Terms of Service

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS SERVICE.

BY USING THE SERVICES OR CLICKING “AGREE” IN THE ORDER PLACED BY CUSTOMER, CUSTOMER IS AGREEING TO BE BOUND BY THIS AGREEMENT, WHICH SETS FORTH RXNT’S TERMS OF SERVICE. ANY ORDER PLACED BY A CUSTOMER SHALL CONSTITUTE AN OFFER TO CONTRACT SUBJECT TO THE STANDARD TERMS AND CONDITIONS HEREIN CONTAINED AND, UNLESS EXPRESSLY AGREED IN WRITING BY AN AUTHORIZED REPRESENTATIVE OF RXNT, NO ADDITION TO, OR VARIATION FROM, THESE STANDARD TERMS AND CONDITIONS SHALL APPLY. THESE STANDARD TERMS AND CONDITIONS WILL NEGATE THE CUSTOMER’S OWN TERMS AND CONDITIONS AS SUCH.

IF CUSTOMER IS AGREEING TO THIS AGREEMENT ON BEHALF OF OR FOR THE BENEFIT OF THEIR EMPLOYER, THEN CUSTOMER REPRESENTS AND WARRANTS THAT THEY HAVE THE NECESSARY AUTHORITY TO AGREE TO THIS AGREEMENT ON THEIR EMPLOYER’S BEHALF.

This agreement (Agreement) is between Networking Technology, Inc., a Maryland corporation d/b/a RXNT (RXNT), and the customer agreeing to these terms (“Customer”), and covers all services provided by RXNT to Customer.  Customer understands that use of the Services is also governed by the Subscription Summary between the parties, RXNT’s Support Policy (Attachment A), its Pricing Policy (Attachment B), its Third Party Terms (Attachment C), its Business Associate Agreement (Attachment D), its Privacy Policy (Attachment E), and its Security Notice (Attachment F), each of which is incorporated by reference into the Agreement and each of which may be modified from time to time.

1) RXNT SOFTWARE SERVICES

This Agreement provides Customer access and use of RXNT’s web based subscription services, as specified on the electronic or written order between the parties (Subscription Summary), which is incorporated by reference into this Agreement and made part of it. Customer may purchase RXNT PM (Practice Management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing), and related services under this Agreement (Services).

2) USE OF SERVICES

a. RXNT Responsibilities

Training. RXNT shall provide initial and periodic training to Customer training personnel or representatives as follows:  Virtual “webinar” training is provided by RXNT staff to all End Users at no additional cost. RXNT staff can provide optional onsite training for physicians and staff at a rate of $150/hr. for a minimum of 8 hours plus $150 per diem plus travel expenses. All training must be scheduled in advance through Customer’s RXNT sales representative. All End Users must complete virtual “webinar” training prior to the End User’s first log on.

Support. RXNT must provide customer support for the Services as further detailed in the RXNT Support Policy. Customer shall be responsible for its own devices, systems, applications, connections and software used to access the Services.

b. Customer Responsibilities

Access by Employees and Contractors. Customer may allow its employees and contractors to access the Services in compliance with the terms of this Agreement and the applicable Subscription Summary, which access must be for the sole benefit of Customer. Customer is responsible for the compliance with this Agreement by its employees and contractors.

Restrictions and Responsibilities. Customer may not (i) sell, resell, rent or lease the Services, use the Services beyond its internal operations or reverse engineer the Services, (ii) use the Services to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party rights (including without limitation any privacy rights), (iii) interfere with or disrupt the integrity or performance of the Services, (iv) attempt to gain unauthorized access to the Services or its related systems or networks, (v) reverse engineer the Services or remove or modify any proprietary marking or restrictive legends in the Services, (vi) use the Services in violation of any law, including without limitation, HIPAA, Telephone Consumer Protection Act and any spam laws (for example, CAN SPAM), or (vii) access the Services to build a competitive product or service, or copy any feature, function or graphic of the Services for competitive purposes. Customer is solely responsible for Customer Information (defined below), must use commercially reasonable efforts to prevent unauthorized access to the Services, must notify RXNT promptly of any such unauthorized access, and may use the Services only in accordance with its user guide and applicable law.

Customer Information. All data, information, images and files entered or uploaded by Customer to the Services remains the sole property of Customer, as between RXNT and Customer (Customer Information), subject to the other terms of this Agreement. Customer grants RXNT a non-exclusive, royalty-free license to modify, store, transmit and otherwise use the Customer Information for purposes of RXNT performing under this Agreement. Notwithstanding the foregoing, if Customer’s access to the Services is suspended for non-payment of fees in accordance with Section 3(d), RXNT will have no obligation to provide Customer Information to Customer until Customer remedies such non-payment as provided in this Agreement.

Accuracy of Information Provided by Customer. Customer represents and warrants to RXNT that all Customer Information, Content (defined below) and other material provided under Customer’s account, by Customer or on its behalf, is true, correct and accurate. If Customer learns that any Customer Information or Content provided to RXNT as part of the Services is not true, correct or accurate, Customer must immediately notify RXNT by phone and in writing of this fact, and provide the true, correct and accurate information to RXNT. RXNT relies on Customer representations regarding the truth, accuracy and compliance with laws of Customer Information and Content. RXNT IS NOT LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY CUSTOMER’S FAILURE TO COMPLY WITH THIS PARAGRAPH, IRRESPECTIVE OF ANY ACT OR OMISSION ON THE PART OF RXNT.

Aggregation Services and De-identified Data. RXNT may use protected health information to provide you with data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining any and all ownership claims related to the de-identified data it creates from protected health information. RXNT may use, during and after this Agreement, all aggregate anonymized information and de-identified data for purposes of enhancing the Services, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.

Electronic Prescriptions for Controlled Substances. If Customer uses the Services for Electronic Prescriptions for Controlled Substance (Electronic Prescriptions), the following applies:

  • Tokens. Each Electronic Prescription account is assigned to a specific provider (Prescribing Provider) authorized by Customer. Each Prescribing Provider will be provided with a hard token provided by a third party (Hard Token) and confirmation letter. If the Hard Token is lost, damaged or becomes inoperable, there will be an additional fee for a new Hard Token or confirmation letter. Each Prescribing Provider will also be provided a soft token provided by a third-party (Soft Token). The Soft Token must be downloaded/stored on a separate device from the computer or device on which the Prescribing Provider gains access to the Electronic Prescriptions feature and transmits prescriptions. The Hard Tokens and Soft Tokens are referred to generally as a Token.
  • Customer Responsibilities. Customer and each Prescribing Provider agrees: (a) that each Prescribing Provider shall retain sole possession of the Hard Token and not to share the login passphrase with any other person; (b) that each Prescribing Provider may not allow any other person to use the Token or enter the login passphrase in order to sign controlled substance prescriptions; (c) that failure to secure the Token, login passphrase, or any biometric information may provide a basis for revocation or suspension of the Electronic Prescriptions account; (d) to notify RXNT within one business day of discovery if: (i) Customer or a Prescribing Provider is contacted by a pharmacy because one or more controlled substance prescriptions are displaying the incorrect United States Drug Enforcement Administration (DEA) number; (ii) if Customer or a Prescribing Provider discover that one or more controlled substance prescriptions issued using a Prescribing Provider DEA number were not consistent with the prescriptions actually signed, or were not signed at all; (iii) if a Prescribing Provider’s Token has been lost, stolen, or the authentication protocol has been compromised in any way; (e) that the Prescribing Provider is responsible for any controlled substance prescriptions written using its two-factor authentication credential; (f) that Prescribing Providers have the same responsibilities when issuing electronic prescriptions for controlled substances as when issuing paper or oral prescriptions; (g) to prescribe controlled substances only for legitimate medical purposes; (h) to review security logs on a daily basis for any security incidents; and (i) to report to the DEA any security incident and provide RXNT with a copy of such report. Customer agrees to keep all security incident reports on file for a period of two years.

Electronic Prescriptions (Excluding Prescriptions for Controlled Substances). If Customer uses the Services for Electronic Prescriptions (excluding prescriptions for controlled substances), the Customer and each Prescribing Provider agrees: (a) to only prescribe on their own behalf and not give away password or credentials to another person to prescribe for them; and (b) to take the same responsibility you would when transmuting paper or phone prescriptions.

