Agreement for Remote Access to
Cheyenne Regional Medical Center’s Network & Systems
This Agreement for Remote Access will help to identify expectations concerning the use of electronic patient care applications and technologies of Memorial Hospital of Laramie County d/b/a Cheyenne Regional Medical Center, its affiliates and subsidiaries (collectively “CRMC”). This Agreement is designed to be comprehensive to avoid the need to sign multiple agreements to address security, privacy and confidentiality issues. It covers all currently installed CRMC clinical and business applications. It also covers wired and wireless networks and hardware such as computers and printers.
1. Parties. This Agreement is entered into by and between CRMC, whose address is 214 East 23rd Street, Cheyenne, Wyoming 82001, and the Remote Access User indicated below (“User”).
2. Purpose. The purpose of this Agreement is to allow limited access to the CRMC network via a VPN (Virtual Private Network) connection or other secure method(s). The parties anticipate that such networking shall enhance the quality and continuity of healthcare provided to community residents.
3. Certifications of User. User certifies that:
a) User will access only the minimum amount of information necessary to fulfill the purpose for which it is being accessed.
4. Privacy & Security of Identifiable Patient Information. User acknowledges that it will, pursuant to this Agreement, be given access to CRMC’s network. Though CRMC will make reasonable efforts to restrict User’s access to only that information that is necessary, User may still be able to access protected health information. User understands and agrees that it is strictly prohibited from accessing protected health information for any purpose other than the purpose of the underlying agreement between the parties. In the event that User accesses information for any other purpose, whether or not inadvertently, User shall immediately notify CRMC of such unauthorized access.
When making a report of such unauthorized use and/or disclosure of Protected Health Information, such report shall include at least the following information:
a) The identity of each individual whose information was accessed, acquired or disclosed;
b) A brief description of what happened;
c) The date User discovered the unauthorized use or disclosure;
d) The nature of the Protected Health Information that was involved (e.g., social security numbers, date of birth, etc.);
e) Any steps individuals should take to protect themselves from potential harm resulting from the unauthorized use or disclosure; and
f) A brief description of what User is doing to investigate the unauthorized use or disclosure, to mitigate harm to Individuals, and to protect against any further unauthorized uses or disclosures.
Any unauthorized access by User shall entitle CRMC to be indemnified by User in accordance with Section 5 below. In addition, CRMC shall have full authority to audit User’s activities to ensure compliance in any manner it deems appropriate, in its sole discretion.
5. Indemnity. The parties acknowledge that CRMC is relying upon the certifications made by User in Section 3 above. User agrees to indemnify, defend and hold CRMC harmless against any damage to, claim against, or loss or expense incurred by CRMC that arises from or in any way relates to this Agreement or User’s acts, omissions or misrepresentations pursuant hereto.
6. Term of Agreement. This Agreement is effective when User has executed it. This Agreement shall be for a period of one year and will be renewed automatically unless notified by either party writing. If User has checked “One Time Access” on the last page, this Agreement will terminate immediately after the date of access.
7. Termination. Either party may terminate this Agreement by providing the other party with a thirty (30) day, advance written notice. CRMC shall disconnect network access connections upon termination of the Agreement. CRMC reserves the right to immediately disconnect any network connection that is causing any problems on the CRMC wide-area network, or is in violation of CRMC’s policies regarding IT systems, security and HIPAA standards, or for any other reason and in its sole discretion.
8. Fee for access. There is no fee for remote access connections to CRMC’s network. The charging of fees is subject to change at CRMC's sole discretion, and User will be notified in writing of any changes within thirty (30) days.
9. Responsibilities of CRMC. To allow access to its network, CRMC will provide User with an operable VPN network connection to the appropriate CRMC's system within CRMC or other secure connection methods as determined by CRMC.
