Last Updated: March 26, 2014
I. Description of Services. The Portal is designed to provide online results from testing services provided by Crescendo. Additionally, the Portal may be used as a patient management platform and a database for document information related to Crescendo’s testing services. Through the Portal, Crescendo provides you with (i) access to patient laboratory results; (ii) features for storing non-laboratory data on patients; (iii) features for storing patients who have not yet had a Crescendo laboratory test; (iv) access to documents and information related to the laboratory test services; (v) the ability to order laboratory tests for your patients; and (vi) features for securely communicating with Crescendo regarding specific patient clinical and/or customer service-related inquiries. Additionally, Crescendo may provide data upload and/or data entry services to help the User store patient data in the Portal. The services provided through the Portal and the data upload and/or data entry services (collectively, the "Services"), including, but not limited to any updates, enhancements, new features, and/or the addition of any new properties, are subject to these TOU. Crescendo may also offer services from time to time that are governed by other contractual terms. In such cases those terms will be posted on the Portal in association with the relevant service (s) to which they apply.
II. User Responsibilities.
A. Confidentiality and Compliance with Laws. You agree and acknowledge that you will have access to confidential and personally identifiable health information on this Portal and that your use of such information shall be in accordance with these TOU and all applicable provisions of the federal privacy regulations and the federal security regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended, Crescendo’s Notice of Privacy Practices, and all applicable local, state, federal and foreign laws and regulations. To the extent that you have disclosed, provided or otherwise made available personally identifiable health information of other individuals, including your patients, on this Portal, you acknowledge and agree that you are responsible for ensuring that your use and disclosure of such information complies with HIPAA, as amended, and all applicable local, state, federal and foreign laws and regulations. Crescendo's Notice of Privacy Practices applies to the use and disclosure of patient results and confidential and personally identifiable health information, and may be found posted on the Portal. The Notice of Privacy Practices, as it may change from time to time, is a part of these TOU and is incorporated herein by reference in its entirety. By entering the Portal to retrieve, view, display and otherwise access the personally identifiable health information of any individual, you warrant and represent as of the time of each such access, with respect to each such individual whose personally identifiable health information you are accessing that: (i) you are a licensed medical professional treating that individual or are an authorized Delegate or Associate of a licensed medical professional (a Delegate is a representative, employee or affiliate of a licensed medical professional who has been given access to patient test results on behalf of such licensed medical professional; an Associate is also a representative, employee or affiliate of a licensed medical professional, but has not been given access to patient test results on behalf of such licensed medical professional); (ii) that you have the individual’s informed consent and authorization to access such individual’s health information; and (iii) that your access and use of such individual’s health information shall be in accordance with these TOU and all applicable provisions of the federal privacy regulations and the federal security regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended, Crescendo’s Notice of Privacy Practices, and all applicable local, state, federal and foreign laws and regulations.
B. Member Account, Password, and Security. You will be provided with an account, which is accessed by use of a personal password and user name. You are responsible for maintaining the confidentiality of your password and account, and any and all activities that occur under your account. It is your user responsibility to change the password to your account on a regular basis. You agree to notify Crescendo immediately of any unauthorized use of your account or any suspected breach of security.
If Crescendo has reason to believe that the security of your access to the Portal, including, but not limited to, your log-in and password, has been compromised, Crescendo will immediately change your password and will attempt to notify you by means of the information set forth in the Portal Access Agreement Form you completed.
Crescendo will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. You may be held liable for losses incurred by Crescendo or another party due to someone else using your account or password. You may not use anyone else's account at any time, with or without the permission of the account holder.
C. Delegates. If you are a licensed medical professional you may authorize one or more Delegates to access information, documents, and laboratory results relating to your patients via the Settings in the Portal, by written authorization from you or your designated Users with Administrative privileges to Crescendo or by completing the appropriate sections in the Portal Access Agreement Form. Each Delegate will use a personal password and user name and will be bound by these TOU. You agree to notify Crescendo immediately if you wish to suspend or terminate an authorized Delegate’s account.
In the event that a Delegate ceases to be your representative, employee or affiliate for any reason, you agree to notify Crescendo at least five (5) days prior to the effective date of such termination, or, in any event, no later than twelve(12) hours after the effective time of such termination. Crescendo may immediately terminate Portal access for suchDelegate.
D. Termination. If you terminate your agreement with Crescendo, or your relationship with the practice group or other entity that has contracted with Crescendo has terminated, you shall immediately cease using your access to the Portal and will take appropriate steps (such as contacting our Support Center) to inform us that you are no longer entitled to access. If your relationship with a particular individual whose health information is accessible through this Portal is terminated, or i f the individual has revoked his/her consent or authorization for you to access his/her health information, you shall immediately cease your access to the particular individual’s protected health information through this Portal and will take appropriate steps (such as contacting our Support Center) to inform us that you are no longer entitled to access such individual’s protected health information.
