EnWella Health Platform Effective Date: [INSERT DATE] Last Updated: [INSERT DATE]
IMPORTANT NOTICE: These Terms of Service govern your access to and use of the EnWella electronic health record (EHR) platform. By accessing or using EnWella, you agree to be bound by these Terms. If you do not agree, do not use the platform.
These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "Customer," "Practice," or "Provider") and [COMPANY LEGAL NAME] ("EnWella," "we," "us," or "our"), a [STATE] corporation with its principal place of business at [COMPANY ADDRESS] ("Company").
These Terms apply to all users of the EnWella platform, including: - Healthcare providers (physicians, nurse practitioners, physician assistants, and other licensed clinicians) - Medical practices, clinics, and healthcare organizations ("Practices") - Clinical and administrative staff members - Patients who access patient-facing features - Authorized third parties acting on behalf of any of the above
By clicking "I Agree," creating an account, or otherwise accessing or using the Service, you represent that: 1. You have read and understood these Terms 2. You have authority to bind yourself and, if applicable, your organization 3. You meet all eligibility requirements set forth herein
"Covered Entity" means a healthcare provider, health plan, or healthcare clearinghouse subject to HIPAA.
"Business Associate" has the meaning given under HIPAA (45 C.F.R. § 160.103).
"Business Associate Agreement" or "BAA" means the agreement governing EnWella's handling of Protected Health Information on behalf of a Covered Entity.
"Electronic Health Record" or "EHR" means the longitudinal electronic record of patient health information generated by healthcare provider encounters.
"HIPAA" means the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and all implementing regulations.
"Protected Health Information" or "PHI" means individually identifiable health information as defined under HIPAA (45 C.F.R. § 160.103).
"Service" or "Platform" means the EnWella web-based EHR application, APIs, integrations, and all associated services provided by EnWella.
"Subscription" means the license to access and use the Service purchased by a Customer.
"User" means any individual authorized by a Customer to access the Service.
"Patient Portal" means the patient-facing features of the Service enabling patients to access their health records and communicate with their provider.
The Service is intended for use by: - Licensed healthcare providers and the practices they work within - Authorized clinical and administrative staff of those practices - Patients of enrolled practices (for Patient Portal features only)
To use the Service, you must: - Be at least 18 years of age (or the age of majority in your jurisdiction) - Have full legal capacity to enter into these Terms - Not have been previously suspended or terminated from the Service - Comply with all applicable federal, state, and local laws
You may not use the Service if you are not a licensed healthcare provider, authorized staff member, or enrolled patient of a participating practice.
You must provide accurate, current, and complete registration information and maintain its accuracy throughout the term of your account. You are responsible for: - Maintaining the confidentiality of your login credentials - All activities that occur under your account - Immediately notifying us at [SECURITY_EMAIL] of any unauthorized access or breach
EnWella may verify the licensure status of healthcare providers and reserves the right to suspend accounts where provider licensure cannot be confirmed.
A Practice's designated administrator is responsible for: - Managing user accounts and access permissions within the Practice - Ensuring all users complete required training before accessing PHI - Configuring role-based access controls in compliance with minimum necessary principles - Executing a valid Business Associate Agreement before the Practice processes any PHI through the Service
EnWella offers subscription plans as described on our pricing page. Plans are available on a monthly or annual basis. Custom enterprise pricing is available for large practices and health systems.
EnWella may modify subscription fees upon at least 30 days' written notice. Continued use of the Service after the effective date constitutes acceptance of the new fees. If you do not accept a fee change, you may terminate your Subscription before the new fees take effect.
All fees are non-refundable except: - If EnWella terminates your account without cause, you are entitled to a pro-rated refund for the unused portion of your prepaid subscription - At EnWella's sole discretion in response to documented service disruptions exceeding our uptime SLA
You are responsible for all sales, use, GST, VAT, and other taxes associated with your Subscription, excluding taxes on EnWella's income.
Free trials are available for new Practices at EnWella's discretion. A Business Associate Agreement must be executed before any PHI is entered during a trial. EnWella may terminate a trial at any time. Data entered during a trial may be deleted if you do not convert to a paid subscription.
