The following Terms of Service govern your access to and use of the Website (www.corevisory.com) and the CoreConnect Portal (www.coreconnectportal.com), as operated by CoreVisory, Inc. (“CoreVisory”, the “Company”, “we” or “us”). By accessing or using the Website and/or CoreConnect Portal (collectively, the “CoreVisory Systems”), you accept and agree to be bound and abide by these Terms of Service. If you do not want to agree to these Terms of Service, you must not access or use the CoreVisory Systems.
DATA SECURITY; AVAILABILITY; SERVICE LEVEL AGREEMENTS & ACCEPTABLE USE
Unauthorized Access to CoreVisory systems is prohibited.
We reserve the right to withdraw or amend the CoreVisory Systems, and any service or material we provide thereon, in our sole and absolute discretion, and without notice. We will not be liable if, for any reason, all or any part of the Website and/or CoreConnect Portal is unavailable at any time or for any period. We shall nonetheless communicate any planned outages to the CoreVisory Systems to our clients at least 24 hours in advance of any such planned outage(s).
In utilizing the CoreVisory Systems, you are responsible for:
Notifying us in writing of all requests for the issuance of credentials, as necessary, in order to access the CoreVisory Systems. We enforce complex password requirements, which expire every 90 days and must be reset. We further require at least five (5) unique passwords before a password can be reused.
Notifying us in writing to request a set of user credentials be revoked or otherwise removed.
Ensuring that all persons who access the CoreVisory Systems through your internet connection are aware of these Terms of Service and comply with them.
Ensuring that all persons who access the CoreVisory Systems comply with all applicable laws, including the Health Insurance Portability and Accountability Act of 1996, as amended (collectively, “HIPAA”).
Ensuring that a modern browser capable of negotiating TLS 1.1 or greater is used when accessing the CoreVisory Systems.
We have further implemented and maintain an Information Management and Security Policy (the “Information Security Policy”) designed to maintain the integrity, confidentiality, and security of all records and information received from our clients regarding its members, including protected health information (the “Client Data”). The Information Security Policy, in addition to other company policies and procedures, further sets forth the technical, administrative and procedural safeguards put in place to: (i) ensure the security and confidentiality of the Client Data; (ii) protect against any foreseeable threats or hazards to the security or integrity of the Client Data; (iii) protect against unauthorized access to or use of such information; and (iv) ensure appropriate destruction of the Client Data.
Our security controls also include the following:
User Authentication. Access to CoreConnect Portal requires a valid User ID and password combination granted by an authorized representative of the Company;
Physical Security. Our office facility permits only authorized personnel to have access to secure areas, including the location where servers are housed. The server room is further under 24-hour video surveillance and limited electronic key card access. The facility is designed to withstand adverse weather and other reasonably predictable natural conditions and is secured by keycard-access locks on exterior doors. The facility is further supported by an on-site back-up generator in the event of a power failure.
Disaster Recovery. We have a Disaster Recovery Policy and Plan in place which addresses replication of critical systems and data in the event of a disaster or emergency. The plan is tested annually.
Data Encryption. Our systems use industry standard encryption methods and products to protect Client Aata and communications during transmission between a client’s network and our systems, including encryption for data in transit and data at rest.
COMPLIANCE WITH CONFIDENTIALITY OBLIGATIONS AND HIPAA
To the extent you have a written agreement with us regarding the protection of confidential information and/or protected health information, you agree to comply with the terms of that agreement in your use of the Website and/or CoreConnect Portal, including the submission of any protected health information in connection therewith. Likewise, our obligations as set forth herein are further supplemented by the terms of our written agreement, and as otherwise required under applicable state and federal law.
If you are a covered entity or business associate that does not have a written agreement already in place with us, then you hereby agree to the terms of our standard Business Associate Agreement or Confidentiality Agreement, as applicable, currently in effect. You may request a copy of those agreements by emailing: email@example.com.
CHANGES TO THESE TERMS OF SERVICE
We may revise and/or update these Terms of Service from time to time in our sole and absolute discretion. All changes are effective immediately when we post them. Your continued use of the CoreVisory Systems following the posting of revised Terms of Service means that you accept and agree to the changes. Please check these Terms of Service periodically for updates.
COMMUNICATING POTENTIAL SECURITY BREACHES OR CONCERNS
If you should have any concerns regarding a potential security breach of your information or service, please email us at: firstname.lastname@example.org.
COMMENTS, QUESTIONS AND CONCERNS
Thank you for visiting the CoreVisory Systems. If you should have any comments, questions or concerns regarding the Website or the CoreConnect portal, please email us at: email@example.com.