III. Crescendo Responsibilities.
A. Crescendo will take all reasonable steps to make the Portal available to authorized users 24 hours, 7 days a week, excluding periods for scheduled maintenance, which will be scheduled outside normal business hours, and excluding unanticipated downtime requiring emergency maintenance, during which Crescendo will take reasonable steps to restore the Portal to full operation as soon as reasonably possible.
B. Crescendo shall safeguard User’s Protected Health Information ("User PHI") as defined and in accordance with HIPAA regulations and the Privacy and Security Rules set forth in 45 CFR Part 160, subparts A, C and E of Part 164. Crescendo shall use and disclose User PHI only as required to satisfy its obligations under the Agreement, as permitted by User, or as required by law, and shall not otherwise use or disclose any User PHI.
a. Tested Patient Data. Crescendo shall only use and disclose Tested Patient Data (as defined below) as permitted by HIPAA rules and regulations. "Tested Patient Data" means data received from User as part of the Services and required for laboratory testing and reimbursement operations for patients with at least one laboratory test order received by Crescendo in its role as a Covered Entity under HIPAA. "Covered Entity" shall have the meaning given to such term in 45 C.F.R. § 160.103.
b. Untested Patient Data. Crescendo shall use and/or disclose the Untested Patient Data (as defined below) only as permitted or required by this Agreement or as otherwise required by law. In this regard, Crescendo shall (i) use Untested Patient Data only for providing Services to the User, (ii) not use Untested Patient Data for any additional purpose other than providing Services, without written authorization from User, (iii) not contact patients without written authorization from User; and (iv) remove Untested Patient Data from the Portal, upon the written request of User. In the event that Crescendo determines that returning or destroying Untested Patient Data is infeasible, Crescendo shall provide to User notification of the conditions that make the removal infeasible and shall extend the protection of this Agreement to the Untested Patient Data for so long as Crescendo maintains such Untested Patient Data. "Untested Patient Data" means data received from User as part of the Services for patients with no laboratory test order received by Crescendo. This Section III(B)(b) shall survive the termination of this Agreement.
c. Associated Patient Data. Crescendo shall use and/or disclose the Associated Patient Data (as defined below) only to provide the Services to the User, as permitted or required by this Agreement, as permitted by written authorization from User or as otherwise required by law. Associated Patient Data may be received by Crescendo in conjunction with a laboratory test order or separate from a laboratory test order. Associated Patient Data may be entered by User into VectraView or otherwise sent to Crescendo using a secure and agreed upon means of communication. "Associated Patient Data" means patient data received from User as part of the Services that is not required for laboratory testing and reimbursement operations and therefore not Tested Patient Data, such as, but not limited to, dates of diagnosis, dates of disease onset, medications, and additional disease metrics.
C. Crescendo shall use reasonable safeguards to prevent the use or disclosure of User PHI and shall implement administrative, physical and technical safeguards that reasonably protect the confidentiality, security, integrity and availability of electronic User PHI that it creates, receives, maintains or transmits on behalf of User in accordance with applicable law.
D. Crescendo shall notify User of any breaches of Untested Patient Data determined to be above a low risk under the Breach Rule (defined per 45 CFR §164.402), as soon as possible, but not later than five (5) business days after discovery, stating (to the extent known by Crescendo) the nature of such use or disclosure. With respect to patient data managed by Crescendo as a Covered Entity, Crescendo shall notify patient(s) of any breaches no later than sixty (60) calendar days after discovery, stating (to the extent known by Crescendo) the nature of such use or disclosure.
E. For avoidance of doubt, in no event will Crescendo use any Untested Patient Data or Associated Patient Data other than to provide the Services to User as provided in this TOU, unless the User otherwise consents in writing
IV. User Representations. You represent and warrant that you are either: (i) a licensed medical professional, and that your license has not been suspended or revoked for any reason; or (ii) a Delegate of a licensed medical professional, whose access to the Portal has been granted pursuant to Section II.C. herein; or (iii) an Associate of a licensed medical professional.
V. Personal and Non-Commercial Use Limitation. The Portal and Services provided on this Portal are protected by U.S. and foreign copyright, trade dress, trademark, unfair competition laws, and other applicable laws and regulations. Unless otherwise specified, the Portal and the Services are for the sole use of you and your Delegates. Reports provided on the Portal may not be copied, distributed, transmitted, reproduced, or otherwise transferred except by the physician and then for the sole purpose of patient care.
