BY USING THE SERVICE OR CLICKING AGREE CUSTOMER IS AGREEING TO BE BOUND BY THIS AGREEMENT. IF CUSTOMER IS AGREEING TO THIS AGREEMENT ON BEHALF OF OR FOR THE BENEFIT OF THEIR EMPLOYER, THEN CUSTOMER REPRESENTS AND WARRANTS THAT THEY HAVE THE NECESSARY AUTHORITY TO AGREE TO THIS AGREEMENT ON THEIR EMPLOYER’S BEHALF. PLEASE REVIEW SECTION 10 CLOSELY, AS IT CONTAINS A BINDING ARBITRATION PROCESS FOR RESOLVING DISPUTES INSTEAD OF USING THE COURT PROCESS. This agreement is between ACScripts, Inc., a California corporation (“ACScripts”), and the purchaser (“Customer”) identified on the applicable order form customer agreeing to these terms. The Terms and Conditions (as amended from time to time) of this “Agreement” governs Customer’s use of services provided by ACScripts to Customer.

ACScripts Software Application Services

This agreement provides Customer access and use of the ACScripts’s web-based software application services (“Services”), as specified on the electronic or written order between the parties. Customer may purchase the following Services under this agreement: ACScripts Software Application Services (E-Prescribing). Customer understands that use of the Services is also governed by ACScripts Inc.’s Privacy Policy, Business Association Agreement, and Security Notice, as they may be modified over time. Customer acknowledges and agrees that there are three (3) separate software applications made available to Customer in connection with this Agreement. Customer further acknowledges that each of the application services is its own independent corporate entity. Any dispute relating to a specific application must be addressed directly with the respective company of that particular software application service.

Use of Services

ACScripts Support Responsibilities

ACScripts will provide customer support for the Service.

Customer Responsibilities

Access by Employees and Contractors

Customer may allow its employees and contractors to access the Service in compliance with the terms of this agreement and the applicable Order, which access must be for the sole benefit of Customer. Customer is responsible for the compliance with this agreement by its employees and contractors.

Restrictions and Responsibilities

Customer may not (i) sell, resell, rent or lease the Service, use the Service beyond its internal operations or reverse engineer the Service, (ii) use the Service to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party rights (including without limitation any privacy rights), (iii) interfere with or disrupt the integrity or performance of the Service, (iv) attempt to gain unauthorized access to the Service or its related systems or networks, (v) reverse engineer the Service or remove or modify any proprietary marking or restrictive legends in the Service, (vi) use the Service in violation of any law, including without limitation, HIPAA, Telephone Consumer Protection Act and any spam laws (for example, CAN SPAM), or (vii) access the Service to build a competitive product or service, or copy any feature, function or graphic of the Service for competitive purposes. Customer is solely responsible for Customer Information (defined below), must use commercially reasonable efforts to prevent unauthorized access to the Service, must notify ACScripts promptly of any such unauthorized access, and may use the Service only in accordance with its user guide and applicable law.

Customer Information

All data, information, images and files entered or uploaded by Customer to the Service remains the sole property of Customer, as between ACScripts and Customer (Customer Information), subject to the other terms of this agreement. Customer grants ACScripts a non-exclusive, royalty-free license to modify, store, transmit and otherwise use the customer information for purposes of ACScripts performing under this agreement. Notwithstanding the foregoing, if Customer’s access to the Services is suspended for non-payment of fees in accordance with Section 3(d) of this Agreement, ACScripts will have no obligation to provide customer information to Customer until Customer remedies such non-payment as provided in this agreement.

Accuracy of Information Provided by Customer

Customer represents and warrants to ACScripts that all Customer Information, Content (defined below) and other material provided under Customer’s account, by Customer or on its behalf, is true, correct and accurate. If Customer learns that any customer information or content provided to ACScripts as part of the Service is not true, correct or accurate, Customer must immediately notify ACScripts in writing of this fact, and provide the true, correct and accurate information to ACScripts. ACScripts relies on Customer representations regarding the truth, accuracy and compliance with laws of Customer Information and Content. ACScripts are not liable for any loss or damages caused by customer’s failure to comply with this paragraph, irrespective of any act or omission on the part of ACScripts.

Aggregation Services and De-identified Data

ACScripts may use Protected Health Information (PHI) to provide you with data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining any and all ownership claims related to the de-identified data it creates from PHI. ACScripts may use, during and after this agreement, all aggregate anonymized information, and de-identified data for purposes of enhancing the Service, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.

Electronic Prescriptions

Customer and each prescribing provider agree: (a) to only prescribe on their own behalf and not give away password or credentials to another person to prescribe for them; and (b) to take the same responsibility you would when transmuting paper or phone prescriptions.