10. Responsibilities of User. User agrees to the affirmative duties set forth below and agrees to be solely responsible for the following services/equipment:
a) Any and all hardware and/or support that a computer workstation may require to be operable;
b) Any and all software licensing and fees necessary to make the network access possible and productive;
c) Any and all software installation;
d) Any and all networking, software, computer configuration, and support within the User’s office space or any remote systems located within CRMC but owned or leased by the User;
e) User agrees to properly install and maintain virus protection and Microsoft security patches on all PCs and servers within User’s office space that are connected to CRMC's network;
11. Waiver of Warranties. User agrees and understands that no warranties, either explicit or implied, are provided by CRMC for services provided under this Agreement. The User expressly acknowledges, agrees and understands that:
a) CRMC is not responsible for any damage caused from system outages;
b) CRMC does not guarantee any particular network connection speed;
c) CRMC does not guarantee any particular WWW Internet speed.
12. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Wyoming. If any action is brought to enforce or interpret this Agreement the venue shall be in Laramie County, Wyoming.
13. Governmental Immunity. The parties acknowledge that CRMC does not, by entering into this Agreement, waive the tort immunity provided to it by the Wyoming Governmental Claims Act, W.S. § 1-39-101 et seq. (the “Act”), and CRMC retains all immunities and defenses provided to it by the Act. Furthermore, as contemplated by the Act (in W.S. § 1-39-104(a)), CRMC specifically reserves to itself immunity from actions based upon contract, including actions based upon this Agreement. Any part of this Agreement that conflicts with the tort immunity provided by the Act or with CRMC's reservation of contractual immunity under this Section shall be void and of no effect. Any actions or claims against CRMC under this Agreement, to the extent that the same are permissible under the terms of this Section and/or applicable law, must be brought in accordance with the procedural requirements of the Act. In the event that User makes a claim against CRMC that is not in accordance with the Act’s procedural requirements, the party bringing the claim shall reimburse CRMC for all costs, including reasonable attorneys' fees, incurred by CRMC in defending such claim.
14. Waiver of Breach. The waiver by CRMC or by the User of any breach of any provision of the Agreement shall not operate or be construed as a waiver of any subsequent breach by either CRMC or the User.
15. Amendments. No amendment or modification of the terms and conditions of this Agreement shall be valid unless in writing, signed by both parties hereto.
16. Entire Agreement/Modifications. This instrument constitutes the entire Agreement between the parties, superseding all prior communications, oral or written. No statements, promises or inducements made by either party or agent of either party, express or implied, shall be valid or binding if not contained in the written Agreement. No modifications to the Agreement shall be effective or binding unless in writing over the duly authorized signatures of the parties hereto. This section shall not be deemed waived by any alteration or modification, which does not conform to the above provisions of this section.
17. Counterparts. This Agreement may be executed simultaneously, in one or more counterparts, each of which shall be deemed an original but all of which shall together constitute one and the same instrument.
18. Non-assignability. This Agreement shall be binding upon and shall inure to the benefit of the User and CRMC and its successors, assigns, and legal representatives. Neither this Agreement nor any rights hereunder may be assigned by the User without the written consent of CRMC.
19. Change of Law. The terms of this Agreement are intended to comply with all federal, state and local statutes, regulations and ordinances applicable on the date the Agreement takes effect including but not limited to HIPAA and, in the event of conflict, the state and/or the federal law will supersede the terms of this Agreement. The parties agree to execute such amendments as may be necessary for HIPAA compliance as additional regulations are promulgated or become final and effective. In the event that any federal or state legislative or regulatory authority adopts any law or regulation which (a) renders this Agreement illegal or prohibited by applicable law or regulation; (b) threatens CRMC’s tax-exempt status; (c) establishes a material adverse change in the method or amount of reimbursement or payment for services under this Agreement; (d) imposes requirements which require a material adverse change in the manner of either party’s operations under this Agreement; or (e) legal counsel for either party advises that any of the terms or conditions of this Agreement poses an unreasonable risk of violating any law or regulation, then, upon the request of either party, the parties will enter into good faith negotiations for the purpose of establishing such amendments or modifications as may be appropriate in order to accommodate the change in law or regulations while preserving the original intent of this Agreement to the greatest extent possible. If, after fifteen (15) days of such good faith negotiations, the parties are unable to reach an agreement as to how this Agreement will continue, then either party may terminate this Agreement upon one (1) day prior written notice. Notwithstanding the foregoing, if the change in law requires the immediate termination of this Agreement, this Agreement will be deemed to be so terminated.
