Homestretch Acceptable Use Policy
Last Updated: September 11, 2012
This Acceptable Use Policy (the “Policy”) describes minimum requirements for, and certain prohibited activities relating to, your storage of data on the internet-delivered physical therapy supplementation service known as Homestretch (the “Service”) provided by Tanglewild Partners, LLC (“we” or “us”). We provide the Service from computer systems, networks and equipment that we own, control, or contract for (our “Site”).
If you have entered into a separate agreement with us for access to our Service (an “Agreement”), this Policy forms a part of your contract with us. Accordingly, your violation of this Policy may result in termination of the Agreement or suspension of your access to the Service. As used in this policy, the terms “you” and “your” refer to the partnership or organization that entered into an agreement with us for access to our Service.
We may update this Policy from time to time. Your continued use of the Service after any such update constitutes your acceptance of any updated version of the Policy.
You agree to establish reasonable technical, administrative and security safeguards to ensure that data is accessible only by your authorized personnel. At a minimum, you will implement the following access controls:
- Establish and maintain a confirmation process prior to activating new credentials to ensure that new credentials are issued only to authorized users.
- Establish password strength requirements for the Service so that user credentials are hard to guess.
- Prohibit sharing of individual user credentials among multiple users within your organization.
- Require users with privileged status (e.g., administrators) to use different passwords for administrative access to the Service than they use in their capacity as therapists
- Use readily available security measures to limit access among computers where appropriate
- Employ sufficient measures to detect and prevent unauthorized access to your computer networks and to investigate and remediate security incidents involving your network.
Data Submission and Storage Requirements
You will store data only in accordance with the following standards:
- Only lawfully held and obtained data may be stored on our Site and Service.
- You will not disable any encryption or other security mechanisms in the Service.
- You will not use the Service as a substitute for a Patient’s medical record or as an electronic record-keeping system.
You may not use the Service or our Site to engage in, foster, or promote irresponsible, offensive, unlawful, or abusive conduct including, but not limited to:
- Unauthorized access to or use of data, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network, or to breach security or authentication measures;
- Using any manual or electronic technique or method to avoid any access and storage restrictions on our Service
- Interference with the availability of the Service to any of our other customers
- Using an account for the Service without authorization
- Collect or use identifiers, PII or PHI without the consent of the person identified or the owner of the information
- Distributing software that covertly gathers information about or transmits information about a user of the Service
- Any conduct that violates the CAN-SPAM Act of 2003 or any other law or regulation that restricts bulk and commercial email
- Promoting illegal drugs or violating export control laws
- Storing or disseminating any content or information (including but not limited to Web content, email, bulletin board postings, chat, tweets, and other types of posting or transmission that rely on the Internet) that creates (a) a risk to a person’s safety or health; (b) a risk to public safety or health; (c) compromises national security; or (d) interferes with any investigation by a regulatory oversight or law enforcement agency;
- Publishing, transmitting, or storing any content or links to any content that (a) is unlawful or that solicits unlawful conduct under laws applicable to you, us, or our service providers; (b) constitutes, depicts, fosters, promotes or relates to child pornography, bestiality, non-consensual sex acts, unlawful gambling or arms trafficking; or (c) is otherwise malicious, fraudulent, or may result in retaliation against us or our service providers by offended viewers or recipients;
- Improperly exposing trade secrets or other confidential, proprietary information belonging to another person;
- Any unfair or deceptive trade practice;
- Infringing on the copyright, trade or service mark, patent or other property right belonging to another person;
- Harassment, communication of threats or other malicious or fraudulent conduct that may result in retaliation against us or our service providers, or any employee, officer or agent of us or our service providers, or any patient or practitioner;
- Behavior that unnecessary interferes with the normal operation of the Service or Site or computer systems or networks necessary to make the Service available;
- Publication of personal or other confidential information or streaming live events without the consent of the person(s) identified or the owner of the information;
- Attempting to breach the security or test the vulnerability of the Site or Service.
Compliance With Applicable Laws and Regulations
We strive to provide the Service with a level of security consistent with industry best practices. However, you agree that your use of the Service reflects your independent determination that the Service, as implemented in your organization, meets your compliance obligations under any such laws that apply to you.
Business Associate Status
In making available the Service, we acknowledge and agree that we are soliciting the storage or transmission of PII, PHI and, possibly, other sensitive personal information using servers hosted for us by our third party service provider. You acknowledge and agree that some data stored at the Site on our Service likely is PHI, and that our employed and contracted personnel do not have regular or routine access to the data.
Monitoring, Cooperation and Reporting
We may, but are not obligated, to investigate any violation of this Policy or misuse of the Site or Service. You agree to report to us any known or suspected data breach or security incident with respect to the Service, or violation of this Policy, of which you become aware. You further agree to assist us, at our reasonable request, to investigate, stop, or remedy any noncompliance. In the event our investigation leads to suspicion of any violation of law or regulation by you, we reserve the right to report appropriate information to law enforcement or regulatory agencies. We also may provide network, systems and customer information to assist with the investigation and prosecution of unlawful conduct.