Payment Terms

Payment

Customer must pay all fees as specified on the Order and related Services. Unless otherwise stated in the Order, invoiced charges are due upon receipt. Customer is responsible for providing complete and accurate billing and contact information to ACScripts and notifying ACScripts of any changes to such information.

Credit Card and ACH

Customer must pay all fees (US$) with a credit card or via ACH upon receipt of an invoice from ACScripts. If the credit card or ACH is not valid or the payment is not otherwise made, Customer must pay the amount owed upon receipt of an invoice. Customer hereby authorizes ACScripts to charge such credit card or withdraw from Customer’s bank account via ACH for all purchased Services and related services, and any renewals.

Taxes

ACScripts’s fees do not include any taxes, levies or other similar governmental assessments (Taxes). Customer is responsible for the payment of all Taxes associated with its purchases under this agreement. ACScripts are solely responsible for taxes assessable against ACScripts based on its income, property and employees.

Suspension of Service for Non-Payment

ACScripts may suspend or terminate the Services, or both, if Customer has not paid amounts owed to ACScripts when due. In advance of any suspension or termination, ACScripts will make commercially reasonable efforts to send a minimum 5-day notice of payment default to Customer prior to suspension or termination (Customer is responsible for updating its contact information with ACScripts and notifying ACScripts of any changes to such information).

Fee Changes

All fees may be changed with 30 days advance email notice to Customer. Customer is responsible for keeping its updated email address on file with ACScripts.

Warranty/Service Level Agreement/Disclaimers

Availability

ACScripts will make commercially reasonable efforts to maintain uptime of 99%.

Mutual Compliance with Laws

Each party represents and warrants to the other party that it will comply with all applicable laws regarding its performance under this agreement.

No Medical Advice Provided by ACScripts

This Services do not provide medical advice, medical diagnosis, or prescribe medication. Use of the Services is not a substitute for the professional judgment of health care providers in diagnosing and treating patients. Customer agrees that it is solely responsible for verifying the accuracy of patient information (including, without limitation, obtaining all applicable patients’ medical and medication history and allergies), obtaining patient’s consent to use the Service, and for all of its decisions or actions with respect to the medical care, treatment, and well-being of its patients, including without limitation, all of Customer’s acts or omissions. Any use or reliance by Customer upon the Services will not diminish that responsibility. Customer assumes all risks associated with Customer’s clinical use of the Services for the treatment of patients. Neither ACScripts nor its licensors assume any liability or responsibility for damage or injury (including death) to Customer, a patient, other person, or tangible property arising from any use of the Services.

Customer’s Compliance with Medical Retention Laws and Patient Records Access

Customer is responsible for understanding and complying with all state and federal laws related to retention of medical records, patient access to information and patient authorization to release data. Customer agrees that it will obtain any necessary patient consent prior to using the Services to comply with state or federal law.

Disclaimers

ACScripts disclaims all other warranties, including, without limitation, any warranty that the service will be uninterrupted, error free or without delay, and the implied warranties of merchantability and fitness for a particular purpose. While ACScripts take reasonable physical, technical and administrative measures to secure the service, ACScripts do not warrant that the Services cannot be compromised. ACScripts disclaims any warranty regarding any percentage of collection of claims for customer.

Mutual Confidentiality

Definition of Confidential Information

Confidential Information means all non-public information disclosed by a party (“Discloser”) to the other party (“Recipient”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. ACScripts’s Confidential Information includes without limitation the non-public portions of the Service.

Protection of Confidential Information

The Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Discloser for any purpose outside the scope of this agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees, contractors and clients (as the case may be) who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this agreement. The Recipient may disclose Confidential Information (i) to the extent required by law or legal process; (ii) to its legal or financial advisors, provided that such advisors are bound by a duty of confidentiality that includes use and disclosure restrictions; and (iii) as required under applicable securities regulations. In addition, each Party may disclose the terms and conditions of this Agreement on a confidential basis to current and prospective investors, acquirers and lenders and their respective legal and financial advisors in connection with due diligence activities.

Exclusions

Confidential Information excludes information that (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to the Recipient prior to its disclosure by the Discloser without breach of any obligation owed to the Discloser; (iii) is received from a third party without breach of any obligation owed to Discloser; or (iv) was independently developed by the Recipient without use or access to the Confidential Information.

Proprietary Rights

Reservation of Rights by ACScripts

The software, workflow processes, user interface, designs, know-how and other technologies provided by ACScripts as part of the Services are the proprietary property of ACScripts and it licensors, and all right, title and interest in and to such items, including all associated intellectual property rights, remain only with ACScripts. ACScripts reserve all rights unless expressly granted in this agreement.

