HIPAA BUSINESS ASSOCIATE CONTRACT FOR EYE CARE

VisionWeb

8601 F.M. 2222 Building 3, Suite 400 Austin, TX 78730

Tel 512.241.8500 Fax 512.794.9026 www.visionweb.com

HIPAA BUSINESS ASSOCIATE CONTRACT FOR EYE CARE PROVIDERS

The following contract terms are intended to specify VisionWeb’s obligations to you as a Business Associate

under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Under HIPAA, health care

providers have certain obligations to protect information about their patients. This kind of information is called

"Protected Health Information." These obligations are spelled out in regulations issued by the United States

Department of Health and Human Services ("HHS").

These provisions are intended to be interpreted consistently with HIPAA and all regulations issued by HHS

under it. They are also intended to incorporate by reference all other terms and conditions and agreements

which apply to the services provided by VisionWeb (the “Services”).

Most eye care providers are required to comply with HIPAA. The question whether you must comply with

HIPAA and what your compliance program should include is one only you can answer. However, VisionWeb

will comply with the following conditions with every eye care provider which uses the Services, whatever their

status under HIPAA.

One HIPAA requirement is that every health care provider must enter into a "Business Associate Contract" with

any other party which obtains or uses Protected Health Information from or on behalf of the health care

provider. This kind of party is called a HIPAA "Business Associate." A Business Associate Contract is intended

to require the Business Associate to preserve the confidentiality of Protected Health Information. The required

terms for every Business Associate Contract have been specified in HIPAA privacy regulations published by

HHS.

When you use the Services, you frequently need to provide VisionWeb with Protected Health Information, such

as for ordering goods or services, or transmitting claims for payment. This makes VisionWeb your Business

Associate for purposes of HIPAA. VisionWeb therefore agrees to protect any Protected Health Information it

obtains from you or on your behalf when using the Services as follows:

VisionWeb will only use or disclose Protected Health Information it obtains from you or on your behalf for

purposes of providing the Services to you, or as otherwise provided in this Agreement.

VisionWeb may use and disclose Protected Health Information as necessary for its proper management and

administration, or to carry out its legal responsibilities.

At its reasonable discretion, VisionWeb may use Protected Health Information to perform data aggregation

services on behalf of eye care providers, manufacturers, distributors, and optical laboratories.

VisionWeb will not use or disclose Protected Health Information it obtains from you or on your behalf for any

other activity or purpose, unless you have authorized VisionWeb to do so in writing and such use or disclosure

is otherwise permitted by law.

VisionWeb

8601 F.M. 2222 Building 3, Suite 400 Austin, TX 78730

Tel 512.241.8500 Fax 512.794.9026 www.visionweb.com

VisionWeb will establish and maintain administrative and technical safeguards which it determines are

reasonably necessary to protect any Protected Health Information it obtains from you or on your behalf.

If VisionWeb becomes aware of any use or disclosure of Protected Health Information obtained from you or on

your behalf which is not authorized under these Business Associate Terms and Conditions, VisionWeb will take

such action as it determines is reasonably necessary to stop such use or disclosure, prevent its recurrence, and

mitigate any harm it may have caused. VisionWeb will also report any such unauthorized use or disclosure to

you.

If VisionWeb contracts with or otherwise uses any other person to process, transmit, store or otherwise use or

disclose Protected Health Information obtained from or on behalf of you, VisionWeb shall ensure that such

person agrees to the same restrictions and requirements with respect to such information that apply to

VisionWeb.

If one of your patients asks you to review or copy Protected Health Information which VisionWeb maintains for

you or on your behalf, upon your written request to our Privacy Officer, VisionWeb will provide reasonable

access to or copies of such information to you, which you may provide to your patient. If necessary, VisionWeb

will also make available any such information from any other person which has obtained it on VisionWeb’s

behalf.

If you have agreed to a request from one of your patients to amend Protected Health Information which

VisionWeb maintains for you or on your behalf, VisionWeb will add that amendment to its own records of that

Protected Health Information upon your written request to our Privacy Officer. To the extent reasonable and

feasible, VisionWeb will notify any other person to which VisionWeb has disclosed such information of the

amendment. However, amendments cannot be made to previously lab and product orders.

If one of your patients has requested you to provide an accounting of disclosures of his or her Protected Health

Information, you will have access to your previously submitted claims and lab and product orders. If you cannot

access these transactions on the web site, upon your written request to our Privacy Officer, VisionWeb will

promptly provide such an accounting of previously sent transactions to you to provide to your patient.

Under HIPAA, HHS may from time to time investigate the compliance of any health care provider with the

HIPAA regulations. If you should become the subject of such an investigation, VisionWeb will make its

internal practices, books and records concerning its use and disclosure of Protected Health Information obtained

from you or on your behalf available to HHS, at reasonable times and places and upon proper evidence of the

investigator's legal authority.

Consistent with the termination provisions of the Services agreement, you may terminate your use of the

Services at any time if you are not satisfied with VisionWeb’s compliance with these Business Associate

contract terms.

If you terminate your use of the Services for any reason, VisionWeb will stop using and disclosing all Protected

Health Information it has obtained from you or on your behalf, except in order to (a) complete any transactions

VisionWeb

8601 F.M. 2222 Building 3, Suite 400 Austin, TX 78730

Tel 512.241.8500 Fax 512.794.9026 www.visionweb.com

or services which had not been completed as of the termination, or (b) if needed as evidence in regulatory or

law enforcement investigative or enforcement proceedings, and administrative or judicial proceedings

pertaining to VisionWeb’s compliance with these provisions, the Eye Care Provider, and/or any individual(s) to

whom the Protected Health Information pertains.

VisionWeb may amend these Business Associate contract terms from time to time if VisionWeb determines

amendment is reasonably necessary to ensure compliance with amendments to or changes in the interpretation

of HIPAA or any regulations issued under it, or to accommodate changes in policies, processes or procedures

used by VisionWeb to protect Protected Health Information. Any such amendment shall be effective upon the

publishing of the amended Business Associate Terms and Conditions on the VisionWeb website and the

notification of those changes on the main page of the web site. If you choose to use the Services after the date

on which such amendment is effective, you will be considered to have agreed to the amended terms and

conditions.

These Business Associate Contract terms incorporate VisionWeb’s Terms and Conditions posted on

www.visionweb.com by reference In case of any conflict between these Business Associate Contract terms and

the Terms and Conditions on www.visionweb.com when applied to the use, disclosure or protection of

Protected Health Information by VisionWeb, these Business Associate Contract terms will supersede the Terms

and Conditions. The Terms and Conditions will supersede these Business Associate Contract terms in case of

any other conflict.

PLEASE SIGN THE LINE BELOW INDICATING THAT YOU UNDERSTAND THE TERMS OF

THE BUSINESS ASSOCIATE CONTRACT. YOU DO NOT NEED TO RETURN THIS CONTRACT

TO US. PLEASE SAVE IN YOUR FILES TO COMPLY WITH HIPAA.

____________________________

Your Signature Date

____________________________

Michael C. O’Malley Date

VisionWeb Privacy Officer