Meaningful Use. Customer and providers intending to attest for Meaningful Use agree to follow the processes and procedures recommended in RXNT’s Meaningful Use training such that RXNT’s tracking and reports function appropriately.

c. Additional Terms

Content; Warranties. Customers may upload or submit content, files and information to the Services (Content). As between RXNT and Customer, all Content belongs to Customer, and Customer hereby grants RXNT a non-exclusive irrevocable, perpetual, royalty free license to display, store, distribute, share, modify and otherwise use such Content for purposes of this Agreement, including without limitation a license to syndicate the Content to third party publisher sites. Customer represents and warrants to RXNT that:

  • Any Content submitted to the Services does not violate any copyright, trade secret, privacy or other third party right,
  • It will not submit any Content that is untrue, defamatory, harmful to any person, or violates HIPAA Privacy Rules, State or Federal laws on patient privacy, and
  • All patient testimonials submitted by Customer are accurate and have the patient's consent, and comply with ethical guidelines of professional medical associations as well as state and local medical and private practice boards and governing bodies.

Reminders and SMS Messages. Customer agrees that by registering for the Services, including any request forms or use of communications features, constitutes a request for RXNT to send email, fax, phone call, or SMS reminders about upcoming appointments, special offers, and upcoming events. RXNT is not responsible for any text messaging or data transmission fees. If Customer provides a cellular phone number and agrees to receive communications from RXNT, Customer specifically authorizes RXNT to send text messages or calls to such number. Customer represents and warrants it has the authority to grant such authorization. Customer is not required to consent to receive text messages or calls as a condition of using the Services and may opt out of such messages through the Services.

Reviews & Opinions. RXNT does not endorse, validate as accurate, or necessarily agree with any of the reviews, links and user generated content from users or Customers on the Services. RXNT reserves the right to refuse to publish any patient review provided by Customer.

The Services may attempt to send automated or human-based alerts when reviews are provided on third party websites, but RXNT does not guarantee the accuracy, completeness or timeliness of such alerts.

Advertisements. RXNT reserves the right to place advertisements or messages from third parties on webpages of the Services. Such advertisements or messages from third parties may be visible to users as well as Customers.

3) PAYMENT TERMS

a. Payment

Customer must pay all fees as specified on the Subscription Summary and related services as incurred as specified in the Pricing Policy. Unless otherwise stated in the Subscription Summary, invoiced charges are due upon receipt. Customer is responsible for providing complete and accurate billing and contact information to RXNT and notifying RXNT of any changes to such information.

b. Credit Card and ACH

Customer must pay all fees (US$) with a credit card or via ACH put on file with RXNT. Payment must be made after notification by RXNT and upon receipt of an invoice from RXNT. If the credit card or ACH is not valid or the payment is not otherwise made, Customer must pay the amount owed upon receipt of an invoice. Customer hereby authorizes RXNT to charge such credit card or withdraw from Customer’s bank account via ACH for all purchased Services and related services, and any renewals.

c. Taxes

RXNT’s fees do not include any taxes, levies or other similar governmental assessments (Taxes). Customer is responsible for the payment of all Taxes associated with its purchases under this Agreement. RXNT is solely responsible for taxes assessable against RXNT based on its income, property and employees.

d. Suspension of Service for Non Payment

RXNT may suspend or terminate the Services, or both, if Customer has not paid amounts owed to RXNT when due. In advance of any suspension or termination, RXNT will make commercially reasonable efforts to send a minimum 3-day notice of payment default to Customer prior to suspension or termination (Customer is responsible updating its contact information with RXNT and notifying RXNT of any changes to such information).

e. Fee Changes

All fees may be changed with 60 days’ advance email notice to Customer. Customer is responsible for keeping its updated email address on file with RXNT.

f. Postage Fees

Since postage rate increases are publically announced by the United States Postal Service, RXNT will automatically apply the rate increase to all services impacted by the change without advance notice.

4) WARRANTY/SERVICE LEVEL AGREEMENT/DISCLAIMERS

a. Availability

RXNT will make commercially reasonable efforts to maintain uptime of 99%.

b. Mutual Compliance with Laws

Each party represents and warrants to the other party that it will comply with all applicable laws regarding its performance under this Agreement.

c. NO MEDICAL ADVICE PROVIDED BY RXNT

The Services do not provide medical advice, provide medical or diagnostic services, or prescribe medication. Use of the Services is not a substitute for the professional judgment of health care providers in diagnosing and treating patients. Customer agrees that it is solely responsible for verifying the accuracy of patient information (including, without limitation, obtaining all applicable patients' medical and medication history and allergies), obtaining patient’s consent to use the Services (including without limitation the patient portal portion of the Services), and for all of its decisions or actions with respect to the medical care, treatment, and well-being of its patients, including without limitation, all of Customer’s acts or omissions. Any use or reliance by Customer upon the Services will not diminish that responsibility. Customer assumes all risks associated with Customer’s clinical use of the Services for the treatment of patients. Neither RXNT nor its licensors assume any liability or responsibility for damage or injury (including death) to Customer, a patient, other person, or tangible property arising from any use of the Services.

d. CUSTOMER’S COMPLIANCE WITH MEDICAL RETENTION LAWS AND PATIENT RECORDS ACCESS

Customer is responsible for understanding and complying with all state and federal laws related to retention of medical records, patient access to information and patient authorization to release data. Customer agrees that it will obtain any necessary patient consent prior to using the Services (including without limitation the patient portal portion of the Services) and will apply settings to exclude information from availability in the patient portal portion of the Services as necessary to comply with state or federal law.

e. DISCLAIMERS

RXNT DISCLAIMS ALL OTHER WARRANTIES OTHER THAN THOSE EXPRESSLY STATED IN OTHER PROVISIONS OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR WITHOUT DELAY, AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. WHILE RXNT TAKES REASONABLE PHYSICAL, TECHNICAL AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICES, RXNT DOES NOT GUARANTY THAT THE SERVICES CANNOT BE COMPROMISED. RXNT DISCLAIMS ANY WARRANTY REGARDING ANY PERCENTAGE OF COLLECTION OF CLAIMS FOR CUSTOMER.

5) MUTUAL CONFIDENTIALITY

a. Definition of Confidential Information

Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). RXNT's Confidential Information includes without limitation the non-public portions of the Services. Confidential Information excludes information that: is or becomes generally known to the public without breach of any obligation owed to Discloser; was known to the Recipient prior to its disclosure by the Discloser without breach of any obligation owed to the Discloser; is received from a third party without breach of any obligation owed to Discloser; or was independently developed by the Recipient without use or access to the Confidential Information.

b. Protection of Confidential Information

The Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Discloser for any purpose outside the scope of this Agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees, contractors and clients (as the case may be) who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this Agreement. The Recipient may disclose Confidential Information (i) to the extent required by law or legal process; (ii) to its legal or financial advisors, provided that such advisors are bound by a duty of confidentiality that includes use and disclosure restrictions; and (iii) as required under applicable securities regulations. In addition, each Party may disclose the terms and conditions of this Agreement on a confidential basis to current and prospective investors, acquirers and lenders and their respective legal and financial advisors in connection with due diligence activities.

6) PROPRIETARY RIGHTS

a. Reservation of Rights by RXNT

The software, workflow processes, user interface, designs, know-how and other technologies provided by RXNT as part of the Services (RXNT Technologies) are the proprietary property of RXNT and its licensors, and all right, title and interest in and to such items, including all associated intellectual property rights, remain only with RXNT. RXNT reserves all rights unless expressly granted in this Agreement.

b. AMA Content

The AMA Content is licensed to Customer as follows: RXNT grants Customer a non-exclusive, license for the duration of the Services to use such materials for Customer’s internal use solely with the Services, with the right to make additional copies of the material for such duration and purpose (Licensed Documentation). AMA Content means the coding work of nomenclature and codes for reporting of healthcare services from the print publication Current Procedural Terminology, Fourth Edition and the data file of Current Procedural Terminology (CPT) published by the American Medical Association in the English language as used in the United States. AMA Restrictions: Customer may not use outside the United States, publish, distribute or create any derivate work (including without limitation translation), transfer, sell, lease, license or otherwise make available the AMA Content, or a portion or copy of such content, except as expressly provided in this Agreement. This sublicense is limited to one user for each active provider associated with Customer’s account. Customer is responsible for seeking additional user licenses directly from the American Medical Association if it requires more than one user license per active provider. CPT is a copyright and a registered trademark, of the American Medical Association.

c. Provisions Relating to Intelligent Medical Objects, Inc. (“IMO”)

RXNT’s license agreement with IMO requires that certain provisions (IMO Provisions outlined in Attachment C) be included in this Agreement with respect to the use by Customer and Customer’s end users of Services in which IMO’s intellectual property is embedded. The parties to this Agreement further acknowledge and agree that the IMO Provisions may be modified from time to time by IMO and that any such modifications shall be binding upon the parties hereto.

