MHNConnect Policies and Procedures : Medical Home Network

MHNCONNECT POLICIES

Note: Capitalized terms have the meanings set forth in the Definitions Section.

A. MHN and the MHNConnect Portal

Medical Home Network (“MHN”) operates the MHNConnect Portal (the “MHNConnect Portal” or “MHNConnect”) as a Business Associate on behalf of one or more Covered Entities or upstream Business Associates.

B. Clinical Decisions

The MHNConnect Portal is a tool by which to (i) collect and aggregate Data received on behalf of Covered Entities from Portal Participants and other Data Suppliers and (ii) make Data available for Portal Participants and their Authorized Users for Permitted Purposes.

The MHNConnect Portal is not intended to, and cannot, provide a medical record or a complete medical history of any patient. However, all Portal Participants should consider the extent to which information in MHNConnect may qualify as part the Portal Participants’ Legal Health Record or Designated Record Set. For additional information on how to make this determination, please see Appendix 1.

MHNConnect is not intended to, and cannot, make clinical or other decisions. The MHNConnect Portal is not a substitute for Authorized Users’ consultation with patients and other health care providers or for Authorized Users’ exercise of their professional judgment.

C. Portal Participants

Portal Participants may access and use, and may authorize appropriate individuals to access and use, the MHNConnect Portal in accordance with their Portal Participation Agreement and these MHNConnect Policies and Procedures.

Portal Participants are responsible for ensuring that their Authorized Users learn and comply with the MHNConnect Policies and Procedures in accessing and using the MHNConnect Portal.

D. Data Access

Each Portal Participant and each of their Authorized Users will access Data available through the MHNConnect Portal only for Permitted Purposes, as allowed by the Portal Participation Agreement, the MHNConnect Policies and Procedures, HIPAA-HITECH and other applicable laws.

E. Data Protection

Each Portal Participant, each Authorized User and MHN will maintain the privacy and security of Data available through MHNConnect in accordance with the requirements and specifications of the applicable Portal Participation Agreement, the MHNConnect Policies and Procedures, HIPAA-HITECH and other applicable laws.

F. Data Content

MHNConnect contains Protected Health Information, as well as software code, intellectual property and other content licensed from third parties. Data stored by and available through MHNConnect will exclude information with respect to substance abuse, and other sensitive conditions subject to additional privacy protections to the extent required by law, the applicable Portal Participation Agreement, and individual consent documentation.

G. Content Ownership

All rights, title and interest in and to MHNConnect, including the content and all intellectual property rights, including all copyright, trademark, patent and trade secret rights therein (the “Content”) shall remain with MHN and/or MHN’s licensees, licensors and vendors; no ownership interest is transferred to Portal Participants, Authorized Users, or any other entity by virtue of making the Content available in the MHNConnect Portal.

H. MHNConnect Policies and Procedures

MHN adopts these MHNConnect Policies and the following MHNConnect Procedures to govern (i) the furnishing of Data to MHNConnect by Portal Participants and other Data Suppliers and (ii) the access to and use of MHNConnect by Portal Participants and their Authorized Users.

By using MHNConnect, you agree to comply with the policies and procedures set forth herein. We may change these policies and procedures from time to time as MHN deems necessary or appropriate for the compliant operation of the MHNConnect Portal. MHN will provide Portal Participants appropriate notice of changes in the MHNConnect Policies and Procedures, and such changes will be posted on the MHNConnect Portal. It is your responsibility to review these policies and procedures, and by continuing to use MHNConnect, you consent to any changes to our policies and procedures.

MHNCONNECT PROCEDURES

Note: Capitalized terms have the meanings set forth in the Definitions Section.

Article I
Operating Procedures for the MHNConnect Portal

MHNConnect Operations.
1. MHN will use reasonable efforts to make the MHNConnect Portal available to Portal Participants and their Authorized Users 24 hours per day, 7 days per week, except for downtime because of maintenance or unexpected interruption.
2. When downtime of the MHNConnect Portal occurs, MHN will use reasonable efforts to restore availability of the MHNConnect Portal as soon as practicable.
3. Access to, use of and the Data accessed or used through the MHNConnect Portal are provided "as is" and "as available."

2. MHNConnect Features and Functionalities.

MHNConnect allows Portal Participants and their Authorized Users to gain access to the following functionalities through a single sign-on, web-based application.

eCEDA alerts Medical Homes of activity relating to individuals assigned to the Medical Home at hospital Portal Participants to enable Authorized Users to monitor, track, and identify their patients’ Admission, Discharge, and Transfer (ADT) event activity at those hospitals.
Hospital Connect provides emergency room and inpatient hospital staff who are Authorized Users with point of care access to certain medical history and prescription information, as well as select care management information through the MHNConnect Portal. Hospital Connect enables Authorized Users to provide Medical Home information to patients to encourage appropriate emergency room utilization and reinforce Medical Home linkage.
Clinic Connect provides Authorized Users of Portal Participant Primary Care Providers (PCP) with access to certain Portal Participant hospital census data on individuals assigned to the PCP Medical Home or Care Management Entity (through MHNConnect to support continuity and coordination of care.
Care Management Connect allows Authorized Users of Portal Participant PCPs to foster inter-organizational care management by providing access to care management tools to risk-stratify patients, drive workflows, and prioritize care management tasks.
CME Connect allows care management entities or Authorized Users of Portal Participant Organizations to view access of CME identified real-time hospital activity in context to support transitions of care coordination.
eConsult enables Authorized Users communication between PCPs and specialty care providers to enhance access to care while also supporting appointment referrals when needed.
CommunityCare Connect supports collaboration and care coordination between social service agencies or behavioral health facilities and a CountyCare patient’s medical home/ care management team.

MHN Operational Responsibilities.
1. MHN will promptly inform Portal Participants of updates, upgrades and other changes that affect the operations, features or functionalities (including cessation) of the MHNConnect Portal by written notice to Authorized Site Managers before the implementation date of the updates, upgrades and other changes.
2. MHN will promptly inform Portal Participants of amendments, revisions or rescissions of provisions of the MHNConnect Policies and Procedures by written notice to Authorized Site Managers 15 days prior to the implementation date of the amendments, revisions or rescissions; provided that, if the change is required for MHN and/or Provider to comply with applicable law or the terms of MHN’s agreements with Covered Entities or upstream Business Associates, MHN may implement the change within a shorter period of time as MHN may determine appropriate under the circumstances.
3. MHN will post on the MHNConnect Portal a current set of MHNConnect Policies and Procedures and appropriate information regarding amendments, revisions or rescissions of provisions of the MHNConnect Policies and Procedures.
4. MHN will post on the MHNConnect Portal a current MHNConnect Basic User Manual and Frequently Asked Questions regarding use and operation of the MHNConnect Portal.
5. MHN will require MHN subcontractors engaged to assist or support MHN in maintaining, operating or providing support services for the MHNConnect Portal to comply with these MHNConnect Policies and Procedures. MHN will bind such MHN subcontractors that use or disclose Data to Business Associate terms consistent with MHN’s Business Associate obligations.

