Contact Us

 

DrFirst Master Services Agreement 

 This Master Subscription Agreement (“MSA”) is entered into by and between DrFirst.com, Inc. (“DrFirst”) and the entity identified on the applicable electronic invoice as the purchaser of the Backline subscription, including its affiliates and subsidiaries (referred to collectively, as “Company”). It is considered effective upon completion of payment for the subscription. 

DrFirst.com, Inc. offers access to Backline, a subscription-based online communication and telehealth system that enables HIPAA-secure communication between medical professionals and patients. The Backline Subscription has been made available to Company, and Company’s access and use of the Backline Subscription is subject to the following terms and conditions. Therefore, DrFirst and Company agree as follows:  

1. DRFIRST SERVICES. 

DrFirst provides software applications, platforms, and services for electronic prescribing, medication management, secure texting, and related products (“the Applications”) for use by Authorized End Users.  As used herein, the term Authorized End User means an individual who (i) has registered with DrFirst as a user of an Application; (ii) is authorized by virtue of such individual’s relationship to, or permissions from, Company to access DrFirst Applications pursuant to the PA; and (iii) has executed the terms of use agreement applicable to the Application.  Access to Applications provided by DrFirst shall be subject to the terms of this Agreement.   

II. COMPANY OBLIGATIONS FOR ALL APPLICATIONS.
 

Company shall identify an individual employee or representative, who shall register with DrFirst as the “Application Administrator”, to administer each Application described in a PA.  After the initial registration, Company shall be responsible for granting and revoking access to the Application through its administrative features. To any extent Company is required by law to obtain consents (such as consent to treatment) or authorizations from patients to disclose patient information and records through the Applications, Company, and not DrFirst, shall be required to obtain such consents or authorizations. Company shall ensure that Company’s use of the Application, and access by Authorized End Users, complies with applicable laws and regulations.  To the extent applicable, Company shall ensure that it’s Authorized End Users use the most up to date version of the Applications and will be responsible for any failure to do so.  Company’s Authorized End Users must execute DrFirst’s terms of use, as updated from time to time, prior to use of any Application. Detailed Company obligations are established in the PA.  Company must execute and abide by the Business Associate Agreement attached hereto as Exhibit A.

III. OWNERSHIP OF SOFTWARE, PRODUCTS AND INTELLECTUAL PROPERTY.

Subject only to the limited rights expressly granted to Company in an PA, DrFirst has sole and exclusive rights to the DrFirst Brand, the Application, the software associated with the Application, including interface software, and all related materials, including all copies thereof in any form or medium, whether now known or existing or hereafter developed, and including all copyrights, patents, trade secrets, trademarks, trade names and intellectual property rights associated therewith.  All goodwill arising in or from the DrFirst Brand shall inure solely to DrFirst’s benefit.   Company shall not:  (i) attempt to de-compile, reverse assemble, reverse engineer, or attempt to gain access to the source code of  any software furnished by DrFirst; (ii) import, add, modify or create derivative works of any such software or user materials;  (iii) delete data in any such software database by any method other than direct data entry through the Application, or through a DrFirst developed interface; or (iv) remove any proprietary notices, labels, or marks from any software or user materials provided by DrFirst.  The software, user materials, and other rights granted herein may not be transferred, leased, assigned, or sublicensed without DrFirst’s prior written consent, except to a successor in interest of Company’s entire business who assumes the obligations of the Agreement.  In the event of any unauthorized transfer, Company’s rights under the Agreement shall automatically terminate.

IV. CONFIDENTIALITY. 

During the performance of this Agreement, each party may have access to certain confidential information of the other party or third parties (“Confidential Information”).  Both parties agree that all Confidential Information is proprietary to, and shall remain the sole property of, the disclosing party or such third party, as applicable. Each party receiving Confidential Information shall (i) use the Confidential Information only for the purposes described herein; (ii)  not reproduce the Confidential Information except as minimally necessary to use under this Agreement; (iii) hold in confidence and protect the Confidential Information from dissemination to, and use by, any third party; (iv) not create any derivative work from Confidential Information ; (v) restrict access to the Confidential Information to such of its personnel, agents, and/or consultants, if any, who have a need to have access for purposes of performing said party’s obligations hereunder and who are under an obligation of confidentiality with respect to the Confidential Information; and (vi)  return or destroy all Confidential Information  in its possession upon termination or expiration of the Agreement. Confidential Information does not include information  that is: (i) publicly available or in the public domain, through no fault of the recipient; (ii) already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (iii) independently developed by the recipient without access or reference to the Confidential Information disclosed by the other Party; (iv) approved for release or disclosure by the disclosing Party without restriction. 

