End User License and Terms of Use Agreement

PLEASE READ THIS END USER LICENSE AND TERMS OF USE AGREEMENT (THE “AGREEMENT”) CAREFULLY. DOWNLOADING, INSTALLING OR USING DOCTOME SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.

DOCTOME, INC. (“DOCTOME”) IS WILLING TO LICENSE ITS SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS AGREEMENT. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE, YOU ARE BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT (EITHER “YOU,” “PATIENT”, OR “PROVIDER”, AS APPLICABLE) TO THE AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THE AGREEMENT, THEN DOCTOME IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND YOU MAY NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE.

IF YOU HAVE AN EMERGENCY, DO NOT USE THE SOFTWARE! CALL 911 AND YOUR HEALTH CARE PROVIDER AND REQUEST EMERGENCY CARE ASSISTANCE.

  1. Description of Software

This Agreement is a legal agreement between you and DocToMe for the use of the ethizo™ downloadable and online software (the “Software”) as made available through various third-party retailers (e.g. iTunes, google app store etc.) and our websites, https://ehr.ethizo.com & https://pms.ethizo.com (the “Website”). This Agreement includes all versions of the Software on all platforms.

Our Software provides an accessible, affordable, and professional platform for provision of care by health care providers (“Providers”) to their patients (“Patients”). It also allows Patients to interact with Providers. The Software is designed to enable healthcare providers to participate in qualified health information networks and to exchange health information in compliance with applicable interoperability standards and regulations.

  1. License

This license granted to you by DocToMe is limited to a non-exclusive, non-transferable, non-sub-licensable, revocable license to use the Software through the “Website” or on your iPhone, Android phone, or any other approved device, solely for the purpose of performing those functions and tasks available to you as an end user of the Software. This license does not allow you to use the Software on any iPhone, Android phone, or any other approved device that you do not own or control, and you may not distribute or make the Software available over a network where it could be used by multiple devices at the same time. You may not rent, lease, lend, sell, redistribute or sublicense the Software. You may not copy (except as expressly permitted by this license), decompile, reverse engineer, disassemble, attempt to derive the source code of, modify, or create derivative works of the Software, any updates, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open sourced components included with the Software). Any attempt to do so is a violation of the rights of DocToMe and its licensors. If you breach this restriction, you may be subject to prosecution and damages. The terms of the license will govern any upgrades provided by DocToMe that replace and/or supplement the original Software, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern, and you agree to promptly install any such upgrade and cease use of the prior version.

  1. Copyright and Trademark

This Software is owned by DocToMe and is protected by United States and International Copyright laws and treaties. Some aspects of the Software may also be protected by U.S. and international trademark, trade secret, and patent laws and treaties. All rights of any kind in the Software which are not expressly granted in this License are entirely and exclusively reserved to DocToMe.

Digital Millennium Copyright Notice and Other Reports of Infringement:

Pursuant to 17 U.S.C. § 512(c)(2) (known as the Digital Millennium Copyright Act of 1998), you may contact DocToMe to report the infringement of any intellectual property right through DocToMe’s following contact info: Info@doctome.org.

  1. Compliance with Laws; Transmission of Data and Interoperability

With respect to its operation of the Software, DocToMe operates in compliance with all applicable federal and state healthcare laws and regulations, including but not limited to:

(a) HIPAA and HITECH Act Compliance. To the extent required by (i) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations promulgated thereunder, and (ii) the HITECH Act and any regulations promulgated thereunder (collectively, the “Privacy Laws”), DocToMe will fully comply with the Privacy Laws and maintain the confidentiality of any Protected Health Information (“PHI”, as defined by the Privacy Laws) transmitted or made available through the functionality of the Software or the Website, and in accordance with such compliance, DocToMe will, among other things:

  1. Not use or further disclose PHI other than as permitted or required by the Privacy Laws and/or as permitted under a Business Associate Agreement (“BAA”) between Patient’s health care Provider and DocToMe; disclosure and transmission of Patient PHI using the Software is only done under the direction and after permission of Patient’s health care Provider.
  2. Report to Customer through Customer’s health care provider any unauthorized use or disclosure of PHI of which DocToMe becomes aware.
  3. Ensure that any agent, including a subcontractor to whom DocToMe provides PHI in any format received from, or created or received within or through the Software or the Website, agrees in writing to comply with the Privacy Laws.
  4. Mitigate, to the extent practicable, the harmful effect of any unauthorized use or disclosure of PHI.