Portal Participant Operational Responsibilities.
1. Data Supplier. Each Portal Participant acting as a Data Supplier must do the following:
  - Furnish Data for the MHNConnect Portal in accordance with the media, format and other specifications set forth in the MHNConnect Basic User Manual.
  - Establish and maintain a virtual private network connection or other secure means of connectivity with the MHNConnect Portal approved by MHN.
  - Maintain responsibility for the security of the Data in transmission through the virtual private network connection or other secure means established by Data Supplier until the Data are received by the MHNConnect Portal
  - Obtain and maintain any written individual permissions or consents that may be required by applicable law for Data Supplier to furnish Data for the MHNConnect Portal
2. Data Recipient. Each Portal Participant acting as a Data Recipient must do the following:
  - Notify the MHNConnect Support Team in writing of the name and contact information of Portal Participant’s Authorized Site Manager and any Portal Participant officer designated and authorized by the organization’s Executive office.
  - Have the Portal Participant designate an Authorized Site Manager for each Site at which Authorized Users will access and use the MHNConnect Portal.
  - Notify the MHNConnect Support Team in writing of the name and contact information of each designated Authorized Site Manager.
  - Ensure that the Portal Participant’s Authorized Site Managers (i) identify to the MHNConnect Support Team each of Portal Participant’s Authorized Users; (ii) train Authorized Users regarding their access to and use of the MHNConnect Portal and compliance with the MHNConnect Policies and Procedures; (iii) inform Authorized Users of updates, upgrades and other changes to the MHNConnect Portal or to the MHNConnect Policies and Procedures that affect the operations, features or functionalities of the MHNConnect Portal; and (iv) optimize Authorized Users’ access to and use of the MHNConnect Portal.
  - Maintain responsibility for the privacy and security of the Data accessed by Portal Participant and its Authorized Users through MHNConnect.

Portal Participant Technical Requirements.

Each organization must confirm that Sites meet the software and hardware requirements to enable Authorized Users to access and use the MHNConnect Portal. The software and hardware requirements are attached as Appendix 2.

MHNConnect Training.
1. MHN will furnish an MHNConnect Basic User Manual to each MHNConnect Authorized Site Manager.
2. MHN will attempt to provide each Portal Participant a single training session regarding use of the MHNConnect Portal. The training session will introduce Authorized Site Managers and Authorized Users to the MHNConnect Portal. The objectives of the training session will be to orient Authorized Site Managers and Authorized Users to the MHNConnect Portal, to possible changes in workflow that may arise from use of MHNConnect, and to the roles and responsibilities of Authorized Site Managers and Authorized Users regarding access to and use of the MHNConnect Portal.
3. MHN will furnish an MHNConnect Basic User Manual and a Frequently Asked Questions handout to Authorized Site Managers and Authorized Users who participate in the MHN training sessions.
4. MHN may designate Authorized Site Managers to train other Authorized Site Managers and Authorized Users regarding (a) the roles and responsibilities of Authorized Site Managers and (b) access to and use of the MHNConnect Portal. MHN will provide teaching materials and written resources to be used for training Authorized Site Managers and Authorized Users.

Article II
Access and Use Procedures for the MHNConnect Portal

Authorization to Access and Use the MHNConnect Portal.
To qualify as an MHNConnect Authorized User, an individual must:
1. Be a current employee, workforce member, contractor, credentialed member of a Portal Participant’s medical staff or other individual associated with a Portal Participant;
2. Be authorized by the Portal Participant to use the MHNConnect Portal for a Permitted Purpose;
3. Be identified and authenticated to MHN by an Authorized Site Manager as an Authorized User of the Portal Participant through the process set forth in Section 2 below; and
4. Access and use the MHNConnect Portal only as authorized by the Portal Participant in compliance with the MHNConnect Policies and Procedures.
5. Users who implement the Duo Multifactor Authentication services available for MHNConnect hereby consent to the use of their information by Duo Security as described in Duo Security’s Services Privacy Notice and to the Duo Service Terms and Conditions.

Authorized User Identification and Authentication.
The following procedures govern the identification and authentication of a Portal Participant’s Authorized Users. These procedures shall be followed for each Site at which the MHNConnect Portal may be accessed or used:
1. An Account Manager will provide User Access Request Forms to the Authorized Site Manager
2. The Authorized Site Manager will be responsible for distributing User Access Request Forms and obtaining completed forms from each prospective MHNConnect user.
3. The Authorized Site Manager will verify the accuracy and completeness of the User Access Request Forms. The Authorized Site Manager’s approval of a User Access Request Form will be the Authorized Site Manager’s certification that the User Access Request Form is accurate, true and complete and that the individual identified by that User Access Request Form is authenticated as an Authorized User.
4. User Access Levels: The Authorized Site Manager is permitted to approve Authorized Users as Clinic Users or Hospital Connect Users. Only the Portal Participant’s CEO, CEO-appointed Portal Participant Leader, or Authorized Site Manager may approve Authorized Users to receive additional MHNConnect User Access Levels or user permissions.
5. The Authorized Site Manager will maintain a record of the User Access Level of each Authorized User. The Authorized Site Manager will also maintain the completed User Access Request Form of each Authorized User for as long as the individual remains an Authorized User and for at least six years following the termination of the individual as an Authorized User.
6. The Authorized Site Manager will submit an approved User Access Request Forms to the MHNConnect Support Team via fax (312-274-0555) or via email (mhnconnect@mhnchicago.org) or electronically via MHNConnect.
7. The MHNConnect Support Team will transfer the information on User Access Request Forms received from the Authorized Site Manager to the MHNConnect Portal administrative module. The MHNConnect Support Team will permission the Authorized User’s level of access as indicated on the completed User Access Request Form. For the MHNConnect Quarterly Audit, the Authorized Site Manager will be responsible in participating in verifying active/disabled users.

Access to and Use of the MHNConnect Portal.
1. An Authorized User may access Data in the MHNConnect Portal only for the following Permitted Purposes in accordance with HIPAA-HITECH:
  - To access any Data necessary for treatment of an individual. “Treatment” generally means the provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another. (45 C.F.R. § 164.501; see also HHS Health Information Privacy Guidance.)
  - To access the minimum necessary Data for the Portal Participant’s or Authorized User's health care operations including care coordination, case management or population- based activities to improve health or reduce health care costs (as specified in 45 C.F.R. § 164.501 (health care operations ¶ 1) with respect to the individuals served by the Portal Participant or Authorized User.
2. An Authorized User may access and use the MHNConnect Portal only from an Authorized Device.
3. After logging into the MHNConnect Portal, an Authorized User may not leave an Authorized Device unattended or unobserved without logging off.
4. An Authorized User must promptly log-off the MHNConnect Portal whenever the Authorized User is not using MHNConnect.
5. The MHNConnect Portal will automatically timeout and log-off an Authorized User if a session is inactive for more than 30 minutes.

Password Assignment and Establishment.
1. The MHNConnect Support Team will prompt the MHNConnect administrative module to auto- generate and assign a MHNConnect temporary password to each new Authorized User.
2. The MHNConnect administrative module will transmit each assigned temporary password to the Authorized User to the email address associated with the Authorized User in the MHNConnect administrative module.
3. The Authorized User must change the assigned temporary password the first time the Authorized User accesses the MHNConnect Portal.
4. The Authorized User will be required to create a user profile in MHNConnect. The user profile contact information will manage access in the event the Authorized User forgets their password.
5. An Authorized User who forgets their password may click on the "Forgot Password?" link and enter their email address. The Authorized User must provide their email address to verify their identity. Upon verification of the Authorized User email address, the MHNConnect administrative module will transmit a new temporary password to the Authorized User. The Authorized User must change the temporary password the next time the Authorized User accesses the MHNConnect Portal.
6. An Authorized User who forgets their user name may first click on the "Forgot your user name?" link. The link will provide the Authorized User with the MHNConnect phone number to contact for support.
7. An Account Manager will verify the Authorized User’s user name by reviewing MHN’s record of Authorized Users to confirm the request has been made by an Authorized User, then contacting the authorizing Portal Participant to confirm the Authorized User’s request. Upon verification of the request, an Account Manager will provide the Authorized User with the username on file.

