Terms of Service
Your use of this and all affiliated websites is
subject to the following:
- Your acceptance of the Q3 Business Technology Corp. Binary
Code License Agreement.
- Your acceptance of the Q3 Business Technology Corp. Business Associate Agreement, if you are a "Covered Entity" as that term is defined
under the Health Insurance Portability and Accountability Act.
These Terms of Service and underlying agreements are subject to change. Changes are effective 30 days after being
posted to the Q3 Business Technology Corp. website at www.q3online.com.
Q3 Business Technology Corp. Binary Code License
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE
PROGRAM. Q3 WILL LICENSE THE SOFTWARE TO YOU ONLY IF YOU FIRST ACCEPT
THE TERMS OF THIS AGREEMENT. BY USING THE SOFTWARE YOU AGREE TO THESE
- LICENSE TO USE. Q3 grants you a non-exclusive and
non-transferable license for the internal use only of the accompanying software
and documentation and any error corrections provided by Q3
(collectively "Software"), by the number of users, class of computer hardware,
and volume of use for which the corresponding fee has been paid. If you acquire
this Software as a program upgrade, your authorization to use the Software from
which you upgraded is terminated. The Software is owned by Q3 Business Technology Corp.
or one of its subsidiaries or a Q3 supplier,
and is copyrighted and licensed, not sold.
- RESTRICTIONS. Software is confidential and copyrighted.
Title to Software and all associated intellectual property rights is retained
by Q3 and/or its licensors. Except as specifically authorized in any
Supplemental License Terms, you may not make copies of Software, other than a
single copy of Software for archival purposes. Licensee acknowledges that
Licensed Software is not designed or intended for use in the design,
construction, operation or maintenance of any nuclear facility. Q3 Business
Technology Corp. disclaims any express or implied warranty of fitness
for such uses. No right, title or interest in or to any trademark, service
mark, logo or trade name of Q3 or its licensors is granted under this
Agreement. You may not 1) use, copy, modify, or distribute the Software except
as provided in this Agreement; 2) reverse assemble, reverse compile, or
otherwise translate the Software except as specifically permitted by law
without the possibility of contractual waiver; or 3) sublicense, rent, or lease
- TRANSFER OF RIGHTS AND OBLIGATIONS. You may not transfer
any of your license rights and obligations under this Agreement.
- CHARGES AND TAXES. Q3 Business Technology Corp.
defines use for the Software for charging purposes. Charges are based on extent
of use authorized. If you wish to increase the extent of use, notify Q3
or its reseller and pay any applicable charges. Q3 does not give
refunds or credits for charges already due or paid. If any authority imposes a
duty, tax, levy or fee, excluding those based on Q3's net income, upon
the Software supplied by Q3 under this Agreement, then you agree to pay
that amount as Q3 specifies or supply exemption documentation.
- DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS
AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
- LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY
LAW, IN NO EVENT WILL Q3 OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR
PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING
OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF
Q3 HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event
will Q3's liability to you, whether in contract, tort (including
negligence), or otherwise, exceed the amount paid by you for Software under
this Agreement. The foregoing limitations will apply even if the above stated
warranty fails of its essential purpose. Neither you nor Q3 Business Technology
Corp. will bring a legal action under this Agreement more than two
years after the cause of action arose unless otherwise provided by local law
without the possibility of contractual waiver or limitation. Neither you nor
Q3 Business Technology Corp. is responsible for failure to fulfill any
obligations due to causes beyond its control.
- TERMINATION. This Agreement is effective until
terminated. You may terminate this Agreement at any time by destroying all
copies of Software. Q3 Business Technology Corp. may terminate this
Agreement at any time upon 90 days prior written notice to you. This Agreement
will terminate immediately without notice from Q3 if you fail to comply
with any provision of this Agreement. Upon Termination, you must destroy all
copies of Software.
- EXPORT REGULATIONS. All Software and technical data
delivered under this Agreement are subject to US export control laws and may be
subject to export or import regulations in other countries. You agree to comply
strictly with all such laws and regulations and acknowledge that you have the
responsibility to obtain such licenses to export, re-export, or import as may
be required after delivery to you.
- U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being
acquired by or on behalf of the U.S. Government or by a U.S. Government prime
contractor or subcontractor (at any tier), then the Government's rights in
Software and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for
Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and 12.212 (for
- GOVERNING LAW. Any action related to this Agreement will
be governed by Indiana law and controlling U.S. federal law. No choice of law
rules of any jurisdiction will apply.
