores sensitive information, or an unauthorized disclosure or compromise of sensitive Valhalla Healthcare data. A Security Incident may involve any or all of the following (this list is illustrative only and does not include all possible Security Incidents):  Unauthorized computer, device, network, systems, or data access;  Presence of a malicious application, such as a virus or malware;  Presence of unexpected/unusual programs;  A denial of service condition against data, network, computer, or device;  Physical or logical damage to systems;  Theft, loss, or misplacement of a laptop or other device;  Theft of sensitive electronic information;  Cyber-extortion attempts; and  Emergency disaster recovery operations that may have comprised security controls.

Valhalla Healthcare will assess and respond to Security Incidents. All Security Incidents should be immediately reported to the Security Officer who shall take appropriate action and notify the CTO and relevant department heads. If the Security Officer is not available, the suspected incident should be reported to the CTO and relevant department heads.

Appropriate responses to security incidents may include, but are not limited to: o Rapidly identifying and classifying the severity of security incidents. o Determining the actual risk to individually identifiable health information, and the subject(s) thereof. o Repairing, patching, or otherwise correcting the condition or error that created the security incident. o Retrieving or limiting the dissemination of individually identifiable health information, if possible. o Mitigating any harmful effects of the security incident. o Fully documenting security incidents, along with their causes and Valhalla Healthcare’s responses. o Expanding Valhalla Healthcare’s knowledge of security incident prevention, through research, analyses of security incidents, and improved training and awareness programs for workforce members.

Reporting breaches

Breach Notification Rule

Report smaller breaches – those affecting fewer than 500 individuals – via the OCR web portal. These smaller breach reports will ideally be made once the initial investigation has been conducted. The OCR only requires these reports to be made annually.

Breach notifications will include the following information:

  • The nature of the ePHI involved, including the types of personal identifiers exposed.

  • The unauthorized person who used the ePHI or to whom the disclosure was made (if known).

  • Whether the ePHI was actually acquired or viewed (if known).

  • The extent to which the risk of damage has been mitigated.

 

Breach notifications will be made without unreasonable delay and in no case later than 60 days following the discovery of a breach. When notifying a patient of a breach, the we will inform the individual of the steps they should take to protect themselves from potential harm, include a brief description of what we are doing to investigate the breach and the actions taken so far to prevent further breaches and security incidents.

Emergency Mode Operations

Personnel are assigned the below functions.

Functions

Assigned

Telephones outbound: Alex Baqui

Telephones inbound: Alex Baqui

Computing resources: John Chen

U.S. Mail: John Chen

Couriers (FedEx, etc.): John Chen

Internet and Email: John Chen

Customer/Patient Contact: John Chen

Medical Records: John Chen

Other Business Records: Alex Baqui

Legal Issues: John Chen

Transportation: John Chen

Internal Communications: John Chen

Physical Security: John Chen

Utilities Restoration: John Chen

Remediation and Restoration: John Chen

Vendor/Partner Relations: Alex Baqui

Media Relations: Alex Baqui

AWS architecture HIPAA compliance

Elastic load balancer (ELB), Elastic Cloud Compute 2 (EC2) and Relational Database Service (RDS) are on the same Virtual Private Cloud (VPC) with public subnets in three Availability Zones (AZ) and private subnets in two AZs with the default being east-2a.

ELB only has a https listener and ignore all other traffic. The ELB is on a public subnet. The ELB has a signed SSL certificate attached.

The EC2 instance only takes HTTPS inbound from the security group of the ELB and Secure Shell (SSH) from specific locations. The EC2 is on a public subnet. It is instantiated as a c5.large instance with an elastic ip. The Elastic Block Storage (EBS) that it resides on is encrypted. The EC2 nginx server has a self signed SSL certificate.

RDS only takes TCP, IMCP and MySQL inbounds from the security group of the EC2. The RDS is on a private subnet. It is instantiated as a db.r4.large instance running 5.6 MySQL with Audit, Error, General, Slow query logs, delete prevention, performance insights.