7) LIMITS ON LIABILITY.

a. Consequential Damages. EXCEPT WITH RESPECT TO GROSS NEGLIGENCE OR INTENTIONALLY HARMFUL ACTS, IN NO EVENT WILL RXNT BE LIABLE TO LICENSEE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF RXNT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.

b. Limit. RXNT’s TOTAL LIABILITY FOR THE CUMULATIVE CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, SHALL NOT EXCEED THE TOTAL AMOUNT OF ALL LICENSE FEES PAID TO RXNT BY LICENSEE DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE ACT, OMISSION, OR EVENT GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS FOR THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. Customer acknowledges and understands that the disclaimers and limitations of liability set forth in this Agreement form an essential basis of the contract between the Parties and were a fundamental inducement to RXNT to enter into this Agreement, and that absent such disclaimers, exclusions and limitations of liability, the terms and conditions of this Agreement would be substantially different.

8) TERM, TERMINATION, AND RETURN OF DATA

a. Term

The applicable Services will continue for the duration of one (1) year, and will be automatically extended for additional consecutive terms unless either party provides written notice of termination of no less than sixty (60) days prior to extension. This Agreement continues until all the Services are terminated.

b. Termination for Material Breach

Either party may terminate this Agreement and the applicable Subscription Summary if the other party material breaches any term of the Agreement or the Subscription Summary and does not cure the breach within thirty (30) days of written receipt of notice of breach. Additional terms are in the Term, Termination and Return of Data Policy FAQ page.

c. Return of Data

RXNT will have no obligation to provide Customer Information to Customer upon termination of this Agreement. Notwithstanding the foregoing, RXNT may retain Customer Information for 60 days from such termination and RXNT may provide Customer access to such information upon Customer’s request. For additional information, please see the Term, Termination and Return of Data Policy FAQ page.

d. Customer Actions upon Termination

Upon termination, Customer must pay any unpaid fees and destroy all RXNT property in Customer’s possession. Customer, upon RXNT’s request, will confirm in writing that it has complied with this requirement.

e. Suspension or Termination of Service for Violation of Law or the Agreement

RXNT may immediately suspend or terminate the Services and remove applicable Customer Information or Content if it in good faith believes that, as part of using the Services, Customer may have violated a law or any term of this Agreement. RXNT may try to contact Customer in advance, but it is not required to do so.

9) INDEMNITY

a. General Indemnity

To the extent allowed by applicable law, Customer must indemnify, defend, and hold harmless RXNT against all third-party claims (including without limitation by governmental agencies), demands, damages, costs, penalties, fines, and expenses (including reasonable attorneys’ fees and costs) arising out of or related to:

  • the use of the Services by Customer,
  • Customer’s breach of any term in this Agreement,
  • any unauthorized use, access or distribution of the Services by Customer,
  • the breach by Customer of any third party’s patent, trademark, copyright, trade secret or other intellectual property rights, or
  • violation of any individual’s privacy rights related to information submitted under Customer’s account, or fraudulent, invalid, duplicate, incomplete, unauthorized, or misleading information submitted under Customer’s account or by Customer.

b. Indemnification Procedures.

Customer shall: (a) promptly notify RXNT in writing of any such claim, (b) give sole control of the defense and settlement of any such claim to RXNT (provided that RXNT may not settle any claim in a manner that adversely affects Customer’s rights, imposes any obligation or liability on Licensee or admits liability or wrongdoing on the part of Customer without Customer’s prior written consent), and (c) provide all information and assistance reasonably requested by Customer, at Customer’s expense, in defending or settling such claim. Customer may join in defense with counsel of its choice at Customer’s own expense.

10) GOVERNING LAW

a. Governing Law

This Agreement is governed by the laws of the State of Maryland (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this Agreement.

b. Consent to Jurisdiction

Customer consents to the personal jurisdiction of and service of process in any federal or state court sitting in the State of Maryland.

c. Equitable Relief

Notwithstanding another provision of this Agreement, RXNT may seek and obtain injunctive and equitable relief in any court of competent jurisdiction without restriction or required process in this Agreement.

d. PROHIBITION OF CLASS AND REPRESENTATIVE ACTIONS

EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL PARTY BASIS, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PARTY'S CLAIMS, AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, CLASS OR REPRESENTATIVE PROCEEDING.

11) OTHER TERMS

a. No Solicit or Hire Clause

Customer acknowledges that RXNT invests considerable time and expense in the training of its employees and independent subcontractors in the services to be provided under this Agreement. Customer agrees that for the full term of this Agreement, and for 2 years after its termination Customer will not solicit or employ in any capacity, whether as a direct employee, independent contractor or as a representative of another company providing similar services to Customer as RXNT, any person employed by RXNT at any time during the term of this Agreement whose duties involve providing the Services, whether for Customer or other RXNT customers.

b. Consent to Electronic Notice, Communications and Transactions

For purposes of messages and notices about the Services (including without limitation, collections and payments issues), RXNT may send email notices to the email address associated with Customer's account or provide in service notifications.  For certain notices (e.g., notices regarding termination or material breaches), RXNT may send notices to the postal address provided by Customer. RXNT has no liability associated with Customer's failure to maintain accurate contact information within the Services or its failure to review any emails or in service notices. Customer will have the ability to enter into agreements, authorizations, consents and applications; make referrals; order lab tests; prescribe medications; or engage in others transactions electronically. CUSTOMER AGREES THAT ITS ELECTRONIC SUBMISSIONS VIA THE SERVICES IN CONNECTION WITH SUCH ACTIVITIES CONSTITUTE ITS AGREEMENT TO BE BOUND BY SUCH AGREEMENTS AND TRANSACTIONS, AND APPLIES TO ALL RECORDS RELATING TO SUCH TRANSACTIONS. Customer represents and warrants that it has the authority to take such actions.

c. Entire Agreement and Changes

This Agreement and the Subscription Summary constitute the entire agreement between the parties, and supersede all prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this Agreement. No representation, promise or inducement not included in this Agreement is binding. No modification or waiver of any term of this Agreement is effective unless signed by both parties. Notwithstanding the foregoing, RXNT may modify this Agreement by posting modified Terms of Service on the RXNT website and electronically notifying Customer of the changes thirty (30) days prior to the effective date of such changes. Customer agrees that by continuing to use the Services after posting of the modified Terms of Service, Customer agrees to be bound by the changes.

d. Feedback

If Customer provides feedback or suggestions about the Services, then RXNT (and those it allows to use its technology) may use such information without obligation to Customer.

e. Beta Features

If Customer is invited to access any beta features of the Services or a Customer accesses any beta features of the Services, Customer acknowledges that: (a) such features have not been made commercially available by RXNT; (b) such features may not operate properly, be in final form or fully functional; (c) such features may contain errors, design flaws or other problems; (d) it may not be possible to make such features fully functional; (e) use of such features may result in unexpected results, corruption or loss of data, or other unpredictable damage or loss; (f) such features may change and may not become generally available; and (g) RXNT is not obligated in any way to continue to provide or maintain such features for any purpose in providing the ongoing Services. These beta features are provided AS IS, with all faults. Customer assumes all risk arising from use of such features, including, without limitation, the risk of damage to Customer’s computer system or the corruption or loss of data.

f. No Assignment

Neither party may assign or transfer this Agreement or the Subscription Summary to a third party, except that this Agreement with the Subscription Summary may be assigned (without the consent) as part of a merger, or sale of all or substantially all of the business or assets, of a party.

g. Electronic Notice

For purposes of messages and notices about the Services (including without limitation, collections and payments issues), RXNT may send email notices to the email addresses associated with Customer's account or provide in service notifications. For certain notices (e.g., notices regarding termination or material breaches), RXNT may send notices to the postal address provided by Customer. RXNT has no liability associated with Customer's failure to maintain accurate contact information within the Services or its failure to review any emails or in service notices.

h. Independent Contractors and Enforceability

The parties are independent contractors with respect to each other. If any term of this Agreement is invalid or unenforceable, the other terms remain in effect.

i. No Additional Terms

RXNT rejects additional or conflicting terms of a form-purchasing document. If there is an inconsistency between this Agreement and the Subscription Summary, the Subscription Summary prevails.

j. Survival of Terms

All terms survive termination of this Agreement that by their nature survive for a party to assert its rights and receive the protections of this Agreement. The Convention on Contracts for the International Sale of Goods does not apply.

k. Customer Name

RXNT may use Customer's name and logo in customer lists and related promotional materials describing Customer as a customer of RXNT, which use must be in accordance with Customer’s trademark guidelines and policies, if any, provided to RXNT.

Last Updated: August 29, 2019

ATTACHMENT A – Support Policy

Hours of Operation

Monday through Friday, 8am-6pm (Eastern Time), excluding national holidays.

Scheduled Maintenance

Scheduled maintenance may occur between 11pm-7am (Eastern Time), during weekends and holidays or with 24 hour notice.

