Sign In   

Terms and Conditions of Use

Terms and Conditions of Use last updated: June 23, 2019

IMPORTANT: PAR®iConnect™ is provided by Psychological Assessment Resources, Inc. (“PAR”), a Florida corporation. Please carefully read these Terms and Conditions of Use (the “Terms”) before using PARiConnect.

By registering a PARiConnect account (“Account”) and using PARiConnect, you agree to be bound by these Terms, which contain important legal information about your rights and obligations and constitute a contract between you and PAR.

PAR may update or modify these Terms at any time. By continuing to use PARiConnect after such changes, you agree to be bound by the changes. You can tell when the Terms were last modified by viewing the “Last updated” date at the top. We encourage you to periodically review these Terms.

Additional Documents

The following documents are incorporated by reference into these Terms to the extent they apply to you or your use of PARiConnect:

PARiConnect Supervisor/Account Manager/User Agreement: If you registered to use PARiConnect as the account manager or supervisor, you agree to the terms and conditions set forth in the PARiConnect Supervisor/Account Manager/User Agreement, available here.

Business Associate Agreement: If you are a “Covered Entity,” PAR is your Business Associate. You may review our Business Associate Agreement here.

Data Processing Agreement (EU Customers): If you are established in the European Union (“EU”) or European Economic Area (“EEA”) or otherwise subject to the General Data Protection Regulation (“GDPR”), please refer to the Data Processing Agreement (EU Customers), available here.

PARiConnect Privacy Policy: For information on how PAR safeguards “Electronic Protected Health Information,” or “ePHI,” relating to your clients, patients, and/or students via PARiConnect, please refer to the PARiConnect Privacy Policy, available here.

PAR, Inc. Privacy Policy: For information about PAR’s general collection and handling practices with respect to your information as a PAR customer, please refer to PAR’s general Privacy Policy, available at https://www.parinc.com/Privacy-Policy.


General information

PAR is an independent publisher of psychological assessments and resources. PAR makes the PARiConnect online testing platform available to qualified clinicians and practitioners (each a “Qualified User”) for use with selected PAR assessment tools. Using PARiConnect, Qualified Users can remotely test clients, test clients in an office setting using online assessments, and generate reports on responses gathered from remotely located clients using the PAR desktop software application.

By registering an Account to use PARiConnect as a PAR customer (a “PAR Customer”) and providing your e-mail address, you consent to receive e-mail, including commercial electronic mail messages, from PAR to the e-mail address provided, unless you expressly revoke your consent in writing or by e-mail.

No clinical advice

PAR does not provide clinical advice; diagnose conditions; or recommend or endorse any specific health care providers, procedures, or opinions. The PARiConnect platform and the assessments, tests, interpretive reports, scores and/or results obtained through the PARiConnect platform (collectively, the “PARiConnect Materials”) are provided only to Qualified Users and only for professional informational purposes.

The PARiConnect Materials do not constitute clinical advice and are not intended to be a substitute for professional psychological, psychiatric, or medical advice or diagnosis. The PARiConnect Materials must not be relied on for diagnosis, treatment, or other recommended course of action for any medical, psychiatric, or other health-related condition. PAR Customers remain solely and exclusively responsible for all diagnostic, care, and/or treatment decisions for their clients.

Capacity of use

Entity or organization use

All PAR Customers affiliated with or employed by an entity, group, business, or organization of any kind (an “Organization”) must agree to the following:

  • You represent and warrant that you have the authority to legally bind the Organization to these Terms;
  • You acknowledge and agree that both you and the Organization are jointly and severally bound by these Terms;
  • The term “Supervisor/Account Manager” shall mean you as the individual registering the account of behalf of the Organization; and
  • All references in these Terms to “PAR Customer” or “you” will include both you and the Organization.

Individual use

PAR Customers who are not affiliated with or employed by an Organization must agree to the following:

  • You warrant and represent that you are not employed by or affiliated with or otherwise acting on behalf of any Organization of any kind;
  • You acknowledge and agree that these Terms are binding on you in your individual capacity; and
  • References in these Terms to “PAR Customer” or “you” shall mean you in your individual capacity.

PAR Customer responsibilities

You assume full responsibility for all use of PARiConnect under your Account including, if applicable, use by others within your Organization. You agree that any person who accesses, uses, or misuses PARiConnect under your Account does so on your behalf and that you are responsible for all such activity under your Account, including, without limitation, any activity in violation of these Terms.

You acknowledge and agree that you are responsible for ensuring that all access and use of the PARiConnect Materials under your Account complies with all of the Terms, including the restrictions and requirements that follow. You agree to follow all reasonable instructions of PAR in the use of the PARiConnect Materials.

Qualifications

PAR Customers are required to submit qualification information to establish professional credentials to acquire access to PAR tests. Specifically, you must provide accurate and current information pertaining to your identification, education, training, or other professional credentials (“Qualifications”) required for the relevant tests to be acquired. You warrant and agree that you have not misrepresented any Qualifications for any reason, including to obtain access to tests for which you are not qualified.

You warrant and agree that any individual who accesses or uses any PARiConnect Materials (including the PARiConnect platform) under your Account:

  • Will be at least 18 years old or older than the legal age of majority in the relevant jurisdiction; and
  • Will possess the training, education, and expertise appropriate to use the relevant PAR test acquired through PARiConnect.