 

Cloudtrail logs saved in S3 with encryption and KMS and detailed cloudwatch enabled.

Config is used for inventory of AWS resources.

 

Ongoing testing

- Review security incidents and use information for security planning.

- Proactive review of system activity for each application and for computers, network equipment and other system assets that store, transmit or have access to ePHI for suspected security violations.

- Granting access to ePHI is documented.

- Periodic security reminders.

- Backups are tested.

- Disaster recovery plans are tested.

- Business Continuity Plans are tested.

- Evaluation of HIPAA compliance.

 

Authorization to Use and Disclose PHI

I am signing this Authorization because: I wish to authorize the healthcare providers in my Valhalla healthcare “Network” (as defined in the Valhalla Privacy Policy that I am signing in conjunction with this Authorization), and Valhalla Healthcare, Inc., to communicate with me and with each other regarding my healthcare through the Allevia mobile software application (“Allevia”).

 

I understand that, by signing this Authorization, I am authorizing the healthcare providers listed below (the “Providers”), and Valhalla itself, to use, disclose, and obtain my Personal Health Information (defined below). The Authorization is intended to satisfy the legal requirements of the Health Insurance Portability and Accountability Act (42 U.S.C. § 1320d) (HIPAA) and state privacy laws.

 

Authorization to Use, Disclose, and Obtain My Personal Health Information

I hereby authorize the Providers, as well as Valhalla itself, to use, disclose, or obtain my Personal Health Information for the purposes described herein. I understand and intend that this Authorization will not be effective as to any Provider unless and until the Provider joins my Network.

 

Authorization for Specific Types of Personal Health Information

I understand that if my Personal Health Information contains the following types of information, I hereby consent and authorize the Providers and Valhalla to use or disclose it for the purposes described herein.

  • HIV test results[1]

  • Genetic screening test results

  • Alcohol and drug abuse history

  • Sexually transmitted disease (STD) information

  • Domestic violence/sexual assault counseling

  • Mental health diagnosis/treatment
     

Persons and Entities to Whom the Provider Is Authorized to Disclose My Personal Health Information

I hereby authorize each of the following Providers, as well as Valhalla, to disclose my Personal Health Information to, obtain my Personal Health Information from, and discuss my Personal Health Information with, Valhalla and each of the following Providers:

  • Providers

  • Location/Contact

My Providers are governed by HIPAA as “covered entities,” and Valhalla is governed by HIPAA as the Provider’s “business associate.” HIPAA requires the Provider and Valhalla to safeguard the security and privacy of my Personal Health Information. But other third parties may not be governed by HIPAA. If I give access to my account or my Network to any such third parties, my Personal Health Information may be subject to re-disclosure by such third parties, and it may not be possible to protect the privacy of such information. I hereby release the Providers, Valhalla, and the employees of the Providers and Valhalla from any liability arising from the re-disclosure of this information by such third parties. 

 

Unless I have specifically requested in writing that the disclosure of information be made in a certain format, I understand and agree that the Providers reserve the right to disclose information as permitted by this authorization in any manner that it deems to be appropriate and consistent with applicable law, including, but not limited to, verbally, in paper format, or electronically.

  

Description and Purposes of Using/Disclosing/Obtaining Personal Health Information

This Authorization covers my “Personal Health Information.” My Personal Health Information includes all information that is disclosed by, between, or among myself, the Providers, and Valhalla through use of Allevia. It includes but is not limited to the information, communications, and documents that comprise my “Primary User Information” (as defined in the Valhalla Terms of Use). Personal Health Information also includes (but is not limited to) all information that relates to my diagnosis, treatment, payment, criminal record information, healthcare services, continuing care plans, demographic information, treatment progress, and assessment. It may also include information in my medical record, as well as any and all other “Protected Health Information” as defined by HIPAA.

