HIPAA One® Assurance Program Terms of Use

The following Terms of Use apply to the liability coverage program offered as part of the HIPAA One® Assurance Program by Modern Compliance Solutions, Inc., for direct clients of Modern Compliance Solutions, Inc.

Breach Protection

The following Terms of Use apply only to clients who are participating in the HIPAA One® Assurance Program (“Program”). Modern Compliance Solutions, Inc.’s Clients who have applied (http://www.hipaaone.com/assurance-program-registration/) for and have a paid, current HIPAA One® subscription for participation in the Program are referred to as “Participating Clients.” Ancillary to the product services provided in the Program, Modern Compliance Solutions, Inc. is also providing Participating Organizations up to $100,000 (the “Program Limit”) of breach protection. Subject to the terms and limitations described more fully below and in the Summary of Benefits for the Assurance Program, the breach protection portion of the Program provides reimbursement for the following costs and expenses actually incurred by you in connection with a data security event:

(1) All reasonable regulatory assessments, forensic audit expenses, breach notification expenses, and post event services expenses resulting from a data security event occurring and reported to Diversified Insurance while such Participating Merchant is enrolled in the Program; and

(2) Any regulatory penalty and regulatory event expenses resulting from a regulatory action commenced and reported to Modern Compliance Solutions, Inc. while such Participating Client is enrolled in the Program.

Backed by an Insurance Policy

The Program is backed by an insurance policy (the “Policy”) from our insurance company. You are not an “insured” or beneficiary under the Policy and nothing in this Agreement creates a relationship between you and our insurance company (or any other of our insurance company’s affiliate). Neither our insurance company nor Modern Compliance Solutions, Inc. is providing you with insurance pursuant to this Agreement. Our insurance company will manage claims and payment processing under the Program.

Reporting Claims

The Program provides benefits to you only if you provide a timely and complete report of a data security event or regulatory action as soon as you become aware of such event or action. You will need to provide details on the data security event or regulatory action including, but not limited to: a complete description of the data security event or regulatory action, all documents relating to the data security event or regulatory action and any other pertinent information requested by or on behalf of Modern Compliance Solutions, Inc. To report a data security event or regulatory action under the Program, contact: assurance_claims@moderncompliance.com.

Liability Limitations

CLIENT ASSUMES SOLE RESPONSIBILITY AND LIABILITY FOR MAKING TIMELY AND COMPLETE CLAIMS UNDER THE PROGRAM, PROVIDING NECESSARY OR REQUESTED DATA AND INFORMATION, AND OTHERWISE COMPLYING WITH THE TERMS AND CONDITIONS SET FORTH IN THE PROGRAM.   CLIENT MUST HAVE A COMPLETED, CURRENT HIPAA ONE® SECURITY RISK ANALYSIS, VALID SUBSCRIPTION, AND NOTIFIED MODERN COMPLIANCE SOLUTIONS, INC. VIA THE ASSURANCE REGISTRATION PAGE:

  1. YOUR ORGANIZATION HAS REMEDIATED 100% OF THE RISKS IDENTIFIED IN THE ASSESSMENT,
  2. CONDUCTED PENETRATION TESTING BY MODERN COMPLIANCE SOLUTIONS AND
  3. REMEDIATED ALL RISKS IDENTIFIED IN THE PENETRATION TESTING.

MODERN COMPLIANCE SOLUTIONS, INC. SHALL HAVE NO LIABILITY TO ANY PARTICIPATING ORGANIZATION UNDER THE PROGRAM IN THE EVENT, AND TO THE FULLEST EXTENT, THAT OUR INSURANCE COMPANY DENIES COVERAGE UNDER THE POLICY FOR ANY GIVEN DATA SECURITY EVENT OR REGULATORY ACTION. MODERN COMPLIANCE SOLUTIONS, INC.’S DUTY TO PROVIDE PAYMENTS TO ANY PARTICIPATING ORGANIZATION FOR COSTS ARISING FROM ANY DATA SECURITY EVENT OR REGULATORY ACTION UNDER THE PROGRAM WILL BE MADE ONLY AFTER, AND TO THE EXTENT THAT, MODERN COMPLIANCE SOLUTIONS, INC. RECEIVES PAYMENT FROM OUR INSURANCE COMPANY UNDER THE POLICY.

THE PROGRAM LIMIT IS THE MOST ANY PARTICIPATING ORGANIZATION CAN RECOVER FOR EACH HIPAA ONE® IDENTIFICATION NUMBER DURING A TWELVE (12) MONTH PERIOD FOR ANY OR ALL SUCH COSTS OR EXPENSES, COMBINED, AND REGARDLESS OF THE NUMBER OF DATA SECURITY EVENTS DISCOVERED OR REGULATORY ACTIONS TAKEN.