- SEVERABILITY. If any provision of this Agreement is held
to be unenforceable, this Agreement will remain in effect with the provision
omitted, unless omission would frustrate the intent of the parties, in which
case this Agreement will immediately terminate.
- INTEGRATION. This Agreement is the entire agreement
between you and Q3 relating to its subject matter. It supersedes all
prior or contemporaneous oral or written communications, proposals,
representations and warranties and prevails over any conflicting or additional
terms of any quote, order, acknowledgment, or other communication between the
parties relating to its subject matter during the term of this Agreement. No
modification of this Agreement will be binding, unless in writing and signed by
an authorized representative of each party.
- NOTICE OF AUTOMATIC SOFTWARE UPDATES FROM Q3. You
acknowledge that the Software may automatically download, install, and execute
applets, applications, software extensions, and updated versions of the
Software from Q3 ("Software Updates"), which may require you to accept
updated terms and conditions for installation. If additional terms and
conditions are not presented on installation, the Software Updates will be
considered part of the Software and subject to the terms and conditions of the
- NOTICE OF AUTOMATIC DOWNLOADS. You acknowledge that, by
your use of the Software and/or by requesting services that require use of the
Software, the Software may automatically download, install, and execute
software applications from sources other than Q3 ("Other Software").
Q3 makes no representations of a relationship of any kind to licensors
of Other Software. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL
Q3 OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR
FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE
USE OF OR INABILITY TO USE OTHER SOFTWARE, EVEN IF Q3 HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
- SOURCE CODE. Software may contain source code that is
provided solely for reference purposes pursuant to the terms of this Agreement.
Source code may not be redistributed unless expressly provided for in this
- TERMINATION FOR INFRINGEMENT. Either party may terminate
this Agreement immediately should any Software become, or in either party's
opinion be likely to become, the subject of a claim of infringement of any
intellectual property right. For inquiries please contact: Q3
Business Technology Corp. email: firstname.lastname@example.org with "Q3 BUSINESS TECH
CORP" in the subject line.
Securedi Corp. Business Associate Agreement
Covered Entity and Business Associate agree to incorporate into this Agreement any regulations issued by DHHS with respect to the HITECH Act that relate to the obligations of business associates and that are required to be (or should be) reflected in a business associate agreement. Business Associate recognizes and agrees that it is obligated by law to meet the applicable provisions of the HITECH Act.
You (“Covered Entity”) and Securedi Corp. (“Business Associate”) (jointly “the Parties”) wish to enter into an Agreement to comply with the requirements of: (i) the implementing regulations at 45 C.F.R Parts 160, 162, and 164 for the Administrative Simplification provisions of Title II, Subtitle F of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (i.e., the HIPAA Privacy Rule, the HIPAA Security Standards and the HIPAA Standards for Electronic Transactions (collectively referred to in this Agreement as “the HIPAA Regulations”)), and (ii) the requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”) that are applicable to business associates, along with any guidance and/or regulations issued by the U.S. Department of Health and Human Services (“DHHS”) as of September 2009.
“Electronic PHI” shall mean protected health information that is transmitted or maintained in any electronic media, as this term is defined in 45 C.F.R. § 160.103.
Limited Data Set” shall mean protected health information that excludes the following direct identifiers of the individual or of relatives, employers or household members of the individual:
- Postal address information, other than town or city, State, and zip code;
- Telephone numbers;
- Fax numbers;
- Electronic mail addresses;
- Social security numbers;
- Medical record numbers;
- Health plan beneficiary numbers;
- Account numbers;
- Certificate/license numbers;
- Vehicle identifiers and serial numbers, including license plate numbers;
- Device identifiers and serial numbers;
- Web Universal Resource Locators (URLs);
- Internet Protocol (IP) address numbers;
- Biometric identifiers, including finger and voice prints; and
- Full face photographic images and any comparable images.
“Protected Health Information” or “PHI” shall mean information created or received by a health care provider, health plan, employer or health care clearinghouse, that:
(i) relates to the past, present or future physical or mental health or condition of an individual, provision of health care to the individual, or the past, present or future payment for provision of health care to the individual;
(ii) identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and
(iii) is transmitted or maintained in an electronic medium, or in any other form or medium. The use of the term “Protected Health Information” or “PHI” in this Agreement shall mean both Electronic PHI and non-electronic PHI, unless another meaning is clearly specified.
“Security Incident” shall mean the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system.