 

I understand that the purpose of using, disclosing, or obtaining this information is to improve assessment and treatment planning, to share information relevant to treatment, to coordinate treatment services, to improve health care operations, assist in billing for payment of services, and generally to facilitate the coordination of my healthcare between and among the members of the Network.

 

My Rights

By signing below, I acknowledge that I have read this authorization and understand that:

  • I may refuse to authorize the disclosure of the above healthcare information. My Providers will not condition my ability to receive healthcare services or treatment on providing or refusing to agree to this Authorization. But if I refuse to agree to this Authorization, I will not be permitted to use Allevia.

  • I may revoke this Authorization at any time by notifying Valhalla’s Privacy Officer by email at legal@valhalla.healthcare or by telephone at (781) 366-0310. I may also revoke this Authorization by terminating my Allevia account. Revoking this Authorization will not apply to information that was already used/disclosed/obtained in reliance on my having signed this form.  

  • The health information that is disclosed pursuant to this Authorization may be subject to re-disclosure by a recipient, and it may not be possible to protect the privacy of this information once re-disclosed.

  • I have the right to make a written request to review my records before signing. I have the right to receive copies of my records for a reasonable fee.

  • I have a right to a copy of this signed authorization.

 

I understand that this authorization will remain in effect until I revoke it as described above, or until I terminate my account with Valhalla.

 

I have read and understand the terms of this authorization. I have had an opportunity to ask questions about the use and disclosure of my Personal Health Information. By my signature below, I hereby knowingly and voluntarily authorize the Providers and Valhalla Healthcare, Inc., to use, disclose, and/or obtain my Personal Health Information in the manner described above.

 

 

___________________________________________                               ___________________________________________

 [   ] Patient Name                                                                                                Date             

 

 

OR

 If the Patient is incapacitated (physically or mentally):

__________________________________________                          ___________________________________________
[   ] Guardian/Personal Representative                                Date

 

 

___________________________________________

Authority or Relationship

 

 

[1] I understand that authorizing the disclosure of this information could have adverse consequences if the information is misused. This may include discriminatory treatment, whether lawful or unlawful. I understand that the Providers will protect the confidentiality of information about my HIV status, sexually transmitted disease status, and all my healthcare records, as the law requires.

 

Business Associate Agreement (BAA)

This Business Associate Agreement (“BAA”) is entered into by and between ___________________________________________ (“Covered Entity”) and Valhalla Healthcare, Inc. (“Business Associate”), and applies to all services provided to or on behalf of the Covered Entity and relationships between Covered Entity and Business Associate.

Service Provided to Covered Entity:  Facilitating healthcare communications between patient, the patient’s provider(s), and the patient’s friends/family.

A.    HIPAA and HITECH Dominance. In the event of a conflict or inconsistency between the terms of any other agreement between the parties and this language, this BAA language controls with respect to the subject matter herein. This language is required by the Health Insurance Portability and Accountability Act of 1996, and the Health Information Technology for Economic and Clinical Health Act (found in Title XIII of the American Recovery and Reinvestment Act of 2009) (“HIPAA” and “HITECH”).  The parties acknowledge and agree that, beginning with the effective dates under HIPAA and HITECH, Business Associate will comply with its obligations under this BAA and with all obligations of a business associate under HIPAA, HITECH, and any implementing regulations, as they exist at the time this BAA is executed and as they are amended from time to time, for so long as this BAA is in place. (Collectively, HIPAA and HITECH are referred to herein as “HIPAA”). The terms used in this BAA have the same meaning as defined by HIPAA unless the context dictates otherwise.

B.    HIPAA Applicability and Scope. For purposes of the obligations under this BAA, the term “Subcontractor” means, collectively, all of the Business Associate’s subcontractors as well as each of their downstream entities.  Business Associate and its Subcontractors are directly subject to and must independently comply with the Business Associate provisions of HIPAA irrespective of the provisions contained in this BAA.
 
