Client Portal

Terms of Service

These Terms of Service ("Agreement") are a contract between you and Cake Intake, LLC, ("Cake Intake, LLC"), and govern your use of the CakeIntake.com & MySecureHealthForm.com website ("Website"), Cake Intake, LLC Software and Servers (hereinafter collectively the "Service"), your rights and obligations with respect to User Data that you place in the Service, and associated Intellectual Property Rights thereto, as well as your creation of an account by which you will access the Service, (hereinafter an "Account") for use in connection with the Service. This Agreement may be changed by Cake Intake, LLC effective immediately by notifying you as provided in Section 28 below. By continuing to access or use the Service after the effective date of any such change, you agree to be bound by the modified Terms of Service.
1. Definitions for purposes of this Agreement:
- "Website" means the websites and services available from the domains and subdomains of Cake Intake, LLC and any related or successor domains from which Cake Intake, LLC may offer services;
- "Cake Intake, LLC Software" is the software provided to you by Cake Intake, LLC and/or its suppliers under license in connection with the Service;
- "Servers" are the online environments that support the Service;
- "User Data" means any data that you upload or submit to the Servers, Website, or other areas of the Service, including but not limited to Protected Health Information as that term is defined below;
- "Intellectual Property Rights" means copyrights, trademarks, service marks, trade dress, publicity rights, database rights, patent rights, and other intellectual property rights or proprietary rights recognized by law;
- "HIPAA" means the Health Insurance Portability and Accountability Act of 1996;
- "Protected Health Information" or "PHI" means protected health information as defined by HIPAA's Privacy Rule found at 45 C.F.R. 160.103;
2. Verification for Cake Intake, LLC

By accepting this Agreement in connection with an Account, you represent that you are at least 18 years of age, or the legal age of majority where you reside if that jurisdiction has an older age of majority, and you have the legal authority to enter into this Agreement. You further agree that as a condition to accessing Cake Intake, LLC, you will submit to account verification as required by Cake Intake, LLC, and provide only true and accurate identification documentation to Cake Intake, LLC or its third party service providers to verify your age and other Account related information.

3. Establishing an Account

You must establish an Account with Cake Intake, LLC to use the Service. Only one person may use an Account. You agree to provide accurate, current and complete information about yourself as prompted by the registration form ("Registration Data") and to use the account management tools provided to keep your Registration Data accurate, current and complete. You must choose an account name to identify yourself to Cake Intake, LLC in connection with your Account (your "Account Name").

4. Responsibility for Use of Account

You are responsible for all activities conducted through your Account. In the event that fraud, illegality or other conduct that violates this Agreement is discovered or reported (whether by you or someone else) that is connected with your Account, we may suspend or terminate your Account as described in Section 20.

5. Selection and Use of Account Password

At the time your Account is created, you must select a password. You are responsible for maintaining the confidentiality of your password and are responsible for any harm resulting from your disclosure, or authorization of the disclosure of your password or from any person's use of your password to gain access to your Account or Account Name. At no time should you respond to an online request for a password other than in connection with the log-on process to the Service. Your disclosure of your password to any other person is at your own risk.

6. Fees and Billing

Cake Intake, LLC provides the Service for the fees and other charges set forth on the Cake Intake, LLC.com web site. Cake Intake, LLC may add new services for additional fees and charges, or prospectively amend fees and charges for existing services. You acknowledge that it is your responsibility to ensure payment for all paid aspects of the Service, and to ensure that your credit or debit cards or other payment instruments accepted by Cake Intake, LLC continue to be valid and sufficient for such purposes. Cake Intake, LLC may exercise its suspension or termination rights as provided in Section 20 in the event of any payment delinquency.

7. Modification of Service.

Cake Intake, LLC reserves the right to the right to add, modify, or eliminate aspect(s), features or functionality of the Service from time to time for the purposes of compliance with applicable laws and regulations, to effect improvements in security and functionality, to correct errors, or for other commercially reasonable purposes.

8. Protected Health Information, User Data and Use of Your Information

Cake Intake, LLC will make no use of PHI that is not permitted by this Agreement or that is prohibited by applicable law, including but not limited to HIPAA. In the event that Cake Intake, LLC receives a subpoena or other order issued by or under authority of a court of competent jurisdiction compelling the disclosure of any PHI, Cake Intake, LLC will notify you of the subpoena or order prior to disclosing the PHI to provide you with an opportunity to intervene or otherwise prevent the disclosure. Cake Intake, LLC will make commercially reasonable efforts to maintain the Service in a manner that includes appropriate administrative, technical and physical security measures designed to protect the confidentiality, availability and integrity of PHI as required by HIPAA. In the event of termination of this Agreement, other than by your breach of this Agreement, the Cake Intake, LLC Software will enable you to retrieve your User Data contained within the Service at the date of termination. In the event of termination of this Agreement for breach, Cake Intake, LLC will at your written request provide you with a file or files containing the User Data contained within the Service at the date of termination, provided that you make the make the request within 15 days after the date of termination. With respect to User Data other than PHI, Cake Intake, LLC will comply with the terms of its Privacy Policy.