American Medical Association (AMA) Content

The AMA Content is licensed to Customer as follows: ACScripts grants Customer a non-exclusive, license for the duration of the Services to use such materials for Customer’s internal use solely with the Services, with the right to make additional copies of the material for such duration and purpose (Licensed Documentation). AMA Content means the coding work of nomenclature and codes for reporting of healthcare services from the print publication Current Procedural Terminology, Fourth Edition and the data file of Current Procedural Terminology (CPT) published by the AMA in the English language as used in the United States. AMA Restrictions: Customer may not use outside the United States, publish, distribute or create any derivate work (including without limitation translation), transfer, sell, lease, license or otherwise make available the AMA Content, or a portion or copy of such content, except as expressly provided in this agreement. This sublicense is limited to one user for each active provider associated with Customer’s account. Customer is responsible for seeking additional user licenses directly from the American Medical Association if it requires more than one user license per active provider. CPT is a copyright and a registered trademark, of the American Medical Association.

Limitations on Liability

No Indirect Damages

ACScripts is not liable for any indirect, special, or consequential damages (including without limitation, costs of delay, loss of data or information, lost profits or revenues or loss of anticipated cost savings) arising under or related to this agreement, even if advised of the possibility of such loss or damage.

Limits

ACScripts’s total liability for all damages arising under or related to this agreement (in contract, tort or otherwise) do not exceed the actual amount paid by Customer within the 6-month period preceding the event which gave rise to the claim.

Limitation of Liability in the Event of a Data Breach

Customer acknowledges and agrees that while ACScripts implement commercially reasonable security measures to protect data, no system can be guaranteed to be 100% secure. In the event of an actual or suspected data breach, Customer agrees that ACScripts (including its parent, affiliates, and subsidiaries) shall not be held liable for any loss, damage, or liability—whether direct, indirect, incidental, consequential, or otherwise—arising from such breach, except to the extent caused by ACScripts’s gross negligence or willful misconduct. Customer further agrees to grant the Company a reasonable period, no less than 30 business days, of time to investigate, mitigate, and remediate any such breach before initiating any claim, demand, or action. ACScripts shall not be liable to Customer for loss profits, revenues, data, or goodwill.

Force Majeure

ACScripts will not be responsible for any delay, interruption, or other failure to perform under this Agreement due to acts beyond its reasonable control (“Force Majeure Events”). Force Majeure Events include but are not limited to, natural disasters, power surge or failures, war, acts of terrorism, labor strikes, government regulations, acts of military authorities, riots, pandemics, or other cause beyond the reasonable control of ACScripts.

Term

The applicable Services will continue for the duration specified in the Order and will be automatically extended for additional consecutive terms unless either party provides notice of termination of no less than 30 days. This agreement continues until all Orders and Services are terminated.

Termination for Material Breach

i. Either party may terminate this agreement and the applicable Order if the other party material breaches any term of the agreement of an Order and does not cure the breach within 30 days of written receipt of notice of breach.

Customer Actions upon Termination

Upon termination, Customer must pay any unpaid fees and destroy all ACScripts property in Customer’s possession. Customer, upon ACScripts’s request, will confirm in writing that it has complied with this requirement.

Suspension or Termination of Service for Violation of Law or the Agreement

ACScripts may immediately suspend or terminate the Service and remove applicable Customer Information or Content if it in good faith believes that, as part of using the Service, Customer may have violated a law or any term of this agreement. ACScripts may try to contact Customer in advance, but it is not required to do so.

Termination Without Cause

Either party may terminate this agreement at any time without cause, by providing 30 days written notice.

Return of Data

ACScripts will have no obligation to provide Customer Information to Customer upon termination of this agreement. Notwithstanding the foregoing, ACScripts may retain Customer Information for 60 days from such termination. ACScripts may provide Customer access to such information upon Customer’s written request.

No Obligation for Data Migration Upon Termination

Upon termination or expiration of this Agreement, ACScripts shall have no obligation to provide data migration, data export, transition assistance, or any related services to the Customer. Customer acknowledges and agrees that it is solely responsible for securing and extracting any data or content prior to the termination date. ACScripts shall not be liable for any loss, inaccessibility, or unavailability of data resulting from the Customer’s failure to retrieve such data prior to termination. Notwithstanding the foregoing, ACScripts may provide limited access for data retrieval for a period of up to 60 days following termination.

Indemnity

To the extent allowed by applicable law, Customer shall indemnify, defend, and hold harmless ACScripts against all third-party claims (including without limitation by governmental agencies), demands, damages, costs, penalties, fines, and expenses (including reasonable attorneys’ fees and costs) arising out of or related to: the use of the Services by Customer, Customer’s breach of any term in this agreement, any unauthorized use, access or distribution of the Service by Customer, and/or violation of any individual’s privacy rights related to information submitted under Customer’s account, or fraudulent, invalid, duplicate, incomplete, unauthorized, or misleading information submitted under Customer’s account or by Customer.