(b) 21st Century Cures Act and Information Blocking Prevention Compliance.

DocToMe operates the Software in compliance with the 21st Century Cures Act (42 U.S.C. § 300jj et seq.), including all provisions prohibiting information blocking. DocToMe will not restrict, delay, or otherwise interfere with Users’ lawful ability to:

  1. Request health information from other healthcare systems and qualified health information networks.
  2. Receive responses to health information requests.
  3. Send or transmit Patient PHI to authorized recipients through qualified health information networks or other interoperable channels.
  4. Export Patient health information in standardized formats, including FHIR-formatted Continuity of Care Documents.
  5. Participate in qualified health information networks and data exchange initiatives.

DocToMe may implement reasonable security measures, require appropriate verification of requestor identity and authorization status, and decline requests lacking proper authorization, provided such measures are proportionate and do not serve as pretexts for information blocking. Any challenge to whether DocToMe’s security or authorization measures constitute information blocking may be raised through procedures established in DocToMe’s dispute resolution provisions (Section 16).

(c) TEFCA and Interoperability Standards Compliance. DocToMe commits to supporting Users’ participation in the Trusted Exchange Framework and Common Agreement (TEFCA), qualified health information networks (QHINs) designated by the Office of the National Coordinator for Health Information Technology, and other interoperable health information networks and systems. DocToMe will:

  1. Maintain the technical capability, to the extent supported by its certified EHR technology and interoperability capabilities, to integrate with Kno2 and other qualified health information networks and to exchange data in accordance with the applicable technical, interface, transport, and implementation requirements established by the relevant network operator.
  2. Comply with United States Core Data for Interoperability (USCDI) requirements as currently established and as updated by federal agencies.
  3. Support data exchange through multiple qualified health information networks, including but not limited to Carequality, Kno2, and other federally designated QHINs.
  4. Support the receipt and processing of authorized requests for health information transmitted through Kno2 or other TEFCA-related or interoperable exchange infrastructure, and provide responses in accordance with applicable interoperability standards, certification requirements, and the technical specifications required by the applicable network operator, within reasonable timeframes consistent with network rules, TEFCA operational procedures, and system capabilities.
  5. Implement required demographic verification procedures to prevent inadvertent disclosure of health information to unauthorized individuals.
  6. Maintain comprehensive audit trails documenting all health information requests received through qualified networks and all responses provided.
  7. Not impose unnecessary barriers, delays, or restrictions that would prevent Users from exchanging health information through qualified networks.

(d) Carequality Network Participation Users participating in data exchange through Carequality-connected networks agree to comply with all Carequality policies, governance procedures, framework requirements, and operational standards. DocToMe acknowledges and supports Users’ participation in Carequality and commits to:

  1. Support the Carequality framework’s commitment to data security, transparency, and accountability.
  2. Ensure Users are capable of complying with the Delegation of Authority policy implemented by Carequality, which requires that any delegation of authority requests health information or facilitate data exchange on Users’ behalf must be documented through formal written Delegation Notices establishing clear accountability.
  3. Enable Users to maintain audit trails and documentation showing which parties made specific information requests through Carequality networks.
  4. Support Users’ cooperation with Carequality’s governance processes, including participation in the enhanced dispute resolution process implemented in January 2026.
  5. Allow Users to participate in Carequality’s governance initiatives addressing policy development, framework enhancements, and operational improvements.

Users agree that they shall comply with Carequality’s Delegation of Authority policy and shall not request, facilitate, or authorize data exchange through Carequality networks without proper documentation of delegation authority. Users agree to participate in Carequality’s dispute resolution process and to accept outcomes of dispute resolution proceedings conducted by Carequality in accordance with its established procedures, which include streamlined timelines, specialized panels with external experts for complex issues, and plain-language summaries of findings.

