Terms of Service
Optometrist
This is a legally binding agreement. Please read these terms and conditions carefully. By clicking the button on the online registration web page to accept this agreement, you represent that you have the full legal authority to enter this agreement on behalf of the party identified in the registration process, and in that capacity, you acknowledge such party’s agreement to be bound by the terms and conditions set forth or referenced below.
This agreement (the “Agreement”) for use of the OD Central™ online platform and, as applicable, for participating in the Eyeris Patient Finder and/or for prescribing the Eyeris Daily™ contact lenses is between myEyeris, Inc., a Delaware corporation (“myEyeris”), and the party (“Eye Care Provider”) indicated during the online registration process (such process and the information provided during such process, as amended from time through Eye Care Provider’s login to its account in OD Central, the “Registration”). This Agreement is effective upon Eye Care Provider’s acceptance of it in the course of the Registration (the “Effective Date”). The Registration information and the terms of the myEyeris Privacy Policy are incorporated herein and made a part of this Agreement.
1. Certain Definitions.
“Affiliate” means, as to a party, any other entity that directly or indirectly controls, is under common control with, or is controlled by, such party; as used in this definition, “control” and its derivatives mean possession, directly or indirectly, of power to direct the management or policies of an entity.
“BAA” means the business associate addendum set forth in Exhibit A below, as amended or replaced from time to time, which is incorporated herein and made a part of this Agreement.
“Confidential Information” means any information of any type in any form that (i) is disclosed to or observed or obtained by one party from the other party (or from a person the recipient knows or reasonably should assume has an obligation of confidence to the other party) in the course of, or by virtue of, this Agreement and (ii) either is designated as confidential or proprietary in writing at the time of such disclosure or within a reasonable time thereafter (or, if disclosure is made orally or by observation, is designated as confidential or proprietary orally by the person disclosing or allowing observation of the information) or is of a nature that the recipient knew or reasonably should have known, under the circumstances, would be regarded by the owner of the information as confidential or proprietary. Without limiting any other provisions of this Agreement, and whether or not otherwise meeting the criteria described herein, OD Central, Eye Care Provider Data, and content of this Agreement (other than the fact of its existence and the identities of the parties hereto) shall be deemed conclusively to be Confidential Information. For purposes of this Agreement, however, the term “Confidential Information” specifically shall not include any portion of the foregoing that (i) was in the recipient’s possession or knowledge at the time of disclosure and that was not acquired directly or indirectly from the other party, (ii) was disclosed to the recipient by a third party not having an obligation of confidence of the information to any person or body of which the recipient knew or which, under the circumstances, the recipient reasonably should have assumed to exist, or (iii) is or, other than by the act or omission of the recipient, becomes a part of the public domain not under seal by a court of competent jurisdiction and the term “Confidential Information” specifically shall not include protected health information (as defined under HIPAA), because such information is subject to the provisions of the BAA. A selection or combination of information will not meet any of the foregoing exceptions solely because some or all of its individual component parts are so excepted and will meet such exception(s) only if the selection or combination itself is so excepted. In the event of any ambiguity as to whether information is Confidential Information, the foregoing shall be interpreted strictly and there shall be a rebuttable presumption that such information is Confidential Information.
“Documentation” means all documentation (whether printed or in an electronic format) supplied or made available to Eye Care Provider by myEyeris for use with or in support of OD Central, including any and all revisions, modifications, and updates thereof as may be supplied or made available by myEyeris to Eye Care Provider during the term of this Agreement and all copies thereof made by or on behalf of Eye Care Provider.
“HIPAA” means Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services, each as amended from time to time.
“Eye Care Provider Account” means the representation in myEyeris’s books and records of the cash balance held by myEyeris on behalf of Eye Care Provider at a given time pursuant to this Agreement.
“Eye Care Provider Data” means all data entered into OD Central (i) by Eye Care Provider Users or (ii) by or on behalf of Eye Care Provider pursuant to a conversion or migration of data from another system, in each case as such data is maintained in OD Central from time to time.
“Eye Care Provider User” means an employee or individual independent contractor of Eye Care Provider duly authorized by Eye Care Provider to use OD Central pursuant to myEyeris’s then-current procedure for such authorization.
“Hosting Services” means the provision, administration, and maintenance of servers and related equipment, the provision of bandwidth at the hosting facility, and the operation of OD Central for access and use by Eye Care Provider Users pursuant to this Agreement.
“Licensed Materials” means OD Central and the Documentation.
“Losses” means all losses, liabilities, damages, awards, settlements, claims, suits, proceedings, costs and expenses (including reasonable legal fees and disbursements and costs of investigation, litigation, expert witness fees, settlement, judgment, interest, and penalties).
“OD Central” means the doctor portal software application platform known as “OD Central” as provided to Eye Care Provider by myEyeris on a software-as-a-service (SaaS) basis, together with any associated database structures and queries, user interfaces, system interfaces, tools, and the like, and any and all revisions, modifications, and updates thereof delivered or made available to Eye Care Provider by myEyeris pursuant to this Agreement.
“Patient Finder Fee” means a fee assessed for Eye Care Provider’s participation in the myEyeris online appointment service described in Section 4 of $20, or such other amount as to which myEyeris notifies Eye Care Provider from time to time, for each appointment with Eye Care Provider selected by an individual through the Eyeris Patient Finder service.
“Services” means the services performed or to be performed by myEyeris under this Agreement other than OD Central and the provision thereof to Eye Care Provider.
“System Administrator” means the individual who initially completes the Registration on behalf of Eye Care Provider (or otherwise is identified as such in the Registration) or such substitute designated by Eye Care Provider from time to time in accordance with myEyeris’s then-current procedures therefor.
“Term” has the meaning ascribed in Section 2.
“Wholesale Lens Price” means $10.79 for a 30-pack of contact lenses or such other pricing as to which myEyeris may notify Eye care provider from time to time.
The word “including” means “including without limitation” unless otherwise expressly provided in a given instance.
2. Term. This Agreement shall commence upon the Effective Date and shall expire when terminated as provided in this Agreement (the “Term”).
3. OD Central Services. Subject to terms and conditions of this Agreement and provided Eye Care Provider is not in material breach of its obligations hereunder, myEyeris shall provide the following Services during the Term:
(a) Hosting. myEyeris shall provide the Hosting Services; provided, however, that the Hosting Services may be interrupted and OD Central unavailable for use for reasonable periods from time to time for myEyeris to perform scheduled or unscheduled system maintenance, for myEyeris to address security threats or security incidents, or due to the acts or omissions of third parties or the fault of myEyeris.