Subject to your compliance with these Terms and payment of all applicable fees, EnWella grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for: - Managing electronic health records for patients under your care - Clinical documentation, scheduling, billing, and practice management - Authorized patient communication through the Patient Portal - As otherwise expressly permitted by these Terms
You may not: - Copy, modify, distribute, sell, or lease any part of the Service - Reverse engineer or attempt to extract the source code of the Service - Use the Service to develop a competing product - Transfer your account or credentials to another party - Access the Service using automated methods (bots, scrapers) without written consent - Circumvent any security, access control, or audit mechanism in the Service - Use the Service to provide services to practices that have not executed a BAA with EnWella - Use the Service in any manner that violates HIPAA, state health data laws, or professional licensing requirements
EnWella is a software platform — it does not practice medicine. The Service provides tools to support healthcare providers; it does not provide medical advice, diagnosis, or treatment. All clinical decisions are made solely by the licensed provider. EnWella is not responsible for any clinical decision made using the Service.
Before any PHI is entered into or processed through the Service, each Practice (as a Covered Entity) must execute a valid Business Associate Agreement with EnWella. The BAA is incorporated into these Terms by reference. No Covered Entity may use the Service to process PHI without a signed BAA.
EnWella acts as a Business Associate to Covered Entities and will handle PHI only as permitted under the BAA and HIPAA. EnWella will: - Implement and maintain appropriate administrative, physical, and technical safeguards - Report any Security Incident (including Breach of Unsecured PHI) as required under the BAA - Ensure that its subcontractors enter into BAAs and provide equivalent PHI protections
Each Practice using the Service is solely responsible for: - Obtaining all necessary patient authorizations and consents required by HIPAA and state law - Ensuring the accuracy and completeness of PHI entered into the Service - Responding to patient requests to access, amend, or restrict their PHI - Providing patients with required Notice of Privacy Practices - Configuring the Service in accordance with your organization's HIPAA policies - Training workforce members on HIPAA obligations before they access the Service
Users must access only the PHI reasonably necessary to perform their job function. Role-based access controls are available and must be properly configured by Practice administrators.
Patients access the Service only through an invitation issued by an enrolled Practice. The Practice retains control over patient access and is responsible for verifying patient identity before granting access.
Patients may use the Patient Portal solely to: - View their own health records as shared by their provider - Communicate with their care team through the secure messaging feature - Complete intake forms, surveys, and consent documents - View and pay invoices (where enabled by the Practice)
The Service is not for medical emergencies. If you are experiencing a medical emergency, call 9-1-1 (or your local emergency number) immediately. Secure messages sent through the Patient Portal are not monitored in real time and may not receive an immediate response. Do not use the Patient Portal for urgent medical concerns.
Authorized representatives (e.g., parents of minor patients, legal guardians) may access patient records subject to the Practice's proxy authorization policies and applicable law. Practices are responsible for verifying proxy authorization in compliance with state minor consent laws and HIPAA.
The Service integrates with Google for: - Authentication: Login via Google OAuth 2.0. By using Google Sign-In, you agree to Google's Terms of Service and Privacy Policy. EnWella receives only the information you authorize Google to share. - Gmail Integration: If you enable Gmail integration, EnWella will access your Gmail account to enable sending and receiving of patient communications. You can revoke this access at any time from your Google Account settings. Do not use Gmail integration to transmit PHI unless your Practice's Gmail account is covered by a Google Workspace BAA. - Cloud Storage: Patient documents and files are stored in Google Cloud Storage in a HIPAA-compliant configuration covered by Google's BAA with EnWella.
Billing and payment functionality may be processed by third-party payment processors. Payment card data is not stored by EnWella; it is handled directly by PCI-DSS compliant processors. EnWella is not liable for third-party processor errors, outages, or security incidents that occur outside EnWella's systems.
The Service may integrate with or link to third-party services. Such integrations are provided for your convenience. EnWella does not endorse, control, or assume responsibility for third-party services. Your use of third-party services is governed by their respective terms.
Customers with API access may integrate third-party systems subject to a separate API Agreement. All API integrations must maintain HIPAA compliance and are subject to rate limits. Customers are responsible for the security of their API credentials.
You retain ownership of all PHI and practice data you enter into the Service ("Customer Data"). EnWella does not claim ownership of Customer Data. We use Customer Data solely to provide the Service and as permitted under the BAA.
EnWella may use anonymized, de-identified, and aggregated data (which cannot reasonably be used to identify individuals) derived from the Service for: - Improving and developing new features - Research, benchmarking, and analytics - Generating industry reports (never at the individual patient or practice level)
De-identification follows the HIPAA Safe Harbor method (45 C.F.R. § 164.514(b)).
You may export your Customer Data in standard formats at any time during your Subscription. EnWella will provide a copy of your data within 30 days of a written request.