(e) Interoperability Standards and Technical Compliance. DocToMe commits to maintaining technical compliance with evolving interoperability standards and specifications identified in the Interoperability Standards Advisory issued by the Assistant Secretary for Technology Policy and the Office of the National Coordinator. DocToMe will:

  1. Monitor regulatory developments and evolving technical standards.
  2. Implement updates to its Software as required to maintain compliance with current and future versions of USCDI.
  3. Maintain or pursue appropriate certifications and validations demonstrating compliance with interoperability standards.
  4. Collaborate with users, network operators, and other stakeholders to ensure effective implementation of interoperability requirements.
  5. Provide users with documentation regarding DocToMe’s compliance with applicable interoperability standards and procedures for reporting non-compliance.

The Software is intended to be used by users who are: (i) health care providers who have contracted with DocToMe pursuant to a BAA, and/or (ii) Patients whose Providers have contracted with DocToMe pursuant to a BAA. If you are under 18 years old, please discuss with your Provider whether you should use and download the Software. The Software is not directed to children under the age of 13. DocToMe does not knowingly collect, use or disclose personal information from children under age 13. Please do not use the Software if you are age 13 or younger. In order to use the Software, with your Provider you must be a resident of the 50 states of the United States of America, exclusive of its commonwealths, territories and possessions. To use the Software, you may be asked to provide information about yourself (or the person on whose behalf you are downloading the Software). By submitting such information to DocToMe, you hereby certify that any and all information provided to DocToMe is true and correct and you authorize DocToMe to use any method it chooses to verify the truth and accuracy of the information that Customer provides to the extent DocToMe needs to do so to protect its rights or other users of the Software or Website. Failure to provide truthful and accurate information to DocToMe may result in termination of your access to the functionality of the Software.

  1. DocToMe Conditions of Use

DocToMe reserves the right to make changes to this Agreement at any time without notice to you. The most current version of the Agreement can be reviewed by selecting the “Terms and Conditions of Use” hypertext link located within this Software. It is your responsibility as a user of this Software to periodically review the terms and conditions for amendments. The amended terms shall take effect automatically the day they are incorporated into this Software. Your continued use of this Software following any amendments will constitute agreement to such amendments.

DocToMe may amend this Agreement to address new regulatory requirements, to maintain compliance with evolving interoperability standards and TEFCA requirements, to implement requirements established by qualified health information networks or network operators such as Carequality, or to address information blocking prevention obligations. For material amendments that impose new obligations on Users, DocToMe will provide reasonable advance notice where practicable. Amendments addressing mandatory regulatory compliance may take effect with limited notice periods to ensure timely compliance with regulatory obligations.

  1. Related Documents

Health care providers are required under law to notify and request patient authorization for the transmission of PHI. Health care providers must also have an executed BAA in place before they may use the Software and authorize transmission of any patient PHI. This Agreement and the DocToMe Privacy Policy are meant to supplement those agreements, not to replace them. All of the workflows and access to all data on the patient portal contained within the Software are governed by the privacy rules and patient portal policies and procedures provided by the patient’s health care provider and by DocToMe’s Privacy Policy.

For Users participating in qualified health information networks or data exchange through TEFCA infrastructure, this Agreement also supplements and works in conjunction with any data-sharing agreements or network participation agreements executed between Users and network operators, QHINs, or credential service providers. Users agree to comply with all applicable terms and requirements established by network operators and QHINs, including requirements regarding audit trails, delegation documentation, dispute resolution participation, and governance compliance.

  1. Privacy

Privacy is very important to us. Please see our Privacy Policy, by selecting the “Privacy Policy” hypertext link located within our Software or at the bottom of our Website.

DocToMe does not share any patient related data or give access to any user, whether a patient or any other person designated or allowed by the patient to receive patient related data (PHI, PII) until and unless approved by a patient’s health care provider. DocToMe acknowledges that Users may authorize transmission of patient health information through qualified health information networks and other interoperable channels, and DocToMe will honor such authorizations in accordance with applicable law and network operator requirements. DocToMe will not interfere with or restrict data exchange authorized by patients or their healthcare providers through qualified networks or other lawful channels.