You agree not to allow anyone to access or use the PARiConnect Materials or to conduct or interpret the results of any PAR assessment who has not had appropriate training.

Remote testing restrictions

Remote testing of adolescents and children aged 13 years and younger is prohibited. Assessment instruments may be administered to adolescents and children aged 13 years and younger only within your physical presence or that of another Qualified User in the Organization.

Connectivity

PAR will reasonably endeavor to ensure that PARiConnect is available at all times but does not guarantee 24/7 uptime. You agree and acknowledge that PARiConnect will function as intended only where you maintain a sufficiently fast and reliable Internet connection and use a browser environment that complies with any PARiConnect guidelines published from time to time at https://www.pariconnect.com. In particular, this may require the downloading of additional browser plug-ins to enable access to the content. PAR is not responsible for such third-party plug-ins, and you are responsible for complying with any license agreements that may apply to such plug-ins.

Privacy and security

You are solely and exclusively responsible for implementing and communicating reasonable and appropriate privacy policies with respect to your clients.

You agree to submit reasonable and appropriate documentation as requested by PAR to change critical security-related Account information for PARiConnect access and use.

You acknowledge and agree that you are solely and exclusively responsible for implementing and applying reasonable safeguards to protect the security of your Account, including maintaining the privacy of your password (“Password”) and not sharing it with others and modifying or requesting modification of your Password when necessary; for example, if an authorized user leaves your employ or Organization. PAR does not have access to Passwords, and, if you lose or forget your Password, you will have to create a new unique Password.

You are responsible for all activities under your Account, and you accept all risks for any unauthorized use of the Account. You agree to notify PAR immediately if you suspect that a Password or an Account has been compromised or breached to enable PAR in its discretion to investigate the circumstances and take such further action as required by law or as PAR in its discretion deems appropriate.

Data retention and backup

You agree and acknowledge that you are solely and exclusively responsible for backing up and maintaining backups of your data submitted to or generated by PARiConnect, including client records, reports, and assessment results, and that you will not to rely on PARiConnect for storage of such data or records.

PAR reserves the right to delete a PARiConnect Account, including all associated client records and data, after a period of 36 months of inactivity on the Account.

Prohibited uses

You agree to comply with all applicable law governing your use of PARiConnect Materials, including the PARiConnect platform and any products or services provided by or made available through PARiConnect, and not to use any PARiConnect Materials for unlawful purposes.

You agree not to access or attempt to access the PARiConnect Materials other than through the uniform resource locator (“URL”) supplied by PAR and not to access any API providing access to the PARiConnect Materials except where such API access has been explicitly granted by PAR and subject to the interface specifications supplied by PAR.

You agree not to use any device, software, or routine to interfere or attempt to interfere with the proper working of PARiConnect or any activity being conducted on PARiConnect or take any actions that otherwise may cause damage to PARiConnect.

Paper documentation

PAR may provide you with assessment documentation on paper. In such event, you agree not to make copies of any such documentation and only to use the originals provided by PAR. Once submitted to PAR, any client data provided via paper documentation is treated in the same manner as client data directly entered via PARiConnect.

Indemnity obligation

You agree to indemnify, protect, save, and hold harmless PAR and its officers, directors, employees, agents, servants, representatives, and contractors (collectively, “PAR Indemnitees”) from and against any loss, injury, damage, or expense (including, but not limited to, reasonable attorneys’ fees) that arises out of or is related in any way to your use of PARiConnect or the use of PARiConnect under your Account by any employee or other individual under your control and/or supervision, including any such use in violation of these Terms, and including claims by third parties.

Proprietary rights

The PARiConnect platform and its content (including, but not limited to, all site design; text; data; interfaces; logos; button icons; legends; images; photographs; music; audio and/or video clips; titles; page headers; graphics; software; and the selection, arrangement, coordination, enhancement, and presentation of said elements) is the proprietary property of PAR or its licensors or suppliers and is protected as to copyrights, trade dress, trademarks, and/or other intellectual property under United States law, or foreign law, or both.

PAR grants you a limited, nonexclusive, and revocable license (License”) to use (and, if applicable, to permit employees or individuals acting on your behalf and under your control and/or supervision to use) PARiConnect and its tools to conduct assessments based on the tests acquired for use. This License does not authorize you to copy, reproduce, distribute, publish, transmit, modify, display, or create derivative or collective works from, or exploit any assessment tools, scores, results, information, or other content contained within or available on or through PARiConnect for any purpose.

Reservation of rights

Except for the limited License described above, you do not acquire any right, title, or interest in or to any intellectual property in PARiConnect or any assessment tools, information or other content contained within or available on or through PARiConnect. All rights not expressly granted to you by these Terms are reserved by PAR. Any access or use of PARiConnect except as expressly granted by these Terms is prohibited and may result in legal action.