V. COMPLIANCE WITH PRIVACY LAWS. 

The parties agree to comply with all applicable state and federal laws and regulations governing the protection of protected health information, including, but not limited to the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009, all implementing laws and regulations related thereto, and the Business Associate Agreement attached hereto as Exhibit A and incorporated by reference. 

VI. INFLUENCING OF PROVIDERS. 

Company shall not use any means, program, or device to influence or attempt to influence the decision of an Authorized End User to write a prescription for a certain medication or to send the prescription to a certain pharmacy. Information related to formulary and benefit plan design and information from payers or other reputable sources providing clinical information shall be exempt from this prohibition, so long as the Authorized End User can still access all pharmaceuticals and the Authorized End User or patient is not prohibited from selecting a pharmacy. 

VII. AUDIT RIGHTS. 

Company shall allow DrFirst, without notice, the ability to access, inspect, and review all records related to the services provided by DrFirst through its application.   

VII. WARRANTIES AND DISCLAIMERS. 

EXCEPT AS EXPRESSLY SET FORTH HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, DRFIRST DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND/OR NON-INFRINGEMENT. DRFIRST DOES NOT WARRANT THAT THE APPLICATION WILL MEET COMPANY’S REQUIREMENTS OR THAT THE OPERATION OF THE APPLICATION WILL BE UNINTERRUPTED OR ERROR-FREE. 

XI. LIMITATION OF LIABILITY.
 

IN NO EVENT SHALL DRFIRST OR ANY OF ITS LICENSORS, AGENTS OR REPRESENTATIVES BE LIABLE TO COMPANY OR ANY THIRD PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, LOST PROFITS, OR BUSINESS INTERRUPTION, EVEN IF DRFIRST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  IN NO EVENT SHALL DRFIRST BE LIABLE TO COMPANY ON ACCOUNT OF ANY LOSS OR CLAIM CAUSED BY THE FAILURE OF COMPANY OR ANY OF ITS EMPLOYEES, AGENTS, PROVIDERS OR REPRESENTATIVES TO PERFORM ANY OBLIGATIONS UNDER THIS AGREEMENT.  THE CUMULATIVE LIABILITY OF DRFIRST TO COMPANY FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, WILL NOT EXCEED THE TOTAL AMOUNT OF LICENSE FEES PAID TO DRFIRST BY COMPANY, WITH RESPECT TO THE APPLICATION UPON WHICH THE CLAIM IS BASED, DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE ACT, OMISSION OR EVENT GIVING RISE TO SUCH LIABILITY. 