C.    Protected Health Information. Any Protected Health Information (“PHI”) as defined by HIPAA that, on behalf of Covered Entity, was collected, created, received, maintained, by or transmitted to or from Covered Entity is PHI. For purposes of these obligations PHI means all PHI in Business Associate’s possession or under its control (e.g., employees, workforce members, and subcontractors and their downstream entities) and all PHI collected, created, received, maintained, or transmitted by Business Associate or its Subcontractors on or after the effective date of this HIPAA language.  

D.    Confidential Information. Confidential Information means and includes (a) any and all information related to patients; (b) any and all information about Covered Entity that is not known to the general public; (c) non-public information that belongs or relates to third parties to whom Covered Entity has an obligation of confidentiality, including software vendors; and (d) non-public information about Covered Entity’s employees or business associates.

E.    Employees, Subcontractors, and Disciplinary Action

1.    Acts / Omissions. Business Associate will be responsible for all actions and/or omissions by its employees and/or Subcontractor’s employees and is liable to third parties and Covered Entity for any violation of patients’ privacy or security by any person granted access or receive data through Business Associate.  For purposes of this BAA, the  Business Associate’s employees include its workforce members. 

2.    Employees. Business Associate agrees to instruct its employees regarding the confidentiality, privacy and security of PHI and the Business Associate’s obligations under this BAA.  Business Associate shall not disclose to its employees or permit them to access, view, obtain, copy, review, or use any PHI that is not necessary to their services to Covered Entity.  Business Associate agrees to maintain strict performance standards, including disciplinary actions, with respect to wrongful access to, copying, viewing, misuse, or disclosure of PHI.

3.    Workforce Members and Downstream Entities. Business Associate shall ensure its permitted workforce member(s) and Subcontractor(s) (if subcontractors are permitted) that collect, create, receive, maintain, or transmit PHI on behalf of the Covered Entity are advised in writing of Business Associate’s obligations with respect to PHI.  Business Associate shall require that the permitted Subcontractor(s) agree in writing to the same permissible uses and disclosures of PHI and to the same restrictions, conditions, and obligations that apply to the Business Associate. Business Associate agrees to make a list of such Subcontractors available to Covered Entity upon request.

4.    Administrative and Disciplinary Action. Business Associate will take appropriate administrative and disciplinary action with respect to its employee or Subcontractor if a privacy and/or security violation is substantiated.

5.    To the extent that this BAA requires Business Associate to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, Business Associate shall comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s).

F.    Permissible Uses of PHI.

1.    Using and Disclosing PHI. Business Associate is a person or an organization, other than a member of a Covered Entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a Covered Entity that involves the use or disclosure of PHI.   The Business Associate may use or disclose PHI as permitted by this BAA or as required by law.   

Furthermore, the Business Associate may only use or disclose PHI to the extent that the Covered Entity is permitted to use and disclose PHI, and only if the Covered Entity has delegated that use or disclosure to the Business Associate.

2.    Business Associate’s Internal Management Uses of PHI. Business Associate may use PHI for internal management and administration of Business Associate and to carry out the legal responsibilities of the Business Associate. Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.  

3.    Minimum Necessary. Business Associate is permitted to access, use, request, and/or store only the minimum necessary PHI to the extent required to perform its duties under this BAA.  

4.    Handling PHI. Business Associate agrees to promptly return or destroy any PHI that is erroneously shared or delivered to Business Associate.

5.    Data Aggregation. Business Associate is permitted to use PHI for data aggregation for the health care operations of Covered Entity or its own operations. Data aggregation means combining Covered Entity’s PHI with another unrelated covered entity’s PHI for any purpose.

6.    De-Identified – Business Associate Use for Own Purposes. Business Associate agrees not to sell (i.e., receive any direct or indirect remuneration) or use any PHI, de-identified PHI, or data that identifies the Covered Entity for its own purposes or for the benefit of its other customers, without Covered Entity’s prior written consent. Provider hereby consents to allow the Business Associate to de-identify PHI and then use it for any purpose, provided that the method of de-identification satisfies the requirements of HIPAA. 