9. No Responsibility for Acts of Omissions of Third Party Websites

The Service may contain links to or otherwise allow connections to third-party websites, servers, and online services or environments that are not owned or controlled by Cake Intake, LLC. You agree that Cake Intake, LLC is not responsible or liable for the content, policies, or practices of any third-party websites, servers, or online services or environments. Please consult any applicable terms of use and privacy policies provided by the third party for such websites, servers, or online services or environments.

10. Your Rights and Obligations with Respect to Your Data

You retain any and all Intellectual Property Rights you already hold under applicable law in User Data you upload or submit to the Service, subject to the rights, licenses, and other terms of this Agreement. In connection with User Data you upload or submit to the Service, you affirm, represent, and warrant that you own or have all necessary Intellectual Property Rights, licenses, consents, and permissions to use and authorize Cake Intake, LLC to use the User Data in the manner contemplated by the Service and this Agreement. You agree that by uploading or submitting any Content to or through the Servers, Website, or other areas of the Service, you hereby automatically grant Cake Intake, LLC a non-exclusive, worldwide, royalty-free, sublicenseable, and transferable license to use, reproduce, distribute, prepare derivative works of, and display the User Data non-publicly and internally to Cake Intake, LLC solely for the purposes of providing the Service. You agree that the license includes the right to copy, analyze and use any of your User Data as Cake Intake, LLC may deem necessary or desirable for purposes of debugging, testing, or providing support or development services in connection with the Service and future improvements to the Service. The license granted in this Section is referred to as the "Service Data License." You also acknowledge that the Service Data License granted to Cake Intake, LLC with respect to your Content will survive the termination of your Account to permit Cake Intake, LLC: (i) to retain server copies of particular instances of your User Data, including copies stored in connection with back-up, debugging, and testing procedures; and (ii) to enable the exercise of the licenses granted in this Section for any other copies or instances of the same User Data that you have not specifically deleted from the Service.

11. Interruption of Service

Cake Intake, LLC may on occasion need to interrupt the Service with or without prior notice to protect the integrity or functionality of the Service. You agree that Cake Intake, LLC will not be liable for any interruption of the Service (whether intentional or not), and you understand that you will not be entitled to any refunds of fees or other compensation for interruption of service. Likewise, you agree that in the event of loss of any User Data, we will not be liable for any purported damage or harm arising therefrom.

12. Cake Intake, LLC's Intellectual Property Rights and Limited License Granted to You

Cake Intake, LLC owns Intellectual Property Rights in and to the Service, except all User Data, including the Cake Intake, LLC Software, the Websites and the Servers, and in and to our trademarks, service marks, trade names, logos, domain names, taglines, and trade dress (collectively, the "Cake Intake, LLC Marks"). You understand that such Intellectual Property Rights are apart from any rights you may have in User Data you upload or submit to the Service, as discussed above. You acknowledge and agree that Cake Intake, LLC and its licensors own all right, title, and interest in and to the Service, including all Intellectual Property Rights therein, other than with respect to User Data. Except as expressly granted in this Agreement, all rights, title, and interest in and to the Service, except all User Data, and in and to the Cake Intake, LLC Marks are reserved by Cake Intake, LLC. Copyright, trademark and other laws of the United States and foreign countries protect the Service and the Cake Intake, LLC Marks. Cake Intake, LLC hereby grants you a non-exclusive, non-transferable, non-sublicenseable, limited, revocable license to access and use the Service as set forth in these Terms of Service and expressly conditioned upon your Account remaining active, in good standing, and in full compliance with these Terms of Service. You agree that you will not (i) allow any person or entity not authorized by Cake Intake, LLC to use or access the Cake Intake, LLC Software, (ii) attempt to copy any ideas, features, functions or graphics contained in the Service; (iii) use the Cake Intake, LLC Software in the operation of a service bureau, an application service provider or for any other purpose intended to benefit a party other than you, (iv) alter or modify the Cake Intake, LLC Software, (v) sell, assign, sublicense, rent, lease or otherwise transfer the Cake Intake, LLC Software or any rights in connection therewith, or (vi) attempt to translate, disassemble, decompile, reverse assemble, reverse engineer all or any part of the Service or otherwise attempt to derive the source code for the Cake Intake, LLC Software.

13. Your Obligations

With respect to the Intellectual Property Rights of Third Parties. You agree that you will not upload, publish, or submit to any part of the Service any User Data that is protected by Intellectual Property Rights or otherwise subject to proprietary rights, including trade secret or privacy rights, unless you are the owner of such rights or have permission from the rightful owner to upload or submit the User Data and to grant Cake Intake, LLC all of the license rights granted in this Agreement. You agree that Cake Intake, LLC will have no liability for, and you agree to defend, indemnify, and hold Cake Intake, LLC harmless for, any claims, losses or damages arising out of or in connection with your use of any User Data.