X. INDEMNIFICATION.
 

DrFirst agrees to hold harmless, indemnify, and, at Company’s option, defend Company from and against any losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from: (i) misuse of data by DrFirst in violation of Section V;  (ii) any breach by DrFirst of Confidentiality obligations in Section IV; and (iii) an Infringement Claim which, for this purpose, means a claim by any third party that  an Application,  infringes that third party’s U.S. patents issued as of the effective date of the applicable PA, or infringes or misappropriates such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America.  Company agrees to hold harmless, indemnify, and, at DrFirst’s option, defend DrFirst from and against any losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from: (i) use by an Authorized End User or third party end user that has not executed the terms of use; (ii) misuse of data in violation of Section VII; (iii) any breach of Confidentiality obligations in Section IV; and (iv) any material breach of the Agreement that gives rise to liability of DrFirst to a third party. A party claiming indemnification must promptly notify the indemnifying party, in writing, of a potential claim and must cooperate with the indemnifying party. The indemnifying party will not settle any third-party claim against the indemnified party unless such settlement completely and forever releases the indemnified party from all liability with respect to such claim or unless the indemnified party consents to such settlement.  Except with respect to Infringement Claims, the indemnified party will have the right, at its option, to defend itself against any such claim, through counsel reasonably acceptable to the indemnifying party, or to participate with the indemnifying party in the defense thereof through counsel of its own choice.  With respect to Infringement Claims, DrFirst shall have the sole authority to control the defense and settlement of such claim and may, in its sole discretion, (i) acquire for Company the right to continue use of the Application; (ii) modify or replace any infringing Application to make it non-infringing; or (iii) direct Company to cease use of, and, if applicable, return, such materials as are the subject of the Infringement Claim.  DrFirst shall reimburse Company for all product and service fees necessitated by any such Infringement Claim.  DrFirst shall not be obligated to indemnify Company for an Infringement Claim if the alleged infringement arises, in whole or in part, from: (i) modification of the Application by Company; (ii) combination, operation or use of the Application with other software, hardware or technology not provided by DrFirst, if such infringement would have been avoided by use of the Application alone; or (iii) use of a superseded or altered release of the Application, if such infringement would have been avoided by the use of a then-current release of the Application and if such then-current release has been made available to Company. 

XI. TERM AND TERMINATION. 

This MSA will be enforceable from the Effective Date for the duration of the term set forth on the electronic invoice “the Subscription Term”; provided, however that either Party may terminate the MSA if the other party has breached the MSA and failed to cure such breach within thirty (30) days of written notice setting forth, in reasonable detail, the nature of the breach and the action necessary to cure. At the conclusion of the initial Term of this MSA and any renewal term, this MSA shall automatically renew for an additional one-year Term unless either Party provides notice of termination no less than 60 days prior to the conclusion of the then-current Term. This MSA also may be terminated by either party immediately upon written notice in the event that the other party makes a general assignment for the benefit of creditors or files a voluntary petition in bankruptcy or for reorganization or rearrangement under the bankruptcy laws, or if a petition for involuntary bankruptcy is filed against the other party and is not dismissed within thirty (30) calendar days after the filing, or if a receiver or trustee is appointed for all or any part of the property or assets of such other party. Company may cancel its subscription at any time. However, there are no refunds for cancellation, and Company understands and agrees that it shall receive no refund should it choose to cancel its subscription prior to the end of its Subscription Term.  In the event that Company chooses to cancel its subscription prior to the end of the Subscription Term, such member shall continue to have access to the Application through the end of the Subscription Term. 

XII. NOTICES. 

All notices given pursuant to the Agreement shall be in writing and delivered either personally, via a nationally recognized overnight carrier, or by certified mail, return receipt requested, postage prepaid to the addresses set forth on the signature page of this MSA or an PA.  Either party may change its address by specifying such change in a written notice given to the other in the aforesaid manner.  A copy of any notice directed to DrFirst shall be sent to the attention of the DrFirst.com, Inc., Legal Department, DrFirst.com, Inc.  

2093 Philadelphia Pike #2334, Claymont, DE 19703, with a courtesy e-mail to: dfnotice@drfirst.com 

XII. MISCELLANEOUS. 

DrFirst may modify this Agreement at any time without notice. Company represents and warrants that they have the full power and authority to bind Company to this MSA.  No waiver of rights hereunder shall be binding unless contained in a writing signed by an authorized representative of the party waiving its rights. The non-enforcement of any provision in a particular instance shall not constitute a waiver of such provision on any other occasion. No rights or obligations of a party may be assigned in whole or in part by either party without the prior written consent of the other; provided, however, that a reorganization, merger, consolidation, acquisition, or restructuring involving all, or substantially all of the voting securities and/or assets of a party shall not be deemed a prohibited assignment.  Neither party shall be liable for failure to perform any of its obligations hereunder if such failure is caused by an event outside its reasonable control, including, but not limited to, an act of God, shortage of materials, personnel or supplies, war, or natural disaster. If any provision of this MSA is declared invalid by a court of competent jurisdiction, such provision shall be ineffective only to the extent so declared, so that all remaining provisions of this MSA shall be valid and enforceable to the fullest extent permitted by applicable law.  This MSA shall be governed by and interpreted in accordance with the laws of the state of Maryland, without regard to conflicts of law principles thereof. Any claims or disputes arising under this MSA or any Addendum shall be resolved in the state or federal courts in the State of Maryland and each of the parties hereby irrevocably submits to the exclusive jurisdiction of such courts.  Under no circumstances, shall the Agreement or any part thereof be subject to the Uniform Computer Information Transaction Act.  The parties recognize and agree that their obligations under sections III, IV, VI, VII, XII, and XIII above shall survive the cancellation, termination or expiration of this MSA.  No more than once annually, DrFirst may adjust prices of any PA, provided that no such adjustment shall exceed the lesser of 5% or the percentage by which the then-most recently published Consumer Price Index (CPI) exceeds the CPI published in the same month in the preceding calendar year. For the purposes of this PA, “CPI” shall mean the Consumer Price Index for All Urban Consumers – All Items – U.S. City Average (1982-84=100) – or the then-current basis if changed by the Department of Labor, Bureau of Statistics. 