  1. Your Account

We will do our best to protect your privacy. But you have responsibilities too. If you use this Software, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer and mobile devices, and you agree to accept responsibility for all activities that occur under your account or password.

You are also responsible for ensuring that any delegation of authority for data exchange through qualified networks is properly documented through formal written agreements. You are responsible for maintaining audit trails showing which parties have made health information requests on your behalf and for ensuring that any delegates comply with applicable laws and network governance requirements.

  1. Information Blocking Prevention and Affirmative Interoperability Commitments

(a) DocToMe’s Affirmative Commitments. DocToMe affirms that it will not take any action that constitutes information blocking as defined by the 21st Century Cures Act. Specifically, DocToMe commits to:

  1. Not restricting, delaying, or otherwise impeding Users’ ability to request or receive health information from other healthcare systems or qualified networks.
  2. Not unnecessarily restricting Users’ ability to send or transmit Patient PHI to authorized recipients through qualified networks, secure messaging, or other interoperable channels.
  3. Providing Users with the technical capability to export Patient health information in standardized FHIR-formatted Continuity of Care Documents and other USCDI-compliant formats.
  4. Not charging unreasonable fees for transmitting Patient health information to authorized recipients.
  5. Not requiring Users to take unreasonable steps or follow unnecessarily burdensome procedures to share health information with authorized recipients.
  6. Maintaining the technical capability to interoperate with multiple qualified health information networks without requiring Users to purchase separate systems or solutions.
  7. Promptly responding to health information requests originating through qualified networks within timeframes established by network operators or applicable regulations.
  8. Maintaining comprehensive audit trails documenting all health information access, transmission, and exchange activities.

(b) Permitted Security and Authorization Measures. Nothing in this Agreement shall be construed as preventing DocToMe from:

  1. Implementing reasonable security measures to protect Patient health information.
  2. Requiring appropriate verification of the identity and authorization status of requestors before disclosing health information.
  3. Declining requests for health information that lack proper authorization.
  4. Complying with legal prohibitions or restrictions on certain types of information exchange.
  5. Implement technical safeguards to prevent unauthorized access to systems or information.
  6. Requiring compliance with HIPAA Security Rule requirements and other applicable security standards.

DocToMe’s implementation of these security and authorization measures will be reasonable, proportionate, and necessary to protect Patient health information. Such measures will not serve as a pretext for information blocking.

(c) Challenge and Resolution Procedures. Users or external parties who believe that DocToMe’s practices constitute information blocking may raise this challenge through written notice to DocToMe’s compliance officer at the contact information provided in Section 18. DocToMe will respond to such challenges within fifteen (15) business days and will provide an explanation of why DocToMe believes its practices do not constitute information blocking, or will modify its practices to prevent information blocking.

  1. Warranties and Disclaimers

DocToMe attempts to provide information that is as accurate as possible. However, we do not warrant that product descriptions or other content of this Software are accurate, complete, reliable, current, or error-free. If the Software offered by us is not as described or is defective, your sole remedy is to stop using the Software, and request a refund or exchange, at our option.

THE SOFTWARE AND THE SOFTWARE MATERIALS (INCLUDING ANY LEGAL INFORMATION) ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. DOCTOME SPECIFICALLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT AS TO THE INFORMATION, CONTENT OR MATERIALS IN THE LICENSED APPLICATION EVEN IF DOCTOME HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DOCTOME DOES NOT REPRESENT OR WARRANT THAT LICENSED APPLICATION MATERIALS, INCLUDING THE INFORMATION AVAILABLE IN OR ON THE LICENSED APPLICATION, OR THE SERVICES ARE ACCURATE, COMPLETE, RELIABLE, CURRENT, OR ERROR-FREE.

DocToMe will take reasonable steps to ensure that its Software and servers are free of viruses, spyware, malware, and other harmful components, but it is impossible to guarantee that the Software and servers will always be free of harmful components. Therefore, DOCTOME DOES NOT REPRESENT OR WARRANT THAT THE LICENSED APPLICATION OR ITS SERVERS ARE FREE OF VIRUSES, SPYWARE, MALWARE OR OTHER HARMFUL COMPONENTS. You should use industry recognized software to detect and disinfect viruses, spyware, malware, and other harmful or otherwise undesirable components from any downloads.

