Supplemental Terms for Health Sites and Services

Liaison, Inc, together with its affiliates (referred to as “we,” “us,” or “our”), manage websites, offer products, and develop software that are subject to our terms of use (referred to as our “TOU”), as well as provide services through mobile and other platforms. Definitions for specific terms used in this document can be found in our TOU. The additional conditions specified in this text (the “Supplemental TOU” or “Supplemental Terms of Use”) apply to our health community sites and services, and become part of our TOU. In the event of a conflict between our TOU and this Supplemental TOU, the latter will prevail. Sites and services that neither display nor link to this Supplemental TOU or have their unique supplemental terms of use are exempted from this Supplemental TOU. By utilizing our sites and services, you, as a “user,” are entering into a legally binding contract with us by accepting our TOU and this Supplemental TOU.

We are not doctors, medical professionals, or therapists and do not offer medical guidance or therapy. The material presented on our sites and services is condensed and designed exclusively for education, information, and entertainment. We cannot guarantee that our content will always reflect the most current insights or advancements. It should not replace or be mistaken for medical advice, diagnosis, or any health or fitness issue treatment recommendations, specific tests, medical professionals, care providers, procedures, treatments, products, or action courses.

We do not act as a referral service or endorse specific healthcare providers but serve as a mediator by providing selected information about them. Our sites do not contain advice regarding the quality or fitness of any particular healthcare provider for individual treatments or health issues. Any healthcare provider ratings on our sites are opinions and not factual statements or recommendations to engage the services of any particular healthcare provider. Before choosing a healthcare provider, you should obtain any additional necessary information to make an informed decision.

The responsibility for choosing any healthcare provider rests entirely with you, regardless of whether you obtained information about such provider from our site. WE WILL NOT BE LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, THAT MAY RESULT FROM OR IN CONNECTION WITH ANY ADVICE, TREATMENT, OR OTHER SERVICES PROVIDED BY ANY HEALTHCARE PROVIDER YOU MAY CONTACT THROUGH OUR SITES AND SERVICES, OR FOR ANY CLAIMS RELATED TO MALPRACTICE, WHETHER DIRECT OR INDIRECT. IF THE PREVIOUS LIMITATION OF LIABILITY IS UNLAWFUL, OUR DAMAGE LIABILITY TO YOU WILL BE CAPPED AT $100.00.

It's important to understand that we are not healthcare or medical providers, and using our sites and services does not establish a doctor-patient relationship. You accept full responsibility for the results obtained from any professional you consult and for the use of our sites and services. Always seek the guidance of your healthcare professional or physician and never ignore their advice due to something you have read on our sites. In the event of a potential medical emergency, immediately contact your physician or call 911.

Consumer Health Data Privacy Notice

This Consumer Health Data Privacy Notice (CHD Notice) complements our Privacy Notice for Buyer Features and Liaison Pay.

Scope of This Notice:
This CHD Notice applies specifically to personal information categorized as "Consumer Health Data" (CHD) under the My Health My Data Act (MHMDA) in Washington and Nevada’s Consumer Health Data Privacy law (NV CHDP), along with any comparable state laws. It does not cover "protected health information" (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA) which Liaison processes as a Business Associate for our Sellers. For details on how we handle PHI, please directly consult the privacy practices of the Sellers.

Types of Consumer Health Data We Collect:
We may collect various types of CHD based on your interactions with our Services, including:

  • Transactional or appointment-related information with health professionals via Liaison Buyer Features, including health conditions, symptoms, testing, or treatments you disclose.
  • Identifiable data related to your healthcare provider searches using Liaison Buyer Features.
  • Biometric data such as facial scans, where applicable as CHD under MHMD.
  • Location data if shared to locate nearby healthcare services.
  • Any other health-related information provided during your use of Liaison Buyer Features.

Sources of Consumer Health Data:
Your CHD is collected from:

  • Direct interactions through your device when using Liaison Buyer Features for healthcare services.
  • Healthcare Sellers providing services to you.
  • Our affiliated entities, including Cash App, Afterpay, and TIDAL.

Utilization of Your Consumer Health Data:
We use the CHD collected to facilitate your use of the Liaison Buyer Services as outlined in our general Privacy Notice for Buyer Features and Liaison Pay. This includes processing transactions, facilitating appointment bookings, maintaining your Liaison Profile, and personalizing your service experience. We also use CHD for our internal operations, such as service troubleshooting, integrity maintenance, legal compliance, and enforcing agreements.

Disclosure of Your Consumer Health Data:
Your CHD may be shared:

  • With healthcare Sellers to complete transactions or appointments.
  • With service providers aiding in service delivery, maintenance, or improvement.
  • During business transfers, such as mergers or acquisitions.
  • When legally required or to protect our Services.
  • With your consent, or to third-party applications authorized by you.