 

THE PARTIES UNDERSTAND AND ACKNOWLEDGE THAT COMPANY’S COMPLETION OF PAYMENT VIA ELECTRONIC INVOICE CONSTITTES ACCEPTANCE OF DRFIRST’S OFFER TO PROVIDE THE SUBSCRIPTION SERVICES. COMPANY UNDERSTANDS AND ACNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS MASTER SUBSCRIPTION AGREEMENT AND THE BUSINESS ASSOCIATE AGREEMENT AND APPLICABLE PAs SET FORTH BELOW. 

 

EXHIBIT A 
BUSINESS ASSOCIATE AGREEMENT 

This Business Associate Agreement (“Agreement”) is made and entered upon Company’s Completion of the electronic invoice binding it to DrFirst’s subscription Services (the “Effective Date”). This Agreement is by and between DrFirst.com, Inc. (the “Business Associate,” as further defined below), with a notice of address 2093 Philadelphia Pike #2334, Claymont, DE 19703, Company (the entity named on the associated electronic invoice, also “Covered Entity,” as further defined below), whose address is the same address set forth on the electronic invoice. 

BACKGROUND 

  1. Congress enacted the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and subsequently the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), which provide protection for individually identifiable health information. The U.S. Department of Health and Human Services promulgated, pursuant to HIPAA, a Privacy Rule and a Security Rule, and pursuant to the HITECH Act, the HITECH Standards all, as defined below, governing individually identifiable health information.
  2. This Agreement shall cover the service(s) provided to Covered Entity pursuant to the Master Services Agreement, including any product or service addenda thereto (all referred to collectively as the “Services Agreement"), and shall apply to future services purchased by Covered Entity.

 NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein and other good and valuable consideration, the receipt and sufficiency of which hereby are acknowledged, the parties agree as follows: 

1. DEFINITIONS. 

a. Standard Definitions. The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Health Care Operations, Individual, Minimum Necessary, Protected Health Information (PHI), Required By Law, Secretary, Security Incident, Subcontractor, and Unsecured Protected Health Information. 

b. Specific Definitions. The following terms shall have these specific definitions: 

i. Business Associate. “Business Associate” shall generally have the same meaning as the term “Business Associate” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean DrFirst.com, Inc. 
ii. Covered Entity. “Covered Entity” shall generally have the same meaning as the term “Covered Entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Company. 
HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164. 

 

II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE

a. Unauthorized Use or Disclosure. Business Associate shall not use or disclose PHI other than as permitted or required by this Agreement, the Services Agreement, or as Required by Law.

b. Appropriate Safeguards. Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided for by this Agreement and the Services Agreement.

c. Reporting. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement or the Services Agreement of which it becomes aware, including breaches of Unsecured PHI as required at 45 CFR 164.410.

d. Subcontractors. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, Business Associate shall ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information, as applicable. 

e. Designated Record Set. Business Associate agrees to make available PHI in a Designated Record Set to Covered Entity as necessary for Covered Entity to satisfy its obligations under 45 CFR 164.524. If Business Associate receives a request directly from an Individual, Business Associate will forward the request to Covered Entity. 
 
f. Amendments to PHI. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526. If Business Associate receives a request directly from an Individual, Business Associate will forward the request to Covered Entity. 
 
g. Accounting of Disclosures. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528. If Business Associate receives a request directly from an Individual, Business Associate will forward the request to the Covered Entity. 
 
h. Privacy of Individually Identifiable Health Information. To the extent Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s).
 
i. Availability of Records. Business Associate agrees to make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules. 

