This Terms of Service (ToS) offered by HIPAA Vault provides the Customer certain rights and remedies regarding service offerings for the dedicated hosting environment (as defined below).
Terms of Service
1. ADMINISTRATIVE ACCESS
Administrative or “root” access, known as Super User Privileges, to the server is limited to employees of HIPAA Vault and/or their authorized agents. Customer who require Super User Privileges are required to sign a security document before Super User Privileges are granted. For managed servers, HIPAA Vault reserves the right to require, at their discretion, software and/or hardware upgrades for the purposes of maintaining security and stability of the services provided. The cost of such upgrades shall be set by HIPAA Vault and paid by the Customer.
2. HARDWARE AND SOFTWARE CONFIGURATIONS
All managed servers must use hardware and software configurations that conform to HIPAA Vault requirements. Use of any particular hardware or software configuration may be declined at the sole discretion of HIPAA Vault.
3. USER CONDUCT
The Customer agrees to use the services and servers furnished by HIPAA Vault as allowed by applicable Local, State, Federal, and International laws. Transmission of any material in violation of any International, Federal, State or Local regulation is strictly prohibited. This includes, but is not limited to, materials covered in HIPAA Vault Acceptable Use Policy (AUP).
4. ECPA NOTICE
HIPAA Vault reserves the right to monitor any and all communications through or with our facilities. Customer agrees that HIPAA Vault is not considered a “secure communications medium” for the purposes of the ECPA (Electronic Communications Privacy Act of 1986) and no expectation of privacy is afforded.
5. NO INTERFERENCE WITH OPERATION OF SYSTEM
Customer agrees not to maliciously or intentionally interfere with the proper operation of the server and network, including but not limited to defeating identification procedures, obtaining access beyond that which Customer is authorized for, and impairing the availability, reliability, or quality of service for other Customers. Customer further agrees not to interfere with the proper operation of other systems reachable through the Internet, including any attempt at unauthorized access. Customer agrees to follow the Acceptable Use Policy of any network or service to which Customer connects.
Customer agrees to adhere to system policies as published online or otherwise made available by HIPAA Vault, including restrictions on services available, restrictions on certain features, and all other policies designed to protect and enhance the quality and reliability of service at HIPAA Vault. Customer agrees to abide by any and all future policy decisions by HIPAA Vault.
HIPAA Vault warrants that in providing services to Customer, HIPAA Vault complies fully with all local, state and federal requirements regarding the security and protection of Customer’s data and information, and consistently uses its best efforts to maintain the security of its servers. Notwithstanding such best efforts, no provider of such services, including HIPAA Vault, can guarantee that a Customer’s given server cannot be misused, or wrongfully accessed by Customer’s employees or others. This is true whether Customer chooses to retain the services offered by HIPAA Vault, or elects to use such services through another provider.
Further, HIPAA Vault cannot and does not guarantee that no acts of theft, sabotage or unlawful access can occur by Customer’s employees or third parties. Customer understands and acknowledges that, other than as stated herein, HIPAA Vault makes no warranties or guarantees regarding the security of its services, nor regarding any damages that may allegedly be caused by such breach of security or other wrongdoing by Customer, its employees and related third parties. Customer is fully responsible for the misuse or unlawful use of the services being provided by HIPAA Vault to the extent that such unlawful or misuse of HIPAA Vault servers is undertaken by the Customer, its employees and/or related third parties.
Customer agrees to immediately notify HIPAA Vault in writing if Customer becomes aware of any breaches or misuses of a HIPAA Vault’ server. Customer further agrees that if any security breach or misuse occurs, HIPAA Vault has the right to suspend Customer’s access to the server pending an investigation and resolution. In addition, Customer acknowledges that HIPAA Vault has the right and obligation to cooperate in any government or other legal investigation regarding Customer’s use of HIPAA Vault’ servers, including any of the managed servers used by Customer. Any use of HIPAA Vault’ system to engage in software piracy, or in any other violations of law, will result in the immediate suspension of services by HIPAA Vault, and notification to appropriate law authorities.
7. SENSITIVE DATA
If sensitive data will reside on the server either temporarily or permanently, the Customer agrees to notify HIPAA Vault in writing as soon as the Customer is aware of the sensitive data residing on their server. Sensitive data includes, but is not limited to, data which requires regulatory compliance such as HIPAA, PCI DSS, SOX, GLBA, and FISMA. Examples of sensitive data include electronic Protected Health Information (ePHI), credit card numbers, social security numbers, and financial records.
If HIPAA Vault is providing managed services for the Customer and if the Customer’s server(s) will contain any sensitive data, HIPAA Vault and Customer may have to enter into an additional agreement, which defines accountability for properly protecting the Customer’s server according to industry standards for information security.
8. HOSTING OF DATA
HIPAA Vault will charge the customer for disk space, as needed. The customer pre-approves the addition of disk space charges by HIPAA Vault. The customer will be notified upon these changes.
9. BACKUP OF DATA
Self-Managed Backups: If Customer opts to manage their own backups instead of using HIPAA Vault managed backup services, then Customer’s use of the backup server and service is at Customer’s sole risk. HIPAA Vault is not responsible for files and data residing on Customer’s server. Customer agrees to take full responsibility for files and data transferred and to maintain all appropriate backup of files and data stored on server.
Managed Backups: If the Customer opts for managed backup services, then HIPAA Vault is responsible for managing the backups on the Customer’s behalf; however, it is the Customer’s responsibility to ensure ePHI data is preserved for a minimum of seven years. If the Customer is deleting the ePHI data instead of preserving it, then they shall inform HIPAA Vault in writing at which point HIPAA Vault will then archive backups to preserve the data. The archives will consume more disk space, and HIPAA Vault will charge the customer for the disk space as needed. The customer pre-approves the addition of disk space charges by HIPAA Vault.
10. TRANSMISSION OF MATERIALS
Customer agrees not to transmit unsolicited or prohibited advertising or other harassing or illegal materials through electronic mail or Internet media. The use of HIPAA Vault or any other service with reference to services obtained through HIPAA Vault, for unsolicited mass mailings, postings, or other activities considered an annoyance to others, commonly referred to as “spamming,” is strictly prohibited and may cause Customer’s services to be terminated immediately and without warning. Customer will be held fully responsible for any damages to Customer, HIPAA Vault, or any other party or parties resulting from any such conduct.
11. CLIENT SUPPORT
For service-level impacting issues support is available 24/7. For non-service-level impacting issues and requests, 12 hours of standard, working-hours support is available per month. Additional support past the 12 hours per month requires management review and extra fees may apply (customer will be advised prior to imposing these such fees).