Password Requirements.
1. Password must be created to ensure security of MHNConnect: Passwords are case sensitive and must be a minimum of eight characters in length.
2. Passwords must contain at least one number or special character, one upper case letter and one lower case letter.
3. Except for Authorized Users only permitted to access eConsult services ("eConsult Users"), an Authorized User’s password will automatically expire 90 days after the Authorized User establishes the password, regardless of the amount of the Authorized User’s activity. An eConsult User’s password will automatically expire after 180 days. Upon expiration of any Authorized User’s password, the MHNConnect information system will require the Authorized User to change the Authorized User’s password at the next login.
4. When an Authorized User changes the Authorized User’s password, the Authorized User must establish a new password that is different than any prior password established by the Authorized User.

User Name and Password Protection.
An Authorized User must manage and protect the Authorized User's user name and password by:
1. Not sharing the Authorized User's user name or password with any other person.
2. Not allowing any other person to use the Authorized User's user name or password.
3. Preventing the Authorized User's user name and password from being seen, learned, copied, guessed, stolen or otherwise obtained by another person.
4. Immediately notifying the applicable Authorized Site Manager for the authorizing Portal Participant if the Authorized User believes another person may have used, seen, learned, copied, guessed, stolen or otherwise obtained the Authorized User’s user name or password. If the Authorized User believes his password has been compromised, the Authorized User should notify the MHN support team and change it immediately.
5. Users will be locked out after five (5) invalid logon attempts.
6. User Accounts will remain locked until a request is made to the MHNConnect support team to unlock.

Prohibited Access to and Use of the MHNConnect Portal.
An Authorized User may not do any of the following when accessing or using the MHNConnect Portal:
1. Access, obtain, view, copy, or use Data, including Protected Health Information, unless authorized to do so by the authorizing Portal Participant and for a Permitted Purpose.
2. Violate any applicable federal or state statute or regulation, including HIPAA-HITECH.
3. Use any user name or password, other than the single use temporary password assigned to the Authorized User and the user name and password the Authorized User establishes.
4. Access or use the MHNConnect Portal in a way that could damage, disable, overburden, or impair the MHNConnect Portal or interfere with MHNConnect’s effective operations and functioning.
5. Restrict or inhibit another Authorized User from using the MHNConnect Portal.
6. Attempt to gain unauthorized access to any information, device, system or network connected to the MHNConnect Portal through hacking, password cracking, or other means.
7. Attempt to reverse-engineer, decompile, disassemble or otherwise derive the source code of any part of the MHNConnect Portal.
8. Access or use the MHNConnect Portal for a personal purpose.
9. Defame, abuse, harass, stalk, threaten or otherwise violate another person’s legal rights (such as rights of privacy and publicity).
10. Harvest, mine or otherwise collect information about Portal Participants and Authorized Users or about individuals whose information is maintained or available through the MHNConnect Portal.
11. Pursue any purpose or engage in any activity that may be illegal, cause harm to any person’s rights or property, or cause harm to individual or public health or safety.

Authorized User Support.
1. Level 1 Support. Each Authorized Site Manager is responsible for providing Level 1 Support for the Authorized Users of the Site for which the Authorized Site Manager is assigned responsibility. Level 1 Support includes:
  - Serving as the primary contact for handling and addressing issues arising in connection with access to and use of the MHNConnect Portal and gathering information about each issue to ascertain issue severity;
  - Providing reasonable assistance to Authorized Users to resolve, or assist in the resolution of, issues not addressed by the MHNConnect Frequently Asked Questions posted in the MHNConnect Portal;
  - Providing Authorized Users with available resolutions to identified issues;
  - Analyzing issue symptoms and gathering additional information from Authorized Users as necessary to enable MHN to resolve identified issues; and
  - Notifying and describing for Level 2 Support (as provided Article II, Section 8.2) any issue that the Authorized Site Manager suspects, after performing all Level 1 Support activities, may be arising from an MHNConnect application.
2. Level 2 Support. An Account Manager, acting as the MHNConnect Support Team, will provide Level 2 Support for all Authorized Users. Level 2 Support will be available Monday through Friday, 9 a.m. to 5 p.m. Central Time via the MHNConnect Support Ticket system within the MHNConnect Portal, email at mhnconnect@mhnchicago.org or phone (844-646-6300) . Level 2 Support is closed on all scheduled MHN holidays (which are consistent with all United States federal holidays). Level 2 Support includes:
  - Serving as the secondary contact for handling and addressing issues arising in connection with access to and use of the MHNConnect Portal;
  - Providing reasonable telephone and email advice and counsel that expands Level 1 Support activities; and
  - Correcting errors and communicating the status of activities associated with correcting errors.

Authorized User Privacy.
The MHNConnect Privacy Policy explains MHN’s practices with regard to the use, collection, maintenance, protection and disclosure of information by the MHNConnect Portal.

Suspension and Termination of Authorization to Access and Use the MHNConnect Portal.
1. MHN may suspend an Authorized User’s permission to access and use the MHNConnect Portal if MHN reasonably believes that the Authorized User has used or is using the MHNConnect Portal:
  - For an unlawful purpose or activity.
  - To infringe or facilitate the infringement of any copyright, patent or other intellectual property right.
  - In violation of any MHNConnect Policy or Procedure.
    MHN will notify the Authorized Site Manager and carbon copy executive leadership in writing of the suspension of an Authorized User’s access to and use of the MHNConnect Portal as soon as practicable, but not necessarily prior to effecting the suspension. The written notice will specify the terms of, the reason for and the corrective action required for ending the suspension.
2. MHN will terminate an Authorized User’s permission to access and use the MHNConnect Portal under the following conditions:
  - Upon termination of the applicable Portal Participation Agreement with MHN.
  - Upon termination of the Authorized User’s employment or other arrangement with the authorizing Portal Participant.
  - Upon MHN's determination, based on reasonable investigation, that there is sufficient evidence indicating that the Authorized User has:
    —Used the MHNConnect Portal for an unlawful purpose or activity;
    
    —Used the MHNConnect Portal to infringe or facilitate the infringement of any copyright, patent or other intellectual property right;
    
    —Violated the MHNConnect Policies and Procedures;
    
    —Used the MHNConnect Portal in a manner causing or creating a material risk of harm to the MHNConnect Portal, MHN or its subcontractors, a Portal Participant, another Authorized User, an individual or any other third party;
    
    —Provided materially false information for purposes of being authenticated, authorized or identified as an Authorized User;
    
    —Been charged with, convicted of or disciplined for committing identity theft or violating any information privacy or information security law; or
    