Access to Software Support for RXNT PM, RXNT EHR, and RXNT ERX

Click the Help tab on the RXNT product dashboard (or any page in RXNT PM, RXNT EHR, and RXNT ERX) to access self-help and feature guides, knowledge base articles, video tutorials, FAQs, and more.

If you cannot find your answer under the Help tab, choose from one of the following options to contact RXNT customer support:

  • Email your questions to support@rxnt.com
  • Chat us online using the Chat tab on the RXNT product dashboard (or any page in RXNT PM, RXNT EHR, and RXNT ERX)
  • Call 800-943-7968, choose Option 4 for general software support, then choose:
    • Option 1 for RXNT PM software support
    • Option 2 for RXNT EHR and RXNT ERX software support

ATTACHMENT B – Pricing Policy

Pricing & Billing Policies for your RXNT Account

General Terms

Billing Frequency and Methods

BillingFrequency and Method
Subscription feesBilled monthly or annually
Transactional fees (electronic claims, eligibility checks, electronic remittance advice, paper claims, patient statements)INCLUDED under our Per Provider Per Month subscription levels
Data storage feesNO CHARGE
Data import feesNO CHARGE for patient demographics, insurance information,
Training, Implementation & SupportNO CHARGE
  • Upgrading or Downgrading Subscriptions. New licenses purchased will be charged on a pro-rata monthly basis, and removed licenses will be credited to the account on a pro-rata monthly basis. The credit will be applied to the next invoice.
  • Fees: All fees charged by RXNT are described in RXNT’s Pricing Policy page and are determined by the subscription level selected and specific provider characteristics (example, Physician or Non-Physician Provider, full-time or part-time, or specialty). All prices may change with 60 days electronic notice. You are responsible for keeping your email address updated with RXNT. Mailing fees (example, for mailings like paper insurance claims or paper patient statements) may be increased at any time to reflect a change in the USPS postage or processing costs.

Billing & Other Terms

  • Account Changes: RXNT bills 15 days after the subscription is purchased and each month thereafter. Except for account cancelations or terminations which are covered under the RXNT Terms of Service, changes must be made by the last day of each month in order for the changes to be reflected on your next invoice.
  • No Refunds/Credits: All fees are nonrefundable and non-cancellable. RXNT does not refund or credit subscription fees for partial months, or any portion of a prepaid plan upon a deactivation of a Provider or account cancellation. Customer is responsible for all fees (including any monthly minimum) for the entire term of the applicable order or subscription agreement.
  • Practices: Must have at least one active Provider within a Practice for the Practice to remain active.
  • Multi-Practice Provider: Providers activated within multiple practices within a single RXNT account will be charged one subscription fee, subject to the Provider using and correctly inputting the same name, NPI, and other user information in connection with all relevant practices.

Customer Support Plans & Fees

Phone, Email and Live Chat Support

  • All subscription levels include unlimited access to customer support by email, live chat and phone.

Assisted Enrollment Service

  • Assisted enrollment services include clearinghouse sign-up and setup of electronic services with insurance companies.
  • Unlimited number of payers on your initial enrollment. Subsequent payers are also included.
  • Assisted enrollments are included for all customers without additional fees.

Electronic Clearinghouse Services & Fees

Electronic Claims Submission (ANSI 837)

  • Electronic claims submission service includes sending electronic claims in the ANSI 837 format to RXNT's Clearinghouse.
  • No charge for Per Provider Per Month subscription levels.

Electronic Remittance Advice (ANSI 835)

  • Electronic remittance advice service includes receiving electronic remittance advice messages from RXNT’s Clearinghouse in the ANSI 835 format.
  • No charge for Per Provider Per Month subscription levels.

Electronic Real-Time Insurance Eligibility Services (ANSI 270/271)

  • Electronic real-time insurance eligibility services include performing electronic verification of insurance benefits from RXNT’s Clearinghouse in the ANSI 270/271 format.
  • No charge for Per Provider Per Month subscription levels.
  • Termination of Remittance Services: In the event that Customer desires to discontinue electronic remittance services, then Customer must contact the insurance companies directly to request termination.

Paper Claims Mailing Services:

Change Health Care (Workers Compensation and Auto Only) Paper Claims Mailing Services

  • $0.40 for each claim, postage is included.
  • No fee for printing of paper claims to your own printer from RXNT.

Patient Payment Credit Card Services

You can set up a merchant account with our merchant services partner and patient payments can be collected with a credit card in RXNT PM (through Scheduling) and then will be deposited directly in your bank account. Patient payments can also be made by patients using our Online Bill Pay. Patients making payments via Online Bill Pay, or paying an outstanding balance to a Customer processing it through RXNT PM, will pay a two percent (2%) convenience fee.

Pricing

MethodMerchant Services Processing Fee
Credit Card RateQuoted by RXNT’s merchant services partner

Patient Statement Mailing Service Fees

  • Sending batches of patient statements to Change Health Care Clearinghouse for printing and mailing (postage is included).
  • Statement Service: $0.80/statement.
  • Change of Address Service: Included in the Statement Service charge.
  • No fee for printing of patient statements to your own printer from RXNT.

Data Storage

  • NO CHARGE.

Data Import & Migration Fees

Data Import

  • Data import is available for the following areas: Patient Demographics, Insurance Companies, Plans, and Policy Info, Referring Providers, Providers, Scanned Documents, and Clinical Document CCDA Discrete.
  • Fees for data imports are determined based on the data sets requested and volume of the specific import and are quoted through by RXNT’s data services team.
  • RXNT will manually enters your Codes (CPT and diagnosis) and Fee Schedules

Data Migration

  • Moving practice data from a multi-practice account (e.g. a billing company) into a newly created customer account.
  • May include the following data within the practice: patients, encounters, documents (PDF only), and settings.
  • Permission: Requires written permission from the company administrator whose account the data originates.
  • Fees for data migration are determined based on the details for the specific migration and are quoted through by RXNT’s integration team.

What types of files can we accept data in?

Data SetFormat
Patient DemographicsXLS, CSV
Insurance Companies, Plans, and Policy InfoXLS, CSV
Referring ProvidersXLS, CSV
ProvidersXLS, CSV
Scanned DocumentsPDF
Clinical Document CCDA DiscreteXML

Electronic Prescribing of Controlled Substances using RXNT EHR or RXNT ERX

  • RXNT charges an annual application fee for e-prescribing of controlled substances of $75.00.

ATTACHMENT C – Third Party Terms

PROVISIONS RELATING TO INTELLIGENT MEDICAL OBJECTS, INC. (“IMO”)

IMO END-USER License RIDER Language (“EULA”)

The RXNT Services contain Problem IT terminology from Intelligent Medical Objects, Inc. (“IMO”) (the “Service”). The Service and the RXNT Services are separate products provided by separate entities. Your use or the use of your End Users use of the Service (collectively the “END-USER”) in conjunction with the Software is subject to the terms and conditions of this End User License Agreement (“EULA”).

In consideration of the rights and restrictions contained herein, END-USER agrees as follows:

  1. Grant of License

The license granted herein is a non-exclusive, non-transferable license to use the Service solely in conjunction with the Software for internal use: (i) in a clinical setting; and (ii) in a non-production/non-clinical setting for backup, archival, support, testing, training and demonstration purposes; provided END-USER complies with the restrictions set forth in Section 2.

  1. Restrictions

END-USER shall not cause or permit others to copy, duplicate, redistribute, loan, rent, retransmit, publish, license or sublicense or otherwise transfer, or commercially exploit, the Service, in whole or part.  END-USER shall not prepare derivative works or incorporate the Service, in whole or part, in any other system or work; or reverse engineer, decompile, disassemble, decrypt, translate, alter, adapt or modify the Service, in whole or part.

  1. Ownership

This EULA provides only a license of rights to use the Service, and does not provide for the sale or other transfer of title. Except for third party content included in the Service, IMO has and shall have exclusive title to and ownership of all of its products, including the Service and of all of its sub-parts and components, and of all updates, modifications, alterations, customizations, derivative works, revisions or enhancements thereof, and of all software, source code, and trade secrets, and proprietary research, equations, screens, techniques, methodology, analysis, programming or know-how thereof.

Any ideas or requests for terms submitted by END-USER to the Software vendor or IMO for inclusion in the Service shall be considered part of a derivative work of the Service and shall be owned by IMO with all rights assigned by END-USER to IMO. END-USER shall not be charged for such regular inclusion of added terms. END-USER will have a perpetual, non-exclusive license to use, display or modify these requested terms apart from the Service.

  1. Technical Warranty

The Service, as provided by IMO, does not include any disabling devices such as devices that result in the electronic recapture of programming, undocumented functions, passwords, keys, security devices or trap doors, or any computer viruses.