7.    No Indirect Sale of PHI. Business Associate has not given Covered Entity a discount or reduction in pricing in exchange for purposes other than services to or on behalf of Covered Entity.

G.    Safeguards, Reporting, and Mitigation

1.    Safeguards and Security. Business Associate agrees to implement reasonable administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of all PHI. Business Associate agrees to implement reasonable electronic security practices for Covered Entity PHI which is transmitted, stored, collected, created, received, maintained, or used in electronic form. Business Associate also shall require its permitted  Subcontractor(s) to agree in writing to implement reasonable administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of all Covered Entity’s PHI. The Business Associate agrees to encrypt PHI transmitted by the Business Associate to the Covered Entity over a public network. 


2.    Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for in connection with this BAA or performance of the services, of which it becomes aware, including breaches of unsecured PHI as required by 45 CFR 164.410; provided that notice is hereby deemed given for Unsuccessful Security Incidents, defined as a security incident that does not result in the unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system, including (without limitation) activity such as pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, interception of encrypted information where the key is not compromised, denial of service attacks, and/or any combination of the above. This notice shall satisfy any notices required of Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents, for which no additional notice to Covered Entity shall be given or required.


3.    Notification of a breach of unsecured PHI under 45 CFR 164.410 will be made without unreasonable delay, but in no event more than sixty (60) calendar days after Business Associate’s discovery of such a breach and will be delivered to Covered Entity by means selected by Business Associate, including via email. Business Associate’s obligation to report under this Section shall not be construed as an acknowledgment by Carbonite of any fault or liability with respect to any use or disclosure of PHI, or security incident or breach related thereto. 

4.    Content – Reporting of Actual or Suspected Violations. The Business Associate shall report to the Covered Entity, to the best extent reasonably possible, the identification of each individual whose PHI or ePHI has been, or is reasonably believed by the Business Associate, to have been accessed, acquired, or disclosed in connection with an actual or suspected breach of the Privacy Rule, the Security Rule, or HITECH. Business Associate shall also provide Covered Entity with any other available information that Covered Entity is required to include in a notification to an individual.

5.    Mitigation. Business Associate agrees to cooperate and collaborate reasonably with the Covered Entity in mitigating any harmful effect that is known to Business Associate, including known to its employees/ Subcontractors, of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA. Business Associate also agrees to be responsible for any mitigation or compliance costs related to a breach of privacy or security caused by the Business Associate or its Subcontractors.

H.    Legal Contact and Pattern of Activity.

1.    Notice of Legal Contact. Business Associate shall promptly notify Covered Entity in writing of a disclosure request prior to disclosing Covered Entity PHI if such disclosure is required by law or court order, to the extent as permitted by law.

2.    Pattern of Activity. If Business Associate becomes aware of a pattern of activity or practice by any entity, including Covered Entity, that constitutes a material breach or violation of the HIPAA, Business Associate shall: notify Covered Entity of the same; refrain from exchanging any PHI with such entity; upon becoming aware of such behavior by an entity with which Business Associate has already exchanged PHI, take reasonable steps to cure the breach or end the violation, as applicable, and if such steps are unsuccessful, terminate the contract or arrangement with such entity, if feasible; or if termination is not feasible, report the problem to the Secretary of the Department of Health and Human Services, in accordance with Section 13404 of the HITECH Act and 45 C.F.R §164.504(e).

 

I.    Patient Rights With Respect To PHI. Upon request, the Business Associate shall make PHI in its possession or under its control available to the Covered Entity within ten (10) business days of a Covered Entity’s request.

1.    Notice of Patient Contact. Business Associate shall promptly notify the Privacy Officer of Covered Entity if a patient contacts Business Associate in connection with the patient’s PHI.

2.    Covered Entity shall be responsible for communicating with patients regarding their patient rights.

3.    Covered Entity’s Obligations. 

I.    To the extent that the Covered Entity has any limitations and/or restrictions that affect the Business Associate’s use or disclosure of PHI, the Covered Entity shall so notify the Business Associate of such limitations and/or restrictions, and Business Associate shall comply with the same. 