Upon termination of your Subscription: - EnWella will retain your data for 90 days to enable export - After 90 days, data will be securely deleted or destroyed, unless retention is required by law - You are solely responsible for exporting data before the retention period expires - Applicable medical record retention laws (which vary by state, commonly 7–10 years for adults) are your responsibility as the Covered Entity
EnWella implements and maintains administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI, including: - Encryption in transit (TLS 1.2+) and at rest (AES-256) - Role-based access controls and audit logging - Vulnerability management and penetration testing - Incident response and breach notification procedures - SOC 2-aligned security practices
You are responsible for: - Protecting your login credentials and not sharing accounts - Enabling multi-factor authentication (MFA) where available (strongly recommended for all users) - Logging out of the Service when using shared or public devices - Promptly reporting any suspected unauthorized access to [SECURITY_EMAIL] - Ensuring devices used to access the Service meet reasonable security standards (current OS, antivirus, screen lock) - Complying with your organization's workforce security policies
No system is completely secure. EnWella cannot guarantee that the Service will be free from all security vulnerabilities, unauthorized access, or data loss. EnWella will notify you of any Breach of Unsecured PHI as required by HIPAA and the BAA.
EnWella targets 99.9% monthly uptime for the Service (excluding scheduled maintenance). Scheduled maintenance will be communicated with at least 48 hours' notice where practicable. EnWella does not guarantee uninterrupted availability. Planned and unplanned outages may occur. EnWella's liability for downtime is limited to credits as set forth in our Service Level Agreement (SLA), where applicable.
The Service, including all software, algorithms, interfaces, documentation, trademarks, and related materials, is owned by EnWella and protected by intellectual property laws. Nothing in these Terms transfers ownership of EnWella's IP to you.
If you provide feedback, suggestions, or ideas about the Service ("Feedback"), you grant EnWella a perpetual, irrevocable, royalty-free license to use the Feedback without restriction or compensation to you.
You grant EnWella a limited license to process, store, display, and transmit your Customer Data solely as necessary to provide the Service.
Each party agrees to keep confidential the other party's non-public business information, including pricing, technical architecture, and customer lists. This obligation does not apply to information that is (a) publicly available, (b) already known to the recipient, (c) independently developed without reference to confidential information, or (d) required to be disclosed by law (with prompt notice to the disclosing party where permissible).
You represent and warrant that: - You have all necessary rights and authorizations to enter these Terms - You are a licensed healthcare provider (or authorized staff/administrator of one) where required - You will use the Service only for lawful purposes and in compliance with all applicable laws - All information you provide to EnWella is accurate and you will promptly update it if it changes - You have authority to bind the Practice entity you represent
EnWella represents and warrants that: - The Service will perform materially as described in its documentation - EnWella will not knowingly transmit malware or malicious code - EnWella will comply with applicable HIPAA requirements as a Business Associate
EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND. ENWELLA EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.
ENWELLA DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
THE SERVICE IS A TOOL TO ASSIST HEALTHCARE PROVIDERS — IT DOES NOT CONSTITUTE MEDICAL ADVICE. ENWELLA IS NOT RESPONSIBLE FOR CLINICAL DECISIONS MADE BY PROVIDERS USING THE SERVICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL ENWELLA OR ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, INCLUDING LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, OR BUSINESS INTERRUPTION, EVEN IF ENWELLA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
ENWELLA'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS (WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) WILL NOT EXCEED THE GREATER OF: (A) THE FEES PAID BY YOU TO ENWELLA IN THE 12 MONTHS PRECEDING THE CLAIM; OR (B) ONE HUNDRED DOLLARS ($100).
THE PARTIES ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION REFLECT A REASONABLE ALLOCATION OF RISK AND ARE AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. ENWELLA WOULD NOT PROVIDE THE SERVICE WITHOUT THESE LIMITATIONS.
Nothing in these Terms excludes or limits liability that cannot be limited under applicable law (e.g., gross negligence, willful misconduct, fraud, or death/personal injury caused by EnWella's negligence).
You agree to indemnify, defend, and hold harmless EnWella, its affiliates, officers, directors, employees, agents, licensors, and service providers from and against all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising out of or related to: - Your violation of these Terms - Your violation of applicable law, including HIPAA - Your clinical decisions or medical malpractice - Your use of the Service in a manner inconsistent with these Terms or the BAA - Content or data you submit to the Service - Your failure to obtain required patient consents and authorizations - Any breach by your workforce members of their obligations
These Terms are effective as of the date you first access the Service and continue until your Subscription is terminated.
You may terminate your Subscription at any time by providing written notice. Termination is effective at the end of your current billing cycle (monthly) or the end of your prepaid term (annual), unless otherwise agreed.