  1. Disclaimer of Warranties

EXCEPT FOR WARRANTIES THAT MAY NOT BE DISCLAIMED AS A MATTER OF LAW OR THAT ARE INCLUDED HEREIN, THE SERVICE IS PROVIDED ON AN "AS IS" BASIS AND IMO MAKES NO REPRESENTATIONS OR WARRANTIES WHATSOEVER, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY OR NATURE OF THE SERVICE, NON-INFRINGEMENT, COMPATIBILITY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Any warranties expressly provided herein do not apply if: (i) the END-USER alters, mishandles or improperly uses, stores or installs all, or any part, of the Service; (ii) the END-USER uses, stores or installs the Service on a computer system which fails to meet the specifications for the Software; or (iii) the breach of warranty arises out of or in connection with acts or omissions of persons or entities other than IMO.

  1. Assumption of Risk

THE END-USER ACKNOWLEDGES THAT THE SERVICE IS NOT A SUBSTITUTE FOR THE CARE PROVIDED BY LICENSED HEALTH CARE PRACTITIONERS.  AS BETWEEN THE END-USER AND IMO, THE END-USER HEREBY ASSUMES FULL RESPONSIBILITY FOR: (A) ITS USE OF THE SERVICE; AND (B) INSURING THE APPROPRIATENESS OF USING AND RELYING UPON THE INFORMATION IN VIEW OF ALL ATTENDANT CIRCUMSTANCES, INDICATIONS, AND CONTRAINDICATIONS.  IMO SHALL NOT BE RESPONSIBLE AND HAS NO LIABILITY TO ANY PERSON FOR: (A) ANY ERRORS, MISSTATEMENTS, INACCURACIES OR OMISSIONS REGARDING CONTENT DELIVERED THROUGH THE SERVICE; (B) ANY DELAYS IN OR INTERRUPTIONS OF SUCH DELIVERY; OR (C) ANY DATA OR INFORMATION INPUT INTO THE SERVICE BY THE END-USER.  ADDITIONALLY, IMO UNDERTAKES NO OBLIGATION TO SUPPLEMENT OR UPDATE CONTENT OF THE SERVICE.

THE SERVICE DOES NOT ENDORSE DRUGS, DIAGNOSE PATIENTS, OR RECOMMEND THERAPY. THE SERVICE IS AN INFORMATIONAL RESOURCE DESIGNED TO ASSIST LICENSED HEALTH CARE PRACTITIONERS IN DOCUMENTING THE CARE OF THEIR PATIENTS. THE INFORMATION CONTAINED WITHIN THE SERVICE IS INTENDED FOR USE ONLY BY PHYSICIANS AND OTHER HEALTH CARE PROFESSIONALS WHO SHOULD RELY ON THEIR CLINICAL DISCRETION AND JUDGMENT IN DIAGNOSIS AND TREATMENT.

  1. Disclaimer of Liability

EXCEPT FOR IMO’S OBLIGATIONS UNDER SECTION 8(B), IN NO EVENT SHALL IMO BE LIABLE TO ANY PERSON INCLUDING, BUT NOT LIMITED TO END-USER AND PERSONS TREATED BY OR ON BEHALF OF END-USER FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS EULA OR THE SERVICE.  IMO'S TOTAL LIABILITIES ARISING OUT OF OR RELATED TO THIS EULA ARE LIMITED TO THE FEES RECEIVED BY IMO FROM THE SOFTWARE’S LICENSOR FOR END-USER’S USE OF THE SERVICE.

  1. Indemnification

a. By END-USER.  END-USER agrees to indemnify, defend, and hold IMO harmless from any claims, costs, liabilities, judgments, attorneys’ fees, settlements, penalties or other losses in all causes including, but not limited to losses for tort, personal injury, medical malpractice or product liability arising out of or relating to: (a) the END-USER’s use of the Service; (b) any data or information input into the Service by END-USER; (c) END-USER’s negligence or intentional misconduct; and (d) any breach of this EULA by END-USER.   In the event that END-USER indemnifies IMO, then: (i) END-USER will retain qualified counsel with demonstrable experience defending claims of the type to be defended, who shall be pre-approved by IMO; and (ii) END-USER agrees to let IMO participate in the defense of any action, at IMO’s option and expense.

b. By IMO.  IMO agrees to indemnify, defend, and hold END-USER harmless against third party claims, costs, liabilities, judgments, attorneys’ fees, settlements, and penalties brought against END-USER arising out of, related to, or alleging that the IMO Service infringes on a United States patent, trademark or copyright of a third party (collectively “Indemnified Claim”); provided END-USER promptly, but within thirty (30) days, notifies IMO in writing of such Indemnified Claim. IMO shall have sole control of the defense of any Indemnified Claim, including appeals, negotiations, and any settlement or compromise thereof; provided END-USER will have the right to approve the terms of any settlement or compromise that restricts its rights granted under this Agreement or subjects it to any ongoing obligations.  IMO shall have no indemnification obligation to END-USER to the extent that an Indemnified Claim arises out of: (i) END-USER’S violation of this EULA; (ii) information incorporated into the Service by END-USER or Software vendor; (iii) a modification or addition to the Service made by END-USER or Software vendor; or (iv) the use of the Service in combination with any program or equipment or any part thereof not furnished or approved by IMO.

  1. Intellectual Property Disclaimers; Use of Trademarks

END-USER will not alter, cover or remove any trademark, copyright or other proprietary rights notice placed by IMO or a third party in or on the Service. END-USER will not use or modify any IMO or third party trademarks, trade names, service marks, corporate names or logos or those of its affiliates (collectively “Marks”) or any advertising materials containing any of the foregoing unless it has obtained the prior written approval of IMO, which may be withheld for any reason. Goodwill associated with the Marks inures solely to IMO and the respective third party owners.  END-USER acknowledges and agrees that it shall not, directly or indirectly, do anything inconsistent with the validity, ownership, distinctiveness or integrity of the Marks, or the goodwill attaching thereto, nor shall it assist any third party in doing so.

  1. END-USER Documentation

END-USER is responsible for generating any user documentation related to the Service.

  1. Security

END-USER shall establish the appropriate firewalls and security systems, such that the Service is accessed only by authorized employees or contractors of END-USER and is not used in a manner that would violate the terms of this EULA.

  1. Third Party Beneficiary

END-USER agrees that IMO shall be, and is hereby, named as an express third-party beneficiary of this EULA for the purpose of enforcing at law and at equity all rights under this EULA against END-USER, the covenants of END-USER and the warranty disclaimers and limitations of liability set forth in this EULA, whether or not such provisions make specific reference to IMO or the Service.

  1. Term and Termination

The term of this EULA begins upon installation of the Software and/or Service and continues for the term specified in END-USER’s Software license agreement.  This EULA may be terminated by IMO or Software vendor at any time if: (i) END-USER violates any provision of this EULA; or (ii) Software vendor’s relationship with IMO terminates.  If this EULA is terminated for any reason, END-USER agrees to immediately return or destroy all copies of the Service and all companying items and certify the return or destruction thereof.

  1. Third Party Content

END-USER acknowledges that the Service includes third-party content.  END-USER agrees to the terms and conditions set forth in Schedule A of this EULA.

  1. General

END-USER will hold the terms of this EULA confidential. END-USER will ensure that anyone with authorized access to the Service will comply with the provisions of this EULA and Schedule A. If any provision of this EULA is determined to be unenforceable, the rest of this EULA will remain in full force.  Headings in this EULA are for convenience only and are not part of this EULA.  The delay or failure to assert a right herein or to insist upon compliance with any term or condition of this EULA shall not constitute a waiver of that right or excuse a subsequent failure to perform any term or condition.  END-USER may not assign any of the rights herein without prior written approval from IMO.  This EULA will be governed by the State of Illinois without regard to choice-of-law principles.  The courts of the State of Illinois and/or the United States District Court for the Northern District of Illinois shall have exclusive jurisdiction over any action arising under or related to the subject matter of this EULA and the parties agree to submit to the jurisdiction of the courts of the State of Illinois and the United States District Court for the Northern District of Illinois. This EULA is the entire agreement between END-USER and IMO as to the subject matter.  Any amendment must be in writing signed by both END-USER and IMO.

SCHEDULE A-Third Party Content Terms SNOMED CT® Codes

The Service makes use of SNOMED Clinical Terms® (SNOMED CT®) which is used by permission of the International Health Terminology Standards Development Organisation (IHTSDO). All rights reserved. SNOMED CT®, was originally created by The College of American Pathologists. “SNOMED” and “SNOMED CT” are registered trademarks of the IHTSDO.

EXHIBIT C-THIRD PARTY CONTENT TERMS AND CONDITIONS SNOMED CT® CODES

The Service includes SNOMED Clinical Terms (SNOMED CT®) which is used by permission of the International Health Terminology Standards Development Organisation (IHTSDO). All rights reserved. SNOMED CT®, was originally created by The College of American Pathologists. “SNOMED” and “SNOMED CT” are registered trademarks of the IHTSDO.