(b) Support and Maintenance. myEyeris shall provide to Eye Care Provider Users consultation and assistance with operational and technical support issues arising from use of OD Central during myEyeris’s then-current normal business hours pursuant to requests for support services submitted by such means as myEyeris shall direct from time to time. In response to a reported error, myEyeris shall use commercially reasonable efforts to correct the error or to provide a reasonable workaround sufficient to alleviate any substantial adverse effect of the problem on the utility of OD Central, provided that Eye Care Provider assists myEyeris in its efforts by making available, as reasonably requested by myEyeris, information, documentation, access to personnel, and testing. myEyeris’s support and maintenance obligations pursuant to this Agreement are conditioned upon access to and use of OD Central by Eye Care Provider Users in accordance with the Documentation and using browsers and other information technology meeting the criteria set forth in the Documentation, published on myEyeris’s web site, or otherwise provided or made available to Eye Care Provider by myEyeris from time to time. Upon reasonable notice to Eye Care Provider from time to time, myEyeris may revise the specifications described in this paragraph or implement new such specifications to address the evolution of such technology.
(c) Enhancements. From time to time at its discretion, myEyeris may implement releases of OD Central that contain changes, updates, patches, fixes, enhancements to functionality, and/or additional functionality. myEyeris in its sole discretion will determine whether to include in OD Central, as part of the maintenance Services hereunder, features or functionality not originally specified for OD Central, and myEyeris shall have no obligation to disclose or offer to Eye Care Provider any such features or functionality.
4. Eyeris Patient Finder. If elected by Eye Care Provider through the Registration, myEyeris shall include Eye Care Provider in listings of optometrists responding with appointment availability relevant to searches by individuals through the Eyeris Patient Finder online platform. OD Central will alert Eye Care Provider and other relevant participating optometrists of an individual’s requested appointment time and indicated purpose for the visit, and if Eye Care Provider responds through OD Central accepting such appointment request, OD Central will include Eye Care Provider in a list of optometrists accepting such appointment request; provided, however, that if more than three participating optometrists match the individual’s search criteria, the first three participating optometrists to respond will be presented in the search results. When an individual selects Eye Care Provider for an appointment by responding to such message, OD Central will send an automated message to Eye Care Provider of the selection, and Eye Care Provider may contact such individual using information provided by such individual to confirm the appointment. The Patient Finder Fee shall accrue for each such selection of Eye care Provider by an individual for an appointment, and myEyeris thereupon may charge or debit such Patient Finder Fee to the Eye Care Provider’s payment card or other payment method indicated in the Registration. Eye Care Provider may cancel its participation in the Eyeris Patient Finder at any time through the Registration.
5. Trial Lenses; Display. myEyeris may provide to Eye Care Provider, and Eye Care Provider shall accept and utilize, a trial lens display that automatically re-orders trial lenses as needed, to be installed by Eye Care Provider in a patient-facing area, or a binary trial lens set, as elected by Eye Care Provider in the Registration or otherwise upon myEyeris’s offer to provide the same. myEyeris shall bear the risk of loss of the automated display or binary trial lens set until delivered to Eye Care Provider’s location, and myEyeris shall be responsible for the cost of shipping such display to Eye Care Provider’s location (provided, however, that if Eye Care Provider later changes from the automated display to the binary trial lens set, Eye Care Provider shall bear the packaging and shipping costs (including insurance coverage for such shipment in the amount of $1,200) and shall return the automated display using packaging provided or approved in writing by myEyeris, and Eye Care Provider shall bear the cost of shipping the binary trial lens set). For the automated display, as applicable, Eye Care Provider agrees (i) to install the display in a patient-facing area of Eye Care Provider’s location and (ii) to accept and stock in such display trial lenses as automatically re-ordered from and delivered by myEyeris (and to report to myEyeris any failure of such display to re-order automatically or any other malfunction of such display). The foregoing notwithstanding, if Eye Care Provider has received the automated display or binary trial lens set and, after 90 days from delivery thereof, Eye Care Provider fails to prescribe myEyeris lenses to at least three patients per week following notice thereof from myEyeris, then upon request of myEyeris, Eye Care Provider, at Eye Care Provider’s election, either shall pay to myEyeris a one-time usage fee for the automated display or binary trial lens set (as the case may be) of $1,200 or shall return the same and all remaining trial lenses to myEyeris, in which case Eye Care Provider shall bear the packaging and shipping costs (including insurance coverage for such shipment in the amount of $1,200) and shall return the same using packaging provided or approved in writing by myEyeris. The automated display or binary trial lens set shall remain the property of myEyeris, and myEyeris may file a UCC Financing Statement or other such instrument to protect such ownership. Eye Care Provider shall maintain the display in good condition, ordinary wear and tear excepted. If Eye Care provider fails to return the same to myEyeris when required under this Agreement or the same is returned other than in good condition, ordinary wear and tear excepted, Eye Care Provider shall pay to myEyeris (and myEyeris may charge or debit any form of payment provided by Eye Care Provider and/or set off against the Eye Care Provider Account) the value of such automated display (agreed by the parties to be $1,200) or binary trial lens set (agreed by the parties to be $1,200)
6. Online Lens Purchases; Eye Care Provider Account. Patients may purchase myEyeris contact lenses through the myEyeris website pursuant to prescriptions that Eye Care Provider enters into OD Central. For each such purchase, myEyeris shall cause the payment therefor to be deposited directly to the Eye Care Provider Account, whereupon myEyeris shall be entitled to withdraw from the Eye Care Provider Account the Wholesale Lens Price for such lenses (plus any tax applicable thereto). As soon as the patient purchases lenses through myEyeris.com, myEyeris shall remit to Eye Care Provider by bank direct deposit (to an account indicated in the Registration through Stripe Connect). myEyeris will make reasonable attempts to help Eye Care Provider provide bank direct deposit details through Stripe Connect. If Eye Care Provider fails to provide bank direct deposit details through Stripe Connect, payments remitted will default to become property of myEyeris. Eye Care Provider will not have remedy for this default. Any provision of this Agreement to the contrary notwithstanding, myEyeris may set off against and withdraw from the Eye Care Provider Account at any time amounts owing to myEyeris under this Agreement.
7. No Diversion. Eye Care Provider agrees to use trial lenses provided by myEyeris and lenses purchased pursuant to this Agreement solely for dispensing to patients of Eye Care Provider. myEyeris reserves all rights and available remedies for any breach by Eye Care Provider of the foregoing covenant, including equitable remedies, damages, termination of this Agreement, and permanent exclusion from participation in the Eyeris Patient Finder service, OD Central, and other offerings of myEyeris.
8. Payment. Amounts due hereunder shall be paid in the manner established during Registration or as subsequently established by access to Eye Care Provider’s Registration through System Administrator login to OD Central. If applicable, Eye Care Provider authorizes Company to charge or debit automatically, using Eye Care Provider’s selected payment method, all such amounts. Eye Care Provider is responsible for providing to myEyeris and maintaining through the Registration complete and accurate billing and contact information.