20. Signatures. By signing this Agreement, the User acknowledges that he/she has read, and understood the terms of the Agreement and agrees to be bound by it.
21. Limitation of Liability. CRMC and its licensors acknowledge that this Agreement provides User the ability to access information, whether clinical or other, and that CRMC and its licensors will not be liable to User or to other third parties for indirect, direct, incidental, consequential, special, punitive, or exemplary damages of any kind as a result of incorrect clinical decision or adverse patient outcome and any breach of any term of this Agreement (including misuse of any application or careless use of electronic devices such as loss of such devices) or with respect to any and all claims arising from or related to the subject matter of this Agreement whether in contract, tort, or otherwise, and CRMC’s and its licensors’ aggregate liability arising out of or related to this agreement shall not exceed the total amounts payable by User hereunder, subject to applicable state law. CRMC has no responsibility for the content, accuracy, or interpretation of any communication facilitated by use of these Applications or information databases available through these Applications. CRMC has no responsibility for any action taken by User, including but not limited to any health care administered by User in reliance of any communication facilitated by use of these Applications or information databases available through these applications. CRMC has no responsibility for unauthorized access to or use of these Applications from User’s electronic devices. CRMC has no responsibility for unauthorized disclosure or patient information by anyone accessing or using User’s computer(s) or facsimile machine(s). CRMC has no responsibility for compiling storing, or maintaining patient files of any kind. CRMC has no responsibility for obtaining proper patient consents, releases and/or authorizations for User to use these Applications to facilitate electronic communication of confidential patient information.
22. Applications Access and Utilization. CRMC shall have no liability for the performance of such connection to the Internet to access to these Applications. User agrees to follow the instructions and standards for use of these Applications set forth in the learning sessions and documentation and other related documentation.
23. Authorized Communication. User authorizes communication of patient identifiable information through use of these Applications from and with any and all individuals and entities that are authorized to use these Applications, and further authorizes inclusion of User’s name or entity in such individuals’ and entities’ subdirectories. User acknowledges that these Applications are intended for communication between the sponsoring hospital or facility and its subscribers; that any unintended or unauthorized use by User to communicate confidential patient information may compromise the security of the patient information; and that User will be responsible and liable for any such unauthorized disclosure.
24. Applied to All Users. The terms of this Agreement apply to each person or entity who accesses these applications on User’s computer(s) or facsimile machine(s). User shall have responsibility to ensure compliance with the terms of this Agreement by each such User.
25. User Authentication. As a User of these Applications, User will enter the Applications by identifying User. User’s personal User identification and password may not be shared with any other User. User shall take all reasonable steps necessary to safeguard all assigned passwords including, but not limited to, establishing and enforcing reasonable procedures to ensure that all persons who are assigned passwords maintain their confidentiality and otherwise limit the use of these Applications to prevent unauthorized access and use. In the future, User may be required to authenticate User’s identification through other means. These may include biometric identification such as fingerprint, recognition and random password generation keyrings.
26. Patient Information. All patient information accessed via these Applications is absolutely confidential and is never to be viewed by or disclosed to anyone other than authorized persons who have a legitimate need to know the information in accordance with applicable law. Patient information is legally and ethically considered privileged information and is protected by law. User agrees to indemnify and hold CRMC harmless against any claim or penalty arising as a result of User’s intentional, reckless or willful misuse of protected health care information or User’s failure to comply with this Agreement.