ATTACHMENT D – Business Associate Agreement

This Business Associate Agreement (“Agreement”) is made and entered into as of the earliest date on which the RXNT Terms of Service has been accepted by the Customer and the Subscription Summary has been executed by the parties (“Effective Date”) by and between Networking Technology, Inc. dba RXNT (the “Business Associate,” as further defined below) and Customer (“Covered Entity,” as further defined below), (collectively, the “Parties”).

WHEREAS, Customer is a covered entity as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the regulations promulgated pursuant to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act (Division A, Title XIII and Division B, Title IV of Public L. 111–5) and Networking Technology, Inc. is a “Business Associate” as defined under HIPAA;

WHEREAS, Business Associate has contracted with Covered Entity to provide certain services to or on behalf of Covered Entity (“RXNT Terms of Service”), and Covered Entity may provide Business Associate with Protected Health Information or may require Business Associate to create, use, maintain, or transmit Protected Health Information on behalf of Covered Entity;

WHEREAS, the parties enter into this Agreement for the purpose of ensuring compliance with HIPAA and relevant implementing regulations, including the Privacy Rule, the Security Rule, and the Breach Notification Rule;

NOW THEREFORE, in consideration of the mutual promises and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

I. DEFINITIONS AND INTERPRETATION

a. Definitions Generally.

i. “Breach” shall have the meaning given to such term in 45 C.F.R. § 164.402.

ii. “Breach Notification Rule” shall mean the rule related to breach notification for Unsecured Protected Health Information at 45 C.F.R. Parts 160 and 164.

iii. “Electronic Protected Health Information” or (“EPHI”) shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 160.103 limited to the information created or received by Business Associate from or on behalf of Covered Entity.

iv. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information, codified at 45 C.F.R. Parts 160 and Part 164, Subparts A and E.

v. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

vi. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, codified at 45 C.F.R. § 164 Subparts A and C.

vii. Other capitalized terms used but not otherwise defined in this Agreement shall have the same meaning as those terms in the Privacy, Security or Breach Notification Rules.

b. Inconsistencies. In the event that the provisions of this Agreement are inconsistent with HIPAA or its implementing regulations or any binding interpretation thereof, said conflict will be resolved in favor of the regulations. To the extent that any such conflicts are nonetheless permitted under the Regulations, the provisions of this Agreement will prevail.

c. State Law and Preemption.Where any provision of applicable State law is more stringent or otherwise constitutes a basis upon which the Regulation is preempted, state law controls and the Parties agree to comply fully therewith.

d. Third-Parties. Except as expressly provided for in the Regulations and/or within the terms contained herein, this Agreement does not create any rights in third parties.

II. PERMITTED USES AND DISCLOSURES BY THE BUSINESS ASSOCIATE

a. Permitted Uses. Except as otherwise limited in the RXNT Terms of Service, this Agreement or as Required by Law, the Business Associate may use or disclose PHI as permitted by the Security Rule, as permitted by this Agreement or the RXNT Terms of Service, and as necessary to perform functions, activities or services for or on behalf of the Covered Entity including but not limited to: (i) Facilitating the processing of administrative, clinical and financial healthcare transactions; (ii) Treatment of patients of the Covered Entity; and (iii) Establishing and maintaining Business Management Programs.

b. Data Aggregation. Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide data aggregation services to the Covered Entity to the fullest extent permitted by the Privacy Rule, any terms of service agreed to by the Parties and any applicable provisions in this Agreement.

c. De-Identification. The Business Associate may de-identify PHI received or created pursuant to the RXNT Terms of Service consistent with 45 C.F.R. § 164.514.

d. Other Permitted Uses.The Business Associate may use PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities thereof.

e. Permitted Disclosures. The Business Associate may disclose PHI to facilitate the management and administration of the Business Associate or to carry out legal responsibilities, if: (i) Required By Law; and/or (ii) Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person and Business Associate will be notified of any instances of which the person is aware in which the confidentiality of the PHI is breached or suspected to have been breached.

f. Report Violations of Law. The Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.502(j)(1).

III. PRIVACY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Limitations on Disclosures. The Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement, the RXNT Terms of Service, or as Required by Law. The Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule if done by the Covered Entity, unless expressly permitted to do so pursuant to the Privacy Rule, the RXNT Terms of Service, and this Agreement

b. Safeguards against Unauthorized Use. The Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the RXNT Terms of Service and this Agreement or as Required by Law.

c. Reporting and Mitigation. The Business Associate agrees to report to the Covered Entity any unauthorized use or disclosure of PHI in violation of this Agreement and to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by the Business Associate in violation of the requirements of this Agreement.

d. Agreements with Subcontractors. The Business Associate agrees to ensure, consistent with 45 C.F.R. § 164.502(e)(1)(ii), that any Subcontractor that creates, receives, maintains, or transmits PHI on behalf of the Business Associate agrees in writing to the same restrictions and conditions that apply to the Business Associate in the RXNT Terms of Service and this Agreement with respect to the PHI.

e. Obligations on Behalf of the Covered Entity. To the extent the Business Associate carries out an obligation of the Covered Entity’s under the Privacy Rule, the Business Associate must comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligation.

f. Access to PHI. The Business Associate shall provide access, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity, to PHI in a Designated Record Set, to the Covered Entity in order to meet the requirements under the Privacy Rule at 45 C.F.R. § 164.524.

g. Amendment of PHI. The Business Associate shall make PHI contained in a Designated Record Set available to the Covered Entity for purposes of amendment per 45 C.F.R. § 164.526.  The Business Associate shall make any amendment(s) to an Individual’s PHI that the Covered Entity directs or agrees to pursuant to the Privacy Rule, at the request of the Covered Entity, and in the time and manner reasonably designated by the Covered Entity.  If an Individual requests an amendment of PHI directly from the Business Associate or its Subcontractors, the Business Associate shall notify the Covered Entity in writing promptly after receiving such request.  Any denial of amendment of PHI maintained by the Business Associate or its Subcontractors shall be the responsibility of the Covered Entity.

h. Accounting of Disclosures. The Business Associate shall document disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.  At a minimum, such information shall include:  (i) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the Individual of the basis for the disclosure, or a copy of the Individual’s authorization, or a copy of the written request for disclosure.  The Business Associate shall provide to Covered Entity information necessary to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.  In the event that the request for an accounting is delivered directly to the Business Associate or its Subcontractors, the Business Associate shall provide a copy of such request to the Covered Entity, in writing, promptly after the Business Associate’s receipt of such request.

i. Retention of Protected Health Information. Notwithstanding Section VII of this Agreement, the Business Associate and its Subcontractors shall retain all PHI throughout the term outlined in the RXNT Terms of Service and shall continue to maintain the information required under Section III(h) of this Agreement for a period of six (6) years after termination of the RXNT Terms of Service.

j. Minimum Necessary. The Business Associate shall only request, use and disclose the Minimum Necessary amount of PHI necessary to accomplish the purpose of the request, use or disclosure.

k. Availability of Information. For the purpose of the Secretary determining the Covered Entity’s compliance with the Privacy Rule, the Business Associate agrees to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of the Covered Entity available to the Covered Entity, or to the Secretary, in a time and manner designated by the Covered Entity or the Secretary, for the purposes of the Secretary determining the Covered Entity’s compliance with the Privacy Rule.

IV. SECURITY RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Compliance with the Security Rule. The Business Associate agrees to comply with the Security Rule with respect to Electronic Protected Health Information and have in place reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of EPHI and to prevent the use or disclosure of EPHI other than as provided for by the RXNT Terms of Service and this Agreement or as Required by Law.

b. Subcontractors. The Business Associate shall ensure that any Subcontractor that creates, receives, maintains, or transmits EPHI on behalf of the Business Associate agrees in writing to comply with the Security Rule with respect to such EPHI.

c. Security Incident/Breach Notification Reporting. The Business Associate shall report any successful Security Incident promptly upon becoming aware of such incident.

V. BREACH NOTIFICATION RULE OBLIGATIONS OF THE BUSINESS ASSOCIATE

a. Notification Requirement. To the extent the Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses Unsecured PHI, it will, following discovery of the Breach of such information, notify the Covered Entity of such Breach.

b. Content of Notification. Any notice referenced above in Section V(a) of this Agreement will include, to the extent known to the Business Associate, the identification of each individual whose Unsecured PHI has been, or is reasonably believed by the Business Associate to have been accessed, acquired, or disclosed during such Breach.  Business Associate will also provide to the Covered Entity other available information that the Covered Entity is required to include in its notification to the individual pursuant to the Breach Notification Rule.