VI. No Medical Advice. THE CONTENT ON THE PORTAL IS INTENDED TO BE AN INFORMATION RESOURCE ONLY, AND IS PROVIDED SOLELY ON AN "AS IS" AND "AS AVAILABLE" BASIS. Crescendo is not engaged in rendering medical advice via this Portal, and the information provided is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Crescendo does not recommend or endorse any specific physicians, products, procedures, opinions, or other information that may be mentioned on the Portal. Reliance on any information provided by Crescendo, employees of Crescendo, others appearing on the Portal at the invitation of Crescendo, or other visitors to the Portal, is solely at your own risk.
VII. Data Access and Privacy. All access to information contained in the Portal is secured by the use of a standard password mechanism. Transmission of information between the Crescendo system and your web browser is encrypted through the use of a secure socket layers (SSL) protocol. Information is processed and stored on controlled servers with restricted access. Crescendo will monitor usage of the Portal and maintain usage audits and logs of all activity. If suspicious activity is found, Crescendo has the right to suspend or terminate a user account. Access to a patient's results is limited to the patient's physician, or the Delegates of such physician. Access to your patient's specific data by a non-designated participating physician will only be permitted by Crescendo, through the Portal, if the data is de-identified and in aggregate form. See Crescendo's Notice of Privacy Practices.
VIII. Warranties. Crescendo makes no representations about the suitability or accuracy of the information contained on the Portal, or provided under the Services for any purpose. ALL INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. THE COMPANY AND/OR ITS RESPECTIVE SERVICE PROVIDERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY, WHETHER EXPRESS, IMPLIED OR STATUTORY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. CRESCENDO MAKES NO REPRESENTATIONS OR WARRANTIES THAT USE OF THE PORTAL WILL BE UNINTERRUPTED OR ERROR-FREE. YOU ARE RESPONSIBLE FOR TAKING ALL NECESSARY PRECAUTIONS TO ENSURE THAT ANY CONTENT YOU OBTAIN FROM THE PORTAL IS FREE OF VIRUSES AND MAINTAINED IN A SECURE MANNER.
The Portal and/or documents available in connection with the Services may include technical inaccuracies or typographical errors. Changes are periodically added to the information on the Portal and/or the TOU. Crescendo and/or its respective suppliers may make improvements and/or changes in the Portal, Services or TOU at any time, without notice.
IX. Assignment: Neither Party shall assign or transfer any rights or obligations under this Agreement without the prior written consent of the other Party; provided, however, that either Party may, without such consent, assign this Agreement and its rights and obligations hereunder in connection with the transfer or sale of all or substantially all of its business, or in the event of its merger, consolidation, change of control or similar transaction. Any permitted assignee shall assume all obligations of its assignor under this Agreement.
X. Limitation of Liability. YOUR USE OF THIS PORTAL, ANY CONTENT ON THIS PORTAL, AND/OR THE SERVICES IS AT YOUR OWN RISK. CRESCENDO SPECIFICALLY DISCLAIMS ANY LIABILITY, WHETHER BASED IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR SPECIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH ACCESS TO OR USE OF THE PORTAL OR THE SERVICES, EVEN IF CRESCENDO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL CRESCENDO OR ITS RESPECTIVE SERVICE PROVIDERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE PORTAL OR THE SERVICES. CRESCENDO’S MAXIMUM LIABILITY TO YOU SHALL NOT EXCEED THE AMOUNT OF FEES PAID FOR THE SERVICES, IF ANY.
XI. No Unlawful or Prohibited Use. As a condition to your use of the Portal and the Services, you will not use either for any purpose that is unlawful or prohibited by these TOU. You may not use the Portal and the Services in any manner that could damage, disable, overburden, or impair any server for which Crescendo is responsible, or the network(s) connected to those servers, or interfere with any other party's use and enjoyment of the Portal or any Services. You may not attempt to gain unauthorized access to the Portal or any Services, other accounts, computer systems or networks connected to any of Crescendo's servers or to the Portal or any of the Services, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Portal or the Services.
XII. Feedback Provided to Crescendo. You may submit feedback and suggestions regarding improvements or enhancements to the Portal and/or the Services, (collectively "Feedback"). Feedback may be provided through e-mail or other means and may not contain any User PHI as defined in Section III(B). By providing Feedback, you are granting Crescendo, its affiliated companies and necessary sublicenses permission to use your Feedback in connection with the operation of their businesses, including, without limitation, all Services.
XIII. Amendment. Crescendo may at any time revise or modify this TOU and/or its Notice of Privacy Practices, or impose new conditions for use of this Portal. Such changes, revisions or modifications shall be effective immediately. Any use of the Portal by you after such changes, revisions or modifications shall be deemed to constitute an acceptance of such changes, revisions or modifications. The most current version of the TOU and Notice of Privacy Practices can be found on the Portal. Crescendo may modify its services at any time.