Governing Law and Arbitration

Governing Law

This agreement is governed by the laws of the State of California (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement.

General Arbitration Process

Any dispute or claim that may arise between the parties relating in any way to or arising out of this agreement, Customer’s use of or access to the Services (“Claim”), must be resolved exclusively through final and binding arbitration rather than in court under the then current commercial rules of the American Arbitration Association in Los Angeles, California. Any judgment on the award rendered by the arbitrator is final and may be entered in any court of competent jurisdiction. Nothing in this agreement prevents either party from seeking injunctive or equitable relief in any court of competent jurisdiction. The prevailing party in any arbitration or litigation is entitled to recover its attorneys’ fees and costs from the other party.

Optional Arbitration for Claims Less than $10,000

Notwithstanding the foregoing, for any Claim (excluding claims for injunctive or other equitable relief) where the total amount of the award sought is less than $10,000, the party requesting relief may choose to resolve the dispute in a more cost-effective manner through binding non-appearance-based arbitration. If the parties elect arbitration, they must initiate such arbitration through an established alternative dispute resolution (ADR) provider mutually agreed upon by the parties. Such ADR process shall take place in Los Angeles, California. The ADR provider and the parties must comply with the following rules: (i) the arbitration will be conducted by telephone, online and/or be solely based on written submissions, the specific manner will be chosen by the party initiating the arbitration; (ii) the arbitration will not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (iii) any judgment on the award rendered by the arbitrator is final and may be entered in any court of competent jurisdiction.

Enforcement

Notwithstanding the aforementioned Sections 10(b) and 10(c), ACScripts may enforce its rights and obligations under these Terms in any court of competent jurisdiction.

Equitable Relief

Notwithstanding the aforementioned above, ACScripts may seek and obtain injunctive and equitable relief in any court of competent jurisdiction without restriction or required process in this agreement.

Prohibition of Class and Representative Actions

Each party may bring claims against the other only on an individual basis, and not as a plaintiff or class member in any purported class or representative action or proceeding. The arbitrator may not consolidate or join more than one party’s claims and may not preside over any form of a consolidated, class or representative proceeding.

Other Terms

No Solicit or Hire Clause

Customer acknowledges that ACScripts invests considerable time and expense in the training of its employees and independent subcontractors in the services to be provided under this agreement. Customer agrees that for the full term of this agreement, and for 2 years after its termination, Customer will not solicit or employ in any capacity, whether as a direct employee, independent contractor or as a representative of another company, to provide similar services to Customer as ACScripts, or any person employed by ACScripts at any time during the term of this agreement whose duties involve providing the Services, whether for Customer or other ACScripts customers.

Consent to Electronic Notice, Communications and Transactions

For purposes of messages and notices about the Service (including without limitation, collections and payments issues), ACScripts may send email notices to the email address associated with Customer’s account or provide in service notifications. For certain notices (e.g., notices regarding termination or material breaches), ACScripts may send notices to the postal address provided by Customer. ACScripts have no liability associated with Customer’s failure to maintain accurate contact information within the Service or its failure to review any emails or in service notices. Customer will have the ability to enter into agreements, authorizations, consents and applications; make referrals; order lab tests; prescribe medications; or engage in other transactions electronically. Customer agrees that its electronic submissions via the services in connection with such activities constitute its agreement to be bound by such agreements and transactions and applies to all records relating to such transactions. Customer represents and warrants that it has the authority to take such actions.

Entire Agreement and Changes

This agreement and the Order constitute the entire agreement between the parties, and supersede all prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise or inducement not included in this agreement is binding. No modification or waiver of any term of this agreement is effective unless signed by both parties. Notwithstanding the foregoing, ACScripts may modify this agreement by posting modified Terms of Service on the ACScripts website and electronically notifying Customer of the changes thirty (30) days prior to the effective date of such changes. Customer agrees that by continuing to use the Service after posting of the modified Terms of Service, Customer agrees to be bound by the changes.

Feedback

If Customer provides feedback or suggestions about the Service, then ACScripts (and those it allows to use its technology) may use such information without obligation to Customer.