Electronic medical records

Electronic medical record (EMR)/electronic health record (EHR) technology and digital storage of records is increasingly used in health care practice. Medicare and Medicaid reimbursements are reduced for practitioners who do not use and incorporate EMR/EHR technology in their practice. And, increasingly, assessments and their results are administered and scored on digital platforms. As noted above, PAR’s tests and test materials (e.g., test items, stimulus materials, normative and validity data, interpretive statements generated from PAR software code), including those made available on PARiConnect, are PAR’s intellectual property and are protected by United States copyright law. Failure to follow best practices and appropriate security measures can also affect the future utility of such assessment materials.

PAR’s policy with respect to the inclusion of such items within an EMR/EHR, or in an electronic storage format, is the following:

  • When paper-based tests are scanned and entered into electronic medical records, care must be taken to ensure that the record is complete, that data quality is not comprised, and that paper forms are properly destroyed in a controlled environment
  • Test materials retained in an electronic format must be stored in a secure manner, with secure backup. The EMR/EHR or electronic digital storage system in use must have appropriate security levels in place to limit access to such information. Any system in use shall utilize access controls, such as passwords and/or PINs, to restrict access. Additionally, sensitive data and information should be encrypted. Finally, the system should have a mechanism to record who has accessed information, including capturing if changes were made, who made such changes, and when.
  • Qualified Users utilizing the assessment must ensure, through inquiry, observation, and representation from information technology professionals, that the digital storage or EMR/EHR selected and applied can provide the necessary level of security.
  • Nonprofessional staff must be informed of the requirement for the protection of psychological test materials and the stipulation that access to such materials is restricted to Qualified Users only.
  • Test results and/or reports that are generated from either web-based or desktop computerized test administration and/or scoring should be downloaded, filed, and stored with the client’s record that is retained within the EMR/EHR system or other digital storage method employed by the professional.

Essentially, each PAR Customer or Qualified User who uses a digital storage method is charged with applying and employing the same safeguards that one would use with sensitive paper files and ensuring that additional security measures are in place to protect electronically stored records to reduce the threat of unauthorized access. For additional information on PAR’s position regarding the disclosure of test materials to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act (“HIPAA”), please click here.

Modification or termination

PAR reserves the right, in its sole and absolute discretion at any time and without notice, (a) to suspend or terminate access to PARiConnect or any Accounts or registrations for any or no reason and (b) to modify (in whole or in part) PARiConnect, any products or services provided or available on PARiConnect, and their respective features and functionality. PAR will not be liable to you or any third party for any modification, suspension, or termination of access to PARiConnect or other PARiConnect Materials or for loss of related information or other content.

Limitations on liability

Disclaimer of warranties

YOU USE PARICONNECT AT YOUR OWN RISK. PARiConnect is provided “as is,” “with all faults,” and without warranty of any kind. Except and to the extent required by law, PAR does not represent, warrant, or guarantee that (a) any PARiConnect Materials or any content available on or through PARiConnect will be reliable, available, timely, error-free, uninterrupted, accurate, complete, or suitable for any purpose or otherwise meet your requirements or expectations and (b) that any defects or errors will be corrected even if PAR is aware of them.

Without limiting the generality of the foregoing and to the maximum extent permitted by law, PAR disclaims all warranties relating to any PARiConnect Materials, whether express or implied, arising under statute, common law, custom, course of dealing, course of performance, usage of trade, or otherwise. This disclaimer includes, without limitation, all warranties and conditions of merchantability, merchantable quality, fitness for a particular purpose, title, lack of viruses and non-infringement.

Some jurisdictions do not allow the exclusion of certain warranties, so the above limitations or exclusions may not apply to you.

Exclusion of certain damages

To the maximum extent permitted by law, PAR will not be liable to you or any other person for any special, incidental, indirect, collateral, consequential, exemplary, or punitive damages, whether in contract (including breach of warranty), equity, strict liability, negligence or other tort, failure to meet any duty (including, without limitation, any duty to act in good faith; to exercise commercially reasonable care; or arising out of any course of dealing, performance, usage, trade, or otherwise), or any other theory of liability arising out of or related in any way to (a) the use, misuse, inability to use, or performance of PARiConnect; (b) any error, omission, or inaccuracy contained within or any data, information, record, or results obtained through or resulting from the use of PARiConnect; or (c) any modification, corruption, or loss of data, records, or other information.

You further agree that this exclusion shall apply even if PAR was advised of the possibility of such damages or such possibility was reasonably foreseeable and that this exclusion includes damages of any kind, including, without limitation, damages caused by delayed or lost use, loss of actual or potential business, good will, revenue, profits or savings, damages resulting from business interruption, loss of privacy, and liability to third parties. Some jurisdictions do not allow the exclusion of certain warranties or limitation of incidental or consequential damages, so the above limitations or exclusions may not apply to you.

Maximum damages

To the maximum extent permitted by law, you agree that (a) PAR’s total aggregated liability arising out or related to your use or inability to use PARiConnect, or to the PARiConnect Materials generally, will not in any event exceed one hundred U.S. dollars ($100.00 USD), and (b) this limitation applies regardless of whether liability is based on contract, warranty, negligence or other tort, strict liability, or any other theory. Some jurisdictions do not permit caps on damages, so the above limitation may not apply to you.

Application of limitations and exclusions

Except where otherwise prohibited, you agree that this section (“Limitations on liability”), including all subsections, will apply notwithstanding any failure of essential purpose of any remedy.