All other terms used in this Agreement shall have the meanings set forth in the applicable definitions under the HIPAA Regulations and/or the security and privacy provisions of the HITECH Act that are applicable to business associates along with any regulations issued by the DHHS.
In the event of an inconsistency between the provisions of this Agreement and a mandatory term of the HIPAA Regulations (as these terms may be expressly amended from time to time by the DHHS or as a result of interpretations by DHHS, a court, or another regulatory agency with authority over the Parties), the interpretation of DHHS, such court or regulatory agency shall prevail. In the event of a conflict among the interpretations of these entities, the conflict shall be resolved in accordance with rules of precedence.
Where provisions of this Agreement are different from those mandated by the HIPAA Regulations or the HITECH Act, but are nonetheless permitted by the Regulations or the Act, the provisions of this Agreement shall control.
Except as expressly provided in the HIPAA Regulations, the HITECH Act, or this Agreement, this Agreement does not create any rights in third parties.
Privacy of Protected Health Information
Permitted Uses and Disclosures of PHI. Business Associate agrees to create, receive, use or disclose PHI only in a manner that is consistent with this Agreement or the HIPAA Privacy Rule and only in connection with providing services to the Covered Entity. Accordingly, in providing services to or for the Covered Entity, Business Associate, for example, will be permitted to use and disclose PHI for “treatment, payment and health care operations” in accordance with the HIPAA Privacy Rule.
Business Associate shall report to Covered Entity any use or disclosure of PHI that is not provided for in this Agreement.
Business Associate shall maintain safeguards as necessary to ensure that PHI is not used or disclosed except as provided for by this Agreement.
Business Associate Obligations. As permitted by the HIPAA Privacy Rule, Business Associate also may use or disclose PHI received by the Business Associate in its capacity as a Business Associate to the Covered Entity for Business Associate’s own operations if;
the use relates to: (1) the proper management and administration of the Business Associate or to carry out legal responsibilities of the Business Associate, or (2) data aggregation services relating to the health care operations of the Covered Entity; or
the disclosure of information received in such capacity will be made in connection with a function, responsibility, or services to be performed by the Business Associate and such disclosure is required by law or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidential and the person agrees to notify the Business Associate of any breaches of confidentiality.
Minimum Necessary Standard and Creation of Limited Data Set. Business Associate’s use, disclosure or request of PHI shall utilize a Limited Data Set if practicable. Otherwise, in performing the functions and activities as specified in the Agreement and this Agreement, Business Associate agrees to use, disclose or request only the minimum necessary PHI to accomplish the intended purpose of the use, disclosure or request.
Access. In accordance with 45 C.F.R. § 164.524 of the HIPAA Privacy Rule and, where applicable, in accordance with the HITECH Act, Business Associate will make available to those individuals who are subjects of PHI, their PHI in Designated Record Sets by providing the PHI to Covered Entity (who then will share the PHI with the individual), by forwarding the PHI directly to the individual or by making the PHI available to such individual at a reasonable time and at a reasonable location. Business Associate shall make such information available in an electronic format where directed by the Covered Entity.
Disclosure Accounting. Business Associate shall make available the information necessary to provide an accounting of disclosures of PHI as provided for in 45 C.F.R. § 164.528 of the HIPAA Privacy Rule and where so required by the HITECH Act and/or any accompanying regulations, Business Associate shall make such information available directly to the individual. Business Associate further shall provide any additional information to the extent required by the HITECH Act and any accompanying regulations.
Business Associate is not required to record disclosure information or otherwise account for disclosures of PHI that this Agreement in writing permits or requires: (i) for the purpose of payment activities or health care operations (except where such recording or accounting is required by the HITECH Act and as of the effective dates for this provision of the HITECH Act), (ii) to the individual who is the subject of the PHI disclosed or to that individual’s personal representative, (iii) to persons involved in that individual’s health care or payment for health care, (iv) for notification for disaster relief purposes, (v) for national security or intelligence purposes, (vi) to law enforcement officials or correctional institutions regarding inmates, (vii) pursuant to an authorization, (viii) for disclosures of certain PHI made as part of a limited data set and (ix) for certain incidental disclosures that may occur where reasonable safeguards have been implemented.
Amendment. Business Associate shall make available PHI for amendment and incorporate any amendment to PHI in accordance with 45 C.F.R. § 164.526 of the HIPAA Privacy Rule.