14. Prohibited Conduct While using the Service

You agree that you will not:

Post, display or transmit Data that violates any law, or the rights of any third party including without limitation Intellectual Property Rights;
Impersonate any person or entity without their consent, or otherwise misrepresent your affiliation;
Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;
Engage in malicious or disruptive conduct that impedes or interferes with other users' normal use of the Service; or
Attempt to gain unauthorized access to any other user's Account, password or User Data, or allow more than one person to use an Account.

15. Violation of terms

Any violation by you of the terms of this Section may result in immediate suspension or termination of your Account without any refund or other compensation.

16. Releases

You agree not to hold Cake Intake, LLC liable for the Content, actions, or inactions of other users of the Service or of other third parties. As a condition of access to the Service, you release Cake Intake, LLC (and its officers, directors, shareholders, agents, subsidiaries, and employees) from claims, demands, losses, liabilities and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with any dispute you have or claim to have with one or more other users of the Service or with other third parties, including whether or not Cake Intake, LLC becomes involved in any resolution or attempted resolution of the dispute

17. Disclaimer of Other Express and Implied Warranties.

CAKE INTAKE, LLC WARRANTS THAT DURING THE TERM OF THIS AGREEMENT, THE CAKE INTAKE, LLC SOFTWARE WILL FUNCTION IN SUBSTANTIAL CONFORMANCE TO THE SPECIFICATIONS SET FORTH AT CAKE INTAKE, LLC.COM SUBJECT ONLY TO THE FOREGOING WARRANTY AND THE WARRANTIES CONTAINED IN SECTION 8, CAKE INTAKE, LLC PROVIDES THE SERVICE, INCLUDING WITHOUT LIMITATION THE CAKE INTAKE, LLC SOFTWARE, THE WEBSITES, THE SERVERS, AND YOUR ACCOUNT, STRICTLY ON AN "AS IS" BASIS, AND HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES OR CONDITIONS OF ANY KIND, WRITTEN OR ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF TITLE, NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO VALUE, EITHER EXPRESS OR IMPLIED, IS GUARANTEED OR WARRANTED WITH RESPECT TO ANY CONTENT. NOTWITHSTANDING ANY INTELLECTUAL PROPERTY RIGHTS YOU MAY HAVE IN YOUR USER DATA OR ANY EXPENDITURE ON YOUR PART, CAKE INTAKE, LLC AND YOU EXPRESSLY DISCLAIM ANY COMPENSABLE VALUE RELATING TO OR ATTRIBUTABLE TO ANY DATA RELATING TO YOUR ACCOUNT RESIDING ON CAKE INTAKE, LLC' SERVERS. YOU ASSUME ALL RISK OF LOSS FROM USING THE SERVICE ON THIS BASIS. Cake Intake, LLC does not ensure continuous, error-free, secure or virus-free operation of the Service, the Cake Intake, LLC Software, the Websites, the Servers, or your Account, and you understand that you shall not be entitled to refunds or other compensation based on Cake Intake, LLC's failure to provide any of the foregoing other than as explicitly provided in this Agreement. Some jurisdictions do not allow the disclaimer of implied warranties, and to that extent, the foregoing disclaimer may not apply to you. Cake Intake, LLC does not guarantee that by mere use of the Cake Intake, LLC Software you will be in compliance with HIPAA, and you understand and agree that you are responsible for maintaining any other administrative, technical and physical measures required to maintain appropriate information security with respect to your PHI and to otherwise comply with HIPAA.

18. Limitation of Liability.

IN NO EVENT SHALL CAKE INTAKE, LLC OR ANY OF ITS DIRECTORS, OFFICERS, EMPLOYEES, SHAREHOLDERS, SUBSIDIARIES, AGENTS OR LICENSORS BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, RELIANCE, PUNITIVE OR EXEMPLARY DAMAGES OR DISGORGEMENT OR COMPARABLE EQUITABLE REMEDY, INCLUDING WITHOUT LIMITATION ANY DAMAGES FOR LOST DATA OR LOST PROFITS, ARISING (WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE) OUT OF OR IN CONNECTION WITH THE SERVICE (INCLUDING ITS MODIFICATION OR TERMINATION), THE CAKE INTAKE, LLC SOFTWARE, THE WEBSITES, THE SERVERS, YOUR ACCOUNT (INCLUDING ITS TERMINATION OR SUSPENSION) OR THIS AGREEMENT, WHETHER OR NOT CAKE INTAKE, LLC MAY HAVE BEEN ADVISED THAT ANY SUCH DAMAGES MIGHT OR COULD OCCUR AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. IN NO EVENT WILL CAKE INTAKE, LLC'S CUMULATIVE LIABILITY TO YOU EXCEED THE GREATER OF (i) ONE HUNDRED FIFTY DOLLARS (U.S. $150.00); OR (ii) THE RELEVANT AMOUNT SET FORTH IN SECTION 11 HEREIN, IF APPLICABLE. Some jurisdictions do not allow the foregoing limitations of liability, so to the extent that any such limitation is found to be impermissible, such limitation may not apply to you.