9. Taxes. Eye Care Provider shall pay when due (and myEyeris at its discretion may collect and pay on Eye Care Provider’s behalf) all taxes, levies, or assessments based on or in any way measured by this Agreement, the Licensed Materials, and the goods and services provided hereunder, excluding taxes based on myEyeris’s net income, but including sales and use taxes and personal property taxes, if any; provided, however, that if Eye Care Provider notifies myEyeris in writing that Eye Care Provider is exempt from paying applicable state, county, city, or other local sales or use taxes and delivers to myEyeris a copy of Eye Care Provider’s tax exemption certificate or other evidence satisfactory to myEyeris demonstrating such exemption, myEyeris shall not collect and pay such taxes on Eye Care Provider’s behalf except pursuant to an order from a court of competent jurisdiction or notice from such taxing authority. If Eye Care Provider has notified myEyeris of such a tax exemption, Eye Care Provider shall notify myEyeris promptly of any change in the status of such exemption.
10. License to Use Platform; Restrictions. Subject to terms and conditions of this Agreement, myEyeris grants to Eye Care Provider a non-exclusive, non-transferable (except as otherwise provided herein) license during the Term for Eye Care Provider Users to access and use OD Central solely for Eye Care Provider’s internal business purposes and to copy and use the Documentation solely in furtherance of the use by such persons of OD Central. Except as may be authorized expressly in this Agreement, Eye Care Provider shall not do, nor shall it authorize any person to do, any of the following: (i) use the Licensed Materials for any purpose or in any manner not specifically authorized by this Agreement; (ii) make any copies or prints, or otherwise reproduce or print, any portion of the Licensed Materials, whether in printed or electronic format; (iii) distribute, republish, download, display, post, or transmit any portion of the Licensed Materials; (iv) create or recreate the source code for, or re-engineer, reverse engineer, decompile, or disassemble any Licensed Materials that is computer software; (v) modify, adapt, translate, or create derivative works from or based upon any part of the Licensed Materials, or combine or merge any part of the Licensed Materials with or into any other software, document, or work; (vi) refer to or otherwise use any part of the Licensed Materials as part of any effort to develop a product or service having any functional attributes, visual expressions, or other features or purposes similar to those of Licensed Materials; (vii) remove, erase, or tamper with any copyright, logo, or other proprietary or trademark notice printed or stamped on, affixed to, or encoded or recorded in the Licensed Materials, or use a proxy, reverse proxy, or any other such mechanism that is intended to, or has the effect of, obscuring any of the foregoing or confusing an Eye Care Provider User as to myEyeris’s rights in OD Central, (viii) fail to preserve all copyright and other proprietary notices in any copy of any portion of the Licensed Materials made by or on behalf of Eye Care Provider; (ix) sell, market, license, sublicense, distribute, rent, loan, or otherwise grant to any third party any right to possess or utilize any portion of the Licensed Materials without the express prior written consent of myEyeris (which may be withheld by myEyeris for any reason or conditioned upon execution by such party of a confidentiality and non-use agreement and/or other such other covenants and warranties as myEyeris in its sole discretion deems desirable); (x) use the Licensed Materials to gain or attempt to gain access to any software applications, computer systems, or data not expressly authorized under this Agreement; (xi) knowingly use OD Central to store, receive, or distribute any information that violates any applicable law; or (xii) attempt to do or assist any party in attempting to do any of the foregoing.
11. Eye Care Provider Responsibilities.
(a) Eye Care Provider IT Environment. Eye Care Provider shall be responsible for selecting, obtaining, and maintaining any equipment (including a computer), software (including a browser), and ancillary services (including Internet service) needed to access OD Central, in each case meeting any information technology environment criteria provided by myEyeris or made available in OD Central or on the myEyeris website from time to time.
(b) System Administrator. Eye Care Provider acknowledges and agrees that the System Administrator, utilizing mechanisms provided therefor within OD Central, will have the sole responsibility for authenticating and provisioning access to OD Central for other Eye Care Provider Users and for disabling access to OD Central for Eye Care Provider Users. Eye Care Provider shall cause the System Administrator to perform such authentication in accordance with generally-accepted information security standards and shall cause the System Administrator to disable such access immediately upon the termination of employment or engagement of any Eye Care Provider User by Eye Care Provider or when an Eye Care Provider User otherwise is no longer eligible to use OD Central pursuant to this Agreement. Eye Care Provider shall notify myEyeris immediately, by telephone and in writing, to disable access to OD Central for System Administrator who is so terminated or otherwise is no longer eligible to use OD Central pursuant to this Agreement.
(c) Account Passwords and Data Security. Eye Care Provider shall maintain and cause to be maintained the confidentiality of all user IDs and passwords of Eye Care Provider Users, including implementing and enforcing policies and procedures as reasonable and appropriate thereto, and Eye Care Provider at all times shall maintain adequate technical, physical, and administrative safeguards, including access controls and system security requirements and devices, to ensure that access to OD Central by or through Eye Care Provider is limited to Eye Care Provider Users. Eye Care Provider shall be solely responsible for all use or misuse of the user IDs of Eye Care Provider Users, and except as otherwise required by applicable law myEyeris shall have no obligation to monitor for or report any use or attempted use of the user IDs of Eye Care Provider Users. All such user IDs and passwords are deemed to be Confidential Information of both Eye Care Provider and myEyeris. Eye Care Provider shall take reasonable steps to ensure that Eye Care Provider Users not share user IDs or passwords.
(d) Disclaimer. myEyeris shall not be liable to Eye Care Provider for any Loss arising out of or relating to Eye Care Provider’s failure to comply with its obligations set forth in this Section 12.
12. License to Use Data. Eye Care Provider grants to myEyeris a non-exclusive, transferrable, worldwide, royalty-free license during the Term to use and disclose Eye Care Provider Data to perform its obligations under this Agreement, including to provide, monitor, correct, and improve OD Central and to perform Services. Eye Care Provider represents and warrants that it owns or has the legal right and authority, and will continue to own or maintain the legal right and authority, to grant to myEyeris the licenses set forth herein. Eye Care Provider shall indemnify, defend, and hold harmless myEyeris, its Affiliates, and their respective directors, officers, employees, and agents from and against any Loss arising from or related to a claim of a third party with respect to a breach of the foregoing representation and warranty of Eye Care Provider.
13. Ownership.
(a) Eye Care Provider Data. As between myEyeris and Eye Care Provider, Eye Care Provider has and retains exclusive ownership of all Eye Care Provider Data and all intellectual property and proprietary rights therein.