Waiver of class action or class arbitration

Except where prohibited, you agree that you will not bring, request, join, or participate in a class action or class arbitration proceeding as to any claim, demand, suit, or cause of action you may have against PAR arising out of, relating to, or in any way connected with any PARiConnect Materials, and you waive and relinquish any right you may now or in the future have to bring, request, join, or participate in any lawsuit or arbitration or other proceeding on a class action or consolidated basis or to participate as a representative or member of any class of claimants pertaining to any claim, demand, suit, or cause of action arising out of, relating to, or in any way connected with your use of any PARiConnect Materials. This provision does not constitute a waiver of any of your rights and remedies to pursue a claim individually and not on a class action, class arbitration, or consolidated basis or as a representative or member of any class of claimants.

Severability

Each provision, part, or paragraph in these Terms is severable. If any provision in these Terms is determined by a court of competent jurisdiction to be illegal, invalid, or unenforceable under applicable law, the parties intend that the court shall modify the Terms (and the Terms shall be deemed to have been so modified), to the minimum extent necessary to conform to that law while preserving the parties’ original intent as much as possible. Such modification will apply only to the operation of the modified provision in the jurisdiction where the adjudication or determination was made.

Survival

The following sections will survive the termination of these Terms or your right to use PARiConnect: Indemnity obligation, Proprietary rights, Reservation of rights, Limitations on liability (including all subsections), Waiver of class action or class arbitration, Severability, and Governing law and venue.

Governing law and venue

Any dispute arising under these Terms or relating to your use of PARiConnect will be governed exclusively by the substantive laws of the State of Florida (without application of its conflict of laws principles) and controlling federal law of the United States of America and resolved exclusively in the state or federal courts located in Hillsborough County, Florida, United States. Each party irrevocably (a) consents to and submits to the mandatory jurisdiction of those courts; (b) waives any objection which such party now or hereafter may have to the institution or defense of any such suit, action, or proceeding in those courts; and (c) waives any defense or claim of inconvenient forum or improper venue. The United Nations Convention on Contracts for the International Sale of Goods will not apply to the validity, construction, interpretation, or enforcement of these Terms.

PARiConnect Supervisor/Account Manager/User Agreement

Supervisor/Account Manager/User Agreement last updated: June 23, 2019

PAR®iConnect™ is made available by Psychological Assessment Resources, Inc. (PAR) and provides an online testing platform for selected PAR assessment tools, providing clinicians and practitioners with the capability for remote testing of clients. PARiConnect also provides a method for licensed users of select PAR software products to purchase online administrations and use existing PC-based desktop software to complete scoring and/or interpretation. As the Supervisor/Account Manager of the PARiConnect connection and account that will be used for online testing by me and other users within my organization, I hereby understand and acknowledge the following:

  1. I possess the appropriate training, education, and expertise to use tests acquired for use by me and/or my organization. I understand the professional testing standards as promulgated by the American Psychological Association (APA), the National Council on Measurement in Education (NCME), and the American Educational Research Association (AERA) and will comply with such standards and policies.
  2. I have previously submitted user qualification information to PAR and have established my professional credentials to acquire access to tests. I have not misrepresented my identification, education, training, or other professional credentials to obtain access to tests for which I am not qualified. I understand that my access to tests is conditioned on my user qualifications being current and in good standing at all times.
  3. I have read and thoroughly understand the rights provided to me and my obligations as the Supervisor/Account Manager.
  4. I will supervise all users of PARiConnect that I may now or in the future establish or authorize on this account (each an “Additional User”), and I assume full responsibility for assigning the appropriate level of test access to each Additional User. I also assume full responsibility for adding new Additional Users and deleting Additional Users who are no longer qualified for access to various rights and privileges on PARiConnect.
  5. Before I assign rights through my PARiConnect account to any Additional Users within my organization, I will read and thoroughly understand the rights and obligations that apply to such Additional Users. If I have any questions concerning such rights or obligations within PARiConnect, I will contact PAR Customer Support at 1.855.856.4266 to resolve my question prior to assigning such rights.
  6. I hereby acknowledge that my account may contain client data for a number of clinicians and practitioners, and I assume full responsibility for establishing the account hierarchy to provide appropriate access to such client data.
  7. I will instruct all Additional Users on the appropriate acquisition process required for PARiConnect uses as well as for other PAR print and software products and will ensure that adequate safeguards are instituted such that all acquisitions will have the approval of me or my institution or other organization, and I will follow the acquisition procedure implemented within my organization.
  8. I will instruct all Additional Users that remote administration of assessment instruments to adolescents and children 13 years of age and younger is prohibited. In addition, I understand that many jurisdictions (“Local Laws”) restrict data collection from minors and that the relevant ages may vary. If applicable, I will instruct all Additional Users that the remote administration of assessment instruments to any children or adolescents younger than the age established by such Local Law (for example, 16 years of age and younger) is prohibited. I acknowledge and agree that I am solely responsible for identifying and complying with such additional restrictions applicable under Local Law. I accept full responsibility for ensuring that administration of assessment instruments to adolescents and children 13 years and younger (or such age as established by Local Law) will occur within the physical presence of either me or a qualified user in my organization.
  9. I will indemnify, protect, save, and hold harmless PAR and its officers, directors, employees, agents, servants, representatives, and contractors of, from, and against any loss, injury, damage, or expense (including reasonable attorneys’ fees) that PAR or any of its officers, directors, employees, agents, servants, representatives, or contractors may incur that shall arise out of, be connected with, or be in any manner related to my use or misuse of PARiConnect, the use or misuse of PARiConnect by any person in my organization, or the use or misuse of PARiConnect by any person provided access to PARiConnect by me or any person in my organization.