19. Indemnification

At Cake Intake, LLC's request, you agree to defend, indemnify and hold harmless Cake Intake, LLC, its officers, directors, shareholders, employees, subsidiaries, and agents from all damages, liabilities, claims and expenses, including without limitation attorneys' fees and costs, arising from: (i) any breach or alleged breach by you of this Agreement, including without limitation your representations and warranties relating to your Data; or (ii) your acts, omissions or use of the Service, including without limitation your negligent, willful or illegal conduct. We reserve the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, and in such case, you agree to cooperate with our defense of such claim.

20. Legal Relationship Between You and Cake Intake, LLC; No Third Party Beneficiaries

You acknowledge that your participation in the Service, including your creation or uploading of Content in the Service, does not make you a Cake Intake, LLC employee and that you do not expect to be, and will not be, compensated by Cake Intake, LLC for such activities, and you will make no claim inconsistent with these acknowledgements. In addition, no agency, partnership, joint venture, franchise relationship is intended or created by this Agreement. There are no third party beneficiaries, intended or implied, under this Agreement.

21. Suspension and Termination of Accounts

You may terminate this Agreement by closing your Account at any time for any reason. Subject to Cake Intake, LLC's obligations pursuant to Section 8, in such event, Cake Intake, LLC shall have no further obligation or liability to you under this Agreement or otherwise. Cake Intake, LLC may suspend or terminate your Account for breach if you violate this Agreement, including any terms regarding payment of required fees and charges due under this Agreement. We may suspend or terminate your Account if we determine in our discretion that such action is necessary or advisable to comply with legal requirements or protect the rights or interests of Cake Intake, LLC or any third party. In such event, you will not be entitled to compensation for such suspension or termination, and you acknowledge Cake Intake, LLC will have no liability to you in connection with such suspension or termination.

22. Termination of Licenses Upon Termination of Account

Upon termination of your Account, all licenses granted by Cake Intake, LLC to use the Service will automatically terminate.

23. Liability for Unpaid Fees Upon Termination of Account

Upon termination, you will remain liable for any unpaid amounts owed by you to Cake Intake, LLC.

24. Survival of Terms After Termination

The following terms will survive any termination of this Agreement: Sections 8, 10, 12, 15 and 18.

25. Dispute Resolution and Arbitration

In the event of a dispute between you and Cake Intake, LLC, other than with respect to claims for injunctive relief, the dispute will be resolved by binding arbitration pursuant to the rules of the American Arbitration Association Commercial Arbitration Rules. The place of the arbitration shall be in Houston, Texas. In the event that there is any dispute between you and Cake Intake, LLC that is determined not to be subject to arbitration pursuant to the preceding sentence, you agree to submit in that event to the exclusive jurisdiction and venue of the state and federal courts located in the City and County of Houston, Texas. You agree that this Agreement and the relationship between you and Cake Intake, LLC shall be governed by the laws of the State of Texas without regard to conflict of law principles or the United Nations Convention on the International Sale of Goods. Notwithstanding this, either party shall still be allowed to apply for injunctive or other equitable relief to protect or enforce that party's Intellectual Property Rights in any court of competent jurisdiction where the other party resides or has its principal place of business.

26. Disclaimer of Warranties as to Use Outside of the United States

Cake Intake, LLC is a United States-based service. Cake Intake, LLC makes no representation that any aspect of the Service is appropriate or available for use outside of the United States. Those who access the Service from other locations are responsible for compliance with applicable local laws. The Cake Intake, LLC Software is subject to applicable export laws and restrictions.

27. Assignment of Agreement and Account

You may not assign this Agreement or your Account without the prior written consent of Cake Intake, LLC. You may not transfer or sublicense any licenses granted by Cake Intake, LLC in this Agreement without the prior written consent of Cake Intake, LLC. Cake Intake, LLC may assign this Agreement, in whole or in part, and all related rights, licenses, benefits and obligations, without restriction, including the right to sublicense any rights and licenses under this Agreement.

28. Integration, Interpretation of Section Headings and Severability

This Agreement and the policies referenced in this Agreement sets forth the entire agreement and understanding between you and Cake Intake, LLC with respect to the subject matter hereof and supersedes any prior or contemporaneous agreements or understandings. This Agreement may not be modified except as provided in Section 1 or by mutual written agreement between you and Cake Intake, LLC that is signed by hand (not electronically) by duly authorized representatives of both parties and expressly references amendment of this Agreement. You acknowledge that no other written, oral or electronic communications will serve to modify or supplement this Agreement, and you agree not to make any claims inconsistent with this understanding or in reliance on communications not part of this Agreement. The section headings used herein, including descriptive summary sentences at the start of each section, are for convenience only and shall not affect the interpretation of this Agreement. If any provision of this Agreement shall be held by a court of competent jurisdiction to be unlawful, void, or unenforceable, then in such jurisdiction that provision shall be deemed severable from these terms and shall not affect the validity and enforceability of the remaining provisions.