Beta Features

If Customer is invited to access any beta features of the Service or a Customer accesses any beta features of the Service, Customer acknowledges that: (a) such features have not been made commercially available by ACScripts; (b) such features may not operate properly, be in final form or fully functional; (c) such features may contain errors, design flaws or other problems; (d) it may not be possible to make such features fully functional; (e) use of such features may result in unexpected results, corruption or loss of data, or other unpredictable damage or loss; (f) such features may change and may not become generally available; and (g) ACScripts is not obligated in any way to continue to provide or maintain such features for any purpose in providing the ongoing Service. These beta features are provided AS IS, with all faults. Customer assumes all risk arising from use of such features, including, without limitation, the risk of damage to Customer’s computer system or the corruption or loss of data.

Assignment, Change of Control, and/or Transfer of Interests

ACScripts reserves the unrestricted right to assign, transfer, delegate, or otherwise sale of all or substantially all of the business, convey all or any portion of its rights, obligations, ownership interests, or assets—including, but not limited to, in connection with a merger, acquisition, corporate reorganization, or sale of partial or all assets—to any third party, without notice to or consent from the Customer. Customer acknowledges and agrees that such transfer shall not constitute a breach of this Agreement and shall not entitle Customer to terminate, withhold services, or assert any claim or defense against ACScripts or the transferee. Customer further agrees that it shall have no right to object to, prevent, or delay any such transaction, nor any authority to influence or approve the identity or qualifications of any successor or assignee.

Electronic Notice

For purposes of messages and notices about the Service (including without limitation, collections and payments issues), ACScripts may send email notices to the email addresses associated with Customer’s account or provide in service notifications. For certain notices (e.g., notices regarding termination or material breaches), ACScripts may send notices to the postal address provided by Customer. ACScripts have no liability associated with Customer’s failure to maintain accurate contact information within the Service or its failure to review any emails or in service notices.

Independent Contractors and Enforceability

The parties are independent contractors with respect to each other. If any term of this agreement is invalid or unenforceable, the other terms remain in effect.

No Additional Terms

ACScripts rejects additional or conflicting terms of a form-purchasing document. If there is an inconsistency between this agreement and an Order, the Order prevails.

Survival of Terms

All terms survive termination of this agreement that by their nature survive for a party to assert its rights and receive the protections of this agreement. The Convention on Contracts for the International Sale of Goods does not apply.

Customer Name

ACScripts may use Customer’s name and logo in customer lists and related promotional materials describing Customer as a customer of ACScripts, which use must be in accordance with Customer’s trademark guidelines and policies, if any, provided to ACScripts.

PRIVACY POLICY

Protecting Your Privacy on Our Website

This privacy policy pertains to the use of the ACScripts web site at ACScripts.com. This privacy policy covers how ACScripts, Inc. (“ACScripts”, “We”, “Us”, “Our”) treats personal information that ACScripts collects and receives through the website ACScripts.com. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. Personal information is information about you that is personally identifiable like your name, address, email address or phone number. Children under 13 are not permitted to use the Service, and so this privacy policy makes no provision for children’s use of the site.

General Information

You do not have to give us any personal information to visit the product information portion of our web site. No personally identifying information (such as your name, e-mail address or Social Security number) will be collected unless you choose to provide that information to us. ACScripts collects personal information when you sign up for a trial or paid subscription to the ACScripts Service. When you sign up, we ask for your name, email address, phone number and your company’s demographic and financial information such as credit card information. When you sign up for a paid subscription, we will ask you to enter your credit card or ACH information. This information is encrypted on computer systems that are secured in a locked cage at a data center co-location facility rented by ACScripts. ACScripts automatically receives and records information on our server logs from your browser, including your IP address and the page you request. ACScripts uses information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, research, and anonymous reporting. ACScripts will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature.

IP Addresses

IP Addresses are automatically reported by your browser each time you view a web page or use our Service. Your IP address is not permanently stored in a way that is identified with your personal information. IP addresses may be used for various purposes, including: to diagnose or service technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP; to estimate the total number of users visiting ACScripts from specific geographical regions.

PHI or Information sharing and disclosure

ACScripts may be required to disclose personally identifiable information or PHI under special circumstances, such as to comply with subpoenas or when your actions violate the ACScripts Terms of Service. ACScripts do not rent, sell, or share personal information about you with other people or nonaffiliated companies for promotional purposes except to provide products or services you’ve requested or when we have your permission. ACScripts may share your name and email with certain partners we work with. It may be necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of ACScripts’s terms of use, or as otherwise required by law. We will transfer information about you if ACScripts are acquired by or merged with another company.

Accessing, updating, or correcting your personal information

If your personally identifiable information changes, or if you no longer desire our Service, you may correct it or request deletion by contacting us. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

The security of your personal information is important to us. When you enter sensitive information such as credit card number on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). While we follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Links to other sites

If you click on a link to a third-party site, you will leave this site and go to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personally identifiable information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as us. We encourage you to review the privacy policies of any other service provider from whom you request services.