 

III. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE. 
 
a. Permitted Uses and Disclosures Generally. Except for the specific uses and disclosures set forth below, Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity. 
 
b. Performance of Services. Business Associate may only use or disclose PHI as necessary to perform the services set forth in Service Agreement. 
 
c. Required by Law. Business Associate may use or disclose PHI as Required By Law. 
 
d. Minimum Necessary. Business Associate agrees to make reasonable efforts to ensure that access to PHI is limited to the Minimum Necessary amount necessary to accomplish the intended purpose of request, use, and disclosure and consistent with the Services Agreement. 
 
e. Management and Administration. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 
 
f. De-Identification. Business Associate may de-identify PHI in accordance with 45 CFR 164.514.  
 
g. Data Aggregation. Business Associate may provide Data Aggregation services relating to the Health Care Operations, care coordination, and case management of the Covered Entity. 

 

IV. REPORTING OF UNAUTHORIZED OR IMPROPER USES OR DISCLOSURES. 
 
a. Security Incidents. Business Associate shall promptly notify Covered Entity of Security Incidents of which Business Associate becomes aware.  
 
b. Unsuccessful Security Incidents. The parties acknowledge the regular occurrence of unsuccessful attempts to access, use, and disclose PHI, such as, but not necessarily limited to, pings and other broadcast attacks on firewalls, denial of service attacks, port scans, unsuccessful login attempts, interception of encrypted information where the key is not compromised, or any combination of the foregoing (“Unsuccessful Security Incidents”). This section satisfies Business Associate’s obligations to provide Covered Entity notice of the ongoing existence and occurrence of Unsuccessful Security Incidents. 
 
c. Breaches of Unsecured PHI. Following the discovery of any Breach of Unsecured PHI, Business Associate shall notify Covered Entity in writing of such Breach after verification that the Breach compromised Covered Entity’s PHI. The notice shall include the following information to the extent it is known: (i) a brief description of the circumstances of the Breach, including the date of the Breach and date of discovery; and (ii) a brief description of what Business Associate has done or is doing to investigate the Breach and to mitigate harm created by the Breach.  

 

V. OBLIGATIONS OF THE COVERED ENTITY. 
 
a. Consent and Authorization. Covered Entity shall obtain and maintain any and all authorizations and/or consents by Individuals or other parties required for Business Associate’s use or disclosure of PHI contemplated by this Agreement and the Services Agreement. 
 
b. Notice of Privacy Practices. Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. 
 
c. Use or Disclosure Limitations. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. 
 
d. Restriction Requests. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. 
 
e. Impermissible Requests. Except as provided for under this Agreement, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity. 

 

VI. TERM AND TERMINATION. 
 
a. Term. The Term of this Agreement shall be in effect as long as the Services Agreement is in effect and shall terminate upon expiration or termination of the Master Subscription Agreement.  
 
b. Termination for Cause. Either party may terminate this Agreement, if it determines the other party has violated a material term of the Agreement and has not cured the breach within 30 days of notice by the non-breaching party. 
 
c. Obligations of Business Associate Upon Termination. Except as otherwise provided in this Section, upon termination of this Agreement for any reason, the Business Associate shall continue to extend the protections of this Agreement to all PHI received from Covered Entity. This provision shall also be applicable to any PHI in the possession of Subcontractors of the Business Associate. Business Associate shall limit further uses and disclosures of PHI for so long as the Business Associate maintains such PHI. 
 
d. The Covered Entity understands and agrees that information generated through the use of the services provided under the Service Agreement will be retained as necessary by the Business Associate for purposes of financial reporting, insurance claims, and other legal and business purposes. 