    —Been excluded from participation in Medicaid, Medicare or any other government health program.
    MHN will notify the Authorized Site Manager and carbon copy executive leadership in writing of the termination resulting from abuse of the Authorized User’s access to and use of the MHNConnect Portal prior to effecting the termination. The written notice will specify the terms of and the reason for the termination.
3. MHN may, depending on the facts and circumstances, terminate an Authorized User’s permission to access and use the MHNConnect Portal upon occurrence of one or more of the following:
  - Upon a change in the Authorized User’s duties with respect to the authorizing Portal Participant if that change makes the Authorized User’s continued access to and use of the MHNConnect Portal inappropriate.
4. Upon an authorizing Portal Participant’s revocation of an individual’s status as an Authorized User, termination of an Authorized User’s employment or other arrangement with the authorizing Portal Participant, or change in an Authorized User’s duties with respect to the authorizing Portal Participant that makes the Authorized User’s continued access to and use of the MHNConnect Portal inappropriate, the applicable Authorized Site Manager will immediately notify the MHNConnect Support Team to remove the Authorized User from MHN’s record of Authorized Users and terminate the Authorized User’s access to and use of the MHNConnect Portal. An Account Manager will, in response, promptly cancel and deactivate the user name and password for the MHNConnect Portal associated with that individual to prevent that individual’s further access to and use of the MHNConnect Portal.
5. Upon a Portal Participant ’s revocation or termination of an individual’s designation as an Authorized Site Manager, the Portal Participant’s Executive or the Executive’s designee will immediately notify the MHNConnect Support Team to remove the Authorized Site Manager from MHN’s record of Authorized Site Managers and, if appropriate, of Authorized Users. An Account Manager will, in response, promptly cancel the individual’s status as an Authorized Site Manager and, if the individual’s status as an Authorized User has also been revoked or terminated, cancel and deactivate the user name and password for the MHNConnect Portal associated with that individual to prevent that individual’s further access to and use of the MHNConnect Portal.

Article III
Security Procedures for the MHNConnect Portal

Data Security Protection.
1. MHN will ensure that the MHNConnect Portal at all times uses administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Data.
2. MHN will implement and maintain reasonable and appropriate security measures that prevent unauthorized use of the MHNConnect Portal and unauthorized access to or use of the Data.
3. Each Portal Participant will implement and maintain reasonable and appropriate security measures that prevent unauthorized use of its equipment and devices through which access may be gained to the MHNConnect Portal or the Data. All devices accessing MHNConnect will, at a minimum, be running a current version of antivirus software, using the applicable operating system’s firewall, and installing security patches the sooner of monthly or within 1 month of release.
4. Each Portal Participant will use reasonable and appropriate efforts that ensure that its connections with, submission of Data to, and access to Data through the MHNConnect Portal do not introduce any program, routine, instruction, virus or other threat that could disrupt the proper operation of, damage or destroy the MHNConnect Portal, any hardware and software used by MHNConnect, or the Data.
5. Each Portal Participant will use reasonable and appropriate safeguards to ensure that neither it nor its Authorized Users abuse or fraudulently use the MHNConnect Portal or the Data, process or allow the processing by the MHNConnect Portal any third party information that is not legitimately part of the Data, or attempt to reverse-engineer, decompile, disassemble or otherwise derive the source code of any part of the MHNConnect Portal.
6. A Portal Participant will promptly notify the MHNConnect Support Team of any suspicious activity, security incident or other untoward event that may threaten or cause damage to the operations of the MHNConnect Portal or that may threaten or has caused a breach of the confidentiality, integrity or availability of or the unauthorized use or disclosure of the Data maintained by MHNConnect.

Data Security Breach.
1. Data Security Breaches will be handled according to applicable law and MHN’s Business Associate Agreements with the affected Covered Entity or upstream Business Associate.

Article IV
Management Procedures for the MHNConnect Portal

Compliance, Complaints and Notification.
1. MHN will timely investigate and seek to mitigate and resolve patient complaints, Data privacy or security breaches, or other concerns related to compliance with the MHNConnect Policies and Procedures, its agreements with the applicable Covered Entity or upstream Business Associate, the Portal Participation Agreement and applicable law (“Compliance Matters”).
2. MHN will notify affected Portal Participants of Compliance Matters without unreasonable delay.
3. Portal Participants will cooperate with MHN in the investigation, resolution and mitigation of patient complaints, Data privacy or security breaches, or other concerns related to Compliance Matters, including implementation and completion of reasonable and appropriate corrective action to remedy and prevent reoccurrence of a compliance matter.
4. Any Authorized User that MHN finds may have violated the MHNConnect Policies and Procedures, the Portal Participation Agreement or applicable law may have access to and use of the MHNConnect Portal suspended or terminated pursuant to Article II, Section 10.

MHNConnect Portal Access Tracking and Recording.
1. The MHNConnect Portal will track and record the user name used to access MHNConnect, the IP address of the computer used to access MHNConnect, and the web pages (but not the Data content) accessed.
2. MHN will maintain these access records for at least 6 years following the date of access.
3. MHN will make available to a Portal Participant, upon request of a Portal Participant’s Authorized Site Manager, access reports pertaining to the user names associated with the Portal Participant’s Authorized Users.
4. MHN will have no responsibility for inspecting or maintaining records of the content of any Data furnished to or accessed through the MHNConnect Portal.

Conflict Resolution.
1. The provisions of the applicable Portal Participation Agreement will control any conflict with the provisions of the MHNConnect Policies and Procedures.
2. The provisions of the MHNConnect Policies will control any conflict with the provisions of the MHNConnect Procedures.
3. The provisions of the MHNConnect Policies and Procedures will control any conflict with the provisions of any supplemental MHNConnect materials such as the MHNConnect Basic User Manual and the Frequently Asked Questions.

MHNCONNECT POLICIES AND PROCEDURES
DEFINITIONS SECTION

The following capitalized terms used in the MHNConnect Policies and Procedures have these meanings:

Account Manager(s) collectively designated the "MHNConnect Support Team," means an individual, or group of MHN employees, designated by MHN who (i) manages set-up of and onsite training for Portal Participants, their Authorized Account Managers and Authorized Users, (ii) organizes and participates in clinical implementation planning and meetings, and (iii) provides Level 2 Support (pursuant to Article II, Section 8.2 of the MHNConnect Procedures) to Authorized Site Managers and Authorized Users.

Ancillary Provider means any provider of therapeutic, diagnostic or custodial services, including but not limited to: clinical laboratories, diagnostic laboratories, pharmacies, renal dialysis facilities, skilled nursing facilities, long-term care facilities, home health agencies, and physical, speech and occupational therapists.

Authorized Device means a device that has been approved by the authorizing Portal Participant for use by the Portal Participant’s Authorized Users to access and use the MHNConnect Portal.

Authorized Site Manager means the Authorized User, designated by a Portal Participant’s leadership, who has the following responsibilities for a designated Site: (i) managing the clinical staff implementation team and activities; (ii) participating in clinical implementation planning and meetings; and (iii) identifying, assigning, training and providing Level 1 Support (as described in Article II, Section 8.1 of the MHNConnect Procedures) to the Authorized Users at the Site.

Authorized User means an individual identified, authenticated and authorized by a Portal Participant to access and use the MHNConnect Portal for a Permitted Purpose in accordance with the User Access Level assigned to that Authorized User. “Authorized User” may include a Portal Participant’s employee, workforce member, or a credentialed member of Portal Participant’s medical staff.

Business Associate has the meaning ascribed to that term by 45 C.F.R. § 160.103.

Care Management Entity offers a centralized vehicle for coordinating the full array of needs for children, adolescents and adults with complex health or behavioral health issues.

Covered Entity has the meaning ascribed to that term by 45 C.F.R. § 160.103.