While DocToMe endeavors to allow others to provide useful information, you acknowledge that such information is reliant upon those third parties, not DocToMe, and such contributions may be incomplete or may contain inaccuracies. DocToMe is not responsible for errors or omissions in any information or materials contained on the Software. You should independently verify the accuracy of any information you obtain on the Software before using it. You agree to be solely responsible for your use of the content found on this Software, the Software Materials and the Services.

DocToMe reserves the right to change any and all content contained in the Software and any Services offered through the Software at any time without notice. However, DocToMe will not make changes that violate its commitments to support interoperability standards, participate in qualified networks, or prevent information blocking, except as necessary to comply with legal requirements or network operator mandates.

  1. Limitation of Liability

IN NO EVENT SHALL DOCTOME OR ANY OF ITS CORPORATE AFFILIATES, INDEPENDENT CONTRACTORS, SERVICE PROVIDERS OR CONSULTANTS, OR ANY OF THEIR RESPECTIVE DIRECTORS, EMPLOYEES AND AGENTS, BE LIABLE FOR ANY DIRECT, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY OTHER DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO, LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY RELATED TO OR CONNECTED WITH ANY USE OF THE SOFTWARE, THE CONTENT OR THE MATERIALS CONTAINED IN OR ACCESSED THROUGH THE WEBSITE, INCLUDING WITHOUT LIMITATION ANY DAMAGES, LOSS OR INJURY CAUSED BY OR RESULTING FROM RELIANCE BY USER ON ANY INFORMATION OBTAINED FROM DOCTOME OR THE LICENSED APPLICATION, OR THAT RESULT FROM MISTAKES, OMISSIONS, INTERRUPTIONS, DELETION OF FILES OR EMAIL, ERRORS, DEFECTS, VIRUSES, DELAYS IN OPERATION OR TRANSMISSION OR ANY FAILURE OF PERFORMANCE, WHETHER OR NOT RESULTING FROM ACTS OF GOD, COMMUNICATIONS FAILURE, THEFT, DESTRUCTION OR UNAUTHORIZED ACCESS TO DOCTOME’S RECORDS, PROGRAMS OR SERVICES.

THE AGGREGATE LIABILITY OF DOCTOME, WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE, WHETHER ACTIVE, PASSIVE OR IMPUTED), PRODUCT LIABILITY, STRICT LIABILITY OR OTHER THEORY, ARISING OUT OF OR RELATING IN ANY MANNER TO THE USE OF THE LICENSED APPLICATION OR THE LICENSED APPLICATION MATERIALS, SHALL NOT EXCEED FIFTY DOLLARS.

IF YOU ARE A CALIFORNIA RESIDENT, YOU WAIVE CALIFORNIA CIVIL CODE SECTION 1542, WHICH SAYS “A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH, IF KNOWN BY HIM MUST HAVE MATERIALLY AFFECTED HIS SETTLEMENT WITH THE DEBTOR.”

Other Rights. This warranty gives you specific legal rights. You may have other rights, which may vary from state to state. Some states do not allow limitations on how long an implied warranty lasts or exclusions of incidental or consequential damages, so some of the above may not apply to you.

  1. No Medical Advice

THE SOFTWARE ALLOWS PATIENTS TO INTERACT WITH THEIR HEALTH CARE PROVIDERS. DOCTOME IS NOT LICENSED TO PROVIDE MEDICAL ADVICE AND DOES NOT PROVIDE ANY MEDICAL ADVICE. THE SOFTWARE DOES NOT INTERPRET MEDICAL ADVICE. ALL MEDICAL ADVICE AND SERVICES SHOULD COME FROM A PATIENT’S HEALTH CARE PROVIDER. HEALTH CARE PROVIDERS ARE SOLELY RESPONSIBLE FOR THE MEDICAL ADVICE AND SERVICES THAT THEY PROVIDE AND PATIENTS ARE SOLELY RESPONSIBLE FOR THEIR INTERACTION WITH THEM AND FOR HOW PATIENTS USE THE ADVICE AND SERVICES THAT HEALTH CARE PROVIDERS PROVIDE.