EnWella may terminate or suspend your Subscription immediately upon written notice if: - You breach these Terms (including the BAA) and fail to cure within 10 days of notice - You become insolvent, file for bankruptcy, or make an assignment for the benefit of creditors - EnWella reasonably determines that your use of the Service creates a security risk, legal liability, or harm to other customers - Required by law or court order
EnWella may terminate the Service generally upon 90 days' notice.
Upon termination: - All licenses granted under these Terms immediately terminate - You must cease using the Service and export your data during the 90-day retention window - Sections that by their nature should survive (payment obligations, IP rights, disclaimer, limitation of liability, indemnification, dispute resolution) survive termination
EnWella may temporarily suspend your access to the Service: - For scheduled maintenance - If your account is past due (after 15 days' notice) - To protect the security of the Service or other customers - If required by law enforcement or a court
EnWella will restore access promptly once the cause of suspension is resolved.
You agree to comply with all applicable laws and regulations in your use of the Service, including: - HIPAA and HITECH - State medical records and health data privacy laws (including but not limited to California CMIA, New York SHIELD Act, Texas HHSC rules) - State telehealth and telemedicine regulations - Professional licensing requirements - Anti-kickback statutes and Stark Law (if applicable) - Payment Card Industry Data Security Standards (PCI-DSS) where applicable - The Americans with Disabilities Act (ADA) - State consumer protection laws
If you use the Service in connection with telehealth services: - You are solely responsible for compliance with all state telehealth laws, including prescribing restrictions, informed consent requirements, and cross-state licensure rules - EnWella makes no representations about the legality of telehealth in any jurisdiction - Not all clinical services can be provided via telehealth; you are responsible for determining appropriateness of care - Patients must provide informed consent for telehealth services; documentation of that consent in the Service is your responsibility
These Terms are governed by and construed under the laws of the State of [STATE], without regard to its conflict-of-law provisions.
PLEASE READ THIS SECTION CAREFULLY — IT AFFECTS YOUR LEGAL RIGHTS.
Any dispute, claim, or controversy arising out of or relating to these Terms or the Service (a "Dispute") shall be resolved by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules. The arbitration shall take place in [CITY, STATE], or by videoconference. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.
EXCEPTIONS: Either party may seek (a) emergency injunctive relief in a court to preserve the status quo pending arbitration, or (b) relief in small claims court for disputes within that court's jurisdiction.
YOU WAIVE ANY RIGHT TO BRING CLAIMS AS A CLASS ACTION, COLLECTIVE ACTION, OR REPRESENTATIVE ACTION. ALL DISPUTES MUST BE BROUGHT IN AN INDIVIDUAL CAPACITY.
Any claim arising out of or related to these Terms must be filed within one (1) year after the cause of action arises, or it is permanently barred.
You may opt out of mandatory arbitration within 30 days of first accepting these Terms by emailing [LEGAL_EMAIL] with the subject "Arbitration Opt-Out." Opting out does not affect any other part of these Terms.
All notices to EnWella must be in writing and sent to:
[COMPANY LEGAL NAME] Attn: Legal Department [COMPANY ADDRESS] Email: [LEGAL_EMAIL]
EnWella may provide notices to you by email at the address on your account or by posting a notice on the Service. Notices are effective immediately upon delivery.
These Terms, together with the BAA, Privacy Policy, and any applicable Order Form or Statement of Work, constitute the entire agreement between you and EnWella regarding the Service and supersede all prior agreements.
EnWella may update these Terms by posting a revised version to the Service or providing notice to you. Material changes take effect 30 days after notice. Continued use of the Service constitutes acceptance of the updated Terms.
If any provision of these Terms is found invalid or unenforceable, the remaining provisions remain in full force.
EnWella's failure to enforce any right or provision of these Terms does not constitute a waiver of that right or provision.
You may not assign these Terms without EnWella's prior written consent. EnWella may assign these Terms in connection with a merger, acquisition, or sale of assets upon notice to you.
EnWella is not liable for any delay or failure caused by events beyond its reasonable control, including natural disasters, war, terrorism, labor disputes, government actions, internet outages, or pandemic.
The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, employment, or franchise relationship.
For questions, contact us at [SUPPORT_EMAIL]. For security concerns, contact [SECURITY_EMAIL]. For legal matters, contact [LEGAL_EMAIL].
EnWella — Your health, elevated. © [YEAR] [COMPANY LEGAL NAME]. All rights reserved.
ATTORNEY REVIEW NOTICE: This document is a template and must be reviewed by a licensed attorney in your jurisdiction before publication. Specific provisions, particularly those related to arbitration, governing law, and healthcare regulation compliance, require legal review tailored to your business circumstances.