Right to Request Restrictions on the Disclosure of PHI and Confidential Communications. If an individual submits a Request for Restriction or Request for Confidential Communications to the Business Associate, Business Associate and Covered Entity agree that Business Associate, on behalf of Covered Entity, will evaluate and respond to these requests according to Business Associate’s own procedures for such requests.
Return or Destruction of PHI. Upon the termination or expiration of this Agreement, Business Associate agrees to return the PHI to Covered Entity, destroy the PHI (and retain no copies) or further protect the PHI if Business Associate determines that return or destruction is not feasible.
Availability of Books and Records. Business Associate shall make available to DHHS or its agents the Business Associate’s internal practices, books and records relating to the use and disclosure of PHI in connection with this Agreement.
Termination for Breach
Business Associate agrees that Covered Entity shall have the right to terminate this Agreement or seek other remedies if Business Associate violates a material term of this Agreement.
Covered Entity agrees that Business Associate shall have the right to terminate this Agreement or seek other remedies if Covered Entity violates a material term of this Agreement.
Information and Security Standards
Business Associate will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity, confidentiality and availability of, and to prevent non-permitted use or disclosure of, PHI created or received for or from the Covered Entity.
Business Associate agrees that with respect to PHI, these safeguards, at a minimum, shall meet the requirements of the HIPAA Security Standards applicable to Business Associate.
More specifically, to comply with the HIPAA Security Standards for PHI, Business Associate agrees that it shall.
Implement administrative, physical and technical safeguards consistent with (and as required by) the HIPAA Security Standards that reasonably protect the confidentiality, integrity and availability of PHI that Business Associate creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall develop and implement policies and procedures that meet the Security Standards documentation requirements as required by the HITECH Act.
As also provided for in Section 4(d) below, ensure that any agent, including a subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect it.
Report to Covered Entity, Security Incidents of which Business Associate becomes aware that result in the unauthorized access, use, disclosure, modification or destruction of the Covered Entity’s PHI, (hereinafter referred to as “Successful Security Incidents”). Business Associate shall report Successful Security Incidents to Covered Entity as specified in Section 4(e).
For any other Security Incidents that do not result in unauthorized access, use, disclosure, modification or destruction of PHI (including, for purposes of example and not for purposes of limitation, pings on Business Associate’s firewall, port scans, attempts to log onto a system or enter a database with an invalid password or username, denial-of-service attacks that do not result in the system being taken off-line or malware such as worms or viruses) (hereinafter “Unsuccessful Security Incidents”), Business Associate shall aggregate the data and, upon the Covered Entity’s written request, report to the Covered Entity in accordance with the reporting requirements identified in Section 4(e).
Take all commercially reasonable steps to mitigate, to the extent practicable, any harmful effect that is known to Business Associate resulting from a Security Incident.
Permit termination of this Agreement if the Covered Entity determines that Business Associate has violated a material term of this Agreement with respect to Business Associate’s security obligations and Business Associate is unable to cure the violation; and
Upon Covered Entity’s request, Business Associate will provide Covered Entity with access to and copies of documentation regarding Business Associate’s safeguards for PHI.
Compliance with HIPAA Transaction Standards
Application of HIPAA Transaction Standards. Business Associate will conduct Standard Transactions consistent with 45 C.F.R. Part 162 for or on behalf of the Covered Entity to the extent such Standard Transactions are required in the course of Business Associate’s performing services for the Covered Entity. As provided for in Section 4(d) below, Business Associate will require any agent or subcontractor involved with the conduct of such Standard Transactions to comply with each applicable requirement of 45 C.F.R. Part 162. Further, Business Associate will not enter into or permit its agents or subcontractors to enter into, any trading partner agreement in connection with the conduct of Standard Transactions for or on behalf of the Covered Entity that:
Changes the definition, data condition or use of a data element or segment in a Standard Transaction;
Adds any data element or segment to the maximum defined data set;
Uses any code or data element that is marked “not used” in the Standard Transaction’s implementation specification or is not in the Standard Transaction’s implementation specification; or
Changes the meaning or intent of the Standard Transaction’s implementation specification.
