Merit Medical (“Merit”) maintains the ask4UFE.com website, where individuals, including potential patients (“Website Visitor”), learn about uterine fibroids and treatment options. ask4UFE.com also links individuals interested in learning more about uterine fibroid treatment to physicians such as yourself (“Physicians” or “You”) in their geographic area through the website’s physician locator service (the “Service”). By accepting “I Agree” You indicate your desire to participate in the Service and agree to these terms and conditions.
In the course of performing the Service for You, Merit and/or its employees, agents, advisors, consultants and subcontractors, may be given access to “Protected Health Information” (“PHI”), including “Electronic PHI,” as those terms are defined under HIPAA, except that for purposes of these Terms and Conditions (“Terms”), PHI and Electronic PHI will be limited to information Merit collects from, or on behalf of, Physician. To the extent Merit collects PHI on behalf of You, Merit is a “Business Associate” as that term is defined under HIPAA, of Physician. Both parties seek to ensure compliance with HIPAA.1
Operation of Physician Locator Service.
- Participation in the Service is free of charge and available to any Physician who meets the criteria. Purchase and use of Merit product is not required.
- You agree that You meet the following criteria:
- You are a licensed Physician.
- You have performed at least 10 Uterine Fibroid Embolization (UFE) procedures
- You have provided accurate and current information to Merit in connection with the Service and will promptly notify Merit of any change in that information.
- Website Visitor will be given the contact information for the participating Physician(s) meeting the zip code and distance criteria entered by them and will be given the option of contacting one or more of the listed Physicians.
- Merit does not influence the Website Visitor’s decision whether to contact a Physician and which Physician to contact. Merit does not guarantee that You will receive any referrals or patients as a result of participating in the Service. Participating in the Service does not obligate You to provide any treatment or any specific type of treatment to patients. Merit may contact You from time to time to confirm that You have received the communications sent by individuals to You through the Service.
Permitted Uses and Disclosures of PHI.
- Merit may use and disclose PHI as necessary to perform its obligations of the Service only as required by law.
- Merit may disclose PHI for the proper management and administration of its business, provided that Merit obtains from any recipient of such PHI reasonable assurances that the PHI will remain confidential and be used or further disclosed only for the purpose for which it was disclosed. You agree to notify Merit of any instances in which confidentiality of the PHI was breached.
Privacy and Security Obligations.
- Merit shall use appropriate safeguards to prevent the inappropriate use or disclosure of PHI, including implementing Administrative, Physical and Technical Safeguards that reasonably protect the confidentiality, integrity and availability of Electronic PHI to comply with law applicable to Business Associates.
- Merit shall report to Physician, any Breach of Unsecured PHI or security incident as required by law of which Merit becomes aware. Such report shall be made without unreasonable delay and in no event later than twenty (20) days after discovery of a breach.
- Merit shall take all reasonable measures requested by You to mitigate any harmful effect to the Website Visitor who is the subject of the PHI of a use or disclosure of PHI by Merit that is in violation of the requirements of these Terms.
- Merit shall ensure that any agent or subcontractor who creates, receives, maintains, or transmits PHI on behalf of Merit agrees to the same or more stringent restrictions and conditions that apply to Merit with respect to such PHI in accordance with 45 C.F.R. § 164.308(b)(2) and § 164.502(e)(1)(ii). If Merit becomes aware of a pattern or practice of the agent or subcontractor that constitutes a material breach or violation of the arrangement between Merit and the agent or subcontractor with respect to the agent’s or contractor’s obligations under HIPAA, Merit shall take reasonable steps to cure the breach or terminate the arrangement, if feasible, in accordance with any such requirements under HIPAA.
- Merit shall make available PHI for inspection and copying to the extent required by 45 C.F.R. § 164.524, as follows:
- Physician shall be responsible for providing PHI in response to a Website Vistior’s request. Merit shall not directly provide access to, or a copy of, PHI to an individual.
- If Merit receives a request from an individual for inspection and copying of the individual’s PHI, Merit shall notify You of the request no later than seven (7) business days after Merit’s receipt of the request. In the event You request that Merit provide You a copy of PHI in Merit’s possession in order to respond to a Website Visitor’s request, Merit shall provide the copy no later than twelve (12) business days after Merit’s receipt of Your request.
- Merit shall make available PHI for amendment and incorporate any amendments to PHI in accordance with 45 C.F.R. § 164.526, as follows:
- Merit shall not amend PHI pursuant to an individual’s request unless directed to do so by You. You shall be responsible for authorizing any amendment of PHI in response to an individual’s request.
- If Merit receives a request from a Website Visitor for amendment of the PHI, then Merit shall notify You of the request no later than seven (7) business days after Merit’s receipt of the request.
- If You instruct Merit to amend PHI held by Merit, then Merit shall make the amendment no later than twelve (12) business days after receipt of the Your instruction.
- If You deny an amendment to PHI, and the Website Visitor submits a statement of disagreement for inclusion in a record that relates to PHI held by Merit, then You agree to provide Merit with a copy of the statement of disagreement, and Merit shall file the statement of disagreement with the PHI held by Merit. Merit shall not file a statement of disagreement received from a Website Visitor unless directed by You.
- Merit shall make available, as expeditiously as possible, the information required to provide an accounting of disclosures in accordance with 45 C.F.R. § 164.528, as follows:
- Merit shall not directly provide an accounting of disclosures to an individual. You shall authorize any accounting of disclosures of PHI in response to a Website Visitor’s request for such an accounting.
- If Merit receives a request from an individual for an accounting of disclosures of that individual’s PHI, Merit shall notify You of the request no later than seven (7) business days after Merit’s receipt of the request.
- In accordance with 45 C.F.R. § 164.528(b), Merit shall keep records of all disclosures for which Physician must account under such section of the Privacy Rule and shall provide such records to You no later than twelve (12) business days after Merit’s receipt of Physician’s request for such information.
- Merit shall make available Merit’s internal practices, books and records relating to the use and disclosure of PHI to the Secretary of the Department of Health and Human Services or their designee (“Secretary”) for purposes of determining compliance with HIPAA.
Change of Service
- Merit may revise the terms of the Service at any time after providing You with notice of the change and the option to terminate your participation in the Service. You may terminate your participation in the Service at any time for any reason upon 15 days prior notice to Merit. Merit may discontinue the Service at any time for any reason upon immediate notice. Upon termination, Merit shall if feasible, return or destroy all PHI that Merit still maintains and shall retain no copies of such PHI, or if such return or destruction is not feasible, then continue to use appropriate safeguards and comply with applicable law to prevent use or disclosure of Electronic PHI for as long as Merit retains.
- The Service is regulated by various regulations. Terms defined herein shall be defined in such regulations. Physician is a “Covered Entity” as that term is defined under the U.S. Department of Health and Human Services (“HHS”) rule contained in 45 C.F.R. Part 160 and Part 164, Subparts A and E (the “Privacy Rule”), the rule contained in 45 C.F.R. Part 160 and Part 164, Subparts A and C (the “Security Rule”), and the rule contained in 45 C.F.R. Part 160 and Part 164, Subparts A and D (the “Breach Notification Rule”), which were promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), which was enacted as part of the American Recovery and Reinvestment Act of 2009, at Pub. L. No. 111-5 (collectively, “HIPAA”).