Your Rights and How to Exercise Them:
Liaison provides mechanisms for you to exercise your rights under the MHMDA or NV CHDP, such as accessing, deleting, or withdrawing consent for the use of your CHD. Requests can be made via the Liaison profile portal or by emailing us.

If a request is denied, you may appeal by contacting us at the same email. Should the appeal be denied, you have the option to contact the Washington State Attorney General at www.atg.wa.gov/file-complaint.

Changes to This Notice:
We may update this CHD Notice periodically. A revised version will be posted with an updated "Effective Date". Material changes will be announced prior to their implementation. Should you disagree with the changes, you have the option to discontinue using our services.

This notice ensures you are informed about how your Consumer Health Data is handled, reflecting our commitment to comply with applicable health data protection laws.

HIPAA Business Associate Agreement

If you fall under HIPAA regulations as either a Covered Entity or Business Associate (terms as specified in HIPAA) and utilize the Services in such a way that results in us creating, receiving, preserving, or transmitting Protected Health Information for you, then you must adhere to the HIPAA Business Associate Agreement ("HIPAA BAA").

The HIPAA Business Associate Agreement (“HIPAA BAA”) constitutes a legal contract between you (“you” or “your”) and Liaison, Inc. along with its affiliates (“Liaison,” “we,” “our,” or “us”). This agreement is designed to fulfill HIPAA's requirements and assist both parties in meeting their compliance obligations under HIPAA. The term "Agreement" denotes the General Terms of Service that you have entered into with Liaison, which oversees your utilization of Liaison’s mobile applications, websites, software, hardware, and other services (collectively referred to as the “Services”). This HIPAA BAA, together with the Agreement, sets out the mutual responsibilities of each party concerning Protected Health Information (as defined later). You declare and guarantee that: (i) you possess the full legal authority to bind yourself to this HIPAA BAA, (ii) you have thoroughly read and understand this HIPAA BAA, and (iii) you accept its terms. It is advisable to print and keep copies of this HIPAA BAA along with the Agreement for your records.

1. Definitions

In this HIPAA Business Associate Agreement (HIPAA BAA), any capitalized terms not explicitly defined herein will retain their meanings as specified in HIPAA.

  • "HIPAA" refers to the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996, including its associated rules and regulations as they may be amended over time, particularly in relation to the HITECH Act.
  • "HITECH Act" stands for the Health Information Technology for Economic and Clinical Health Act, which is part of Title XII of the American Recovery & Reinvestment Act, enacted by the United States Congress, including its regulations, as amended.
  • "Protected Health Information" or "PHI" is defined in the same way as “protected health information” under HIPAA, specifically 45 C.F.R. § 160.103, but is specifically limited to information: (a) that is created, received, maintained, or transmitted by us on your behalf; and (b) does not include data exempt from HIPAA by Section 1179 of the Social Security Act, 42 U.S.C. § 1320d-8.
  • "Individual" retains the same definition as “individual” in HIPAA, found at 45 C.F.R. § 160.103, and includes persons who are deemed personal representatives under the HIPAA "Privacy Rule," as detailed in 45 C.F.R. § 164.502(g).

2. Liaison's Permitted Uses and Disclosures

Except as otherwise limited in this HIPAA BAA, we may:

  • Utilize or share PHI in our custody for the provision of Services, ensuring that such actions would be permissible under HIPAA if conducted by you;
  • Employ PHI to support our essential management, administration, and legal obligations;
  • Convert PHI into de-identified Health Information following the stipulations of the HIPAA "Privacy Rule" detailed in 45 C.F.R. § 164.514(b);
  • Utilize PHI for Data Aggregation purposes that assist in your health care operations;
  • Disclose PHI to a third party for essential management and administrative duties or to fulfill legal responsibilities, provided that: (i) the disclosure is compelled by law; or (ii) we have secured appropriate written confirmations from the recipient asserting that: (a) the information will be kept confidential and only used or disclosed as mandated by law or for the intended disclosure purpose; and (b) any breaches of confidentiality that come to the recipient’s knowledge will be promptly reported to us.

3. Liaison’s Obligations

We will not use or disclose PHI except as allowed or mandated by this HIPAA BAA or as required by law. We commit to implementing suitable safeguards and, where relevant, adhering to the Security Standards for the Protection of Electronic Protected Health Information as outlined in 45 C.F.R. Part 164 Subpart C (the "Security Rule"), to prevent any use or disclosure of PHI that is not authorized by this HIPAA BAA. We also agree to fulfill all other pertinent stipulations of the Security Rule.

