These Application Terms of Service ("TOS") are incorporated by reference into one or more Agreements between Moran Research and Consulting,, Inc. ("MRC") a Texas Corporation with its principal place of business at 3000 Bissonnet St , Houston TX 77005 and the user named on registration form. The registration form together with the TOS constitutes the Agreement between the parties and applies to all Services provided by MRC under the Agreement. When executed by the parties, registration shall be evidence the use Rights Granted and the Services to be provided.
1.1. "Activation Date" shall be the date on which the Client is delivered a registration code, and selects a login name, and password at www.STAARVision.com to use the Hosted Programs.
1.2. "Client Data" means information entered into the Hosted Programs by Client in the course of its authorized use of the Hosted Programs and stored on the Host Server for access by the Hosted Programs and retrieval by the Client.
1.3. "Host Server" shall mean the server provided by MRC or its agent through which Client accesses the Hosted Programs, identified by a URL and one or more accounts and passwords to be established by Client.
1.4. "Hosted Programs" shall mean the computer software in object code form owned or provided by MRC for which Client has Subscription Rights Granted pursuant to the Agreement, updates and upgrades to the Hosted Programs, and online documentation.
1.5. "Services" shall mean Hosting Services, Electronic Services, Support Services or other services specifically identified in an Order Form.
1.6. "Provider" shall mean Client that provides patient care and is a physician.
2. USE OF HOSTED PROGRAMS
2.1. Subscription Rights Granted
A. In consideration of fees provided on half of the Client by STAAR Laboratories, Client shall be entitled to use the Hosted Programs in accordance with the Subscription Rights Granted. The Client may not allow third parties to access the Hosted Programs, or use the Hosted Programs for third-party training, commercial time-sharing, rental or service bureau use;
B. Client agrees not to download the Hosted Programs or cause or permit the reverse engineering, disassembly or decompilation of the Hosted Programs.
C. MRC retains all title, copyright, and other proprietary rights in the Hosted Programs. Client does not acquire any rights, express or implied, in the Hosted Programs, other than those specified in the Agreement.
2.2. Verification. MRC shall have the right to monitor use of the Hosted Programs by Client: (i) electronically at any time; or (ii) by on-site audit of Client's use of the Hosted Programs not more than once per year upon reasonable notice to Client) and to charge for additional Providers as appropriate under the Agreement.
3.1. Hosting Services. MRC will provide Client with access to the online Hosted Programs and will provide for the storage and retrieval of Client Data in connection with use of the Hosted Programs. Client is responsible for obtaining access to the Internet using software and hardware that meeting all applicable security requirements.
3.2. Access. Client may designate one user account name and password. Client is responsible for the confidentiality and use of account names and passwords. MRC will deem any communication, data transfer, or use of the Hosted Programs received under Client's account names and passwords to be for Client's benefit and use. Client agrees to notify MRC if account name or password is lost, stolen, or being used in an unauthorized manner.
Client represents and warrants that it has the rights to all Client Data, including the right to upload Client Data to the Host Server in connection with its authorized use of the Hosted Programs. Client agrees that the Client Data and its use do not infringe the rights of any third party and agrees to indemnify and holds MRC harmless from any third-party claims of infringement under the same terms and conditions set forth below for MRC's infringement indemnity.
3.3. Data Security. Client agrees to access the Hosted Programs and to store and retrieve data using third party programs, including specifically Internet "browser" programs that support data security protocols compatible with those specified by MRC. Unless otherwise agreed in writing, the parties agree that all software used to access the Hosted Programs will support the Secure Socket Layer (SSL) protocol. MRC agrees to maintain the security of Client Data using industry-standard data security protocols, and other methods reasonably deemed to be adequate for secure business data and to notify Client in the event of a breach of security involving Client Data. MRC agrees to retain Client data on a secure server and to maintain data recovery and data backup facilities in accordance with accepted industry practices.