 

VII. MISCELLANEOUS. 
 
a. Indemnification. In the event of a Breach or violation of HIPAA or this Agreement,  the party causing the Breach  agrees to fully indemnify, defend, and hold harmless the nonbreaching party, its affiliates, subsidiaries, directors, officers, employees, and agents from and against any and all claims, losses, costs, expenses, civil or criminal fines and penalties, actions, damages and causes of action, including reasonable attorneys’ fees arising out of or related to the improper use or disclosure of PHI by the party causing the Breach or violation. Business Associate shall not be obligated to indemnify for failure of Covered Entity to safeguard its PHI, including but not limited to, maintaining adequate firewalls, networking monitoring, data backup, and network access protocols. 
 
b. Limitation of Liability. In no event will either party be liable for any incidental, indirect, special, consequential or punitive damages, regardless of the nature of the claim, including, without limitation, lost profits, costs of delay, any failure of delivery, business interruption, costs of lost or damaged data or documentation, or liabilities to third parties arising from any source, even if the party has been advised of the possibility of such damages. 
 
c. Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended. 
 
d. Amendment. DrFirst may modify this Agreement at any time without notice. To the extent that the terms of this Agreement conflict with the Services Agreement, the provisions of this Agreement shall control. In the event HIPAA Rules are amended to require changes in the obligations of the parties under this Agreement, the parties agree (i) that this Agreement shall be deemed to be automatically amended to the extent necessary to incorporate the required changes or (ii) if determined necessary, to negotiate in good faith to amend this Agreement to come into compliance with such change. 
 
e. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the parties to comply with applicable law protecting the privacy, security and confidentiality of PHI. In the event that the provisions of this Agreement are inconsistent with HIPAA or its implementing regulations or any binding interpretation thereof, said conflict will be resolved in favor of the HIPAA Rules. 
 
f. Construction and Jurisdiction. This Agreement shall be governed by and construed by the governing law and venue set forth in the Services Agreement. 
 
g. Notices. Any notices required under this Agreement shall be delivered via hardcopy delivered via courier and courtesy e-mail, to the following addresses: 

 

If to Business Associate: 

 DrFirst.com, Inc.  

ATTN: Legal Department 

2093 Philadelphia Pike #2334 
Claymont, DE 19703 

Email: df_legal@drfirst.com 

If to Covered Entity:   To the address set forth by Covered Entity on the electronic Invoice  

 

h. Assignment. This Agreement shall follow any permitted assignment of the Services Agreement, and thereby be applicable to, and binding on, any permitted assignee of the Services Agreement. 
 
i. No Third-Party Beneficiary. This Agreement is solely for the benefit of the parties hereto and no other party shall be deemed to be a third-party beneficiary of this Agreement. 

 

COMPANY UNDERSTANDS AND ACKNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS BUSINESS ASSOCIATE AGREEMENT. 

 

EXHIBIT B 
PRODUCT ADDENDUM FOR BACKLINE 

 

I. Overview 

This Product Addendum (“PA”) is entered into by and between DrFirst.com, Inc. (“DrFirst”) and the entity identified on the applicable electronic invoice, including its affiliates and subsidiaries (referred to, collectively, as “Company”).  This PA is incorporated into a certain Master Subscription Agreement (“MSA”) entered into by the undersigned parties.  In the event of a conflict between this PA and the MSA, the terms of this PA shall govern. Unless otherwise defined herein, capitalized terms used in this PA shall have the meanings used in the MSA.  

II. Backline License. 

Subject to the terms of this PA, the MSA, and applicable law, DrFirst grants to Company the number of licenses shown on the applicable electronic invoice to use and access Backline, DrFirst’s HIPAA-compliant communication application. This License shall permit Company to use Backline features and functionality in accordance with the terms of Company’s service plan as set forth in Section III. 