  1. Links to Third Party Sites

The Software may contain links to third party services and websites (collectively “Third-Party Services”). These Third-Party Services are not under the control of DocToMe and DocToMe is not responsible for the content of any Third-Party Service. DocToMe provides these links as a convenience to its users, and the inclusion of any link does not imply endorsement of the linked Third-Party Service by DocToMe. This Software may also contain links to DocToMe services and websites.

DocToMe is not responsible for any data handling practices of third-party credential service providers, identity verification services, or other third-party service providers involved in facilitating health information exchange through qualified networks. However, DocToMe will ensure that any such third parties that have access to Patient health information have executed appropriate data sharing agreements establishing their compliance obligations.

  1. Software and Operating Platform Updates

Due to the complex nature of computer and mobile device hardware and software, DocToMe makes no guaranty that it will enhance the Software. DocToMe makes no promise to keep the Software competitive in light of computer and mobile hardware and software evolution. In particular, DocToMe cannot and does not guarantee that the Software will work with future versions of operating platforms such as Microsoft Windows, Google Android, and Apple OS.

However, DocToMe commits to maintaining the Software’s capability to support evolving interoperability standards. DocToMe will implement updates to maintain compliance with current and future versions of USCDI standards, FHIR specifications, and other applicable interoperability requirements necessary to ensure Users’ participation in qualified networks. Users are responsible for promptly installing updates necessary to maintain interoperability, compliance, and information blocking prevention.

  1. Data Security, Privacy, and Breach Notification

(a) Security Safeguards. DocToMe will implement administrative, physical, and technical safeguards to protect Patient health information in accordance with the HIPAA Security Rule and other applicable security standards. DocToMe will:

  1. Encrypt Patient health information both in transit (using industry-standard TLS encryption) and at rest;
  2. Implement appropriate authentication and access control procedures to ensure that only authorized users can access Patient health information.
  3. Maintain comprehensive audit logs and monitoring capabilities to detect and respond to unauthorized access or use.
  4. Perform regular security assessments and vulnerability testing.
  5. Maintain appropriate security certifications such as SOC 2 Type II, ISO 27001, or equivalent.
  6. Promptly implement security patches and updates.
  7. Maintain an incident response plan and procedures for responding to security breaches.
  8. Implement security measures required by qualified network operators and QHINs as a condition of participation.

(b) Breach Notification. If DocToMe becomes aware of unauthorized access to, use of, or disclosure of Patient health information, DocToMe will notify Users without unreasonable delay and in no case later than sixty (60) calendar days after discovery of the breach. DocToMe’s notification will include:

  1. Description of what happened and the types of information involved.
  2. Steps individuals should take to protect themselves.
  3. Description of what DocToMe is doing to investigate the breach and prevent future occurrences.
  4. Contact information for questions.
  5. Reference to Users’ obligations to notify affected patients in accordance with HIPAA Breach Notification Rule requirements.

DocToMe will cooperate with Users’ investigations regarding breaches and will provide information reasonably necessary for Users to comply with their notification obligations.

(c) Third-Party Security Requirements. Any third party with access to Patient health information through DocToMe’s software, including network operators, QHINs, credential service providers, or other subcontractors, must execute appropriate data sharing agreements or business associate agreements establishing their compliance obligations regarding data protection, security safeguards, and breach notification procedures.

  1. Data Sharing Agreements and Network Participation

(a) Third-Party Data Sharing DocToMe acknowledges that Patient health information held within its systems may be exchanged through qualified health information networks and other interoperable channels when authorized by Patients or their healthcare Providers. DocToMe will not interfere with or restrict such exchange beyond what is necessary to maintain security and privacy protections.

Any third party involved in facilitating or processing data exchange on behalf of DocToMe or Users, including but not limited to qualified health information networks, QHINs, credential service providers, identity verification services, and other infrastructure providers, must execute appropriate data sharing agreements or business associate agreements with DocToMe and/or Users. These agreements must establish:

  1. The roles and responsibilities of each party.
  2. Permitted purposes for using health information.
  3. Security safeguards and privacy protections.
  4. Data retention and destruction procedures.
  5. Audit rights and compliance verification procedures.
  6. Breach notification and incident response procedures.
  7. Remediation procedures for deficiencies or violations.