(b) Licensed Materials. As between myEyeris and Eye Care Provider, myEyeris has and retains exclusive ownership of the Licensed Materials and all intellectual property and proprietary rights therein.
(c) Suggestions, Joint Efforts, and Statistical Information. Eye Care Provider may suggest, and the parties may discover or create jointly, findings, inventions, improvements, discoveries, or ideas that myEyeris, at its sole option, may incorporate in the Licensed Materials or in other products or services that may or may not be made available to Eye Care Provider. Any such finding, invention, improvement, discovery, or idea, whether or not patentable, that is conceived or reduced to practice during the term of this Agreement, whether by a party alone or by the parties jointly, arising from or related to this Agreement or the Licensed Materials shall be and remain solely property of myEyeris and may be used, sold, licensed, or otherwise provided by myEyeris to third parties, or published or otherwise publicly disclosed, in myEyeris’s sole discretion without notice, attribution, payment of royalties, or liability to Eye Care Provider. Eye Care Provider acknowledges and agrees that myEyeris has and retains exclusive and valid ownership of all anonymized statistical information regarding Eye Care Provider Users’ use of OD Central. Eye Care Provider hereby assigns to myEyeris any and all right, title, and interest in and to any such findings, inventions, improvements, discoveries, ideas, and statistical information. Unless otherwise expressly agreed in writing, Eye Care Provider shall not obtain any right, title, or interest (other than the license expressly set forth herein) in or to anything created or developed by myEyeris in connection with or incident to this Agreement.
14. Confidentiality.
(a) Security of Confidential Information. Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.
(b) Non-Disclosure Obligation. Except as otherwise may be permitted by this Agreement, neither party shall disclose any Confidential Information of the other party to any third party without the express prior written consent of the other party; provided, however, that either party may disclose appropriate portions of Confidential Information of the other party to those of its employees, contractors, agents, and professional advisors having a substantial need to know the specific information in question in connection with such party’s exercise of rights or performance of obligations under this Agreement provided that all such persons (i) have been instructed that such Confidential Information is subject to the obligation of confidence set forth by this Agreement and (ii) are bound by contract, employment policies, or fiduciary or professional ethical obligation to maintain such information in confidence.
(c) Compelled Disclosure. If either party is ordered by a court, administrative agency, or other governmental body of competent jurisdiction to disclose Confidential Information, or if it is served with or otherwise becomes aware of a motion or similar request that such an order be issued, then such party will not be liable to the other party for disclosure of Confidential Information required by such order if such party complies with the following requirements: (i) if an already-issued order calls for immediate disclosure, then such party immediately shall move for or otherwise request a stay of such order to permit the other party to respond as set forth in this paragraph; (ii) such party immediately shall notify the other party of the motion or order by the most expeditious possible means; (iii) such party shall not oppose a motion or similar request by the other party for an order protecting the confidentiality of the Confidential Information, including not opposing a motion for leave to intervene by the other party; and (iv) such party shall exercise reasonable efforts to obtain appropriate assurance that confidential treatment will be accorded the Confidential Information so disclosed.
(d) Non-Use Obligation. Except as expressly authorized in this Agreement, during the term of this Agreement and forever thereafter (or for such shorter period as may be imposed by applicable law), neither party shall use any Confidential Information of the other party, except at the request of and for the benefit of such other party, without the express prior written consent of the other party.
(e) Copying of Confidential Information. Except as otherwise may be permitted by this Agreement, neither party shall copy or otherwise reproduce any part of any Confidential Information of the other party, nor attempt to do so, without the prior written consent of the other party. Any embodiments of Confidential Information of a party that may be generated by the other party, either pursuant to or in violation of this Agreement, will be deemed to be solely the property of the first party and fully subject to the obligations of confidence set forth herein.
(f) Proprietary Legends. Without the other party’s prior written consent, neither party shall remove, obscure, or deface on or from any embodiment of any Confidential Information any proprietary legend relating to the other party’s rights.
(g) Reports of Misappropriation. Each party shall report to the other party without unreasonable delay any act or attempt by any person of which such party has knowledge or reasonably suspects (i) to use or disclose, or copy Confidential Information without authorization from the other party or (ii) to reverse assemble, reverse compile, or otherwise reverse engineer any part of the Confidential Information.
(h) Post-Termination Procedures. Except with respect to Eye Care Provider Data as provided in Section 20 or as otherwise expressly provided in this Agreement, promptly upon the expiration or any termination of this Agreement or other expiration or termination of a party’s right to possess and/or use Confidential Information, each party shall turn over to the other party (or destroy and certify the same in writing, if agreed in writing by the other party) any embodiments of any Confidential Information of the other party.
15. Disclaimers.
(a) REPRESENTATION AND WARRANTY DISCLAIMERS. THE LICENSED MATERIALS, PRODUCTS, AND SERVICES PROVIDED BY MYEYERIS UNDER THIS AGREEMENT ARE PROVIDED “AS-IS” AND MYEYERIS DISCLAIMS ANY AND ALL WARRANTIES, CONDITIONS, OR REPRESENTATIONS (EXPRESS OR IMPLIED, ORAL OR WRITTEN), WITH RESPECT THERETO, INCLUDING ANY AND ALL IMPLIED WARRANTIES OR CONDITIONS OF TITLE, NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS OR SUITABILITY FOR ANY PURPOSE (WHETHER OR NOT MYEYERIS KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR OTHERWISE IS IN FACT AWARE OF ANY SUCH PURPOSE), WHETHER ALLEGED TO ARISE BY LAW, BY REASON OF CUSTOM OR USAGE IN THE TRADE, BY COURSE OF DEALING, OR OTHERWISE.
(b) Other Disclaimers. As between the parties, Eye Care Provider will be exclusively responsible for, and myEyeris makes no representation or warranty with respect to, determining whether the Licensed Materials and Services will achieve the results desired by Eye Care Provider, ensuring the accuracy of any Eye Care Provider Data, and selecting, procuring, installing, operating, and maintaining the technical infrastructure for Eye Care Provider’s access to and use of the Licensed Materials (other than with respect to the Hosting Services). myEyeris shall not be liable for, and shall have no obligations with respect to, any aspect of the Licensed Materials that is modified by any person other than myEyeris or its contractors, use of the Licensed Materials other than in accordance with the most current operating instructions provided by myEyeris, errors or other effects of problems, defects, or failures of software or hardware not provided by myEyeris or of acts or omissions of Eye Care Provider or any third party. Eye Care Provider acknowledges that the operation of the Licensed Materials will not be error free in all circumstances and that all defects in the Licensed Materials may not be corrected.