3.4. Ownership of Data and Subscription. Client shall retain ownership of all Client Data stored or retrieved in connection with use of the Hosted Programs, which data shall be subject to the confidentiality provisions set forth below. Client agrees that storage or caching of Client Data is not an infringement of any intellectual property rights of Client. Client agrees that it will not store data on the Host Server that is subject to the rights of any third parties without first obtaining all required authorizations and rights in writing from such third parties. Provided that MRC implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b), Client acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that MRC may use such de-identified information for any lawful purpose.
3.5. Support Services. MRC will provide Support Services including unlimited toll-free phone support during business hours and unlimited email support in effect on the date Support is provided, so long as Client is currently entitled to use the Hosted Programs and Services.
3.6. Electronic Services. In connection with use of the Hosted Programs, MRC may provide certain Electronic Services to Client, and Client hereby waives any and all liability and claims which Client may have against MRC or the partner in connection with the provision of Electronic Services except to the extent directly caused by the willful misconduct or gross negligence of MRC.
4. TERM AND TERMINATION
4.1. Term. Client's rights to use the Hosted Programs and Services shall remain in effect for the term set forth in the Registration Form. Thereafter, the term shall automatically renew for additional one-year terms unless either party gives thirty (30) days advance written notice prior to the end of the then-current term of its intention to terminate the Agreement, or until otherwise terminated as provided herein.
4.2. Termination for Cause. Either party may terminate the Agreement at any time upon thirty (30) days prior written notice if the other party commits a material breach that remains uncured after thirty (30) days written notice specifying the nature of the breach and identifying the measures required to correct the breach.
5. V. INDEMNITY, WARRANTIES, REMEDIES
5.1. Infringement Indemnity. MRC will defend and indemnify Client against a claim that the Hosted Programs infringe a copyright or patent, provided that: (a) Client notifies MRC in writing within 30 days of the claim; (b) MRC has sole control of the defense and all related settlement negotiations; and (c) Client provides MRC with the assistance, information and authority necessary to perform MRC's obligations under this Section. Reasonable out-of-pocket expenses incurred by Client in providing such assistance will be reimbursed by MRC.
In the event the Hosted Programs are held or are believed by MRC to infringe, MRC shall have the option, at its expense, to (a) modify the Hosted Programs to be non-infringing; (b) obtain for Client a subscription to continue using the Hosted Programs; or (c) terminate the subscription for the infringing Hosted Programs. This Section 5.1 states MRC's entire liability and Client's exclusive remedy for infringement.
5.2. Warranties and Disclaimers
A. Hosted Program Warranty. MRC warrants that the Hosted Programs will materially perform in accordance with the documentation so long as (i) the Client has a current right to use the Hosted Programs; and (ii) Client's access to the Host Server will meet the minimum criteria set forth below.
All workstations must meet the following minimum specifications:
Pentium III class or better,256 MB RAM or higher,1024 x 768 screen resolution or better, Internet Explorer 6.0 or higher with 128-bit encryption is required for each workstation, Internet Explorer configured to allow the STAARVision web site as a trusted site, Macromedia Flash Player installed for each workstation, High-speed Internet data connection to the PC.
B. Services Warranty. MRC warrants that its Hosted Program Services, Support Services, Electronic Services, and other Services will be performed consistent with generally accepted industry standards.
C. Disclaimers. THE WARRANTIES ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. MRC does not warrant that the Hosted Programs will operate in the combinations that Client may select for use, that the operation of the Hosted Programs will be uninterrupted or error-free, or that all Hosted Program errors will be corrected.
5.3. Exclusive Remedies. For any breach of the warranties contained in Section 5.2, Client's exclusive remedy, and MRC's entire liability, shall be:
A. For Hosted Program Services and Electronic Services: The correction of Hosted Program errors that cause breach of the warranty. Any error not reported to MRC by Client within thirty (30) days of its discovery will be deemed waived and accepted by Client.
B. For all other Services: The re-performance of the Services provided that Client notifies MRC in writing of any defects in the Services within thirty (30) days of their performance.