Business Associate Agreement

Business Associate Agreement last updated: June 23, 2019

Introduction

Psychological Assessment Resources, Inc. (“PAR”), a duly registered Florida corporation authorized to do business in Florida and located at 16204 North Florida Avenue, Lutz, FL, 33549, provides PARiConnect (defined below) for use by PAR customers (each a “Customer”) who have registered accounts to use PARiConnect in various ways, including to enter Customer client data that may contain PHI (defined below).

The Customer enters this Business Associate Agreement (“Agreement”) with PAR to satisfy the Customer’s obligations as a Covered Entity (defined below) under HIPAA, the DHHS Regulations, and the HITECH Act, as amended from time to time, to obtain reasonable assurances from PAR that PAR, as the Customer’s Business Associate, will comply with those laws and regulations made applicable to the Business Associate by the HITECH Act.

The Customer and PAR (each a “Party” and together, the “Parties”) will accomplish the Customer’s need for access to online assessments available within PARiConnect as described by this Agreement by electronically transmitting and receiving data in agreed formats and assuring that such transactions comply with relevant laws and regulations.

NOW, THEREFORE, the Parties agree as follows:

Definitions

As used in this Agreement, the following terms will have the corresponding meanings:

  1. “Breach” has the meaning specified in § 17921 of the HITECH Act;
  2. “Business Associate” has the meaning specified in the Privacy Rule, the Security Rule, § 27938 of the HITECH Act, and 45 C.F.R. § 160.103;
  3. “Individual” has the meaning specified in 45 C.F.R. § 160.103;
  4. “Client” means an Individual whose PHI is processed via PARiConnect on behalf of the Customer, whether such Individual is a client, patient, or student;
  5. “Covered Entity” has the meaning specified in 45 C.F.R. § 160.103;
  6. “Customer” means a PAR customer who has registered to use PARiConnect;
  7. “Designated Record Set” has the meaning specified in 45 C.F.R. § 160.501;
  8. “DHHS” means the United States Department of Health and Human Services;
  9. “DHHS Regulations” means the administrative regulations issued by DHHS and set for the in 45 C.F.R. Parts 160 through 164;
  10. “Electronic Health Record” has the meaning specified in § 17921 of the HITECH Act;
  11. “Electronic Protected Health Information” or “ePHI” has the meaning specified in 45 C.F.R. § 160.103;
  12. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996;
  13. “Privacy & Security Simplification Rules” means the privacy and security regulations promulgated under Title II, Subtitle F, §§ 261-264 of HIPAA;
  14. “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act of 2009, Public Law 111-005;
  15. “PARiConnect” means the online, automated computer assessment platform with web-based access located at https://www.pariconnect.com;
  16. “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, subparts A and E;
  17. “Protected Health Information” or “PHI” has the meaning specified in 45 C.F.R. § 160.103;
  18. “Required by Law” has the meaning specified in 45 C.F.R. § 164.501;
  19. “Security Rule” means the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Parts 160 and 164, subparts A and E;
  20. “Secretary” means the Secretary of the United States Department of Health and Human Services and those employees or agents designated to act on the Secretary’s behalf;
  21. “Security” or “Security Measures” means the administrative, physical, and technical safeguards and documentation requirements specified in the Security Rule; and
  22. “Unsecured PHI” has the meaning specified in § 17932 of the HITECH Act and 45 C.F.R. 164.402.

Business Associate obligations

  1. If and to the extent and so long as required by the HIPAA provisions of 42 U.S.C. §§ 1171 et seq. and regulations promulgated thereunder, and any additional security requirements contained in Subtitle D of Title IV of the HITECH Act that apply to Customer, but not otherwise, PAR assures Customer that PAR will: a. implement appropriate safeguards, including, without limitation, administrative, physical, and technical safeguards and documentation satisfying the requirements of the Security Rule, to protect the confidentiality, integrity, and availability of any Client ePHI that it may indirectly receive, maintain, or transmit; and b. appropriately safeguard all Client PHI regardless of form or format.
  2. PAR will mitigate, to the extent practicable, any harmful effect known to PAR of a use or disclosure of Client PHI by PAR in violation of this Agreement.
  3. PAR will report to the Customer any use or disclosure of Client PHI not authorized in this Agreement or any security incident involving Client PHI of which PAR becomes aware.
  4. PAR will ensure that any subcontractors or agents to whom PAR provides Client PHI agree to the same restrictions and conditions applicable to PAR with respect to such Client PHI.
  5. PAR will make available Client PHI in accordance with applicable law.
  6. PAR will provide Individuals who are the subject of Client PHI their rights as required of Business Associates.
  7. PAR will maintain records pursuant to this Agreement and provide such records and other necessary information to the Customer or to the Secretary as requested or required in writing and as permitted by law. All records kept in connection with this Agreement will be subject to the Customer’s review and audit upon reasonable notice and written request by the Customer.
  8. On termination of this Agreement for any reason (see “Term and termination” below), PAR will destroy all Client PHI that PAR still maintains in any form (including all copies thereof), will not retain copies or files of such Client PHI, and will remain obligated not to use, disclose, or provide such Client PHI to third parties.
  9. PAR shall incorporate any amendments or corrections to Client PHI when notified by the Customer pursuant to applicable law, in the event that the Customer cannot access such Client PHI.
  10. “Unsecured PHI” has the meaning specified in § 17932 of the HITECH Act and 45 C.F.R. 164.402.