Collection and Use of 3rd Party Personal Information

You may also provide personal information about other people, such as their name, email address and phone number. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.

Information Related to Data Collected through ACScripts Service

ACScripts may collect information under the direction of its Clients and has no direct relationship with the individuals whose personal information it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our Service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

Access and Retention of Data Controlled by our Clients

ACScripts has no direct relationship with the individuals whose personal information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the ACScripts Client (the data controller). If requested to remove data, we will respond within 30-60 days. If the Client is a Covered Entity under HIPAA, your rights with respect to your PHI are governed by HIPAA as well as our Business Associate Agreement with that Client. We will retain personal information we process on behalf of our Clients for as long as needed to provide services to our Client. ACScripts will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Data Aggregation Services & De-identified Data

To the extent we receive PHI from Clients that are Covered Entities under HIPAA, we may use such information to provide data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining any and all ownership claims relating to the de-identified data it creates from PHI. ACScripts may use, during and after this agreement, all aggregate non-identifiable information and de-identified data for purposes of enhancing the Software and Service, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.

Changes to this privacy policy

ACScripts may update this policy at any time for any reason. If there are any material changes to how we handle personal information we will send a notice to the contact email address specified in your company’s ACScripts account or by placing a prominent notice on the home page of our site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”) between Customer (“Covered Entity”) and ACScripts and its subsidiaries (“Business Associate”) will be in effect during any such time period that Covered Entity has subscribed to and is using services provided by ACScripts and/or its subsidiaries and upon termination as set forth in Section 5 of this Agreement. WHEREAS, Covered Entity has engaged Business Associate to perform services or provide software, or both; WHEREAS, Covered Entity possesses Individually Identifiable Health Information that is protected under HIPAA (as hereinafter defined), the HIPAA Privacy Regulations (as hereinafter defined), the HIPAA Security Regulations (as hereinafter defined), and the HITECH Standards (as hereinafter defined) and is permitted to use or disclose such information only in accordance with such laws and regulations; WHEREAS, Business Associate may receive such information from Covered Entity, or create and receive such information on behalf of Covered Entity, in order to perform certain of the services or provide certain of the goods, or both; and WHEREAS, Covered Entity wishes to ensure that Business Associate will appropriately safeguard Individually Identifiable Health Information; WHEREAS, Covered Entity and Business Associate agree as follows:

Definitions

The parties agree that the following terms, when used in this Agreement, shall have the following meanings, provided that the terms set forth below shall be deemed to be modified to reflect any changes made to such terms from time to time as defined in the HIPAA Privacy Regulations, the HIPAA Security Regulations, and the HITECH Standards (collectively the HIPAA Rules). Terms used in this agreement and not otherwise defined shall have the meaning of those terms in the HIPAA Rules. “Business Associate” shall have the same meaning as the definition for Business Associate set forth in 45 CFR 160.103. “Covered Entity” means a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a transaction covered by the HIPAA Privacy and HIPAA Security Regulations. “Data Aggregation” means, with respect to Protected Health Information (PHI) created or received by a Business Associate in its capacity as the Business Associate of a Covered Entity, the combining of such PHI by the Business Associate with the PHI received by the Business Associate in its capacity as a Business Associate of another Covered Entity, to permit data analyses that relate to the health care operations of the respective Covered Entities. “Terms of Service Agreement” or TOS is the agreement between ACScripts and its customers and end users. The TOS dictates the subscription terms and conditions, service level agreements and payment terms. “Data Retention Period” is a designated time defined within the ACScripts Terms of Service Agreement (TOS). ACScripts will maintain the customer’s data containing ePHI for the defined period of time to allow the customer sufficient time to validate their downloaded data from the ACScripts system. “Individually Identifiable Health Information” means information that is a subset of health information, including demographic information collected from an individual, and is created or received by a health care provider, health plan, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for provision of health care to an individual and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. “Individual” means the same meaning as the term “individual” in 45 CFR § 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g). “Protected Health Information” or “PHI” has the same meaning as the term “Protected Health Information” in 45 CFR § 164.501, limited to the information created or received by Business Associate from or on behalf of Covered Entity and not including any unsolicited information received directly from an individual who is not yet a patient of Covered Entity (e.g., an individual who is using the Ask DoctorBase Service). “Electronic PHI” or “ePHI” means the PHI that is transmitted by or maintained in electronic media as defined in the HIPAA Security Regulations. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191. “HIPAA Privacy Regulations” means the regulations promulgated under the HIPAA by the United States Department of Health and Human Services to protect the privacy of PHI, including but not limited to, 45 CFR § 160 and 45 CFR § 164, Subpart A and E. “HIPAA Security Regulations” means the regulations promulgated under HIPAA by the United States Department of Health and Human Services to protect the security of Electronic PHI, including, but not limited to 45 CFR § 160 and 45 CFR § 164, Subpart A and C. “HITECH Standards” means the privacy, security and security Breach notification provisions applicable to a Business Associate under Subtitle D of the Health Information Technology for Economic and Clinical Health Act (“HITECH”), which is Title XIII of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), and any regulations promulgated thereunder. “Breach” shall mean the acquisition, access, use, or disclosure of PHI in a manner not permitted under 45 CFR § 164, Subpart E (the “HIPAA Privacy Rule”) “Breach” shall not include: Any unintentional acquisition, access or use of PHI by a workforce member or person acting under the authority of Covered Entity or Business Associate, if such acquisition, access or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted under the HIPAA Privacy Rule; or Any inadvertent disclosure by a person who is authorized to access PHI at Covered Entity or Business Associate to another person authorized to access PHI at Covered Entity or Business Associate, respectively, or organized health care arrangement in which Covered Entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under the HIPAA Privacy Rule; or A disclosure of PHI where Covered Entity or Business Associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information. A Disclosure of PHI where a Covered Entity or Business Associate, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment of at least the factors set forth in 45 CFR 164.402 (2)(1)-(iv). “Provider(s)” means any healthcare professional that provides billable services to patients who is an employee, customer, or has an employment, contractor, or agent relationship with a customer, for which the Service organizes information and provides medical billing management. “Required By Law” shall have the same meaning as the term “required by law” in 45 CFR § 164.501. “Secretary” means the Secretary of the United States of America Department of Health and Human Services or his designee.