(b) Delegation of Authority Documentation. For Users participating in data exchange through Carequality or other networks requiring documented delegation of authority, Users must maintain formal written Delegation Notices or other documentation establishing the authority of any party to request health information or facilitate data exchange on Users’ behalf. Users will:

  1. Maintain audit trails showing which parties made specific health information requests.
  2. Ensure all delegates comply with applicable laws, privacy regulations, and network governance requirements.
  3. Cooperate with any audits or investigations conducted by network operators regarding the use of delegated authority.
  4. Revoke or limit delegation authority when appropriate.

DocToMe will support Users’ maintenance of delegation documentation and audit trails through the Software’s logging and reporting capabilities.

(c) Dispute Resolution Participation. Users agree to participate in dispute resolution processes conducted by network operators, including Carequality’s enhanced dispute resolution process, and to accept outcomes of such proceedings conducted in accordance with the network operator’s established procedures. Users acknowledge that Carequality’s dispute resolution process includes streamlined timelines, specialized panels with external experts for complex issues, and plain-language summaries of findings.

  1. Entire Agreement and Applicable Law

Except where otherwise referenced herein, this Agreement contains the entire understanding between the parties with respect to the matters covered in this Agreement. This Agreement shall be governed by and construed in accordance with the laws of the State of Washington, United States of America. Exclusive venue and jurisdiction for any action arising out of this Agreement shall be properly laid in the Superior Court of Washington for King County, or in the United States District Court for the Western District of Washington at Seattle. You hereby irrevocably consent to the jurisdiction and venue of the courts identified in the preceding sentence in connection with any claim, action, suit or proceeding relating to this Agreement. Both parties agree to waive their respective rights to a jury trial of any claim or cause of action based upon or arising out of this Agreement.

  1. Termination

Notwithstanding any of these terms, DocToMe reserves the right, without notice and in its sole discretion, to terminate your license to use the Software, and to block or prevent your access to and use of the Software at any time, provided that any such termination complies with DocToMe’s obligations regarding information blocking prevention and participation in qualified networks.

Upon expiration or termination of your use of the Software, retention or destruction of Patient’s PHI is undertaken as per direction from his or her health care provider, which is described in detail under DocToMe’s data retention policy included in the BAA between DocToMe and the health care provider. For data exchanged through qualified networks, DocToMe will comply with data retention requirements established by network operators and applicable law.

DOCTOME CANNOT AND DOES NOT ASSUME ANY RESPONSIBILITY FOR YOUR USE OR MISUSE OF PHI OR OTHER INFORMATION TRANSMITTED, MONITORED, STORED OR RECEIVED WHILE USING THE APPLICATION. DOCTOME RESERVES THE RIGHT TO AMEND OR DELETE ANY UPLOADED CONTENT (ALONG WITH THE RIGHT TO REVOKE ANY MEMBERSHIP OR RESTRICT ACCESS TO THE APPLICATION) THAT IN DOCTOME’S SOLE DISCRETION VIOLATES ANY PROVISIONS OF THIS SECTION OR THE TERMS OF USE IN GENERAL.

  1. Amendment and Evolution Provisions

You understand and agree that this Terms of Use Agreement may be amended from time to time if necessary to comply with the Privacy Laws, to implement information blocking prevention requirements, to maintain compliance with evolving interoperability standards, to implement requirements established by qualified health information networks or network operators such as Carequality, or to address other developments in the healthcare regulatory environment.

DocToMe will provide Users with notice of material amendments where practicable. For amendments addressing mandatory regulatory compliance, DocToMe may implement amendments with limited notice periods to ensure timely compliance with regulatory obligations.

The requirements of this Section will survive the termination of your use of the Software. Your continued use of the Software following implementation of amendments constitutes acceptance of the amended terms.