Permitted uses and disclosures

If PAR inadvertently obtains Client PHI, PAR may use or disclose such Client PHI only if such use or disclosure complies with all applicable requirements of 45 C.F.R. § 164.504(e). Specifically, and except as otherwise restricted by this Agreement:

  1. PAR may use or disclose Client PHI to perform functions, activities, or services for, or on behalf of, the Customer, provided that any such use or disclosure (a) would not violate the Privacy or Security Rules if done by the Customer; and (b) is disclosed to both the Customer and Clients.
  2. PAR may use or disclose Client PHI for PAR’s proper management and administration or to carry out PAR’s legal responsibilities only if and to the extent that (a) such use or disclosure is required by law; or (b) PAR obtains reasonable assurances from the person(s) to whom the Client PHI is disclosed (“Recipient”) that such Client PHI will be maintained in confidence and used or further disclosed only for the purpose for which PAR disclosed to the Recipient or as required by law and that the Recipient will notify the Customer on learning of breach of confidentiality of such Client PHI.

De-identification/anonymization

The Customer agrees that PAR shall be entitled to de-identify and aggregate data provided to PAR for internal analytical purposes so long as PAR ensures that such data (“De-identified Aggregated Data”) are effectively and irreversibly anonymized and de-identified prior to such internal use and that no individual will be identifiable from such data once anonymized and aggregated such that the De-identified Aggregated Data will not constitute “protected health information” or “individually identifiable health information” as defined by 45 C.F.R. §160.103. PAR may use De-identified Aggregated Data internally to improve our products and services. PAR has never and will never deliberately disclose Client ePHI to outside parties.

Application of civil and criminal penalties

  1. PAR acknowledges that 42 U.S.C. §§ 1320d-5 and 1320d-6 shall apply to PAR if it violates any security provision specified above or §§ 1176 and 1177 of the Social Security Act in the same manner that such sections would apply to the Customer.
  2. PAR will be subject to audit of its security measures by the Office of the Inspector General (“OIG”) of DHHS.

Breach notification requirements

  1. PAR recognizes that the Customer has certain reporting and disclosure obligations to the Secretary of DHHS and others, including affected Individuals, in case of a Breach of Unsecured Client PHI. If PAR discovers a Breach with respect to Unsecured Client PHI accessed, maintained, retained, modified, recorded, stored, destroyed, used, or disclosed by PAR, PAR will notify Customer of such Breach without unreasonable delay and in no event later than 60 days following PAR’s discovery of the Breach. Such notice will include the identification of any Individual whose Unsecured Client PHI has been or is reasonably believed to have been accessed, acquired, or disclosed during the Breach.
  2. PAR will be liable for the costs associated with any Breach caused by the negligent or willful acts or omissions of PAR or its agents, officers, employees, or subcontractors.

Insurance

  1. PAR will maintain comprehensive general liability insurance throughout the Term (as defined below) of this Agreement in minimum limits of $1,000,000 USD per occurrence or per claim and $3,000,000 USD in the aggregate.
  2. If PAR secures claims insurance coverage, it will purchase an unlimited reporting endorsement on the cancellation or termination of said coverage.
  3. If requested, PAR will provide the Customer a certificate of insurance evidencing such coverage before the Effective Date (defined below) of this Agreement and any renewals thereof.

Business Associate indemnity

  1. PAR will indemnify and hold the Customer and its directors, officers, agents, employees, and personnel (collectively “Indemnified Parties”) harmless from and against all claims, demands, suits, losses, causes of action, or liability sustained by Indemnified Parties as a result of PAR’s breach of this Agreement or the Customer’s vicarious liability for any act or conduct of PAR adjudged to constitute fraud, misrepresentation, or violation of any law, statute, or regulation applicable to the conduct of PAR provided pursuant to this Agreement.
  2. This indemnification will include reasonable expenses, including attorney’s fees incurred by defending such claims; damages incurred because of PAR’s failure to comply with applicable laws, ordinances, and regulations; or damages otherwise caused by PAR.

Document transmission

Third-party service providers

  1. Transmission. Either Party may transmit documents (each a “Document”) electronically to the other Party, either directly or through any third-party service provider with which either Party may contract. Either Party may modify its election to use, not use, or change a third-party service provider with 30 days’ prior written notice to the other Party.
  2. Costs of third-party service providers. Each Party shall be responsible for the costs of any third-party service provider with which it contracts unless otherwise set forth via written (i.e., e-mailed, faxed, or letter) communication between the Parties.
  3. Liability for acts of third-party service providers. Each Party shall be liable for the acts or omissions of its third-party service provider while transmitting, receiving, storing, or handling Documents or performing related activities for, with, to, or from such Party, provided that, if both Parties use the same third-party service provider to effect the transmission and receipt of a Document, the originating Party shall be liable for the acts or omissions of such third-party service provider as to such Document.