7. GENERAL TERMS
7.1. Nondisclosure. By virtue of the Agreement, the parties may have access to information that is confidential to one another ("Confidential Information"). Confidential Information shall be limited to the Programs, the terms and pricing under the Agreement, and all information clearly identified as confidential.
A party's Confidential Information shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other party; (b) was in the other party's lawful possession prior to the disclosure and had not been obtained by the other party either directly or indirectly from the disclosing party; (c) is lawfully disclosed to the other party by a third party without restriction on disclosure; or (d) is independently developed by the other party.
The parties agree to hold each other's Confidential Information in confidence during the term of the Agreement and for a period of two years after termination of the Agreement. In the event that either party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the party receiving such disclosure request will provide the other party with immediate written notice of any such request or requirement so that such party may seek an appropriate protective order or other relief.
7.2. Governing Law and Dispute Resolution. The Agreement, and all matters arising out of or relating to the Agreement, shall be governed by the laws of the State of Utah , without giving effect to principles regarding conflicts of laws. Any controversy or claim arising out of or relating to the Agreement, or breach thereof, shall be submitted to the following procedure: (a) direct negotiation in a settlement conference to be scheduled as soon as possible after the dispute arises; (b) if no resolution is reached within sixty (60) days of the settlement conference, the parties will submit the dispute to non-binding mediation in Salt Lake County, Utah under the mediation rules of the American Arbitration Association; (c) if no settlement is reached within sixty (60) days of the start of mediation, either party may seek legal redress in a forum of competent jurisdiction.
7.3. Notice. Client agrees to notify MRC of any changes to Client's business address, business contact, and support contact within ten (10) days of any change thereto. All notices required or permitted hereunder shall be given in writing or as specifically set forth in the applicable section of the Agreement. To expedite order processing, Client agrees that MRC may treat documents emailed or faxed by Client to MRC as original documents; nevertheless, either party may require the other to exchange original signed documents to evidence an order for Hosted Programs or for Services.
7.4. Limitation of Liability. In no event shall either party be liable for any indirect, incidental, special or consequential damages, or damages for loss of profits, revenue, data or use, incurred by either party or any third party, whether in an action in contract or tort, even if the other party has been advised of the possibility of such damages.
The provisions of the Agreement allocate the risks between MRC and Client. The parties agree that MRC's pricing and other terms and conditions of the Agreement reflect the allocation of risk and the limitation of liability specified herein.
7.5. U.S. Government and HIPAA. The Hosted Programs and accompanying documentation are commercial computer software and documentation developed exclusively at private expense and in all respects are proprietary data belonging to MRC. If the Hosted Programs and accompanying documentation are used under the terms of a DOD or civilian agency contract, use, reproduction and disclosure of such software and documentation by the Government is subject to the restrictions set forth in the Agreement in accordance with 48 C.F.R. 227.7202 or 48 C.F.R. 12.212, respectively. The HIPAA Business Associate Agreement attached hereto as Exhibit A is incorporated into the TOS by this reference.
7.6. Other Terms. In the event any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in full force. The waiver by either party of any default or breach of the Agreement shall not constitute a waiver of any other or subsequent default or breach. Except for actions for nonpayment or breach of MRC's proprietary rights in the Hosted Programs, no action, regardless of form, arising out of the Agreement may be brought by either party more than one year after the cause of action has accrued. The Agreement constitutes the complete agreement between the parties and supersedes all prior or contemporaneous agreements or representations, written or oral, concerning the subject matter of the Agreement. Client may not assign the Agreement or any rights or obligations hereunder without prior written consent of MRC, which consent shall not be unreasonably withheld or delayed; any such assignment without prior consent shall be void. MRC may modify the terms of the Agreement between the parties, including these Terms of Service and any incorporated Registration Form upon written notice, e-mail or otherwise, to Client. Client may notify MRC in writing within thirty (30) days of receipt of a modification notification that Client does not wish to accept the new terms. In the absence of such written non-acceptance notification with the thirty (30) day period, Client confirms acceptance of the new terms by continuing to use the Hosted Programs and/or Services. If Client does not accept the new terms by notifying MRC within the thirty (30) day period, then Client may continue to use MRC under Client's existing terms until the end of Client's then current term, at which time Client's Agreement will not automatically renew, but will instead terminate.