29. Notices

Cake Intake, LLC may provide notice to you and obtain consent from you through (1) the website at Cake Intake, LLC.com; (2) by electronic mail at the electronic mail address associated with your Account; and/or (3) by written mail communication to you at the address associated with your Account. You must give all notices required or permitted under this Agreement at Cake Intake, LLC, 800 Bering Dr., Suite 201, Houston, TX 77057.

30. Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT
This Agreement (“Agreement”) is made and entered into at the date and time
your Cake Intake, LLC account is created and is between you (“Covered Entity”) and
Cake Intake, LLC LLC (“Business Associate”), a limited liability company.

WHEREAS, Business Associate is in the business of providing an online practice
management product (“Offering”); and

WHEREAS, Covered Entity wishes to engage, or has engaged, Business Associate in
connection with said Offering,

NOW, THEREFORE, in consideration of the premises and mutual promises herein
contained, it is agreed as follows:

1. Definitions. Terms used, but not otherwise defined in this Agreement, shall have
the same meaning as those terms in the Privacy Rule, Security Rule, and HITECH Act.
a. Agent. “Agent” shall have the meaning as determined in accordance with
the federal common law of agency.
b. Breach. “Breach” shall have the same meaning as the term “breach” in 45
CFR §164.402.
c. Business Associate. "Business Associate" shall mean Cake Intake, LLC
LLC.
d. Covered Entity. "Covered Entity" shall mean active subscriber to
Cake Intake, LLC.
e. Data Aggregation. “Data Aggregation” shall have the same meaning as
the term “data aggregation” in 45 CFR §164.501.
f. Designated Record Set. “Designated Record Set” shall have the same
meaning as the term “designated record set” in 45 CFR §164.501.
g. Disclosure. “Disclosure” and “Disclose” shall have the same meaning as
the term “Disclosure” in 45 CFR §160.103.
h. Electronic Health Record. “Electronic Health Record” shall have the
same meaning as the term in Section 13400 of the HITECH Act.
i. Health Care Operations. “Health Care Operations” shall have the same
meaning as the term “health care operations” in 45 CFR §164.501.
j. HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach
Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
k. HITECH Act. “HITECH Act” shall mean The Health Information
Technology for Economic and Clinical Health Act, part of the American Recovery and
Reinvestment Act of 2009 (“ARRA” or “Stimulus Package”), specifically DIVISION A:

TITLE XIII Subtitle D—Privacy, and its corresponding regulations as enacted under
the authority of the Act.
l. Individual. “Individual” shall have the same meaning as the term
“individual” in 45 CFR §160.103 and shall include a person who qualifies as a
personal representative in accordance with 45 CFR §164.502(g).
m. Minimum Necessary. “Minimum Necessary” shall mean the Privacy Rule
Standards found at §164.502(b) and §164.514(d)(1).
n. Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of
Individually Identifiable Health Information at 45 CFR Part 160 and Part 164,
Subparts A and E.
o. Protected Health Information. "Protected Health Information" shall have
the same meaning as the term "protected health information" in 45 CFR §160.103,
limited to the information created, received, maintained or transmitted by Business
Associate on behalf of Covered Entity.
p. Required By Law. "Required By Law" shall have the same meaning as
the term "required by law" in 45 CFR §164.103.
q. Secretary. "Secretary" shall mean the Secretary of the Department of
Health and Human Services or his or her designee.
r. Security Incident. “Security Incident” shall have the same meaning as the
term “Security Incident” in in 45 CFR §164.304.
s. Security Rule. “Security Rule” shall mean the Standards for Security of
Electronic Protected Health Information at 45 C.F.R. parts §160 and §164, Subparts
A and C.
t. Subcontractor. “Subcontractor” shall mean a person or entity “that
creates, receives, maintains, or transmits protected health information on behalf of a
business associate” and who is now considered a business associate, as the latter
term is defined in in in 45 CFR §160.103.
u. Subject Matter. “Subject Matter” shall mean compliance with the HIPAA
Rules and with the HITECH Act.
v. Unsecured Protected Health Information. “Unsecured Protected Health
Information” shall have the same meaning as the term “unsecured protected health
information” in 45 CFR §164.402.
w. Use. “Use” shall have the same meaning as the term “Use” in 45 CFR
§164.103.