16. Risk Allocation.
(a) EXCLUSION OF INDIRECT DAMAGES. WITHOUT LIMITING A PARTY EXPRESS DEFENSE AND INDEMNIFICATION OBLIGATIONS HEREUNDER WITH REGARD TO CLAIMS OF THIRD PARTIES, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY (NOR TO ANY PERSON CLAIMING RIGHTS DERIVED FROM THE OTHER PARTY’S RIGHTS) FOR INCIDENTAL, INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND (INCLUDING LOST PROFITS, LOSS OF OR DAMAGE TO DATA, LOSS OF BUSINESS, OR OTHER ECONOMIC DAMAGE), WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, AND REGARDLESS OF WHETHER THE PARTY LIABLE OR ALLEGEDLY LIABLE WAS ADVISED, HAD OTHER REASON TO KNOW, SHOULD HAVE ANTICIPATED, OR IN FACT KNEW OF THE POSSIBILITY THEREOF. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS BY ANYONE. THE PROVISIONS OF THIS PARAGRAPH ARE INDEPENDENT OF, SEVERABLE FROM, AND TO BE ENFORCED INDEPENDENTLY OF ANY OTHER ENFORCEABLE OR UNENFORCEABLE PROVISION OF THIS AGREEMENT.
(b) MAXIMUM AGGREGATE LIABILITY. EXCEPT WITH REGARD TO A PARTY’S EXPRESS DEFENSE AND INDEMNIFICATION OBLIGATIONS HEREUNDER, IN NO EVENT SHALL A PARTY’S AGGREGATE LIABILITY TO THE OTHER PARTY (INCLUDING LIABILITY TO ANY PERSON OR PERSONS WHOSE CLAIM OR CLAIMS ARE BASED ON OR DERIVED FROM A RIGHT OR RIGHTS CLAIMED BY OR THROUGH SUCH PARTY), WITH RESPECT TO ANY CLAIM ARISING FROM OR RELATED TO THE SUBJECT MATTER OF THIS AGREEMENT, IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE AMOUNTS PAID UNDER THIS AGREEMENT FOR THE APPLICABLE PRODUCT OR SERVICE DURING THE 180-DAY PERIOD IMMEDIATELY PRECEDING THE ACT GIVING RISE TO SUCH CLAIM. THE PROVISIONS OF THIS PARAGRAPH ARE INDEPENDENT OF, SEVERABLE FROM, AND TO BE ENFORCED INDEPENDENTLY OF ANY OTHER ENFORCEABLE OR UNENFORCEABLE PROVISION OF THIS AGREEMENT.
(c) Intentional Risk Allocation. Each party acknowledges that the provisions of this Agreement were negotiated, as a material part of the agreement memorialized herein, to reflect an informed, voluntary allocation between them of all risks (both known and unknown) associated with the transactions involved with this Agreement. The warranty disclaimers and limitations in this Agreement are intended, and have as their essential purpose, to limit the circumstances of liability. The remedy limitations and the limitations of liability are separately intended, and have as their essential purpose, to limit the forms of relief available to the parties.
17. Breach: Termination.
(a) Notice of Breach; Cure Period. Except as otherwise provided under applicable law, in the event of a breach of a provision of this Agreement, the notice and cure procedures set forth in this paragraph shall apply. The non-breaching party shall give the breaching party notice describing the breach and stating the time, as provided herein, within which the breach must be cured. If a provision of this Agreement sets forth a cure period for the breach in question, then that provision shall take precedence over any cure period set forth in this paragraph. No cure period shall be required, except as may be provided otherwise in this Agreement, if this Agreement sets forth specific deadline dates for the obligation allegedly breached. If the breach is of an obligation to pay money, the breaching party shall have five business days to cure the breach after written notice thereof by the non-breaching party. If the breach is a material breach of an obligation relating to the other party’s Confidential Information, then the non-breaching party, in its sole discretion, may specify in the notice of breach that no cure period will be permitted. If the breach is other than a breach of the kind described above in this paragraph, then the cure period will be 30 days after the notice of the breach by the non-breaching party.
(b) Termination for Breach. If a breach of any provision of this Agreement has not been cured at the end of the applicable cure period, if any (or upon such breach if no cure period is permitted), then the non-breaching party thereupon may terminate this Agreement by notice to the other party. Termination of this Agreement by myEyeris for breach by Eye Care Provider shall terminate all licenses granted to Eye Care Provider herein. This Agreement and the licenses granted to Eye Care Provider herein shall terminate automatically, to the extent permitted by applicable law in the jurisdiction or jurisdictions in question, if Eye Care Provider makes an assignment for the benefit of its creditors, files a petition for bankruptcy, receivership, reorganization, or other like proceeding under any present or future debtor relief law (or is the subject of an involuntary such petition or filing that is not dismissed within 60 days after the effective filing date thereof), or admits of a general inability to pay its debts as they become due. Any termination of this Agreement shall be in addition to, and not in lieu of, any other rights or remedies available at law or in equity.
(c) Termination for Convenience. Either party may terminate this Agreement for convenience at any time upon notice to the other party.
18. Disposition of Eye Care Provider Data. Except as otherwise provided in the BAA, as promptly as is reasonably practicable following the expiration or any termination of this Agreement, myEyeris shall destroy the Eye Care Provider Data; provided, however, that to the extent myEyeris is required by applicable law or legal process to retain any portion of the Eye Care Provider Data, or to the extent that destruction of any Eye Care Provider Data is infeasible, myEyeris shall retain such Eye Care Provider Data as though it were Confidential Information for such time as is required by such law or process or until destruction is no longer infeasible, after which myEyeris promptly shall destroy the Eye Care Provider Data.
19. Marketing. myEyeris shall not display or use Eye Care Provider’s logos, trademarks, service marks, or other indicia of origin without Eye Care Provider’s prior written consent (which may be given in email or text) in its sole discretion, and any such consent may be revoked at any time upon reasonable advanced written notice from Eye Care Provider to myEyeris; provided, however, that myEyeris may identify Eye Care Provider as an myEyeris Eye Care Provider and display Eye Care Provider’s logos in its marketing materials and advertisements, on its web site, and in presentations. myEyeris shall not acquire any intellectual property rights in any such logos, trademarks, service marks, or other indicia of origin.
20. Other Provisions.
(a) Notice. Except as otherwise expressly provided herein, notices shall be given under this Agreement in writing in the English language, signed by the party giving the same, and shall be given (i) personally (in which case such notices shall be deemed given when so delivered), (ii) by certified or registered U.S. Mail, properly addressed and postage pre-paid, from within the United States (in which case such notices shall be deemed given on the third business day after deposit), (iii) by generally recognized overnight courier, properly addressed and pre-paid, with next business day instruction (in which case such notices shall be deemed given on the next business day after deposit), or (iv) if to Eye Care Provider, at myEyeris’s election, by e-mail (in which case such notice shall be deemed given upon transmission unless myEyeris receives a non-delivery email message within a reasonable time thereafter) or by posting such notice to OD Central (in which case such notice shall be deemed given upon the next access of OD Central by an Eye Care Provider User). Such notices shall be sent to myEyeris at Attn: CEO, myEyeris, 90 Oceanside Drive, Nashville, TN 37204, with copy to Steve F. Wood, Esq., Baker Donelson, 211 Commerce Street, Nashville, Tennessee 37201, and to Eye Care Provider at the address for notices or email address designated in the Registration or as provided in clause (iv) of this the preceding sentence. Either party may change its address for purposes of notice by written notice thereof to the other party.