VI. OBLIGATIONS OF THE COVERED ENTITY

a. Notification Regarding Limitations and Restrictions on Disclosure. The Covered Entity shall notify the Business Associate of any limitation(s) in its Notice of Privacy Practices of Covered Entity which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.

b. Notification of Changes to Limitations and Restrictions on Disclosure. The Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.

c. Limitations and Restrictions on Disclosure Arising Under Third-Party Agreements. The Covered Entity shall further notify the Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to which may affect the Business Associate’s use or disclosure of PHI in accordance with the Privacy Rule.

d. Requests by the Covered Entity.The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would be prohibited to the Covered Entity under the applicable Regulations.

VII. TERM AND TERMINATION

a. Term. The term of this Agreement shall be enforceable as of the Effective Date and shall terminate upon the expiration or termination of the RXNT Terms of Service.

b. Termination for Cause. Upon the Covered Entity’s knowledge of a material breach by the Business Associate of this Agreement, the Covered Entity shall provide an opportunity for the Business Associate to cure the breach or terminate this Agreement if the Business Associate does not cure the breach or end the violation within thirty (30) days after receipt of written notice from the Covered Entity.

c. Disposition of PHI upon Termination. Except as otherwise provided in this Section, upon termination of this Agreement for any reason, the Business Associate shall continue to extend the protections of this Agreement to all PHI received from Covered Entity. This provision shall also be applicable to any PHI in the possession of Subcontractors of the Business Associate. Business Associate shall limit further uses and disclosures of PHI for so long as the Business Associate maintains such PHI.

d. Retention of Certain InformationThe Covered Entity understands and agrees that information generated through the use of the services provided under the RXNT Terms of Service will be retained as necessary by the Business Associate for purposes of financial reporting, insurance claims, and other legal and business purposes.

VII. MISCELLANEOUS

a. Indemnification. In the event that there is a breach of privacy with respect to PHI under this BAA, the party causing the breach will indemnify the other party and its officers and directors for all actual damages, costs and attorneys’ fees caused by the breach, including but not limited to the actual costs of providing patient notice as a result of the breach.

b. LIMITATION OF LIABILITY. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

c. Regulatory References. Any references in this Agreement to any law, rule or regulation shall be interpreted to include the section as in current effect or as may from time to time be amended and for which compliance is required.

d. Amendments. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for the Covered Entity and the Business Associate to comply with the requirements of the Privacy, Security, or Breach Notification Rules, as well as HIPAA and the HITECH Act; however, all amendments to any of the provisions contained herein shall be made in writing.

e. Survival. The respective rights and obligations of Business Associate under Article III of this Agreement shall survive the termination of this Agreement.

f. Entire Agreement. This Agreement is the entire agreement between the Parties with regard to its subject matter and shall supersede any prior agreements.

g. Notice. Any notices required or relating to this Agreement shall be in writing and shall be sent by means of certified mail, postage prepaid, or reputable commercial carrier.

If to Business Associate:
Attn: Legal
1449 Whitehall Road
Annapolis, MD 21409

ATTACHMENT E - Privacy Policy

 

Website and Client Services Privacy Policy

Your privacy is extremely important to RXNT. This Website and Client Services Privacy Policy (“Policy”) governs your use of the Services. This Policy explains how we use, disclose and secure information collected by the Services. Please review it carefully.

Some of the information collected by RXNT is personal information. In general terms, “personal information” is information which you submit to RXNT and which identifies you or can be used to contact you, such as name, address, email address, phone number, social security number, and insurance-issued ID numbers. RXNT sometimes combines non-personal information with other information in a way that makes the combined information personal information. RXNT treats this combined information as if it were all personal information. RXNT does not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.

CONFIDENTIALITY OF HEALTH INFORMATION

Some of the users of the Services — such as healthcare providers — are subject to laws and regulations governing the use and disclosure of personal health information that they create or receive from other sources. Included among those laws are the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”).

When RXNT stores, processes or transmits “individually identifiable health information” (as that term is defined in HIPAA) on behalf of a healthcare provider who has entered into a user agreement with us, we do so as the provider’s “business associate,” as that term is defined in HIPAA. HITECH extended the privacy and security provisions of HIPAA to the business associates of covered entities. As a business associate, RXNT is prohibited from using individually identifiable health information to the same extent that the healthcare provider itself is prohibited from using it.

RXNT is required to take appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information which it collects, stores and processes on behalf of such providers.

METHODS OF COLLECTING DATA

User-Provided Information

RXNT obtains user information when you register to use the Services by typing or otherwise transmitting information into the Services.

When you register with RXNT and use the Services, RXNT obtains the following information:

(a) Your name, email address, age, password and other registration information.

(b) Information recorded in your electronic health record and provided by your healthcare provider.

(c) Information you enter into the system when using the Services, such as text messages and other data.

Information gathered during your use of the Services is intended to be used by the healthcare provider to render services to you as the patient.

Once you conclude the use the Services, data will be de-personalized and may be used for analytics to improve patient care.

RXNT may also use the information you provide us to contact you from time to time to provide you with important information, required notices and marketing promotions.

Automatically Collected Information

RXNT may collect certain information automatically from your computer, mobile phone or tablet, including, but not limited to, the type of device used, the unique device ID, the IP address of the device, operating system type, the language your system uses, the type of Internet browsers used, location-based information (e.g., country and time zone) and information about the way the Services are used. Generally speaking, this sort of data does not personally identify any particular user. Nevertheless, such data can be used in conjunction with personal information. In these circumstances, RXNT treats such combined information as personal information.

RXNT also uses cookies and other technological tools to enhance the quality of the Services by allowing us to do such things as save user preferences, help authenticate users, and debug and evaluate the performance of the Services.

USE AND SHARING OF YOUR INFORMATION

We use non-personal information for evaluating the performance of the Services, developing additional features and services, delivery of cookie-based content and for other purposes described in this Policy or in the RXNT Terms of Service.

With regard to personal information, RXNT appreciates its sensitivity and the need to limit its disclosure. Accordingly, we limit our sharing of your personal Information as follows:

  • As required by law, such as to comply with a subpoena, search warrant, court order, judicial proceeding or similar legal process;
  • When RXNT obtains your or your provider’s express consent;
  • Your healthcare provider will have access to your RXNT account information, including your personal information and may: (i) receive and store your account information in its own system; (ii) change your password; (iii) restrict your ability to submit, delete or edit information; (iv) suspend or terminate your RXNT account access or (v) access or retain, for any purpose authorized by applicable law, any information you provide or otherwise store as part of your RXNT account;
  • When RXNT believes in good faith that disclosure is necessary to protect the Services and the information in the Services, protect your safety or the safety of others, protect our rights and the rights of third parties, investigate fraud, or respond to a governmental agency or court order;
  • When RXNT provides such information to trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Policy and applicable law. Such information is provided to them subject to the terms of this Policy and with the approval of your healthcare provider. These trusted services providers will execute legally binding confidentiality and security obligations and business associate agreements as appropriate;
  • If RXNT is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice in the Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding such information.

RXNT uses vendors and service providers and we may share any information we receive with them retained in connection with the provision of the Services. When protected health information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA.

COMPLIANCE OF THIS POLICY WITH HIPAA AND HITECH

This Privacy Policy and the security practices described in it are intended to comply with HIPAA and HITECH. As such we maintain protected health information (PHI) in compliance with these rules and our contractual obligations with the healthcare providers that are “Covered Entities” under the federal healthcare privacy and security rules in HIPAA and HITECH.

CONSENTS AND AUTHORIZATIONS

RXNT may request your consent or authorization in connection with its own use of or its sharing of your information with others, either because this Policy or applicable laws and regulations require us to obtain such consent or we deem such consent to be appropriate. No request by RXNT to obtain your consent in any way narrows the scope or applicability of this Policy. By using the Services, you accept and agree to the treatment of information on the part of RXNT as described in this Policy.

Because the Services allows users to share information, you should take care in selecting the persons with whom you share your personal and health information. Although the Services processes and facilitates such transmissions, RXNT takes no responsibility or assumes any liability for the actions of other users or persons with whom you share such information.

Email communications received from users and RXNT’s communications often relate to administrative aspects of your care, e.g., appointment requests, reminders and cancellations and other notifications. RXNT may not offer you the option of opting out of receiving some of these messages although RXNT may allow you to change how often you receive such messages. In addition, if you have agreed to receive marketing announcements from RXNT, we will allow you to opt out of receiving those announcements. To opt out of such commercial emails, please click the link labeled “unsubscribe” at the bottom of any email we send you. If you have any questions about your choices or if you need any assistance with opting out, please contact us by sending an email to marketing@RXNT.com. You can also write us at the address in the How to Contact Us section below in the menu at the bottom of this web page.