III. Backline Services 

 

a. Starter Plan 

If, as indicated on the electronic invoice, Company has purchased the Starter Plan, then Company shall have access to the following Backline features and functionality: 

i. Secure team messaging;   
ii. Basic patient communication;   
iii. HIPAA compliant environment; 
iv. Access via Web and mobile applications; and  
v. Knowledge base and ticket-based support. 

a. Professional Plan  

If, as indicated on the electronic invoice, Company has purchased the Professional Plan, then Company shall have access to the following Backline features and functionality: 

i. All features available under the Starter Plan; 
ii. Telehealth functionality 
iii. On-Call Schedules 
iv. Basic Reporting 

 

IV. DrFirst Obligations 
 
a. Provision of Access to Licensed Technology.  DrFirst will specify to the Company procedures according to which Company may establish and obtain access to, and use of, the Application, including, without limitation, provision of any access codes, passwords, technical specifications, connectivity standards or protocols, or any other relevant instructions and procedures (collectively, the “Specifications”), to the limited extent any of the foregoing may be necessary to enable Company to provide access to the features and functions of the Application for use by an individual who has registered with DrFirst as a user of the Application (“Authorized End Users”) as contemplated herein. 
 
b. Configuration of the Application.  During the Term, DrFirst shall adapt and configure the Application as may be necessary from time to time to enable the Company to access, operate, and interact with the Application on the application server.   
 
c. Hosting of the Application Server. 
 
i. All of the Application software will be hosted by servers maintained by DrFirst or its agents.   
 
ii. DrFirst shall, at its own expense, maintain the Application on one or more application servers.  DrFirst shall bear sole responsibility for the operation and maintenance of the application server hardware, its operating system, its platform software, and any third-party application software associated with, or necessary for, the operation and functioning of the application server, including Server functions associated with access to the Application in accordance with this PA.   
 
iii. The Application will not be located on a Company server at any time and the application server shall always remain the responsibility of DrFirst. DrFirst shall be permitted to enter into an arrangement with one or more third parties for the performance of DrFirst’s obligations under this PA, whereby any such third party may install the Application, own, operate or maintain the application server, or undertake to manage the application server with respect to access to the Application, provided that DrFirst shall ensure that any such third party shall be contractually bound to provide substantially the same level of protection with respect to Company’s Confidential Information  as is required of DrFirst.   
 
d. Training.  DrFirst will be responsible for providing printed training materials, on-line webinars, and recorded training videos to the Company. DrFirst will be responsible for conducting train the trainer sessions in terms of the training methodology to the Company. Any additional training beyond the initial training at the rate of $750 per person per day plus associated travel expenses. 

 

V. Company Obligations 

a. Implementation Requirements. In order to implement the Application, Company shall identify internal stakeholders and assign implementation and adoption tasks as appropriate. 

b. Authorized End User Terms. All Authorized End Users will be required to agree to the Backline Terms of Use (“TOU”), as updated by DrFirst from time to time, and comply with the Business Associate Agreement to the MSA. The Terms of Use are available at https://www.drfirst.com/backline-terms-of-use. 

c. Unauthorized Use of the Application. DrFirst will have no obligation with respect to lack of availability arising, in whole or in part, from (a) any use of the Application by Company or any Authorized End User that is outside of or in violation of the terms and conditions set forth herein, or (b) any failure by Company to comply with this PA or the MSA. 

 

VI. Pricing and Payment. Any fees charged for a subscription to Backline through the electronic invoice shall be applicable only to the Subscription Term set forth on such invoice and must be paid in full before Company is eligible to access Backline.  DrFirst may offer special promotions from time-to-time.  All Subscription Fees are subject to applicable sales and other taxes and shall be non-refundable.  DrFirst reserves the right to change Subscription Fees at any time without further notice.  Such revised Subscription Fees shall become effective upon the expiration of the current Subscription Term.  

  

VII. Term and Termination.  Subject to the termination provisions of the MSA, the term of this PA shall be the same as the term set forth on the applicable electronic invoice. At the conclusion of the initial Term of this PA and any renewal term, this PA shall automatically renew for an additional one-year Term unless either party provides notice of termination no less than 60 days prior to the conclusion of the then-current Term, and Company shall be billed in accordance with DrFirst’s then-current pricing, which may change from time to time. Company grants DrFirst permission to charge the credit card Company has on file with DrFirst at the time of any automatic renewal. 

 

COMPANY UNDERSTANDS AND ACKNOWLEDGES THAT BY COMPLETING THE ELECTRONIC INVOICE, IT AGREES TO ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS PRODUCT ADDENDUM.