Data means information, including Protected Health Information furnished by a Data Supplier to MHNConnect for a Permitted Purpose.

Data Recipient means a Portal Participant and the Authorized Users of a Portal Participant that may access Data through the MHNConnect Portal for a Permitted Purpose.

Data Supplier is a Portal Participant, the Authorized Users of a Portal Participant, or a vendor acting on behalf of a Portal Participant that furnishes Data for the MHNConnect Portal for a Permitted Purpose.

Federally Qualified Health Center or FQHC means a health center that meets the requirements of 89 IL Admin Code 140.461(d).

Health Care Provider has the meaning ascribed to that term by 45 C.F.R. § 160.103.

Health Plan has the meaning ascribed to that term by 45 C.F.R. § 160.103.

HIPAA-HITECH means the Health Insurance Portability and Accountability Act of 1996, as amended, including the federal privacy regulations and security regulations promulgated pursuant to the Act and codified at 45 C.F.R. parts 160 and 164 and the Health Information Technology for Economic and Clinical Health Act provisions of Title XIII of the American Recovery and Reinvestment Act of 2009, Pub. Law No. 111-5 and its implementing regulations at 45 C.F.R. parts 160 and 164, as amended at 78 Fed. Reg. 5566

(Jan. 25, 2013).

Hospital Connect User means an Authorized User with rights to access Data relating to individuals receiving treatment services at a Portal Participant hospital.

Medical Home refers to a Portal Participant that is also the Primary Care Health Care Provider designated by the Health Plan or selected by the individual to direct the delivery of effective, coordinated health care services for an individual. Some Medical Homes are FQHCs.

Multi-Factor Authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Clinic Connect User means a primary care Authorized User with rights to access Data relating only to individuals assigned to a specific Medical Home.

Permitted Purpose is a purpose consistent with 45 C.F.R. § 164.506 and means (i) treatment (as defined by 45 C.F.R. § 164.501) of an individual, or (ii) the health care operations of care coordination, case management or population-based activities to improve health or reduce health care costs (as specified in 45 C.F.R. § 164.501 (health care operations ¶ 1)) with respect to individuals.

Portal Participant refers to a Health Plan, Health Care Provider (or a third party vendor acting on behalf of a Health Plan or Health Care Provider) that has entered into a contractual agreement with MHN (a "Portal Participation Agreement") regarding the terms and conditions for using the MHNConnect Portal.

Primary Care Health Care Provider or PCP means a Health Care Provider, who within the provider's scope of practice and in accordance with State certification requirements or State licensure requirements, is responsible for providing all preventive and primary care services to assigned patients. PCPs include FQHCs.

Protected Health Information or PHI has the meaning ascribed to that term by 45 C.F.R. § 160.103 and is PHI that MHN receives, stores and transmits for or on behalf of one or more Covered Entities. “Protected Health Information” or "PHI" shall also include PHI maintained in electronic media, or "ePHI".

Referral means a process used by Health Care Providers to arrange or communicate information regarding health care services provided or to be provided to an individual.

Site means a health care facility, hospital, clinic or office operated by a Portal Participant Health Care Provider to deliver health care services to individuals.

User Access Level refers to the permissions granted to an Authorized User to access and use various features and functionalities of the MHNConnect Portal. User Access Levels are determined by a variety of factors, including (a) the type of health care services delivered by the Portal Participant, and (b) the access authorized by the Portal Participant’s CEO or Authorized Site Manager in accordance with these MHNConnect P&Ps, and HIPAA-HITECH. User Access Levels are verified and implemented by an Account Manager.

Appendix 1
Defining the Designated Record

Set and the Legal Health Record What is the difference between the designated record set and the legal health record?

Legal Health Record: In the simplest terms, the legal health record contains information about an individual used by providers to make decisions about treatment, to document treatment and services provided to that individual, and as support for reimbursement requests related to the treatment and services.

Designated Record Set: The designated record set is defined by HIPAA. The designated record set includes the legal health record plus:

enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan, and
any record used by a covered entity to make decisions regarding an individual.

Records include any item, collection, or grouping of information that includes PHI.

The legal health record is the provider’s official business record related to its treatment of a patient. It is the record that a provider would produce in response to a subpoena.

A designated record set is used primarily by covered entities or their business associates to respond to an individual’s request for access to or amendment of their PHI under HIPAA.

Parts of a legal health record or a designated record set may be found in multiple locations. It would not be unusual for these records to be located on more than one of a provider or health plan’s systems or in both paper and electronic form. In addition, a business associate (like Medical Home Network) may hold certain parts of a designated record set or legal health record.

Organizations must determine all locations in which they keep parts of a legal health record and define the legal health record in a policy. Both providers and their business associates must determine what information each has that would be part of a designated record set or legal health record.

How do I know what information belongs in a designated record set or a legal health record?

The legal health record is a subset of the designated record set. Legal health records generally only include information a provider used in making health care decisions (treatment, services).

The designated record set includes all items that are part of the legal health record plus any information related to or used for claims payment and adjudication, or enrollment and coverage decisions regarding individuals.

Clinical records (history and physical, orders, lab reports (including from external or contract labs), assessments, consents and authorizations, and other kinds of clinical records as well as source clinical data (x-rays, images, fetal strips) are part of the legal health record. The legal health record may also include eligibility determinations and claims related information if that information is used to make decisions about, or to provide treatment or services. In addition, clinical support decision tools (like ADT alerts) may be part of the legal health record if they are relied by a provider to make medical treatment or service decisions.

External medical records of another provider’s treatment of an individual, or an individual’s personal health record (PHR) are not part of the legal health record unless the provider uses the information in the external record or PHR to make treatment or service decisions. However, external medical records are part of the designated record set.

Audit information, committee minutes, peer review data, research data, birth and death registers quality assurance, statistical data, eta data, and other similar information are not part of either the legal health record or the designated record set. Business associate records that are duplicates of covered entity records are not part of the designated record set.

APPENDIX 2
Portal Participant Technical Requirements

Technical Requirements for PCs, Tablets and Mobile Devices:

Minimum Recommended PC Configurations
	Desktop	Laptop
Clock rate	1.0 GHz or faster	2.0 GHz or faster
RAM	at least 2 GB	at least 4 GB
Hard disk	at least 100 GB	at least 120 GB
Graphics Card	On board or Discrete	On board or Discrete
OS	Windows 7 (or better)	Windows 7 (or better)
Ethernet Cards	10/100/1000 Mbps Ethernet	10/100/1000 Mbps Ethernet
Wireless Cards	Optional	802.11g/b/n Wireless, WPA2/802.11x Compatible

Minimum Recommended Macintosh Configurations
	Desktop	Laptop
Model	iMac, Mac Pro, or Mac mini	MacBook, MacBook Pro, or MacBook Air
Processor	Intel Core 2 or better	Intel Core i5 or better
RAM	at least 2 GB	at least 4 GB
Hard disk	at least 100 GB	at least 120 GB
Op Sys	Mac OSX 10.8 (High Sierra) or higher	Mac OSX 10.13 (High Sierra) or higher
Ethernet	10/100/1000 Mbps Ethernet	10/100/1000 Mbps Ethernet
Wireless	Airport card, or any 802.11b/g/n compatible wireless card, WPA2/802.11x compatible (Optional)	Airport card, or any 802.11b/g/n compatible wireless card, WPA2/802.11x compatible

Supported Desktop browser version by type:

Microsoft Edge (latest version)
Mozilla Firefox (latest version)
Google Chrome current (latest version):
If you are using a browser that is not listed above, please note that upgraded MHNConnect 2.0 system pages may not be displayed as designed and may not provide you with the best experience of using the site.
If you are using Internet Explorer, we recommend transitioning to one of the browsers listed above.