2. Obligations and Activities of Business Associate.
a. Business Associate agrees to not Use or Disclose Protected Health
Information other than as permitted or required by this Agreement or as Required By
Law.
b. Business Associate agrees to use appropriate safeguards to prevent Use
or Disclosure of Protected Health Information other than as provided for by this
Agreement. Business Associate further agrees to implement administrative, physical
and technical safeguards that reasonably and appropriately protect the
confidentiality, integrity and availability of any electronic Protected Health
Information, as provided for in the Security Rule and as mandated by Section 13401
of the HITECH Act.
c. Business Associate agrees to mitigate, to the extent practicable, any
harmful effect that is known to Business Associate of a Use or Disclosure of
Protected Health Information by Business Associate in violation of the requirements
of this Agreement. Business Associate further agrees to report to Covered Entity any
Use or Disclosure of Protected Health Information not provided for by this
Agreement of which it becomes aware, and in a manner as prescribed herein.
d. Business Associate agrees to report to Covered Entity any Security
Incident, including all data Breaches or compromises, whether internal or external,
related to Protected Health Information, whether the Protected Health Information is
secured or unsecured, of which Business Associate becomes aware.
e. If the Breach, as discussed in paragraph 2(d), pertains to Unsecured
Protected Health Information, then Business Associate agrees to report any such
data Breach to Covered Entity within ten (10) business days of discovery of said
Breach; all other compromises, or attempted compromises, of Protected Health
Information shall be reported to Covered Entity within twenty (20) business days of
discovery. Business Associate further agrees, consistent with Section 13402 of the
HITECH Act, to provide Covered Entity with information necessary for Covered
Entity to meet the requirements of said section, and in a manner and format to be
specified by Covered Entity.
f. If Business Associate is an Agent of Covered Entity, then Business
Associate agrees that any Breach of Unsecured Protected Health Information shall
be reported to Covered Entity immediately after the Business Associate becomes
aware of said Breach, and under no circumstances later than one (1) business day
thereafter. Business Associate further agrees that any compromise, or attempted
compromise, of Protected Health Information, other than a Breach of Unsecured
Protected Health Information as specified in 2(e) of this Agreement, shall be reported
to Covered Entity within ten (10) business days of discovering said compromise, or
attempted compromise.
g. Business Associate agrees to ensure that any Subcontractor, to whom
Business Associate provides Protected Health Information, agrees to the same
restrictions and conditions that apply through this Agreement to Business Associate
with respect to such information. Business Associate further agrees that restrictions
and conditions analogous to those contained herein shall be imposed on said
Subcontractors via a written agreement that complies with all the requirements
specified in §164.504(e)(2), and that Business Associate shall only provide said
Subcontractors Protected Health Information consistent with Section 13405(b) of the
HITECH Act. Further, Business Associate agrees to provide copies of said written
agreements to Covered Entity within ten (10) business days of a Covered Entity’s
request for same.

h. Business Associate agrees to provide access, at the request of Covered
Entity and during normal business hours, to Protected Health Information in a
Designated Record Set to Covered Entity or, as directed by Covered Entity, to an
Individual, in order to meet Covered Entity’s requirements under 45 CFR §164.524,
provided that Covered Entity delivers to Business Associate a written notice at least
five (5) business days in advance of requesting such access. Business Associate
further agrees, in the case where Business Associate controls access to Protected
Health Information in an Electronic Health Record, or controls access to Protected
Health Information stored electronically in any format, to provide similar access in
order for Covered Entity to meet its requirements the HIPAA Rules and under
Section 13405(c) of the HITECH Act. These provisions do not apply if Business
Associate and its employees or Subcontractors have no Protected Health
Information in a Designated Record Set of Covered Entity.
i. Business Associate agrees to make any amendment(s) to Protected
Health Information in a Designated Record Set that Covered Entity directs or agrees
to pursuant to 45 CFR §164.526, at the request of Covered Entity or an Individual.
This provision does not apply if Business Associate and its employees or
Subcontractors have no Protected Health Information from a Designated Record Set
of Covered Entity.
j. Unless otherwise protected or prohibited from discovery or disclosure by
law, Business Associate agrees to make internal practices, books, and records,
including policies and procedures (collectively “Compliance Information”), relating to
the Use or Disclosure of Protected Health Information and the protection of same,
available to the Covered Entity or to the Secretary for purposes of the Secretary
determining Covered Entity's compliance with the HIPAA Rules and the HITECH Act.
Business Associate further agrees, at the request of Covered Entity, to provide
Covered Entity with demonstrable evidence that its Compliance Information ensures
Business Associate’s compliance with this Agreement over time. Business Associate
shall have a reasonable time within which to comply with requests for such access
and/or demonstrable evidence, consistent with this Agreement. In no case shall
access, or demonstrable evidence, be required in less than ten (10) business days
after Business Associate’s receipt of such request, unless otherwise designated by
the Secretary.
k. Business Associate agrees to maintain necessary and sufficient
documentation of Disclosures of Protected Health Information as would be required
for Covered Entity to respond to a request by an Individual for an accounting of such
Disclosures, in accordance with 45 CFR §164.528.
l. On request of Covered Entity, Business Associate agrees to provide to
Covered Entity documentation made in accordance with this Agreement to permit
Covered Entity to respond to a request by an Individual for an accounting of
disclosures of Protected Health Information in accordance with 45 C.F.R. §164.528.
Business Associate shall provide said documentation in a manner and format to be
specified by Covered Entity. Business Associate shall have a reasonable time within
which to comply with such a request from Covered Entity and in no case shall
Business Associate be required to provide such documentation in less than five (5)
business days after Business Associate's receipt of such request.
m. Except as provided for in this Agreement, in the event Business Associate
receives an access, amendment, accounting of disclosure, or other similar request
directly from an Individual, Business Associate shall redirect the Individual to the
Covered Entity.
n. To the extent that Business Associate carries out one or more of Covered
Entity’s obligations under the HIPAA Rules, the Business Associate must comply
with all requirements of the HIPAA Rules that would be applicable to the Covered
Entity.
o.A Business Associate must honor all restrictions consistent with 45 C.F.R.
§164.522 that the Covered Entity or the Individual makes the Business Associate
aware of, including the Individual’s right to restrict certain disclosures of protected
health information to a health plan where the individual pays out of pocket in full for
the healthcare item or service, in accordance with HITECH Act Section 13405(a).