II.    THE COVERED ENTITY HEREBY REPRESENTS AND WARRANTS THAT THERE ARE AND, FOR THE TERM OF THIS BAA, WILL BE NO LIMITATIONS OR RESTRICTIONS LISTED ON THE COVERED ENTITY’S NOTICE OF PRIVACY PRACTICES AND NO LIMITATIONS OR RESTRICTIONS AGREED UPON WITH A SPECIFIC PATIENT THAT WOULD AFFECT THE BUSINESS ASSOCIATE’S USE OR DISCLOSURE OF PHI.


4.    If the  Business Associate is engaged to maintain PHI in a designated record set, then the Business Associate agrees to honor patient rights under HIPAA.  

5.    Business Associate will make PHI available in electronic format upon request by Covered Entity in accordance with 45 C.F.R. §164.524 and Section 13405(e) of HITECH. 

6.    Electronic Health Records Related to Treatment, Payment, or Operations. In the case of a direct request for an accounting from an individual to Business Associate related to treatment, payment, or health care operations disclosures from electronic health records, Business Associate shall, in collaboration with the Covered Entity, provide such accounting to the individual in accordance with 45 C.F.R. §164.528 and Section 13405(c) of HITECH. Business Associate shall document such disclosures and provide Covered Entity notice of the disclosure in accordance with 45 C.F.R. §164.528 and Section 13405(c) of HITECH.

J.    Amendment. Upon enactment of any law, regulation, court decision or relevant government publication and/or interpretive policy affecting the use or disclosure of PHI, Covered Entity, by written notice to Business Associate, may amend or replace this BAA in such manner as Covered Entity determines necessary to comply with same.

K.    Assignment. Covered Entity hereby provides express written consent to permit Business Associate to assign any and all rights, and to delegate any and all duties, under this BAA.

L.    Laws. Business Associate will comply with all applicable federal and state security and privacy laws that are more protective of individual privacy and security than HIPAA.

M.    Termination of Relationship.

1.    Immediate Termination and Cure. Either party hereto may immediately terminate its relationship with the other party upon written notice to the other party without damages, liability, or penalty if the first party determines that the other party has violated a material requirement related to HIPAA. 

2.    PHI Obligations upon Termination or Expiration.  Upon termination of this BAA for any reason, Business Associate, with respect to PHI received from the Covered Entity, or created, maintained, or received by Business Associate on behalf of the Covered Entity, shall:
i.    Retain only that PHI that is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities (including without limitation contractual obligations to patients who wish to continue using Business Associate’s services);
ii.    Destroy the remaining PHI that Business Associate still maintains in any form;
iii.    Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, other than as provided for in this Section, for as long as Business Associate retains the PHI; 
iv.    Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at Section F.2 hereof that applied prior to termination; and
v.    Destroy the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities (including without limitation contractual obligations to patients who wish to continue using Business Associate’s services).


3.     Business Associate shall not transfer possession, custody, or control of Covered Entity’s PHI to any other person or entity without prior written approval of Covered Entity. If at any time Business Associate determines it is unable to protect the Covered Entity’s PHI in accordance with the terms of this BAA, Business Associate shall destroy all Covered Entity PHI and all copies thereof and promptly provide proof of such destruction to Covered Entity.


4.    Either party may terminate this BAA effective immediately, if (i) the other party is named as a defendant in a criminal proceeding for a violation of HIPAA or other security or privacy laws or (ii) there is a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws in any administrative or civil proceeding in which that other party is involved.

5.    Termination of Other Agreements. If this BAA is terminated for any reason, either party may immediately terminate any or all other agreements between the parties which involve the use or disclosure of PHI. This provision shall supersede any termination provision to the contrary which may be set forth in any other agreement.