MEDICAL HOME NETWORK TERMS OF USE

TERMS OF USE

MHNU Corporation d/b/a Medical Home Network (hereinafter “MHN”, “we” or “us”), operates one or more websites (the “Website”) in support of its mission to achieve the Triple Aim for traditionally underserved populations -- improving individual experiences with the health care system, improving the health of populations, and reducing costs of care.

Acceptance of the Terms of Use

These terms of use are entered into by and between you (“you” or “user”) and MHN. The following terms and conditions, together with our Privacy Policy, incorporated herein by reference (collectively, these “Terms of Use”), govern your access to and use of the Website, including any content, functionality and services offered on or through MHN’s Website. These terms of use apply however the Website is accessed or used, whether through personal computers, mobile devices or otherwise, and includes any applications or other downloads from MHN.

Please read the Terms of Use carefully before you start to use the Website or any services, content, information, or goods provided through or in connection with the Website. By agreeing to the Terms of Use, you accept and agree to be bound and abide by these Terms of Use and our Privacy Policy, incorporated herein by reference. If you do not want to agree to these Terms of Use or the Privacy Policy, you must not access or use the Website.

The Website is offered and available to users who are 18 years of age or older and reside in the United States of America or its territories. By using this Website, you represent and warrant that you are of legal age to form a binding contract with MHN. If you are not 18 or older, you must not access or use the Website.

THIS AGREEMENT CONTAINS A MANDATORY ARBITRATION OF DISPUTES PROVISION THAT REQUIRES THE USE OF MEDIATION OR ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTION LITIGATION.

Changes to the Terms of Use

MHN may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them. The revised Terms of Use will apply to all access to and use of the Website thereafter. However, any changes to the dispute resolution provisions set forth in the Dispute Resolution section of these Terms of Use will not apply to any disputes for which the parties have actual notice prior to the date the change is posted on the Website.

Your continued use of the Website following your agreement to the revised Terms of Use means that you are bound by the changes.

Access to the Website and Account Security

To access the Website and its content, you may be asked to provide certain registration details or other information. It is a condition of your use of the Website that all the information you provide on the as part of your registration is correct, current and complete. You agree that all information you provide as part of your registration is governed by our Privacy Policy, and you consent to all actions we take with respect to your information consistent with our Privacy Policy.

You must treat your user name, password or any other piece of information provided as part of our security procedures, as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. We strongly recommend that you not access the Website from a public computer. If you must do so you should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.

We have the right to disable any user name, password or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms of Use.

Intellectual Property Rights

All rights, title and interest in and to the Website, including its content and all intellectual property rights, including all copyright, trademark, patent and trade secret rights therein (the “Content”) shall remain with MHN and/or MHN’s licensees, licensors and any other providers of material to the Website; no ownership interest is transferred to users or any other entity by virtue of making the Content available in the Website.

Except as set forth below, these Terms of Use permit you to use the Website only for your personal, noncommercial use. You must not reproduce, modify, distribute, download, store, transmit or otherwise use the material on the Website, except as follows:

Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.
You may store files that are automatically cached by your Web browser for display enhancement purposes.
You may print or download one copy of a reasonable number of pages of the Website Content for you own personal non-commercial use and not for further reproduction, publication or distribution.
If we make desktop, mobile or other applications available for download, you may download a single copy to your computer and mobile device solely for personal, noncommercial use, providing you agree to be bound by our end user license agreement for such applications,

If you wish to make any use of material on the Website other than that set out in this section, please address your request to: compliance@mhnchicago.org.

If you print, copy, modify, download or otherwise use or provide any other person with access to any part of Website or its Content in violation of these Terms of Use, your right to use the Website will cease immediately and you must, at MHN’s option, return or destroy any copies of the materials you have made. No right, title or interest in or to the Website or any Content on the Website is transferred to you, and all rights not expressly granted are reserved by MHN. Any use of the Website not expressly permitted by these Terms of Use is a violation of these Terms of Use and may violate copyright, trademark and other laws.

Prohibited Uses

You must not use the Website:

for an unlawful purpose or activity; (including, without limitation, any laws regarding the export of data or software to and from the US or other countries and the limitations imposed by HIPAA-HITECH);
to infringe or facilitate the infringement of any copyright, patent or other intellectual property right;
in violation of these Terms of Use;
to send, knowingly receive, upload, download, use or re-use any material which does not comply with the Content Standards set out in these Terms of Use;
to impersonate or attempt to impersonate MHN, a MHN employee, another user or any other person or entity;
in a manner causing or creating a material risk of harm to the Website, MHN or its subcontractors, its clients, another user, or any other third party;
to engage in any other conduct that restricts or inhibits anyone’s use of the Website or which, as determined by us, may harm MHN or users of the Website or expose them to liability;
to provide materially false information for purposes of being authenticated, authorized or identified as a user;
to pursue any purpose or engage in any activity that may be illegal, cause harm to any person’s rights or property, or cause harm to individual or public health or safety; or
to defame, abuse, harass, stalk, threaten or otherwise violate another person’s legal rights (such as rights of privacy and publicity).

Additionally, you agree not to:

use the Website or any device used to access it in any manner that could disable, overburden, damage, or impair the proper working of or access to or interfere with any other party’s use of the Website, including their ability to engage in real time activities through the Website;
use any manual process to monitor or copy any of the material on the Website or for any purpose without our prior written consent;
use any device, software, process or means that interferes with the proper working of the Website;
introduce any viruses, trojan horses, worms, malware, logic bombs or other material which is malicious or technologically harmful;
attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Website, the server on which the Website is stored, any Website Content, or any server, computer or database connected to the Website; or
attack the Website or otherwise attempt to interfere with the proper working of the Website.

Content Conditions and Usage

The Content of this Website, such as text, graphics, images, and other material contained on the Website are for informational purposes only. The Content is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read on this Website. This Website does not recommend or endorse any specific tests, physicians, products, procedures, opinions, or other information that may be mentioned on the Site.

Reliance on any Content provided by this Website is solely at your own risk. MHN is not responsible, or liable to you or any third party, for the content or accuracy of any Content presented on the Website. MHN does not warrant the accuracy, completeness or usefulness of the Content. MHN disclaims all liability and responsibility arising from any reliance placed on the Content by you or any other visitor to the Website, or by anyone who may be informed of any of its contents.

Website Records. MHN will maintain records relating to the operation of the Website, as MHN determines appropriate. MHN will not maintain, and will not be responsible for maintaining, records of the Content furnished to or accessed through the Website by you or any other user, or for inspecting any Content.

MHN Copyright Policy

MHN respects intellectual property rights and takes claims of copyright infringement seriously. All users of this Website and any other websites controlled by MHN are required to comply with applicable copyright laws. This Website accommodates and does not interfere with copyright holders’ standard technical measures to protect intellectual property. We will take action upon infringing material, including removal of or disabling access to such material, if we have actual or constructive knowledge of infringement or if we receive notice from a copyright holder alerting us to copyright infringement.