(b) Nature of Relationship; Subcontractors. myEyeris shall provide all Services hereunder as an independent contractor to Eye Care Provider. Subject to the provisions of this Agreement regarding confidentiality, myEyeris may perform its obligations hereunder through its employees and through subcontractors. Nothing contained herein shall be deemed to create any agency, partnership, joint venture, or other relationship between the parties or any of their affiliates, and neither party shall have the right, power, or authority under this Agreement to create any duty or obligation on behalf of the other party.
(c) Force Majeure. Neither party shall be liable for any failure to perform its obligations under this Agreement if such failure arises, directly or indirectly, out of causes reasonably beyond the direct control of such party and not due to such party’s own fault or negligence or that of its contractor or agent, including acts of God, acts of terrorists or criminals, acts of domestic or foreign governments, change in any law or regulation, fires, floods, explosions, epidemics, disruptions in communications, power, or other utilities, strikes or other labor problems, riots, or unavailability of supplies.
(d) Governing Law; Venue. This Agreement shall be construed and enforced in accordance with the laws of the state of Tennessee (other than its conflicts of law provisions) and venue shall be exclusively in the federal or state courts sitting in Tennessee.
(e) Jury Trial Waiver. THE PARTIES SPECIFICALLY WAIVE ANY RIGHT TO TRIAL BY JURY IN ANY COURT WITH RESPECT TO ANY CONTRACTUAL, TORTIOUS, OR STATUTORY CLAIM, COUNTERCLAIM, OR CROSS-CLAIM AGAINST THE OTHER ARISING OUT OF OR CONNECTED IN ANY WAY TO THIS AGREEMENT, BECAUSE THE PARTIES HERETO, BOTH OF WHICH ARE REPRESENTED BY COUNSEL, BELIEVE THAT THE COMPLEX COMMERCIAL AND PROFESSIONAL ASPECTS OF THEIR DEALINGS WITH ONE ANOTHER MAKE A JURY DETERMINATION NEITHER DESIRABLE NOR APPROPRIATE.
(f) Injunctive Relief. Each party acknowledges that any violation of its covenants in this Agreement relating to the other party’s Confidential Information and intellectual property would result in damage to such party that is largely intangible but nonetheless real and that is incapable of complete remedy by an award of damages. Accordingly, any such violation shall give such party the right to a court-ordered injunction or other appropriate order to enforce specifically those covenants without bond and without prejudice to any other rights or remedies to which such party may be entitled as a result of a breach of this Agreement.
(g) Amendment and Waiver. Except as otherwise expressly provided herein, no modification or amendment to this Agreement will be valid or binding unless in writing and duly executed by the party or parties to be bound thereby; provided, however, that myEyeris may amend this Agreement upon 10 days’ notice to Eye Care Provider (and Eye Care Provider shall be free to terminate this Agreement as provided herein if Eye Care Provider is unwilling to accept such amendment). The failure of either party at any time to require performance by the other party of any provision of this Agreement shall in no way affect the right of such party to require performance of that provision. Any waiver by either party of any breach of this Agreement shall not be construed as a waiver of any continuing or succeeding breach of such provision, a waiver of the provision itself, or a waiver of any right under this Agreement.
(h) Assignment. A party may transfer or assign some or all of its rights and/or delegate some or all of its obligations under this Agreement only with the express prior written consent of the other party, which may be granted or withheld in such party’s sole discretion; provided, however, that a party may assign all of its rights hereunder indivisibly to any wholly-owned subsidiary of such party or to such party’s parent entity or to any wholly-owned subsidiary of such parent entity, or in any merger or similar transaction, or to a purchaser of substantially all of such party’s assets, upon notice to the other party so long as (i) such party does not know and reasonably should not assume that such assignee is a competitor of the other party and (ii) such assignee assumes in writing all of such party’s obligations under this Agreement. Any purported transfer or assignment by a party of any right under this Agreement otherwise than in accordance with the provisions of this paragraph shall be null and void and a breach of this Agreement.
(i) Successors and Assigns. This Agreement will be binding upon and inure to the benefit of the parties and their successors and assigns permitted by this Agreement.
(j) Entire Agreement. This Agreement, including the BAA, constitutes the entire agreement between the parties concerning the subject matter hereof. No prior or contemporaneous representations, inducements, promises, or agreements, oral or otherwise, between the parties with reference thereto will be of any force or effect. Each party represents and warrants that, in entering into and performing its obligations under this Agreement, it does not and will not rely on any promise, inducement, or representation allegedly made by or on behalf of the other party with respect to the subject matter hereof, nor on any course of dealing or custom and usage in the trade, except as such promise, inducement, or representation may be expressly set forth herein.
(k) Severability. If any provision of this Agreement is ruled wholly or partly invalid or unenforceable by a court or other body of competent jurisdiction, then (i) the validity and enforceability of all provisions of this Agreement not ruled to be invalid or unenforceable will be unaffected; (ii) the effect of the ruling will be limited to the jurisdiction of the court or other body making the ruling; (iii) the provision held wholly or partly invalid or unenforceable shall be deemed amended, and the court or other body is authorized to reform the provision, to the minimum extent necessary to render them valid and enforceable in conformity with the parties’ intent as manifested herein; and (iv) if the ruling or the controlling principle of law or equity leading to the ruling subsequently is overruled, modified, or amended by legislative, judicial, or administrative action, then the provision in question as originally set forth in this Agreement shall be deemed valid and enforceable to the maximum extent permitted by the new controlling principle of law or equity.
(l) No Third-Party Beneficiaries. Except as otherwise expressly set forth herein, nothing in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.
(m) Survival. The covenants herein concerning Confidential Information, indemnification, post-termination procedures, and any other provision that, by its nature, is intended to survive this Agreement shall survive any termination or expiration of this Agreement.
(n) Headings. The headings of the sections used in this Agreement are included for convenience only and are not to be used in construing or interpreting this Agreement.
Business Associate Addendum
THIS BUSINESS ASSOCIATE ADDENDUM (the “Addendum”) supplements and is made a part of the Terms of Service (Optometrist) between myEyeris and Eye Care Provider (the “Agreement”).