Specific Communications. Business Associate, Plan Sponsor and Covered Entity recognize and agree that communications between the parties that are required to meet the Standards for Electronic Transactions will meet the Standards set by that regulation. Communications between Plan Sponsor and Business Associate or between Plan Sponsor and the Covered Entity, do not need to comply with the HIPAA Standards for Electronic Transactions. Accordingly, unless agreed otherwise by the Parties in writing, all communications (if any) for purposes of “enrollment” as that term is defined in 45 C.F.R. Part 162, Subpart O or for “Health Covered Entity Premium Payment Data,” as that term is defined in 45 C.F.R. Part 162, Subpart Q, shall be conducted between the Plan Sponsor and either Business Associate or the Covered Entity. For all such communications (and any other communications between Plan Sponsor and the Business Associate), Plan Sponsor shall use such forms, tape formats or electronic formats as Business Associate may approve. Plan Sponsor will include all information reasonably required by Business Associate to affect such data exchanges or notifications.
Communications Between the Business Associate and the Covered Entity. All communications between the Business Associate and the Covered Entity that are required to meet the HIPAA Standards for Electronic Transactions shall do so. For any other communications between the Business Associate and the Covered Entity, the Covered Entity shall use such forms, tape formats or electronic formats as Business Associate may approve. The Covered Entity will include all information reasonably required by Business Associate to affect such data exchanges or notifications.
Agents and Subcontractors. Business Associate shall include in all contracts with its agents or subcontractors, if such contracts involve the disclosure of PHI to the agents or subcontractors, the same restrictions and conditions on the use, disclosure, and security of such PHI that are set forth in this Agreement.
Breach of Privacy or Security Obligations
Notice and Reporting to Covered Entity. Business Associate will notify and report to Covered Entity (in the manner and within the timeframes described below) any use or disclosure of PHI not permitted by this Agreement, by applicable law, or permitted in writing by Covered Entity.
Notice to Covered Entity. Business Associate will notify Covered Entity following discovery and without unreasonable delay but in no event later than ten (10) calendar days following discovery, any "Breach" of "Unsecured Protected Health Information" as these terms are defined by the HITECH Act and any implementing regulations. Business Associate shall cooperate with Covered Entity in investigating the Breach and in meeting the Covered Entity’s obligations under the HITECH Act and any other security breach notification laws. Business Associate shall follow its notification to the Covered Entity with a report that meets the requirements outlined immediately below.
Reporting to Covered Entity
For Successful Security Incidents and any other use or disclosure of PHI that is not permitted by this Agreement, by applicable law, or without the prior written approval of the Covered Entity, Business Associate – without unreasonable delay and in no event later than thirty (30) days after Business Associate learns of such non-permitted use or disclosure – shall provide Covered Entity a report that will:
Identify (if known) each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been accessed, acquired or disclosed during such Breach;
Identify the nature of the non-permitted access, use or disclosure including the date of the incident and the date of discovery;
Identify the PHI accessed, used or disclosed (e.g., name; social security number; date of birth);
Identify who made the non-permitted access, use or received the non-permitted disclosure;
Identify what corrective action Business Associate took or will take to prevent further non-permitted accesses, uses or disclosures;
Identify what Business Associate did or will do to mitigate any deleterious effect of the non-permitted access, use or disclosure; and
Provide such other information, including a written report, as the Covered Entity may reasonably request.
For Unsuccessful Security Incidents, Business Associate shall provide Covered Entity, upon its written request, a report that: (i) identifies the categories of Unsuccessful Security Incidents as described in Section 4(b)(iii)(4); (ii) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts and (iii) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.
Termination for Breach
Covered Entity and Business Associate each will have the right to terminate this Agreement if the other party has engaged in a pattern of activity or practice that constitutes a material breach or violation of Business Associate’s or the Covered Entity’s respective obligations regarding PHI under this Agreement and, on notice of such material breach or violation from the Covered Entity or Business Associate, fails to take reasonable steps to cure the material breach or end the violation.
If Business Associate or the Covered Entity fail to cure the material breach or end the violation after the other party’s notice, the Covered Entity or Business Associate (as applicable) may terminate this Agreement by providing Business Associate or the Covered Entity written notice of termination, stating the uncured material breach or violation that provides the basis for the termination and specifying the effective date of the termination. Such termination shall be effective 60 days from this termination notice.
Continuing Privacy and Security Obligations. Business Associate’s and the Covered Entity’s obligation to protect the privacy and security of the PHI it created, received, maintained or transmitted in connection with services to be provided under the Agreement and this Agreement will be continuous and survive termination, cancellation, expiration or other conclusion of this Agreement or the Agreement. Business Associate’s other obligations and rights and the Covered Entity’s obligations and rights upon termination, cancellation, expiration or other conclusion of this Agreement, are those set forth in this Agreement and/or the Agreement.