Take-Down Notice Procedures

If you believe materials accessible on or from this Website infringe your copyright, you may request removal of or denial of access to such materials by submitting written notification to our Copyright Agent designated below. MHN will respond promptly to any claim of infringement in accordance with the Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) (“DMCA”). Written notice (the “DMCA Notice”) to MHN must substantially include the following:

Your physical or electronic signature.
Identification of the copyrighted work you believe to have been infringed or, if the claim involves multiple works on the Website, a representative list of such works.
Identification of the material you believe to be infringing in a sufficiently precise manner to allow us to locate that material.
Adequate information by which we can contact you (including your name, postal address, telephone number and, if available, e-mail address).
A statement that you have a good faith belief that use of the copyrighted material is not authorized by the copyright owner, its agent or the law.
A statement that the information in the written notice is accurate.
A statement, under penalty of perjury, that you are authorized to act on behalf of the copyright owner.

Failure to include each of these elements in your DMCA Notice as required by Section 512(c)(3) of the DMCA may constitute an ineffective notice upon which no action will be taken.

Notices and counter-notices must be sent in writing to MHN’s DMCA agent as follows:

Gail Vijuk, Controller
MHNU Corporation
180 N. Stetson Ave., Suite 600-1
Chicago, IL 60642
312.274.0126
gvijuk@mhnchicago.org

Please submit only legitimate claims for copyright infringement in your DMCA Notice. Knowingly submitting a false DMCA Notice may result in your being held liable for damages (including costs and attorneys’ fees) under Section 512(f) of the DMCA. If you are unsure whether material available on our Website infringes your copyright, you should contact an attorney before submitting a DMCA Notice.

Take-Down Notification to Alleged Infringer and Counter-Notices

If we remove or disable access to material in response to an effective DMCA Notice, we will make a good-faith attempt to contact the user who generated such material so that such user may file a counter-notification with us (a “Counter-Notice”) pursuant to Sections 512(g)(2) and (3) of the DMCA. If you are submitting a Counter-Notice, it must substantially include the following:

Your physical or electronic signature.
An identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access disabled.
Adequate information by which we can contact you (including your name, postal address, telephone number and, if available, e-mail address).
A statement, under penalty of perjury, that you have a good faith belief that the material identified above was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled.
A statement that you will consent to the jurisdiction of the Federal District Court for the judicial district in which your address is located (or if you reside outside the United States for any judicial district in which the Website may be found) and that you will accept service of process from the person (or an agent of that person) who provided the Website with the complaint at issue.

All Counter-Notices should be sent to our Copyright Agent. Please submit only legitimate Counter-Notices. Knowingly submitting a false Counter-Notice may result in your being held liable for damages (including costs and attorneys’ fees) under Section 512(f) of the DMCA.

Upon receipt of a Counter-Notice, we will promptly provide the sender of the DMCA Notice with a copy of your Counter-Notice. Then, we will replace the removed material or cease disabling access to it not less than 10, nor more than 14, business days following receipt of the Counter-Notice, unless our Copyright Agent first receives notice from the sender of the DMCA Notice that such person has filed an action seeking a court order to restrain the person engaged in the allegedly infringing activity from doing so on our Website.

Changes to the Website

We reserve the right to withdraw or amend this Website, and any service or material we provide on the Website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Website, or the entire Website, to users, including registered users.

We will attempt to provide notice of changes to the Website that affect its operations, features and functionality of the Website.

Information About You and Your Visits to the Website

All information we collect on this Website is subject to our Privacy Policy. By using the Website, you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy.

Linking to the Website

You may link to the Website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part without our express written consent.

If you link to the Website, you must not:

Establish a link from any website that is not owned by you.
Cause the Website or portions of it to be displayed, or appear to be displayed by, for example, framing, deep linking or in-line linking, on any other site.
Link to any part of the Website other than the homepage.
Otherwise take any action with respect to the materials on this Website that is inconsistent with any other provision of these Terms of Use.

The Website shall not be linked to a social media website or account without the express written permission of MHN. You agree to cooperate with us in stopping any unauthorized framing or linking immediately. We reserve the right to withdraw linking permission without notice.

Links to Other Websites

Through the Website, users can access other websites or applications owned or controlled by third-parties. MHN is not responsible for the privacy policies or content of those websites. The use and collection of information by these third-parties is governed by their respective privacy statements and is not covered by these terms of use. Access and use of such websites, including the content, information or services on those sites, is solely at your own risk. MHN makes no guarantee and disclaims any implied representations or warranties about the accuracy, relevance, timeliness, completeness, or appropriateness of these third-party websites, the information contained in them or the products or services they provide. The use those third-party websites may subject you to separate binding agreements and privacy statements. These Terms of Use do not apply to your interactions on those other websites.

Geographic Restrictions

MHN is based in the state of Illinois. We provide this Website for use only by persons located in the United States. Access to the Website may not be legal by certain persons or in certain countries. Do not access the Website from outside the United States.

Limitation/Disclaimer of Liability

NEITHER MHN NOR ITS OFFICERS, DIRECTORS, EMPLOYEES, AFFILIATES, AGENTS OR SUBCONTRACTORS SHALL BE HELD LIABLE FOR ANY IMPROPER OR INCORRECT USE OF ANY OF THE CONTENT AND ASSUME NO RESPONSIBILITY FOR ANYONE'S USE OF THE INFORMATION. USER IS SOLELY RESPONSIBLE FOR ANY AND ALL ACTIONS OR OMISSIONS TAKEN OR MADE BY USER IN RELIANCE ON OR IN CONNECTION WITH ACCESS TO THE WEBSITEOR THE CONTENT THEREIN.

MHN CANNOT AND DOES NOT GUARANTEE OR WARRANT THAT FILES AVAILABLE FOR DOWNLOADING FROM THE INTERNET OR THE WEBSITE WILL BE FREE OF VIRUSES OR OTHER DESTRUCTIVE CODE. YOU ARE RESPONSIBLE FOR IMPLEMENTING SUFFICIENT PROCEDURES AND CHECKPOINTS TO SATISFY YOUR PARTICULAR REQUIREMENTS FOR ANTI-VIRUS PROTECTION AND ACCURACY OF DATA INPUT AND OUTPUT, AND FOR MAINTAINING A MEANS EXTERNAL TO OUR SITE FOR ANY RECONSTRUCTION OF ANY LOST DATA.

MHN WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT. MHN HAS NO RESPONSIBILITY OR OBLIGATION TO REPLACE ANY HARDWARE, SOFTWARE OR MEDIA DAMAGED BY ACCESS TO, OR ACCIDENT, ABUSE OR MISUSE OF THE WEBSITE OR THE CONTENT THEREIN.

IN NO EVENT SHALL MHN OR ITS OFFICERS, DIRECTORS, EMPLOYEES, AFFILIATES, AGENTS OR SUBCONTRACTORS, BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR ANY OTHER DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE WEBSITE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS DISCLAIMER OF LIABILITY APPLIES TO ANY DAMAGES OR INJURY, INCLUDING BUT NOT LIMITED TO THOSE CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OR UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF RECORD, WHETHER FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE OR UNDER ANY OTHER CAUSE OF ACTION.

TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE MAXIMUM AGGREGATE LIABILITY OF MHN, ITS OFFICERS, DIRECTORS, AGENTS, EMPLOYEES, SUBCONTRACTORS, CUSTOMERS, AND ITS VENDORS FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, SHALL NOT EXCEED THE FEES PAID BY YOU SOLELY FOR THE RIGHT TO USE THE PARTICULAR INFORMATION OR SERVICE PROVIDED BY MHN HEREUNDER OR $25.00, WHICHEVER IS GREATER.