Obligations and Activities

The obligations and activities of the Business Associate, as required by the Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information and Technology for Economic and Clinical Health (“HITECH Act”) and in regulations promulgated thereunder, are as follows: Business Associate agrees to not use or disclose PHI other than as permitted or required by the Agreement or as Required by Law. Business Associate agrees to use reasonable safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. Business Associate agrees to report to Covered Entity any use or disclosure of the PHI not provided for by this Agreement of which it becomes aware. Business Associate agrees to ensure that any subcontractor, that creates receives, maintains or transmits electronic PHI originating from the Covered Entity on behalf of the Business Associate, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. Business Associate agrees to provide access, at the request of Covered Entity to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in in a time and manner that allows Covered Entity to meet the requirements under 45 CFR § 164.524. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity, in a time and manner that allows a Covered Entity to meet the requirements of 45 CFR 164.526 and in the time and manner of within thirty (30) days. Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from or created or received by Business Associate on behalf of, Covered Entity available to the Secretary, for purposes of the Secretary determining compliance with the Privacy Rule. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. Upon request of Covered Entity, Business Associate agrees to provide to Covered Entity or an Individual the information collected as necessary to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably protect the confidentiality, integrity, and availability of the electronic PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity in accordance with the 45 CFR 164.306 (the HIPAA Security standards). Business Associate shall report to the Covered Entity any use or disclosure of PHI not permitted by this Agreement. Business Associate shall report any Breach of Unsecured PHI to Covered Entity in a manner that is in compliance with its obligations pursuant to 45 CFR §164.410. A report of a Breach of Unsecured PHI will be made by Business Associate without reasonable delay, no later than five (5) business days from discovery as necessary to mitigate harm to an individual or in any event no later than ten (10) business days from time of discovery. When using, disclosing or requesting PHI, Business Associate agrees to use, disclose or request the minimal amount of information necessary for the stated purpose, unless an exception to the minimum necessary rule, as set forth in 45 CFR §164.502(b)(2).

Permitted Uses and Disclosures

The permitted uses and disclosures of the Business Associate, as required by the Health Insurance Portability and Accountability Act (HIPAA) and in regulations promulgated thereunder, are as follows: Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Terms of Services Agreement and this Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with § 164.502(j)(1).

Obligations

The obligations of Covered Entity, as required by Health Insurance Portability and Accountability Act (HIPAA) and in regulations promulgated thereunder, are as follow: To the extent that Covered Entity utilizes services provided by the Business Associate to communicate with patients, Covered Entity is responsible for obtaining and documenting authorizations or requests from patients to communicate through this service and to inform patient of risks associated with such communications as applicable. It shall be Covered Entity’s responsibility to determine what permissions, authorizations or consents shall be documented and maintained for HIPAA compliance purposes. Business Associate does not obtain consent, authorization or permission from patients and the parties agree that it is not Business Associate’s obligation to do so or to document or maintain any consent, authorization or permission obtained from patients. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. Covered Entity agrees to comply with the HIPAA Security Rule, including, without limitation, safeguarding all computers, laptops, cell phones, tablets, or other mobile devices in accordance with the HIPAA Security Regulations.