System operations

Each Party, at its own expense, shall provide and maintain the equipment, software, services, and testing necessary to effectively, reliably, and confidentially transmit and receive Documents.

Signatures

Each Party shall adopt as its signature (“Signature”) an electronic identification consisting of symbol(s) or code(s) that are to be affixed to or contained in each Document transmitted by such Party. Each Party agrees that any Signature of such Party affixed to or contained in any transmitted Document shall be sufficient to verify that such Party originated such Document. Neither Party shall disclose to any unauthorized person the Signature of the other Party. Such Signature may be represented by the combination of the e-mail address and password of the Customer.

Proper receipt

No Document will be deemed to have been properly received or give rise to any obligation until accessible to the receiving Party at such Party’s e-mail address as used for PARiConnect registration.

Verification

On proper receipt of any Document, the receiving Party shall promptly and properly transmit a functional acknowledgment in return. A functional acknowledgment shall constitute conclusive evidence that the receiving Party has properly received a Document.

Integrity

The Parties will take reasonable measures to protect the integrity of all Documents and data. Neither Party will insert any virus, key locks, or other programs into the system, regardless of whether a dispute exists between the Parties. The receiving Party will return all information in usable form on request or on termination of the Agreement.

Amendment

PAR may amend this Agreement from time to time to the extent required to ensure consistency with the provisions of 42 U.S.C. §§ 1171 et seq., HIPAA, the HITECH Act, and regulations promulgated thereunder.

Term and termination

  1. This Agreement will be effective as of the date when the Agreement has been electronically accepted by the Customer (“Effective Date”) and remain in effect (the “Term”) until terminated as set forth below.
  2. This Agreement may be terminated:
    1. On written notice by the Customer;
    2. By the Customer in the event of PAR’s material breach of this Agreement, which has not been cured to the Customer’s satisfaction, in the Customer’s sole discretion, without penalty or recourse to the Customer and without limiting any other rights and remedies available to the Customer under this Agreement or applicable law; or
    3. By PAR after 36 months of inactivity on the Customer’s PARiConnect account, at which time PAR may presumptively determine that the Customer has terminated its use of PARiConnect.
  3. On termination of this Agreement for any reason:
    1. PAR will delete all Customer data and return or destroy all Client PHI received or created on behalf of the Customer, including Client PHI that is in the possession of any PAR subcontractors or agents, and will retain no copies of the Client PHI, unless PAR determines that the return or destruction of any or all Client PHI is not feasible;
    2. If PAR determines that the return or destruction of any or all Client PHI is not feasible, PAR will so notify the Customer in writing. If the Parties mutually agree that such return or destruction is not feasible, PAR will extend the protections of this Agreement to, and limit further uses and disclosures of, such Client PHI to those purposes that make the return or destruction not feasible so long as PAR maintains the Client PHI.

Additional stipulations

This Agreement also contains a number of stipulations that are specific to the use of PARiConnect by the Customer (“Additional Stipulations”), which have been included in the PARiConnect Terms and Conditions of Use and/or additional disclosures contained in this Agreement. By accepting this Agreement, the Customer also agrees to be bound by the Additional Stipulations.

Data Processing Agreement (EU Customers)

Data Processing Agreement last updated: April 11, 2019

The following terms and conditions (“Data Processing Agreement”) apply to PAR Customers who register to use PARiConnect and have establishments within the European Union (“EU”) or the European Economic Area (“EEA”) or otherwise are subject to or required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) (the “EU Customers”).

This Data Processing Agreement is supplemental to the PARiConnect Terms and Conditions of Use (“PARiConnect Terms”), a copy of which is available on request and through the PARiConnect platform at https://www.pariconnect.com. Where there is any conflict between this Data Processing Agreement and the PARiConnect Terms, this Data Processing Agreement shall prevail.

Generally

This Data Processing Agreement is to be interpreted consistently with the definitions contained in the GDPR. For example, the term “Personal Data” shall have the meaning set out in Article 4(1) of the GDPR. “Processor” and “Controller” shall have the meanings set out in GDPR Articles 4(7) and 4(8), respectively. “Personal Data Breach” shall have the meaning set out in GDPR Article 4(12). This Data Processing Agreement is subject to and governed by the laws of the EU or Member State under which the EU Customer’s Controller obligations arise.

Unless otherwise expressly stated, PAR acts as the Processor, and the EU Customer is the Controller with respect to Personal Data entered or submitted by the EU Customer or its clients via PARiConnect.

Data processing information

Pursuant to Article 28 of the GDPR, the parties agree that PAR will process Personal Data on behalf of the EU Customer in order to enable the EU Customer to conduct assessments and other tests on the PARiConnect platform so long as the Terms remain in effect. The Personal Data to be processed may include demographic data, assessment responses, contact information, and medical information of the clients of the EU Customer.

Controller obligations

The EU Customer agrees comply with its obligations under the GDPR.