You acknowledge and agree that the limitations set forth above are fundamental elements of this Agreement, and neither the Website nor the Content would be provided to you absent such limitations.

Disclaimer of Warranties

MHN PROVIDES DATA AND INFORMATION ON AN "AS IS" AND “AS AVAILABLE” BASIS. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, FREEDOM FROM CONTAMINATION BY COMPUTER VIRUSES AND NON-INFRINGEMENT OF PROPRIETARY RIGHTS ARE DISCLAIMED.

Your use of (including any access to) the Website and the Content and any other internet sites linked to the Website, including any resources contained on, or otherwise made available by them, is solely at your own risk.

NEITHER MHN NOR ANY PERSON ASSOCIATED WITH MHN MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER MHN NOR ANYONE ASSOCIATED WITH MHN REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

THE OPERATION OF THE WEBSITE MAY BE AFFECTED BY NUMEROUS FACTORS BEYOND MHN’S OR ITS CUSTOMERS OR VENDORS’ CONTROL. THE OPERATION OF THE WEBSITE, WHETHER BY MHN, ITS CUSTOMERS, OR ITS VENDORS, MAY NOT BE SECURE. SECURITY AND PRIVACY RISKS CANNOT BE ELIMINATED. PASSWORD PROTECTION AND ANY OTHER SECURITY MEASURES MAY NOT PREVENT UNAUTHORIZED ACCESS TO MATERIALS.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Indemnification

You agree to defend, indemnify and hold harmless MHN, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of these Terms of Use or your use of the Website, including, but not limited to, your User Contributions, any use of the Website’s Content, services and products other than as expressly authorized in these Terms of Use or your use of any information obtained from the Website.

Governing Law and Jurisdiction

All matters relating to the Website and these Terms of Use and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the laws of the State of Illinois without giving effect to any choice or conflict of law provision or rule. Any action or proceeding arising out of, or related to, these Terms of Use or the Website shall be instituted exclusively in the federal courts of the United States or the courts of the State of Illinois, located in Chicago, Illinois.

Dispute Resolution

a. The parties will make good faith efforts to first resolve internally any dispute arising from or related to the Website and these Terms of Use before submitting it to arbitration. Neither party may submit the dispute for arbitration under Subsection (b) until thirty (30) days have elapsed from the initiation of such good faith efforts.

b. Arbitration. EXCEPT FOR DISPUTES THAT QUALIFY FOR SMALL CLAIMS COURT, YOU IRREVOCABLY AND UNCONDITIONALLY WAIVE ANY RIGHT YOU MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LEGAL ACTION ARISING OUT OF OR RELATING TO THE WEBSITE OR THESE TERMS OF USE. IF A DISPUTE ARISES OUT OF OR RELATES TO PORTAL OR THESE TERMS OF USE AND THE PARTIES FAIL TO SETTLE THE DISPUTE THROUGH NEGOTIATION PURSUANT TO SUBSECTION (A), MHN MAY ELECT, AT ITS SOLE DISCRETION, TO SUBMIT THE DISPUTE FOR BINDING ARBITRATION IN ACCORDANCE WITH THE AMERICAN HEALTH LAWYERS ASSOCIATION ALTERNATIVE DISPUTE RESOLUTION SERVICE RULES OF PROCEDURE FOR ARBITRATION BY A SINGLE ARBITRATOR WITH EXPERIENCE IN HEALTH INFORMATION TECHNOLOGY AND CLINICALLY INTEGRATED NETWORKS. THE ARBITRATOR WILL CONDUCT HEARINGS, IF ANY, BY TELECONFERENCE OR VIDEO CONFERENCE, RATHER THAN BY PERSONAL APPEARANCES, UNLESS THE ARBITRATOR DETERMINES UPON REQUEST BY YOU OR BY US THAT AN IN-PERSON HEARING IS APPROPRIATE. ANY IN-PERSON APPEARANCES WILL BE HELD AT A LOCATION WHICH IS REASONABLY CONVENIENT TO BOTH PARTIES WITH DUE CONSIDERATION OF THEIR ABILITY TO TRAVEL AND OTHER PERTINENT CIRCUMSTANCES. IF THE PARTIES ARE UNABLE TO AGREE ON A LOCATION, SUCH DETERMINATION WILL BE MADE BY THE ARBITRATOR. IF YOU ARE ABLE TO DEMONSTRATE THAT THE COSTS OF ARBITRATION WILL BE PROHIBITIVE AS COMPARED TO THE COSTS OF LITIGATION, MHN WILL PAY AS MUCH OF YOUR FILING AND HEARING FEES IN CONNECTION WITH THE ARBITRATION AS THE ARBITRATOR DEEMS NECESSARY TO PREVENT THE ARBITRATION FROM BEING COST-PROHIBITIVE.

JUDGMENT UPON THE AWARD RENDERED BY THE ARBITRATOR MAY BE ENTERED IN ANY COURT HAVING JURISDICTION IN CHICAGO, ILLINOIS. YOU AGREE THAT ANY ARBITRATION UNDER THIS AGREEMENT WILL TAKE PLACE ON AN INDIVIDUAL BASIS; CLASS ARBITRATIONS AND CLASS ACTIONS ARE NOT PERMITTED AND YOU ARE AGREEING TO GIVE UP THE ABILITY TO PARTICIPATE IN A CLASS ACTION.

THE PARTIES, THEIR REPRESENTATIVES, OTHER PARTICIPANTS, AND THE ARBITRATOR SHALL HOLD THE EXISTENCE, CONTENT, AND RESULTS OF THE DISPUTE RESOLUTION PROCEEDINGS IN CONFIDENCE. THIS PROVISION SHALL SURVIVE THE TERMINATION OF THIS AGREEMENT.

WITH THE EXCEPTION OF ANY OF THE LANGUAGE ABOVE IN THIS DISPUTE RESOLUTION PROVISION RELATING TO THE WAIVER OF CLASS AND REPRESENTATIVE ACTIONS, IF A COURT DECIDES THAT ANY PART OF THIS DISPUTE RESOLUTION PROVISION IS INVALID OR UNENFORCEABLE, THE OTHER PARTS OF THIS DISPUTE RESOLUTION PROVISION SHALL STILL APPLY. IF A COURT DECIDES THAT ANY ASPECT OF THE LANGUAGE ABOVE IN THIS DISPUTE RESOLUTION PROVISION RELATING TO THE WAIVER OF CLASS AND REPRESENTATIVE ACTIONS IS INVALID OR UNENFORCEABLE, THEN THE ENTIRETY OF THIS DISPUTE RESOLUTION PROVISION SHALL BE NULL AND VOID. THE REMAINDER OF THE AGREEMENT WILL CONTINUE TO APPLY AND BE UNAFFECTED BY THIS SEVERABILITY PROVISION.

Waiver and Severability

No waiver by MHN of any term or condition set forth in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of MHN to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision.

If any provision of these Terms of Use is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.

Entire Agreement

These Terms of Use and any separate agreement you may have to use the Website constitute the sole and entire agreement between you and MHN with respect to Website and supersede all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to Website.

Effective Date: January 12, 2017

Revision date 1.6.2017

MHNConnect Policies and Procedures