Version 1.6 - September 2019
This Aptible HIPAA Breach Indemnification Agreement ("BIA") between Aptible, Inc. ("Aptible", "us" or "we") and users of the Aptible Services ("you") governs the use of the Aptible Services under the provisions of the Aptible Terms of Service (the "Terms").
Unless otherwise provided herein, this BIA is subject to the provisions of the Terms.
This BIA applies only to specific accounts, Services, and data, for which you have a valid, signed HIPAA Business Associate Agreement ("BAA") in place with Aptible. This BIA may cover use of both the Aptible Deploy and Aptible Comply products.
This BIA does not apply to any account, Service, or data that is:
For example, this BIA does not apply to Aptible Deploy Shared Environments, or to Aptible Comply accounts for which you do not have a BAA with Aptible.
Capitalized words and phrases have the meaning specified in the Terms, which uses the definitions found in HIPAA where applicable.
"Breach" has the meaning specified in 45 CFR § 164.402.
"Claim" means any claim, proceeding, or suit brought against you by a Third Party.
"Covered Breach" means, except for Excluded Breaches, a Breach of Unsecured Protected Health Information from your Aptible Services that results directly from a failure by Aptible to properly configure or maintain the components of the Aptible Services under Aptible's exclusive control.
"Covered Claim" means any Claim, to the extent the Claim results directly from a Covered Breach. Claims that do not result directly from a Covered Breach are not Covered Claims.
"Covered Expenses" means (a) all damages, costs, and attorneys’ fees finally awarded against you in any Covered Claim; and (b) all out-of-pocket costs (including reasonable attorneys’ fees) that you reasonably incurred in connection with the defense of a Covered Claim (other than attorneys’ fees and costs incurred without Aptible's consent after Aptible has accepted defense of the Covered Claim).
"Excluded Breach" means any Breach of PHI that in any way results from: (a) as between you and Aptible, your failure to properly configure your Aptible Services to protect PHI; (b) as between you and Aptible, your failure to properly configure or enforce user access policies and permissions for your Aptible Services or Aptible Deploy Containerized Services to protect PHI; (c) any other vulnerability introduced by your Aptible Deploy Containerized Services themselves (and not the infrastructure or Aptible Deploy platform on which the service is hosted); (d) actions or omissions by any Aptible vendor, such as Amazon Web Services; or (e) your breach of the Aptible Terms of Service, your BAA, or this BIA.
"Governmental Agency" means any court, administrative agency or commission or other federal, state, county, or local governmental entity, instrumentality, agency or commission.
"Regulatory Investigation" means a formal investigation by the U.S. Department of Health and Human Services into your security procedures regarding Protected Health Information.
"Third Party" means, other than a Governmental Agency, an unaffiliated corporation, partnership, or other entity, or a natural person.
"Unsecured Protected Health Information" has the meaning specified in 45 CFR § 164.402.
A. Defense. Subject to Section 3(C) of this BIA, Aptible will either defend you from or settle a Covered Claim if you:
You must not defend or settle any Covered Claim without Aptible’s prior written consent. You have the right to participate in the defense of the Covered Claim at your own expense and with counsel of your own choosing, but Aptible will have sole control over the defense and settlement of the Covered Claim.
B. Indemnification. Subject to Section 3(C) of this BIA, Aptible will indemnify you from and pay:
C. Exclusions. Aptible will have no obligation to you under Sections 3(A) or 3(B) of this BIA if:
Disputes arising under this BIA shall be resolved under the Dispute Resolution and Arbitration provisions of the Aptible Terms of Service.
Except as amended by this BIA, the Aptible Terms of Service and your BAA will remain in full force and effect. This BIA, together with the Terms and your BAA:
If there is a conflict between the Terms, this BIA, your BAA, or any other amendment or any addendum to those agreements, the document executed by the parties later in time will prevail.