3. Permitted Uses and Disclosures by Business Associate.
a. Except as otherwise limited by this Agreement, Business Associate may
make any Uses and Disclosures of Protected Health Information necessary to
perform its services to Covered Entity and otherwise meet its obligations under this
Agreement, if such Use or Disclosure would not violate the Privacy Rule, or the
privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or
Disclosures by Business Associate not authorized by this Agreement, or by specific
instruction of Covered Entity, are prohibited.
b. Except as otherwise limited in this Agreement, Business Associate may
Use Protected Health Information for the proper management and administration of
the Business Associate or to carry out the legal responsibilities of the Business
Associate.
c. Except as otherwise limited in this Agreement, Business Associate may
Disclose Protected Health Information for the proper management and
administration of the Business Associate, provided that Disclosures are Required By
Law, or Business Associate obtains reasonable assurances from the person to
whom the information is Disclosed that it will remain confidential and used, or further
Disclosed, only as Required By Law, or for the purpose for which it was Disclosed to
the person, and the person notifies the Business Associate of any instances of which
it is aware in which the confidentiality of the information has been breached.
d. Except as otherwise limited in this Agreement, Business Associate may
Use Protected Health Information to provide Data Aggregation services to Covered
Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that
such Data Aggregation services shall be provided to Covered Entity only wherein
said services pertain to Health Care Operations. Business Associate further agrees
that said services shall not be provided in a manner that would result in Disclosure of
Protected Health Information to another covered entity who was not the originator
and/or lawful possessor of said Protected Health Information. Further, Business
Associate agrees that any such wrongful Disclosure of Protected Health Information
is a direct violation of this Agreement and shall be reported to Covered Entity
immediately after the Business Associate becomes aware of said Disclosure and,
under no circumstances, later than three (3) business days thereafter.
e. Business Associate may Use Protected Health Information to report
violations of law to appropriate Federal and State authorities, consistent with
§164.502(j)(1).
f. Business Associate shall make Uses, Disclosures, and requests for
Protected Health Information consistent with the Minimum Necessary principle as
defined herein.

4. Obligations and Activities of Covered Entity.
a. Covered Entity shall notify Business Associate of the provisions and any
limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45
CFR §164.520, to the extent that such provisions and limitation(s) may affect
Business Associate’s Use or Disclosure of Protected Health Information.
b. Covered Entity shall notify Business Associate of any changes in, or
revocation of, permission by an Individual to use or disclose Protected Health
Information, to the extent that the changes or revocation may affect Business
Associate’s use or disclosure of Protected Health Information.
c. Covered Entity shall notify Business Associate of any restriction to the use
or disclosure of Protected Health Information that Covered Entity has agreed to in
accordance with 45 CFR §164.522, and also notify Business Associate regarding
restrictions that must be honored under section 13405(a) of the HITECH Act, to the
extent that such restrictions may affect Business Associate’s Use or Disclosure of
Protected Health Information.
d. Covered Entity shall notify Business Associate of any modifications to
accounting disclosures of Protected Health Information under 45 CFR §164.528,
made applicable under Section 13405(c) of the HITECH Act, to the extent that such
restrictions may affect Business Associate’s use or disclosure of Protected Health
Information.
e. Covered Entity shall provide Business Associate, within thirty (30)
business days of Covered Entity executing this Agreement, a description and/or
specification regarding the manner and format in which Business Associate shall
provide information to Covered Entity, wherein such information is required to be
provided to Covered Entity as agreed to by Business Associate in paragraph 2(e) of
this Agreement. Covered Entity reserves the right to modify the manner and format
in which said information is provided to Covered Entity, as long as the requested
modification is reasonably required by Covered Entity to comply with the HIPAA
Rules or the HITECH Act, and Business Associate is provided sixty (60) business
days notice before the requested modification takes effect.
f. Covered Entity shall provide Business Associate, within thirty (30)
business days of Covered Entity executing this Agreement, a description and/or
specification regarding the manner and format in which Business Associate shall
provide information to Covered Entity, wherein such information is required to be
provided to Covered Entity as agreed to by Business Associate in paragraph 2(l) of
this Agreement. Covered Entity reserves the right to modify the manner and format
in which said information is provided to Covered Entity, as long as the requested
modification is reasonably required by Covered Entity to comply with the HIPAA
Rules or the HITECH Act, and Business Associate is provided sixty (60) business
days notice before the requested modification takes effect.
g. Covered Entity shall not require Business Associate to Use or Disclose
Protected Health Information in any manner that would not be permissible under the
HIPAA Rules if done by the Covered Entity.