Eye Care Provider is a Covered Entity (or is a Business Associate to one or more Covered Entities) pursuant to HIPAA. Eye Care Provider has engaged myEyeris to perform certain services pursuant to the Agreement. In the course of providing such services, Eye Care Provider may make available to myEyeris or have myEyeris obtain or create on its behalf information that may be deemed Protected Health Information subject to the provisions of HIPAA and information subject to protection under other federal or state laws.
In order to comply with the applicable provisions of HIPAA and other federal or state laws as applicable, the parties agree as follows:
1. Definitions.
1.1. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings ascribed in HIPAA (whether or not such terms are capitalized therein) or in the Agreement, as the case may be.
1.2. “Electronic PHI” means PHI that is Electronic Protected Health Information.
1.3. “PHI” means Protected Health Information received or accessed by myEyeris from or on behalf of Eye Care Provider or created, transmitted, or maintained by myEyeris for or on behalf of Eye Care Provider.
1.4. “Unauthorized Use or Disclosure of PHI” means a use or disclosure of PHI that is not permitted by this Agreement or that violates or gives rise to a reporting obligation under HIPAA, including without limitation a Breach of PHI that is Unsecured Protected Health Information.
2. Permitted Uses. myEyeris may use PHI only as permitted or required by this Addendum and only for the following purposes: (i)as necessary to perform its obligations pursuant to the Agreement; (ii) to carry out its legal responsibilities; (iii) for the proper business management and administration of myEyeris; (iv) to provide Data Aggregation services relating to the Health Care Operations of Eye Care Provider, but only to the extent (if any) reasonably necessary to perform its obligations pursuant to the Agreement; (v) to de-identify PHI in accordance with the standards set forth under HIPAA, but only to the extent (if any) reasonably necessary to perform its obligations pursuant to the Agreement; and (vi) as Required By Law.
3. Permitted Disclosures. myEyeris may disclose PHI only as permitted or required by this Addendum for the following purposes: (i) as necessary to perform the its obligations pursuant to the Agreement; (ii) for the proper business management and administration of myEyeris or to carry out its legal responsibilities, if Required By Law or if myEyeris has obtained reasonable assurances that the recipient will (A) hold such PHI in confidence, (B) use or further disclose it only for the purpose for which it was received or as Required By Law, and (C) notify myEyeris of any instance of which the recipient becomes aware in which the confidentiality of such PHI has been breached; and (iii) as otherwise Required By Law.
4. Prohibited Uses and Disclosures.
4.1. Subject to Eye Care Provider’s compliance with its obligations set forth in Section 16 as applicable, and except as otherwise permitted pursuant to Section 2 and Section 3, myEyeris shall not use or further disclose PHI in a manner that would violate HIPAA if done by Eye Care Provider.
4.2. If Eye Care Provider notifies myEyeris that Eye Care Provider has agreed to be bound by additional restrictions on the uses or disclosures of PHI pursuant to Section 16, myEyeris shall be bound by such additional restrictions and shall not use or disclose PHI in violation of such additional restrictions.
4.3. myEyeris shall not sell PHI or otherwise receive remuneration, directly or indirectly, in exchange for PHI; provided, however, that this prohibition shall not affect payment to myEyeris by Eye Care Provider pursuant to the Agreement.
4.4. myEyeris shall not use or disclose PHI for purposes of marketing or fundraising.
4.5. Except as expressly authorized by Eye Care Provider, myEyeris shall not transmit PHI to or store PHI at any location outside of the United States of America and shall not authorize any person outside of the United States of America to access or view PHI.
5. Subcontractors and Agents. Any disclosure to a Subcontractor or agent of myEyeris shall be pursuant to a written agreement between myEyeris and such Subcontractor or agent containing substantially the same restrictions and conditions on the use, disclosure, and safeguarding of PHI as are set forth in this Addendum.
6. Minimum Necessary. myEyeris shall request, access, use, and disclose only the minimum amount of PHI necessary, in accordance with HIPAA, to perform its obligations pursuant to the Agreement.
7. Certain Privacy Rule Compliance. To the extent that myEyeris is to carry out one or more of Eye Care Provider’s (or, if Eye Care Provider is a Business Associate or Subcontractor, a relevant Covered Entity’s) obligations under Subpart E of Part 164 of HIPAA (generally known as the HIPAA Privacy Rule), myEyeris shall comply with such requirements that apply to Eye Care Provider in the performance of such obligations.
8. Safeguards. myEyeris at all times shall maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, availability, and integrity of Electronic PHI that it creates, receives, maintains, or transmits in accordance with the regulations set forth at 45 CFR § 164.308, 45 CFR § 164.310, and 45 CFR § 164.312 and shall maintain policies and procedures and other documentation in accordance the regulations set forth at 45 CFR § 164.316. myEyeris acknowledges that such provisions apply to myEyeris in the same manner that they apply to Covered Entities.
9. Breach Investigation and Reporting.
9.1. myEyeris shall notify Eye Care Provider within five business days following discovery of an Unauthorized Use or Disclosure of PHI.
9.2. As soon as practicable following any Unauthorized Use or Disclosure of PHI, myEyeris shall assess whether such Unauthorized Use or Disclosure of PHI was of PHI that is Unsecured Protected Health Information and, if so (or if myEyeris cannot determine reasonably conclusively to the contrary), myEyeris shall make an evaluation of whether there is a low probability that the PHI has been compromised. In making such evaluation, myEyeris shall conduct a risk assessment that considers, at a minimum, (i) the nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re identification, (ii) the unauthorized person who used the protected health information or to whom the disclosure was made, (iii) whether the protected health information was actually acquired or viewed, and (iv) the extent to which the risk to the protected health information has been mitigated, and myEyeris shall evaluate the overall possibility that the PHI has been compromised by considering all of the above, and any other relevant factors, in combination.
9.3. If pursuant to the evaluation described in Section 9.2 myEyeris determines that such Unauthorized Use or Disclosure of PHI constitutes a Breach of PHI that is Unsecured Protected Health Information, myEyeris shall provide Eye Care Provider, without unreasonable delay but in no case later than 10 days following discovery thereof, notice setting forth the date of discovery thereof, the identities of affected individuals (or, if such identities are unknown at that time, the classes of such individuals), a general description of the nature of the incident, and such other information as is required pursuant to HIPAA or reasonably requested by Eye Care Provider. myEyeris shall supplement such notice with information not available at the time of the initial notification as promptly thereafter as the information becomes available to myEyeris.
9.4. If pursuant to the evaluation described in Section 9.2 myEyeris determines that such Unauthorized Use or Disclosure of PHI does not constitute a Breach of PHI that is Unsecured Protected Health Information, myEyeris shall notify Eye Care Provider of such determination promptly following such determination.