EXHIBIT A: HIPAA BUSINESS ASSOCIATE ADDENDUM
This HIPAA BUSINESS ASSOCIATE ADDENDUM (the "Addendum"), by and between MRC Inc., a Texas corporation with its principal office and place of business at 3000 Bissonnet, Suite 8307 Houston, TX 77025 (“MRC”) and the client named in on line registration form and the associated Application Terms of Service referenced in such Registration Form to which this Addendum is attached, is effective as of the Effective Date of the applicable registration.
A. Client and MRC are parties to one or more agreements (each such agreement, a "Covered Contract," and collectively, the "Agreement") pursuant to which MRC provides certain services to Client, and, in connection with those services, Client discloses to MRC certain health information (the "Protected Health Information" as defined in 45 CFR §164.504) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and certain regulations promulgated by the U.S. Department of Health and Human Services to implement certain provisions of HIPAA (herein "HIPAA Regulations" found at 45 CFR Parts 160-164).
B. MRC, as a recipient of Protected Health Information from Client, is a "Business Associate" as that term is defined in the HIPAA Regulations.
C. Pursuant to the HIPAA Regulations, all Business Associates of entities such as Client must, as a condition of receiving Protected Health Information in the course of doing business with Client, agree in writing to certain mandatory provisions regarding, among other things, the use and disclosure of Protected Health Information.
D. The purpose of this Addendum is to satisfy the requirements of the HIPAA Regulations, including, but not limited to, 45 CFR §164.504(e), as the same may be amended from time to time.
OBLIGATIONS OF THE PARTIES
1. Scope of Use of Protected Health Information. MRC may not: (a) use or disclose Protected Health Information it receives from Client for any purpose other than the purposes contemplated by the Agreement, as required or allowed under the HIPAA Regulations, or as otherwise required by law; or (b) use or disclose Protected Health Information in a manner that violates or would violate the HIPAA Regulations if such activity were engaged in by Client. Client hereby represents and warrants (i) that the execution and performance of this Addendum will not conflict with or violate any provision of any law having applicability to Client; (ii) that Client has the right to provide the Protected Health Information provided to MRC under this Addendum; and (iii) that the use, provision of access and/or disclosure by MRC of any Protected Health Information as authorized or contemplated by this Agreement will not conflict with or violate any provision of any law having applicability to either of the Parties, including, without limitation, HIPAA and the HIPAA Regulations, nor constitute a tort against any third party, nor constitute a breach of contractual obligations between any third party and Client.
2. Safeguards for the Protection of Protected Health Information. MRC will use reasonable efforts to implement and maintain such business and technological safeguards as are necessary to ensure that the Protected Health Information disclosed between Client and MRC is not used or disclosed by MRC except as is provided in the Agreement.
3. Reporting of Unauthorized Use or Disclosure. MRC shall promptly report to Client any use or disclosure of Protected Health Information of which MRC becomes aware that is not provided for or permitted in the Agreement or the HIPAA Regulations. MRC shall permit Client to investigate any such report in accordance with Section 9 of this Addendum.
4. Use of Subcontractors. To the extent that MRC uses one or more subcontractors or agents to provide services under the Agreement, and such subcontractors or agents receive or have access to the Protected Health Information, each such subcontractor or agent shall sign an agreement with MRC containing substantially the same restrictions and conditions related to the Protected Health Information as those that apply to MRC under this Addendum.
5. Data Transfer Security. MRC will take reasonable measures to protect the security and integrity of the Protected Health Information when electronically transferring such information.