In instances where we undertake one or more of your duties under the Standards for Privacy of Individually Identifiable Health Information, as specified in 45 C.F.R. Part 164 Subpart E — such as issuing a notice of privacy practices on your behalf — we will adhere to the relevant requirements of Subpart E that apply to you in the execution of these duties.

a. Reporting

We commit to immediately inform the Covered Entity of: (i) any use or disclosure of PHI that is not authorized by this HIPAA BAA, including any breaches involving unsecured PHI; and/or (ii) any security incident. However, pursuant to Section 3(a), this clause will also serve as notice that no further reporting is necessary for unsuccessful attempts at unauthorized access, use, disclosure, modification, or destruction of information or unsuccessful attempts to interfere with system operations. In the event of any breach involving unsecured PHI, we will provide an additional report containing the details required by 45 C.F.R. § 164.410 promptly, and in no case more than 60 calendar days following the discovery of the breach.

b. Liaison's Subcontractors

We commit to ensuring that any Subcontractors who create, receive, maintain, or transmit PHI on our behalf are bound in writing to adhere to the same restrictions and conditions that apply to us under this HIPAA BAA with respect to such PHI. This includes compliance with the relevant provisions of the Security Rule.

c. Access to Records

We commit to allowing the Secretary of the Department of Health and Human Services ("Secretary") to review our internal practices, books, and records that pertain to the use and disclosure of PHI which we either received from you, or created or received on your behalf. This will enable the Secretary to verify our compliance with HIPAA. We assert that this agreement does not constitute a waiver of any legal privilege or diminish any protections related to trade secrets or confidential business information.

d. Individual Privacy Rights

We will ensure that PHI within a Designated Record Set is accessible to you upon your request, to facilitate your compliance with your responsibilities to provide Individuals with access to their health information, as stipulated by 45 C.F.R. § 164.524. Should you request it, we will also make available PHI from the Designated Record Set and make any changes to such information as you direct, helping you fulfill your amendment responsibilities under 45 C.F.R. § 164.526. Additionally, we will keep and, on your request, supply you with the necessary data to allow you to furnish an Individual with a detailed accounting of Disclosures, in accordance with 45 C.F.R. § 164.528.

4. Your Obligations

You will implement suitable safeguards to protect against unauthorized use or disclosure of PHI, in line with this HIPAA BAA and as mandated by the Security Rule. If you opt to transmit PHI using the Service without encryption, it is your responsibility to document, under the Security Rule, why encryption is not deemed reasonable and appropriate for such communications, and to implement any suitable alternative measures if they are considered reasonable and appropriate.

You will inform us of any changes or revocations of an Individual's consent to use or disclose PHI that could affect our legally permitted or required uses or disclosures under this HIPAA BAA. You will not consent to any restrictions that would limit our authorized uses or disclosures of PHI under this HIPAA BAA unless legally obligated to do so. Should legal obligations require you to accept such a restriction, you must promptly inform us of this condition. Furthermore, you will not request or cause us to use or disclose PHI in ways that would not be permissible under HIPAA if conducted by yourself.

Additionally, you will not include any limitations in your HIPAA privacy notice that would restrict our authorized uses or disclosures of PHI under this HIPAA BAA unless such limitations are legally required. If the law obliges you to include such a limitation in your privacy notice, you must quickly communicate this limitation to us.

5. Authority to Terminate for Breach

If you find that we have breached a significant term of this HIPAA BAA, you have the right to terminate this agreement as outlined in Section 11 of the Agreement.

6. Effect of Termination

Except as specified in this Section 6, upon the termination of this HIPAA BAA for any reason, we will either return or destroy all PHI if feasible. We will not keep any copies of the PHI. If it is determined that returning or destroying the PHI is not feasible, we will continue to apply the protections outlined in this HIPAA BAA to such PHI. Furthermore, we will restrict any further use or disclosure of this PHI to only those purposes that necessitate the retention of the PHI, and we will maintain these limitations for as long as the PHI is in our possession.

7. Interpretation

The intent of both parties is that any ambiguity in this HIPAA BAA be interpreted in a way that aligns with the objective of complying with all applicable laws.

8. No Third Party Beneficiaries

This HIPAA BAA does not grant any rights, remedies, obligations, or liabilities to any individual other than the parties involved and their respective successors or assigns.

9. No Agency Relationship

This HIPAA BAA is not designed to establish any form of agency relationship between the parties involved.

10. Entire Agreement

This HIPAA BAA overrides any prior agreements between the parties concerning HIPAA compliance related to the Services. Should there be any discrepancies or inconsistencies between the terms of this HIPAA BAA and other parts of the Agreement, the terms of this HIPAA BAA will take precedence. All other terms of the Agreement remain effective and unaltered, except where explicitly modified or amended by this HIPAA BAA.

Last updated: May 1, 2024