9.5. For purposes hereof, an Unauthorized Use or Disclosure of PHI shall be deemed discovered by myEyeris as of the first day on which it is known to myEyeris or, by exercising reasonable diligence, would have been known to myEyeris, and myEyeris shall be deemed to have knowledge of an Unauthorized Use or Disclosure of PHI if it is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing Unauthorized Use or Disclosure of PHI, who is a workforce member of myEyeris or an agent of myEyeris (determined in accordance with the federal common law of agency).
10. Security Incident Reporting. myEyeris shall report to Eye Care Provider in writing any Security Incident involving Electronic PHI, other than a Security Incident that involves an Unauthorized Use or Disclosure of PHI, within 30 days of myEyeris’s discovery thereof. The parties acknowledge and agree that this section constitutes notice by myEyeris to Eye Care Provider of the ongoing occurrence of events that may constitute Security Incidents but that are trivial, routine, do not constitute a material threat to the security of PHI, and do not result in unauthorized access to or use or disclosure of PHI (such as typical pings and port scans), for which no additional notice to Eye Care Provider shall be required.
11. Mitigation. myEyeris shall take all actions reasonably necessary and shall cooperate with Eye Care Provider as reasonably requested to mitigate, to the extent practicable, any harmful effect of any use or disclosure of PHI in violation of the terms and conditions of this Addendum or of any applicable law.
12. Access and Amendment. With respect to an Individual as to whom myEyeris maintains PHI, myEyeris shall notify Eye Care Provider promptly upon receipt of a request from such an Individual for access to or a copy of such Individual’s PHI or to amend such Individual’s PHI. To the extent permitted under HIPAA, and except as otherwise required upon the order of a court of competent jurisdiction, (i) myEyeris shall direct such Individual to make such request of Eye Care Provider and (ii) myEyeris shall not consent to such access, deliver such copy, or comply with such request except as directed by Eye Care Provider. With respect to PHI maintained by myEyeris in a Designated Record Set that is not also maintained by Eye Care Provider, to the extent required by HIPAA, myEyeris shall (i) make available PHI to Individuals or Eye Care Provider, as reasonably requested by Eye Care Provider and in accordance with HIPAA and (ii) upon receipt of notice from Eye Care Provider, promptly amend any portion of the PHI so that Eye Care Provider may meet its amendment obligations under HIPAA.
13. Accounting for Disclosures. myEyeris shall document all disclosures of PHI by myEyeris and information related to such disclosures as would be required for Eye Care Provider to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with HIPAA. myEyeris shall maintain such information for the applicable period set forth in HIPAA. myEyeris shall deliver such information to Eye Care Provider or, upon Eye Care Provider’s request, to the Individual, in the time and manner reasonably designated by Eye Care Provider, in order for Eye Care Provider to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with HIPAA. The obligations set forth in this section shall survive the expiration or any termination of this Addendum and shall continue, as to a given instance of a disclosure, until the earlier of (i) the passing of the time required for such information to be maintained pursuant to HIPAA or (ii) the delivery to Eye Care Provider of all such information in a form and medium reasonably satisfactory to Eye Care Provider and the return or destruction of all PHI as provided in this Addendum.
14. Audit. If myEyeris receives a request, made on behalf of the Secretary of the Department of Health and Human Services, that myEyeris make its internal practices, books, and records relating to the use or disclosure of PHI available to the Secretary of the Department of Health and Human Services for the purposes of determining Eye Care Provider’s or myEyeris’s compliance with HIPAA, myEyeris promptly shall notify Eye Care Provider of such request and, unless enjoined from doing so by order of a court of competent jurisdiction in response to a challenge raised by Eye Care Provider or myEyeris (which challenge myEyeris shall not be obligated to raise), myEyeris shall comply with such request to the extent required of it by applicable law. Nothing in this Addendum shall waive any attorney-client privilege or other privilege applicable to either party.
15. Compliance with Law. myEyeris shall comply with all federal and state laws applicable to myEyeris regarding individually identifiable information contained in or associated with PHI, including HIPAA and any state data breach laws or other state laws regarding the protection of such information. Nothing in this Addendum shall be construed to require myEyeris to use or disclose PHI without a written authorization from an Individual who is the subject thereof, or written authorization from any other person, where such authorization would be required under federal or state law for such use or disclosure.
16. Obligations of Eye Care Provider. Eye Care Provider shall (i) notify myEyeris of any limitation in Eye Care Provider’s (or, if Eye Care Provider is a Business Associate or Subcontractor, a relevant Covered Entity’s) Notice of Privacy Practices to the extent that such limitation may affect myEyeris’s use or disclosure of PHI, (ii) notify myEyeris of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such change may affect myEyeris’s use or disclosure of PHI, (iii) notify myEyeris of any restriction on the use or disclosure of PHI to which Eye Care Provider has agreed in accordance with HIPAA, to the extent that such restriction may affect myEyeris’s use or disclosure of PHI, and (iv) obtain any authorization or consents as may be Required by Law for any of the uses or disclosures of PHI necessary for myEyeris to provide to the Services.
17. Term and Termination. This Addendum shall become effective on the Effective Date and shall continue in effect until the earlier to occur of (i) the expiration or termination of the Agreement or (ii) termination pursuant to this section. Either party may terminate this Addendum effective immediately if it determines that the other party has breached materially a provision of this Addendum and failed to cure such breach within 30 days of notice thereof. If the non-breaching party reasonably determines that cure is not possible, such party may terminate this Addendum effective immediately upon written notice to other party.
18. Effect of Termination. Upon termination of this Addendum, subject to any applicable provisions of the Agreement, myEyeris shall return to Eye Care Provider or destroy all PHI that myEyeris maintains in any form and retain no copies of such PHI or, if return or destruction is not feasible (including if myEyeris is required by applicable law to retain any such PHI for a time following termination), notify Eye Care Provider thereof and extend the protections of this BAA to the PHI and limit its further use or disclosure to those purposes that make the return or destruction of the PHI infeasible. The requirements of this section shall survive termination or expiration of this BAA and shall be in force as long as any PHI remains in the custody or control of myEyeris.
19. Miscellaneous.
19.1. Notice. Written notice pursuant to Section 9 or Section 10 sent by a recognized overnight courier, pre-paid, with next-business-day delivery instruction to the address provided herein shall be deemed given upon deposit with such overnight delivery service.
19.2. Interpretation. In the event of a conflict between the provisions of this Addendum and any provisions of the Agreement, the provisions of this Addendum shall control. In the event of an inconsistency between the provisions of this Addendum and mandatory provisions of HIPAA, as amended, or its interpretation by any court or regulatory agency with authority over either party hereto, HIPAA (interpreted by such court or agency, if applicable) shall control.