5. Term and Termination.
a.Term. The Term of this Agreement shall be effective as of the date and time
Covered Entity agrees to the Terms of Service for using Cake Intake, LLC and creates
an account, and shall terminate when all of the Protected Health Information
provided by Covered Entity to Business Associate, or created or received by
Business Associate on behalf of Covered Entity, is destroyed or returned to Covered
Entity, or, if it is infeasible to return or destroy Protected Health Information,
protections are extended to such information, in accordance with the termination
provisions in this Agreement.
b. Termination for Cause by Covered Entity. Upon Covered Entity's
knowledge of a material breach of this Agreement by Business Associate, Covered
Entity shall give Business Associate written notice of such breach and provide
reasonable opportunity for Business Associate to cure the breach or end the
violation. Covered Entity may terminate this Agreement, and Business Associate
agrees to such termination, if Business Associate has breached a material term of
this Agreement and does not cure the breach or cure is not possible. If neither
termination nor cure is feasible, Covered Entity shall report the violation to the
Secretary.
c. Termination for Cause by Business Associate. Upon Business Associate's
knowledge of a material breach of this Agreement by Covered Entity, Business
Associate shall give Covered Entity written notice of such breach and provide
reasonable opportunity for Covered Entity to cure the breach or end the violation.
Business Associate may terminate this Agreement, and Covered Entity agrees to
such termination, if Covered Entity has breached a material term of this Agreement
and does not cure the breach or cure is not possible. If neither termination nor cure
is feasible, Business Associate shall report the violation to the Secretary.
d. Effect of Termination.
1. Except as provided in paragraph (2) of this section, upon termination of this
Agreement for any reason, Business Associate shall return or destroy all
Protected Health Information received from, or created or received by Business
Associate on behalf of Covered Entity. This provision shall also apply to
Protected Health Information that is in the possession of Subcontractors of
Business Associate. Business Associate shall retain no copies of the Protected
Health Information.
2. In the event that Business Associate determines that returning or destroying
the Protected Health Information is infeasible, Business Associate shall provide
to Covered Entity, within ten (10) business days, notification of the conditions that
make return or destruction infeasible. Upon such determination, Business
Associate shall extend the protections of this Agreement to such Protected
Health Information and limit further uses and disclosures of such Protected
Health Information to those purposes that make the return or destruction
infeasible, for so long as Business Associate maintains such Protected Health
Information.

6. Entire Agreement.
a. This Agreement may be modified only by a signed written agreement
between Covered Entity and Business Associate.
b. All other agreements entered into between Covered Entity and Business
Associate, not related to this Subject Matter, remain in full force and effect.

7. Governing Law.
a. This Agreement and the rights of the parties shall be governed by and
construed in accordance with Federal law as it pertains to the Subject Matter and
shall be governed by and construed in accordance with the laws of the State of
Texas as it pertains to contract formation and interpretation, without giving effect
to its conflict of laws. The parties agree that any appropriate state court sitting in Houston, Texas or any Federal Court sitting in the Southern District of
Texas shall have exclusive jurisdiction of any case or controversy arising under
or in connection with this Agreement and shall be a proper forum in which to
adjudicate such case or controversy.
b. Each party irrevocably consents to the jurisdiction of such courts, and
irrevocably waives, to the fullest extent permitted by law, the defense of an
inconvenient forum to the maintenance of such suit, action, or proceeding in any
such court and further waives the right to object, with respect to such suit, action, or
proceeding, that such court does not have jurisdiction over such party.

8. Miscellaneous.
a. Regulatory References. A reference in this Agreement to a section in the Privacy
Rule, Security Rule, or HITECH Act means the section as in effect or as
amended.
b. Amendment. The Parties agree to take such action as is necessary to amend this
Agreement from time to time as is necessary for Covered Entity and Business
Associate to comply with the requirements of the Privacy Rule, Security Rule, the
Health Insurance Portability and Accountability Act of 1996 (Pub. L. No.
104-191), and the HITECH Act, and its corresponding regulations.
c. Survival. The respective rights and obligations of Business Associate under
Section 5(d) of this Agreement shall survive the termination of this Agreement.
d. Interpretation. Any ambiguity in this Agreement shall be resolved to permit
Covered Entity and Business Associate to comply with the Privacy Rule, Security
Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No.
104-191), and the HITECH Act, and its corresponding regulations.
e. Severability. If any provision or provisions of this Agreement is/are determined by
a court of competent jurisdiction to be unlawful, void, or unenforceable, this
Agreement shall not be unlawful, void or unenforceable thereby, but shall
continue in effect and be enforced as though such provision or provisions were
omitted.

9. Counterparts.
This Agreement may be executed in any number of counterparts, each of which shall be
deemed an original, but all of which together shall constitute one original Agreement.
Facsimile or electronically authenticated signatures shall be accepted and enforceable
in lieu of original signatures.