These Provider Portal Terms of Service ("Portal Terms") govern Provider's day-to-day access to and use of the BoneArc provider portal. By clicking "I Agree," signing an Order Form, or accessing the Portal, Provider agrees to be bound by these Terms. These Portal Terms are incorporated into and subject to the Master SaaS Agreement between BoneArc, Inc. and Provider. In the event of any conflict, the Master SaaS Agreement controls.
THE PORTAL IS NOT A MEDICAL DEVICE, CLINICAL DECISION SUPPORT SYSTEM, BILLING SERVICE, OR ELECTRONIC HEALTH RECORD. ALL CLINICAL AND BILLING DECISIONS REMAIN SOLELY WITH PROVIDER AND PROVIDER'S LICENSED CLINICAL STAFF.
1. Acceptance of Terms
By clicking "I Agree," signing an Order Form, or accessing the Portal, the individual accepting these Terms represents and warrants that: (a) they have the authority to bind Provider to these Terms; (b) Provider is a licensed healthcare entity or individual practitioner in good standing; and (c) Provider has read, understood, and agrees to be bound by these Terms.
2. Permitted Use
BoneArc grants Provider a limited, non-exclusive, non-transferable, revocable license to access and use the Portal solely for the following permitted purposes:
(a) Clinical Monitoring of Own Patients: Accessing patient-reported outcome data and recovery metrics for patients who are currently enrolled in Provider's active therapeutic monitoring program and for whom Provider has obtained appropriate patient consent.
(b) Program Management: Enrolling, monitoring, and managing Provider's patient RTM programs using the Portal's administrative tools.
(c) Reporting: Generating and downloading reports for Provider's internal clinical and administrative use.
3. Provider Responsibilities
(a) Licensure: Provider shall maintain all required professional licenses, certifications, and accreditations, and shall ensure that all Authorized Users maintain valid and unrestricted licenses to practice in the states in which they provide services.
(b) Patient Consent: Provider is solely responsible for obtaining all necessary patient authorizations, consents, and acknowledgments required by applicable law before enrolling a patient in any monitoring program facilitated through the Portal.
(c) Clinical Documentation: Provider is responsible for maintaining all required clinical documentation, including plans of care, medical necessity documentation, and clinical records, in compliance with applicable law and payer requirements.
(d) Billing Compliance: Provider is solely responsible for all billing and coding decisions, including the selection of CPT codes, modifiers, and supporting documentation. BoneArc provides no billing services, coding recommendations, or reimbursement guarantees.
(e) Staff Training: Provider shall ensure that all Authorized Users are trained on these Terms and applicable HIPAA requirements before accessing the Portal.
(f) Incident Reporting: Provider shall promptly notify BoneArc of any suspected security incidents, unauthorized access, or breaches involving the Portal at service@bonearc.com.
4. Prohibited Uses
Provider and all Authorized Users are strictly prohibited from:
(a) Scraping or Automated Access: Using automated scripts, bots, crawlers, scrapers, or other automated tools to access, collect, or extract data from the Portal.
(b) Resale or Redistribution: Reselling, sublicensing, or redistributing access to the Portal or any data obtained through the Portal to any third party.
(c) Unauthorized Patient Access: Accessing or viewing patient data for any patient who is not currently enrolled in Provider's active monitoring program or for whom Provider does not have a current treatment relationship.
(d) Competitive Use: Using the Portal or any data derived from the Portal to build, support, or improve a product or service that competes with BoneArc.
(e) Unauthorized Disclosure: Disclosing patient data accessed through the Portal to any party not authorized under Provider's BAA with BoneArc.
(f) Data Mining: Using the Portal for data mining, research, or any purpose not directly related to Provider's clinical operations with Provider's own patients.
(g) System Interference: Attempting to gain unauthorized access to any system or network associated with the Portal, or interfering with the Portal's security, availability, or performance.
5. Account Security
Provider is responsible for maintaining the confidentiality of all account credentials issued to or created by Provider and its Authorized Users. Provider shall: (a) ensure that each Authorized User has unique, individual login credentials and does not share credentials with others; (b) require Authorized Users to use strong passwords and to update passwords regularly; (c) enable and enforce multi-factor authentication if made available by BoneArc; (d) immediately revoke access for any Authorized User who is no longer employed by or affiliated with Provider; and (e) promptly notify BoneArc of any suspected unauthorized access to Provider's account.
Provider is liable for all actions taken under Provider's account and the accounts of its Authorized Users, whether or not authorized by Provider.
6. Termination
BoneArc may suspend or terminate Provider's access to the Portal immediately upon written notice for: (a) material breach of these Terms or the Master SaaS Agreement; (b) Provider's loss of required professional licensure; (c) Provider's involvement in fraud, abuse, or illegal activity; (d) any action by Provider that BoneArc reasonably believes creates legal or regulatory risk for BoneArc. Provider may terminate its subscription in accordance with the Master SaaS Agreement.
Upon termination, Provider must immediately cease all use of the Portal. BoneArc will make patient data available for export for thirty (30) days following termination, after which BoneArc will handle data in accordance with the BAA.
7. Contact
For questions about these Terms, to report a security incident, or to exercise any rights, please contact:
BoneArc, Inc. · 131 Continental Dr, Suite 305, Newark, DE 19713
Email: service@bonearc.com