In some instances, RXNT may use tools (e.g., “cookies”) in its emails to users to collect usage information from you, such as the device (i.e., your computer, mobile device or tablet) that you are using to communicate with the RXNT website. By doing so, we can track resources and data accessed on the site per visitor, record general site statistics and activity, and assist users who may be experiencing problems with our website. Our purpose in doing all of this is to provide you and other users with the best possible service. In any event, cookies do not identify a specific user and are not used to collect any personal information. Moreover, you may disable your cookie information at any time by adjusting your browser preferences on your personal computer.

COPPA

With regard to COPPA (Children’s Online Privacy Protection Act), we do not seek to collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

RXNT does not knowingly collect personal information from children. If RXNT learns that it has obtained personal information from a child, RXNT will delete that information as soon as practicable. If you discover that your child has provided us with personal information without your consent, please contact RXNT immediately.

While observing any applicable provisions of COPPA, the Services does not prevent persons above the age of 18 years—such as healthcare providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility for the submission, use and transmission of such information.

SECURITY AND SAFETY OF THE SERVICES

RXNT employs technical measures to help safeguard the confidentiality, integrity and availability of personally identifiable information that you might store and share through the Services. Applicable law requires us to investigate potential or suspected threats to the Services and to the confidentiality, integrity or availability of the information which RXNT stores. RXNT may use, retain and disclose information—including your personal and non-personal information—when it has a good-faith belief that it is necessary or advisable in order to:

  • detect, prevent and address potential or suspected threats to the Services or the confidentiality, integrity or availability of any information we store in the Services;
  • to detect, prevent and otherwise deal with illegal activity;
  • to detect, prevent and otherwise deal with violations of the RXNT Terms of Service by which all users are bound by consenting and agreeing to this Policy, by using the Services, and by entering into end-user and such other binding agreements as RXNT may require; and
  • to otherwise protect RXNT, you and third parties.

As stated above, RXNT may also use, preserve and disclose such information as required by law, e.g., to comply with a subpoena or similar legal process. The governmental entity initiating such legal process may prohibit RXNT from notifying the users or other individuals or entities identified in the requested information or take other actions that would otherwise be a violation of this Policy. RXNT may for these reasons preserve information from both active and disabled accounts for extended periods of time as necessary to comply with applicable law or as it deems appropriate under the circumstances.

RXNT utilizes and periodically evaluates the effectiveness of a number of technical, physical and administrative measures to prevent unauthorized access to its website, maintain data accuracy and ensure the appropriate use of your personal and non-personal information. These measures include encryption, firewalls, system alerts, and the use of industry-standard encryption technology. We also house such information in secure facilities that restrict physical and network access. RXNT applies what it regards as reasonable and accepted measures widely used in the IT industry to protect the confidentiality, integrity and availability of individually identifiable health information residing on and processed by the Services. No security system, however, can be expected to prevent all potential security breaches no matter what technology is used.

RXNT may notify you and inform you of potential countermeasures if RXNT learns of a security vulnerability or risk. RXNT strongly encourages you to be conscientious in using well known and readily available technology to improve the security of your own system and devices.

ACCESS LIMITED TO U.S. USERS

Access to the Services is administered in the United States and is intended solely for users within the United States, unless RXNT in advance and in writing authorizes specific users in specified locations outside of the United States who have executed such binding legal agreements and other documentation as RXNT may require. You should be aware that access by foreign nationals to systems located in the United States constitutes the exportation of technology under applicable U.S. law and may require compliance with U.S. export controls.

Personal Information transfers from the Europe Economic Community and individual countries with data-transfer restrictions are currently authorized by approved model contracts, agreements, certifications or other appropriate means.

Under no circumstances are you to use the Services in any jurisdiction where accessing or using the Services would violate U.S. law or any other law. Any information that you submit to us while outside of the United States will be transferred to RXNT systems that reside in the United States unless RXNT notifies you that it intends to transfer such information to specific RXNT systems that reside in one or more location(s) outside of the United States pursuant to such binding legal agreements and other documentation as RXNT may require from you and third parties. You consent to any such transfer of non-personal and personal information when you use the Services and provide us with such information.

Please be assured that RXNT will always employ appropriate measures to protect the privacy and security of your personal information, regardless of where it is processed or stored.

UPDATES AND REVISIONS TO THIS POLICY

RXNT may update and otherwise revise this Privacy Policy from time to time as it deems necessary. The most current version of this Policy will be posted on this site along with the new effective date, and you will be notified via email if in RXNT’s sole judgment the changes will materially affect the way we use or disclose previously-collected personal information. However, it is your responsibility to review this Policy periodically on our website to see if there have been any changes that affect you. Your use of the Services, including the continued storage of your information on RXNT systems, following any such change constitutes your agreement that all information collected from or about you through the Services will be subject to the terms of the revised Policy.

CORRECTING, UPDATING AND DEACTIVATING INFORMATION

RXNT complies with all laws regarding access to and correction of your information. The Services provides you with access to the information you submit and the means to correct and update it. If you have an online account with us, you can log into your account at any time to access and update your information. You may also have your provider contact RXNT on your behalf. If you need assistance updating your personal information, please contact us via email addressed to support@rxnt.com.

If you desire to deactivate your account, please have your healthcare provider contact us, whereupon RXNT will deactivate your account and archive your personal information and records. RXNT may retain archived information for a period of five years or longer as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Policy.

Certain users—such as healthcare providers—may be required under HIPAA and other applicable laws to retain your information for extended periods of time, and RXNT will continue to retain such information on their behalf in accordance with such requirements. Patients should submit requests to access or correct their health information directly to their providers. RXNT also indefinitely stores non-personal information, including de-identified health information.

If you have any questions about this Policy or information security, please contact us at support@rxnt.com.

Last updated February 20, 2019

ATTACHMENT F - Security Notice

How We Protect Your Data on Our Web-based Software Services

What This Security Notice Covers

This security notice pertains to the security measures in place at RXNT for protection of personal and protected health information in connection with the use of the RXNT web site, and the RXNT PM (practice management), RXNT EHR (electronic health records), and RXNT ERX (electronic prescribing) web-based services (collectively, Service).

Unique identification of users

To comply with the HIPAA requirements and to provide a secure service, RXNT requires all users to have a unique username.

In addition to a username, every user account must be protected with a password of sufficient complexity. RXNT ERX service sign-ins are protected by account lock out for non-usages.

Security on the RXNT web site

RXNT Service users may choose to sign into their account at the RXNT web site. Such sign-ins are protected by SSL security. Your browser will usually display an indicator (such as a "lock" icon) when using a secure SSL connection.

Security in the RXNT service

The RXNT Service communicates with secure RXNT hosted and controlled servers and networks. All communications are secured with public-key encryption. RXNT disallows the use of low cipher strength in our production service.

RXNT helps to ensure physical and technical security protections of customer data, as it uses servers located in SOC 2 Type 2 certified hosting providers.

RXNT employs redundant, next-generation firewalls, intrusion detection and prevention services monitored 24X7X365. RXNT uses a PCI Approved Scanning Vendor (ASV), internal and external threat prevention delivering timely and accurate reports of our production services.

In addition to these controls RXNT deploys up to date advanced threat protection services which help to identify, block, and track hacking attempts, scans, data breaches, adware, malware, spyware, Trojans, phishing attempts and other equally malicious requests.

Role-based security

Every user in the RXNT Service belongs to one or more roles. A role is defined by each customer and is assigned a set of permissions. 

Application locking

In accordance with HIPAA policies, RXNT’s Service will automatically lock up if left unattended for a period-of-time. Correct credentials of the user will need to be provided prior to using the application again.

RXNT password policy

RXNT system passwords are meant to help protect sensitive patient medical and financial records, as well as practice financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness.

The passwords are encouraged to be at least (8) eight characters long and have to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker. The passwords will expire on a regular basis.

A user may change their password at any point in the RXNT web site. Passwords changed by administrators/RXNT Support staff will immediately expire to allow users to log in but also to ensure that they immediately change their passwords to something that only they know.

RXNT will never store any passwords in permanent storage in a way that is reversible. The RXNT Service will never show the password in plain-text, human-readable form.

Changes to this security policy

RXNT may update this policy at any time for any reason. If there are any significant changes to how we handle security, we will make a reasonable commercial effort to send a notice to the contact email address specified in your company's RXNT account or by placing a prominent notice on our site.

Questions?

If you have questions or suggestions, you can contact us at:

Thomas Kavukat, CTO

RXNT
1449 Whitehall Road
Annapolis, MD 21409
thomask@rxnt.com

To report a security violation, please call us at 800-943-7968.

Last Updated: This policy was last updated on October 20, 2019

Scroll to Top