Overview
NAM International’s electronic acceptance of its email service providers Agreement signifies that NAM International officers have read, understand, acknowledge and agree to be bound by the email service providers Agreement, along with the email service providers Universal Terms of Service Agreement and any plan limits presented on the product landing pages.
The email service provider may occasionally notify NAM International and its subsidiaries of changes or modifications to this Agreement by email. It is therefore very important that NAM International and its subsidiaries keep information current. The email service provider assumes no liability or responsibility for NAM International and its subsidiaries failure to receive an email notification if such failure results from an inaccurate email address.
The parties agreed as follows:
Definitions
For purposes of this Agreement, any capitalized terms not otherwise defined herein will have the meaning given to them in the Agreement and under HIPAA.
· “Business Associate” has the same meaning as the term “business associate” in 45 C.F.R. § 160.103 of HIPAA.
· “Covered Entity” has the same meaning as the term “covered entity” in 45 C.F.R. § 160.103 of HIPAA.
· “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the rules and the regulations thereunder, as amended (including with respect to the HITECH Act).
· “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act enacted in the United States Congress, which is Title XIII of the American Recovery & Reinvestment Act, and the regulations thereunder, as amended.
· “Protected Health Information” or “PHI” will have the meaning given to it under HIPAA if provided to The email service provider in connection with your permitted use of the Services.* “Security Rule” means 45 C.F.R., Part 164, Subpart C, under HIPAA.
Applicability
Parties. This Agreement applies only to the extent NAM International and its subsidiaries are acting as a Covered Entity or Business Associate to create, receive, maintain or transmit PHI via the Services and where the email service provider, as a result, is deemed under HIPAA to be acting as a Business Associate of NAM International and its subsidiaries. Services Scope. As of the effective date of this Agreement, this Agreement is applicable only to the described Services. The email service provider may expand the scope of the described Services to include other the email service provider products or services. If the email service provider expands the scope of the Services, this Agreement will automatically apply to the additional products and services as of the date they are included, or the date The email service provider has otherwise provided written communication regarding an update to the scope of the included Services (whichever date is earlier).
Permitted Use and Disclosure
By the email service provider.
The email service provider used by NAM International, and its subsidiaries may use and disclose PHI only as permitted under HIPAA as specified in the Universal Terms of Service Agreement and under this Agreement. The email service provider may also use and disclose PHI for the proper management and administration of the email service provider’s business and to carry out the legal responsibilities of the email service provider, provided that any disclosure of PHI for such purpose may only occur if (1) required by applicable law; or (2) The email service provider obtains written reasonable assurances from the person to whom PHI will be disclosed that it will be held in confidence, used only for the purpose for which it was disclosed, and that the email service provider will be notified of any breach.
By NAM International and its subsidiaries.
NAM International and its subsidiaries will not request the email Service Provider or the Services to use or disclose PHI in any manner that would not be permissible under HIPAA if done by a Covered Entity itself (unless otherwise expressly permitted under HIPAA for a Business Associate). In connection with NAM International and its subsidiaries’ management and administration of the Services for end users, NAM International and its subsidiaries are responsible for using the available controls within the Services to support NAM International and its subsidiaries HIPAA compliance requirements, including enforcing appropriate controls to support NAM International and its subsidiaries HIPAA compliance. NAM International and its subsidiaries will not use the Services to create, receive, maintain or transmit PHI to other the email service provider services outside of the included Services, except where the email service provider has expressly entered into a separate HIPAA business associate agreement for use of such the email service provider services. If NAM International and its subsidiaries use the Services in connection with PHI, NAM International and its subsidiaries will use controls available within the Services to ensure (1) all other the email service provider products not part of the Services are disabled for all end users who use the included Services in connection with PHI (except those services where Customer and the email service provider already have an appropriate HIPAA business associate agreement in place); and (2) NAM International and its subsidiaries take appropriate measures to limit NAM International and its subsidiaries use of PHI in the Services to the minimum extent necessary for NAM International and its subsidiaries to carry out NAM International and its subsidiaries authorized use of such PHI. NAM International and its subsidiaries agree that the email service provider has no obligation to protect PHI under this Agreement to the extent NAM International and its subsidiaries create, receive, maintain, or transmit such PHI outside of the Services.
Appropriate Safeguards
The email service provider and NAM International and its subsidiaries will use appropriate safeguards designed to prevent against unauthorized use or disclosure of PHI, consistent with this Agreement, and as otherwise required under the Security Rule, with respect to the Services.
Reporting
The email service provider will promptly notify NAM International and its subsidiaries following the discovery of a breach resulting in the unauthorized use or disclosure of PHI in violation of this Agreement in the most expedient time possible under the circumstances, consistent with the legitimate needs of applicable law enforcement and applicable laws, and after taking any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the Services system by using commercially reasonable efforts to mitigate any further harmful effects to the extent practicable. NAM International and its subsidiaries hereby agree that any such report, notification or other notice made pursuant to this Agreement may be provided electronically. For clarity, NAM International and its subsidiaries and not the email service provider are responsible for managing whether NAM International and its subsidiaries end users are authorized to create, receive, maintain or transmit PHI within the Services and the email service provider will have no obligations relating thereto. This Section will be deemed as notice to NAM International and its subsidiaries that the email service provider periodically receives unsuccessful attempts for unauthorized access, use, disclosure, modification or destruction of information or interference with the general operation of the email service provider’s information systems and the Services and even if such events are defined as a Security Incident under HIPAA, the email service provider will not provide any further notice regarding such unsuccessful attempts.
Agents and Subcontractors
The email service provider will take appropriate measures to ensure that any agents and subcontractors used by the email service provider to perform its obligations under the Agreement that require access to PHI on behalf of the email service provider are bound by written obligations that provide the same material level of protection for PHI as this Agreement. To the extent the email service provider uses agents and subcontractors in its performance of obligations hereunder, the email service provider will remain responsible for their performance as if performed by the email service provider itself under this Agreement.
Accounting Rights
The email service provider will make available to NAM International and its subsidiaries the PHI via the Services so NAM International and its subsidiaries may fulfill NAM International and its subsidiaries obligation to give individuals their rights of access, amendment, and accounting in accordance with the requirements under HIPAA. NAM International and its subsidiaries are responsible for managing NAM International and its subsidiaries use of the Services to appropriately respond to such individual requests.
Access to Records
To the extent required by law, and subject to applicable attorney client privileges, the email service provider will make its internal practices, books, and records concerning the use and disclosure of PHI received from NAM International and its subsidiaries, or created or received by the email service provider on behalf of NAM International and its subsidiaries,, available to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) for the purpose of the Secretary determining compliance with this Agreement.
Return/Destruction of Information
The email service provider agrees that upon termination of the Agreement, the email service provider will return or destroy all PHI received from NAM International and its subsidiaries, or created or received by the email service provider on behalf of NAM International and its subsidiaries, which the email service provider still maintains as provided in the Universal Terms of Service Agreement; provided, however, that if such return or destruction is not feasible, the email service provider will extend the protections of this Agreement to the PHI not returned or destroyed and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible. In the event this Agreement is terminated earlier than the underlying Universal Terms of Service Agreement, NAM International and its subsidiaries may continue to use the Services in accordance with the Universal Terms of Service Agreement, but must delete any PHI NAM International and its subsidiaries maintain in the Services and cease to create, receive, maintain or transmit such PHI to the email service provider or within the Services.
Copyright © 2023 NAM International - All Rights Reserved.