6. Access Security. MRC will take reasonable security measures to protect the Protected Health Information from unauthorized access. Access to MRC's computer networks and systems and the Protected Health Information will be controlled via a user ID and password. MRC IS NOT RESPONSIBLE FOR ANY UNAUTHORIZED USE OR DISCLOSURE OF A USER ID OR PASSWORD, OR FOR ANY BREACH OF THIS ADDENDUM ARISING AS A RESULT OF ANY SUCH UNAUTHORIZED USE OR DISCLOSURE BY OR ON BEHALF OF CLIENT.
7. Authorized Access to and Alteration of Protected Health Information. In order to help ensure the accuracy of the Protected Health Information, MRC, on an ongoing basis, will provide Client access for inspection to any such Protected Health Information then retained in MRC's possession. If any of the Protected Health Information is found to be inaccurate or incomplete, Client may submit amendments or corrections to the Protected Health Information and MRC shall promptly incorporate all such amendments or corrections. MRC shall cooperate promptly with Client in responding to any request made by any subject of such information to Client to inspect and/or copy such information. MRC may not deny Client access to any Protected Health Information if such information is requested by the subject seeking access to it.
8. De-identified Information. Provided that MRC implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b), Client acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that MRC may use such de-identified information for any lawful purpose.
9. Accounting, Audits, and Inspection.
A. MRC will keep an accounting of all disclosures, outside its normal course of business, of the Protected Health Information (the "Disclosure Accounting") on an ongoing basis and maintain the Disclosure Accounting for a period of at least six (6) years. At a minimum, the Disclosure Accounting will contain (i) the date of the disclosure; (ii) the name of the entity or person who received the Protected Health Information and, if known, the address of such entity or person; (iii) a brief description of the Protected Health Information disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure; or in lieu of such statement a copy of the subject's written authorization or request for disclosure pursuant to the HIPAA Regulations. MRC will provide the Disclosure Accounting to Client or a subject individual within sixty (60) days of receiving a written request from Client or such subject individual.
B. Subject to compliance with MRC's security requirements, the Secretary of Health and Human Services and/or Client, or their respective authorized agents or contractors, may, at their expense, examine MRC's facilities, systems, procedures and records related to the Protected Health Information, as may be required to determine that MRC is in compliance with the HIPAA Regulations, the Agreement or this Addendum. If it is determined that MRC is in violation of the HIPAA Regulations, the Agreement or this Addendum, MRC shall promptly remedy any such violation and shall certify the same in writing. The fact that Client inspects, or fails to inspect, or has the right to inspect, MRC's facilities, systems and procedures does not relieve MRC of its responsibility to comply with this Addendum, nor does Client's failure to detect, or to detect but fail to call MRC's attention to or require remediation of any unsatisfactory practice, constitute acceptance of such practice or a waiver of Client's enforcement rights.
10. Right of Termination. In the event that MRC breaches a material term of this Addendum and fails to cure such breach within thirty (30) days after receipt of written notice thereof, Client will have the right to terminate the relevant Covered Contract under which Client disclosed the Protected Health Information that is the subject of the relevant breach.
11. Effect of Termination. Upon the termination or expiration of a Covered Contract for any reason, MRC, at its option, will either (i) return, delete, purge or destroy, all Protected Health Information received from Client under such Covered Contract that MRC maintains in any form, or (ii) if MRC determines that such return or destruction is not feasible, MRC will continue to restrict such Protected Health Information in compliance with this Addendum.
12. Incorporation; Effect on Agreement. This Addendum is incorporated into and made part of each Covered Contract and in each case is subject to the terms and conditions set forth therein, provided that, in the event that a conflict arises between this Addendum and any Covered Contract (exclusive of this Addendum), the terms and conditions of this Addendum shall govern. Except as specifically required to implement the purposes of this Addendum, and otherwise except to the extent inconsistent with this Addendum, all other terms of the Agreement shall remain in full force and effect, and the Parties hereby ratify and affirm the Agreement except as superseded or modified by this Addendum.
13. Construction. This Addendum shall be construed as broadly as necessary to implement and comply with the HIPAA Regulations. The parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with the HIPAA Regulations.