  1. End User Compliance With Laws

When you use the Software to upload and transmit PHI, You agree that, to the extent applicable, you shall comply with all State and Federal laws, including but not limited to the Privacy Laws and the 21st Century Cures Act. You represent and warrant that you will, at all times during the term of this Agreement and thereafter, comply with all laws directly or indirectly applicable to you that may now or hereafter govern the gathering, use, transmission, processing, receipt, reporting, disclosure, maintenance, and storage of PHI.

You further agree that you will not engage in information blocking and will not take any action that prevents the lawful exchange of health information through qualified networks or to authorized recipients. You agree to support interoperable data exchange and will not impose unnecessary barriers or restrictions that would prevent Users from exchanging health information through qualified networks.

For Users participating in qualified networks, you agree to comply with all applicable network governance requirements, policies, and procedures, including but not limited to Carequality’s framework requirements and Delegation of Authority policy. You agree to cooperate with network operators’ audit and compliance verification processes.

DocToMe’s access to patient PHI when applicable is permitted per guidelines described in detail within the BAA between the health care provider and DocToMe Inc.

  1. User Data

DocToMe acknowledges and agrees that the data and information that is compiled or passes through the Software that specifically relates to you, your patient care, or your physician procedures or diagnosis (collectively, the “User Data”), and all right, title and interest therein, is and shall remain the exclusive property of Patient or Provider, as applicable. Notwithstanding the foregoing, to the extent permissible under the Privacy Laws and any other applicable laws and regulations, you hereby grant to DocToMe a perpetual, unlimited license to use the User Data, in a de-identified format stripped of identifiers only, for data benchmarking, sharing, warehousing, resource utilization and similar data analysis services; provided, however, that DocToMe shall comply with the Privacy Laws in connection with any such actions and shall protect and maintain the confidentiality of all Client Data used in such manner.

Users acknowledge that Patient health information stored within the Software may be exchanged through qualified health information networks when authorized by Patients or their healthcare Providers. Users grant DocToMe the right to transmit Patient health information through such networks in accordance with applicable law and network participation requirements.

  1. Interoperability Standards and Network Participation Governance

(a) Standards Compliance Governance. DocToMe establishes the following governance structure for maintaining compliance with interoperability standards:

  1. DocToMe will designate a Chief Compliance Officer or equivalent responsible for ensuring ongoing compliance with TEFCA requirements, interoperability standards, and information blocking prevention obligations.
  2. DocToMe will establish an internal review process for evaluating whether proposed business practices or technical implementations might constitute information blocking.
  3. DocToMe will monitor regulatory developments and updates to applicable interoperability standards.
  4. DocToMe will implement procedures for responding to audit requests from network operators, regulatory agencies, or Users regarding compliance with applicable requirements.
  5. DocToMe will establish procedures for investigating and remediating security incidents or compliance deficiencies.
  6. DocToMe will maintain documentation of compliance with applicable standards and requirements.

(b) Network Operator Participation. DocToMe commits to:

  1. Maintaining active participation in Carequality governance processes.
  2. Complying with qualified network operator requirements as a condition of participation.
  3. Supporting Users’ participation in network governance initiatives and dispute resolution processes.
  4. Collaborating with network operators to address interoperability issues or compliance concerns.
  5. Implementing network operator-mandated updates or changes within required timeframes.

(c) Staff Training and Awareness DocToMe commits to providing comprehensive staff training addressing TEFCA compliance, information blocking prevention, Carequality governance requirements, and procedures for handling health information requests received through qualified networks. All staff with access to Patient health information or responsibility for interoperable data exchange will receive appropriate training.

  1. Contact Us

If you have questions or comments about this Agreement, our compliance obligations, or interoperability participation, please contact us at:

General Information: info@doctome.org

Compliance and Interoperability Questions: compliance@ethizo.com

Information Blocking Concerns or Challenges: compliance@ethizo.com

Carequality and TEFCA Network Participation: compliance@ethizo.com

ACKNOWLEDGMENT

BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS ENTIRE AGREEMENT, UNDERSTAND ITS TERMS, AND AGREE TO BE BOUND BY ITS PROVISIONS, INCLUDING DOCTOME’S COMMITMENTS REGARDING INTEROPERABILITY, INFORMATION BLOCKING PREVENTION, AND PARTICIPATION IN QUALIFIED HEALTH INFORMATION NETWORKS.