Termination

Notwithstanding anything to the contrary stated in this Agreement, upon termination of this Agreement, for any reason, and after any Data Retention Period as is set forth in the ACScripts License Agreement between Business Associate and Covered Entity during which Business Associate may obtain copies of PHI, Business Associate shall destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the PHI. The respective rights and obligations of Business Associate under this Section 5 of this Agreement shall survive the termination of this Agreement for any reason.

Other Terms

The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the HIPAA Rules and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191. The parties agree that Business Associate may unilaterally amend this Agreement from time to time for the reasons set forth in the above paragraph and for other business reasons and that any such amended agreement which Business Associate signs on a later date will supersede this Agreement. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the HIPAA Rules. The terms Covered Entity and Business Associate are used in this Agreement only for purposes of convenience and are not meant to imply that either party would meet the definition of Covered Entity or Business Associate set forth in the HIPAA regulations. To the extent not preempted by Federal law, this Agreement shall be governed and construed in accordance with the state laws governing the Terms of Service Agreement, without regard to conflicts of law provisions that would require application of the law of another state. This Agreement does not and is not intended to confer any rights or remedies upon any person other than the parties. This Agreement supersedes and replaces any prior business associate agreements between the Covered Entity and Business Associate, including any of ACScripts’s subsidiaries as of the date signed below.

SECURITY NOTICE

What This Security Notice Covers

This security notice pertains to the security measures in place at ACScripts for protection of personal and Protected Health Information (PHI) in connection with the use of the ACScripts website, and the, ACScripts E-Prescribing (EP).

Unique Identification of Users

To comply with the HIPAA requirements and to provide a secure service, ACScripts require all users to have a unique username. ACScripts currently requires a valid email address to be the username for the ACScripts Service. In addition to a username, every user account must be protected with a password of sufficient complexity. ACScripts allow its customers to set their own password complexity policy. If your user account has access to multiple ACScripts customers, you will be required to use the more restrictive policy. All ACScripts Service sign-ins are protected by account lock-out systems. If a user incorrectly authenticates a number of times or the user’s account is locked by a system administrator, their user account will be locked until a system administrator of the user’s account unlocks it. ACScripts’s support team are prohibited from unlocking user accounts unless the account is the system administrator account.

Security on the ACScripts Website

ACScripts Service users may choose to sign into their account at the ACScripts website in order to access the downloads or account status. Such sign-ins are protected by SSL security. Your browser will usually display an indicator (such as a “lock” icon) when using a secure SSL connection.

Security in the ACScripts Service

The ACScripts Service communicates with secure ACScripts hosted and controlled servers and networks. All communications are secured with public-key encryption. ACScripts disallows the use of low cipher strength in our production service. ACScripts help to ensure physical and technical security protections of customer data, as it uses servers located in SSAE-16 Type II certified hosting providers. ACScripts employs redundant, next-generation firewalls, intrusion detection and prevention services monitored 24X7X365. ACScripts use a PCI Approved Scanning Vendor (ASV), internal and external threat prevention delivering timely and accurate reports of our production services. In addition to these controls ACScripts deploy up to date advanced threat protection services which help to identify, block, and track hacking attempts, scans, data breaches, adware, malware, spyware, Trojans, phishing attempts and other equally malicious requests.

Role-based Security

Every user in the ACScripts Service belongs to one or more roles. A role is defined by each customer and is assigned a set of permissions. ACScripts roles follow an allow-then-deny pattern of applying permissions — such that multiple role permissions are combined and then filtered against any role’s restrictions.

Application Locking

In accordance with HIPAA policies, ACScripts’s Service will automatically lock up if left unattended for a period of time. Correct credentials of the user will need to be provided prior to using the application again.

ACScripts Password Policy

ACScripts system passwords are meant to help protect sensitive patient medical and financial records, as well as practice financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness. The passwords are encouraged to be at least (6) six characters long and have to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker. The passwords will expire on a regular basis, no less than 30 days and no greater than 180 days. Upon expiration, the new password cannot be any password used within the preceding year. A user may change their password at any point in the application or the ACScripts web site. Passwords changed by third-party will immediately expire to allow users to log in but also to ensure that they immediately change their passwords to something that only they know. ACScripts will never store any passwords in permanent storage in a way that is reversible. The ACScripts Service will never show the password in plain-text, human-readable form.

Changes to this Security Policy

ACScripts may update this policy at any time for any reason. If there are any significant changes to how we handle security we will make a reasonable commercial effort to send a notice to the contact email address specified in your company’s ACScripts account or by placing a prominent notice on our site. Contact Information Phone: 888-775-2736 Email: ITSupports@ACScripts.com