N.    Offshore Disclosure and Written Authorization.  Prior express written authorization from Covered Entity, in addition to this BAA, is required for Business Associate to access, store, share, maintain, transmit or  use or disclose PHI in any form via any medium with any entity or person, including the Business Associate’s employees and Subcontractors, beyond the boundaries and jurisdiction of the United States.
 
O.    Information System Access. This paragraph only applies in cases where the  Business Associates’ employees and/or its Subcontractors’ employees will be provided within continuous log-on access to the Covered Entity’s internal information system (“Information System”):     

1.    Policies and Procedures. Business Associate agrees to comply with all of the Covered Entity’s policies and procedures applicable to accessing, using or connecting to any Covered Entity Information System.  

2.    Security Codes and Passwords. Business Associate agrees that its employees will only use their access security codes or passwords to perform their duties under this BAA and that employees are strictly prohibited from disclosing their security codes or passwords to anyone, including family, friends, fellow workers (other than the system security administrator), supervisors, and subordinates for any reason. Business Associate agrees its employees will keep their security codes and passwords in confidence and not misuse or attempt to alter Covered Entity’s Information System in any way.  

3.    Use of Access. Business Associate agrees to use its access to Covered Entity’s Information Systems and Confidential Information only for treatment, payment, and operations purposes permitted by HIPAA for Covered Entity’s patients or to perform services for Covered Entity. Business Associate will access, use, or disclose patient or business information obtained using access to the Information Systems only for the legitimate health care purposes of the Business Associate or to perform services for Covered Entity, and will only use or disclose the minimum necessary amount of information needed for the purposes identified.

4.    Training. Business Associate will provide training to its employees and Subcontractors on their responsibilities for proper use of Covered Entity’s Confidential Information and Information Systems. 

5.    Confidentiality Agreement for Individuals. Business Associate will require each of Business Associate’s employees and Subcontractors with continuous log-on access to Covered Entity’s Confidential Information and Information Systems to sign and return the Covered Entity’s “Confidentiality Agreement” prior to being given continuous log-on access to the Information Systems (e.g., login ID and password).  

P.    Network Connection. This paragraph only applies in cases where the Business Associate is permitted to access Covered Entity Confidential Information via a network connection (the “Covered Entity Network”), the following provisions apply:

1.    Personal Benefit. Business Associate shall not at any time or in any manner, either directly or indirectly, use for the personal benefit of Business Associate, distribute, sell, market or commercialize Covered Entity Confidential Information, create derivative products or applications based on Covered Entity Confidential Information or otherwise use Covered Entity Confidential Information in any manner not expressly permitted by this BAA.

2.    Permitted Purposes of Connection. Business Associate will use or disclose PHI obtained from the Covered Entity Network only for the legitimate health care purposes of 

i.    Treatment, payment, and operations of the Business Associate,

ii.    To perform services for Covered Entity related to treatment, payment, and operations, and/or

iii.    To perform services for a health care provider that shares patients with the Covered Entity related to treatment, payment, and operations of that provider.

Q.    Miscellaneous. 

1.    Relationship of the Parties. Business Associate and Covered Entity shall not be deemed to be partners, joint venturers, agents, or employees of each other by virtue of the terms and conditions of this BAA or any underlying agreement for services.
 
2.    Governing Law and Venue. The provisions contained in the Terms of Use signed by the Covered Entity and Business Associate that pertain to governing law, venue, and jurisdiction are hereby incorporated into this BAA.

3.    Survival.  The respective rights and obligations of the parties under this BAA, including without limitation the obligations of the Business Associate under Section Termination of Relationship, shall survive termination of the BAA to the extent necessary to fulfill their purposes.

 

 


COVERED ENTITY:  

____________________________________

Signature:    __________________________

Name:     __________________________

Title:        __________________________

Date:    __________________________

 

BUSINESS ASSOCIATE: 

Valhalla Healthcare, Inc.

Signature:   __________________________

Name:     __________________________

Title:        __________________________

Date:    __________________________