Processor obligations

PAR agrees to comply with its Processor obligations under the GDPR, including, without limitation, its obligations to:

  • Process Personal Data only on documented instructions of the EU Customer as described in more detail below (see “Authorization”);
  • Take reasonable steps to ensure the security of Personal Data and as described in more detail below (see “Safeguards”);
  • Engage subprocessors to process Personal Data only with the EU Customer’s express consent and as described in more detail below (see “Subprocessors”);
  • Cooperate with and assist the EU Customer in fulfillment of its obligation to respond to data subject requests to exercise their rights, as described in more detail below (see “Data subject rights”);
  • Notify the EU Customer without undue delay on learning of a Personal Data Breach and assist the EU Customer in ensuring compliance with its obligations relating to Personal Data Breaches as described in more detail below (see “Personal Data Breaches”);
  • Assist the EU Customer in ensuring compliance with the EU Customer’s obligations with respect to data protection impact assessments or prior consultation as described in more detail below (see “Data protection impact assessment or prior consultation”);
  • Delete or return (the EU Customer’s option) all Personal Data to the EU Customer on termination of the services involving processing and as described in more detail below (see “Data disposition”); and
  • Provide the EU Customer with information and/or access for audits to demonstrate compliance as described in more detail below (see “Compliance”).

Authorization

Pursuant to Article 28(3)(a) of the GDPR, PAR will process Personal Data only on documented instructions of the EU Customer, including with regard to transfers of Personal Data to any other non-EU country, unless required by EU law that applies to PAR. In the latter case, PAR will inform the EU Customer of the legal requirement before such processing unless prohibited by EU law on important grounds of public interest. PAR will inform the EU Customer if it believes a documented instruction to process Personal Data infringes on Article 28(3) of the GDPR.

Safeguards

PAR will implement reasonable technical and organizational safeguards such as encryption and pseudonymization, stability and uptime, backup and disaster recovery, and regular security testing to safeguard Personal Data. Such safeguards will be appropriate to the relevant risks to the data subjects presented by the processing and by the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data processed, considering the state of the art implementation costs and the nature, scope, context, and purposes of processing.

PAR will implement reasonable administrative measures to ensure that Personal Data are processed only by authorized employees or individuals who have committed themselves to confidentiality and/or are under an appropriate statutory obligation of confidentiality.

Subprocessors

Pursuant to Article 28(2) and 28(4) of the GDPR, PAR will not engage subprocessors without the EU Customer’s prior specific or general written authorization. In the event that PAR is authorized to engage a subprocessor, PAR will ensure that such subprocessor is contractually or legally bound by all Processor obligations set forth in this Data Protection Agreement, and PAR will be fully liable to the EU Customer for any failure by such subprocessor to fulfill such obligations.

Data subject rights

PAR will assist the EU Customer by appropriate technical and organizational measures, to the extent possible and considering the nature of the processing, for the EU Customer to fulfill its obligation to respond to requests by data subjects to exercise their rights set out in Articles 12 to 23 of the GDPR.

If PAR receives data subject access requests relating to Personal Data of which PAR is the Processor and the EU Customer is the Controller, PAR shall refer the data subject access request to the EU Customer. Except where prohibited, PAR may charge the EU Customer for handling data subject access requests based on its usual time and materials rates (and without reference to any fee that may be charged by the EU Customer as Controller to the data subject under the GDPR).

Personal data breaches

Pursuant to Article 33(2) of the GDPR, PAR will notify the EU Customer without undue delay on becoming aware of a Personal Data Breach.

Pursuant to Article 28(3)(f) of the GDPR, PAR will assist the EU Customer in ensuring compliance with the EU Customer’s obligations under GDPR Articles 32 to 34 with respect to any Personal Data Breach, including the EU Customer’s notification, communication, and documentation obligations, considering the nature of processing and the information available to PAR.

Data protection impact assessment or prior consultation

Pursuant to Article 28(3)(f) of the GDPR, PAR will assist the EU Customer in ensuring compliance with the EU Customer’s obligations to prepare any data protection impact assessment required under GDPR Article 35 or to consult with a data supervisory authority prior to processing activities and to furnish information relevant to such activities when required under GDPR Article 36.

Data disposition

Pursuant to Article 28(3)(g) of the GDPR, PAR will delete or return (at the EU Customer’s option) all the Personal Data to the EU Customer after the end of the provision of services involving processing of the Personal Data and delete existing copies unless storage of the Personal Data is required by EU or Member State law.

Compliance

Pursuant to Article 28(3)(h) of the GDPR, PAR will make available to the EU Customer all information necessary to demonstrate compliance with the Processor obligations set out in Article 28 of the GDPR, and PAR will allow for and contribute to audits, including inspections, conducted by the EU Customer or another auditor mandated by the EU Customer.

Aggregated data

The EU Customer agrees that data provided to PAR may be aggregated with other data and used for analytical purposes. Where it is used for analytical purposes, PAR will ensure that the data are effectively anonymized prior to such use and that no individual will be identifiable from the data once anonymized and aggregated.

EU Customer indemnity

To the extent permitted by law, the EU Customer shall indemnify and hold PAR harmless against any claim from a data subject relating to a breach of the GDPR where PAR is the Processor and is acting in compliance with this Data Processing Agreement.