SHIFOX - Secured Health Information Exchange

Members of the current team include experienced former healthcare and IT executives and an offshore partner with a proven track record to build, with scale, large offshore outsourcing capabilities.

Welcome to SHIFOX!

Terms of Service and Privacy Policy Agreement

SHIFOX or SHIFOX Network is a web-based, HIPAA-compliant technology that enables health care providers, healthcare practices, healthcare facilities, and healthcare staff to coordinate the continuity of care of their patients.

This User agreement describes the responsibilities SHIFOX has to you and you have to SHIFOX.

SHIFOX User Agreement

THIS IS A LEGALLY BINDING AGREEMENT between SHIFOX, a New York Limited Liability Corporation ("the Company") and you, ("User"). By agreeing to these terms (clicking "OK"), or through the continued use of the system, you signify that you agree to the terms of use including those out-lined in the SHIFOX privacy policy.

1. License.

SHIFOX hereby grants to User a perpetual, non-exclusive, non transferable, revocable limited license to use the Software only for User’s internal business purpose and subject to the terms and restrictions set forth in this Agreement. SHIFOX authorize you to access the System and to use the Services the system offers for the Lawful exchange of information that is protected as personal health information as well as other sensitive information and data. You agree that you will not access the System or use the Services for any other purposes. In particular:

a. You will not reproduce, publish, or distribute content in connection with the System that infringes any third party's trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;

b. You will comply with all applicable laws, including laws relating to maintenance of privacy, security, and confidentiality of patient and other health information and the prohibition on the use of telecommunications facilities to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;

c. You will not: (i) abuse or misuse the System or the Services, including gaining or attempting to gain unauthorized access to the System, or altering or destroying information in the System except in accordance with accepted practices; (ii) using the System or Services in a manner that interferes with other Users' use of the System; or (iii) using the System or the Services in any manner that violates SHIFOX Policies and Procedures.

You will adhere to all Safeguards necessary to protect the data hosted on the SHIFOX system. You will comply with all related HITECH and HIPAA requirements as defined by law. You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the System from access, use or alteration from the System or using a User ID assigned to you or a member of your staff utilizing the SHIFOX system as well. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule, whether or not you are otherwise subject to HIPAA.

Use of Patient Information is subject to the SHIFOX Business Associate Agreement and your authorization of Affiliates within the use of this systems feature. You authorize SHIFOX, as your business associate, to use and disclose Patient Information as necessary for the purpose of facilitating the features of this system, such secure messaging and referrals form you (or your Designee) to another Healthcare Provider (or their Designee), subject to the this agreement to comply with the SHIFOX Policies and Procedures, and with applicable laws and regulations relating to the use and disclosure of Health Information.

By agreeing to this Agreement you are required to immediately notify us of any breach or suspected breach of the security of the System of which you become aware, or any unauthorized use or disclosure of information within or obtained from the System, and you will take such action to mitigate the breach or suspected breach as SHIFOX may direct, and will cooperate with SHIFOX in investigating and mitigating the breach.

SHIFOX may suspend access to the System immediately pending Users cure of any breach of this Agreement, or in the event SHIFOX determines that access to or use of the System by User may jeopardize the System or the confidentiality, privacy, security, integrity or availability of information within the System, or that any person is or may be making unauthorized use of the System with any User ID assigned to User. The election of SHIFOX to suspend the Services shall not waive or affect the rights of SHIFOX to terminate this Agreement as permitted under this Agreement.

2. Intellectual Property.

All applicable rights to patents, copyrights, trademarks and trade secrets in the Software, Third Party Software, are and shall remain with SHIFOX, or the respective third party. User agrees to secure and protect, and to have its Authorized Users secure and protect, the Software and Third Party Software in a manner consistent with the maintenance of SHIFOX and/or the third party’s rights therein in furtherance of its obligations hereunder.

You agree that any information, material or work product you provide to this site, other than Patient Information and Personal Information, is the exclusive property of the SHIFOX and by submitting such content or material you assign to the Company all intellectual property rights in such content or material. You agree that SHIFOX may use, disclose, market, license and sell such information and works, including derivative products, without restriction. Furthermore, you agree that the Company may use, disclose, market, license and sell such material or content, and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material you provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law.

3. Restrictions.

User shall not modify, copy, duplicate, reproduce, license or sublicense the Software, or sell or resell the Software or any right in the Software to anyone else without the prior written consent of SHIFOX. Modification, reverse engineering, reverse compiling, or disassembly of the Software is expressly prohibited. User shall not sell, license, transfer, publish, disclose, display or otherwise make available the Software or Third Party Software to others.

You agree that your use of the System is subject to verification by us of your identity and credentials within the requirements set forth in the HITECH Act, HIPAA, Meaningful Use stages 1, 2, and 3 and that you are in good standing with all the necessary and appropriate federal, state, and local rules and regulations. You agree that SHIFOX may use and disclose your Personal Information for such purposes, including (without limitation) making inquiry of third parties concerning your identity and professional and practice credentials. You authorize such third parties to disclose to us such information as SHIFOX may request for such purposes, and you agree to hold them and us harmless from any claim or liability arising from the request for or disclosure of such information. You agree that SHIFOX may terminate your access to or use of the System at any time if SHIFOX is unable at any time to determine or verify your qualifications or credentials.

No Third-Party Access. Except as required by law, you will not permit any third party (other than your Authorized Designees) to have access to the System or to use the Services without the prior written consent of SHIFOX. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the System. You will cooperate fully with us in connection with any such demand.

4. Responsibilities of User.

SHIFOX authorize you to use the User IDs assigned to you by SHIFOX. You acquire no ownership rights in any User ID and User IDs may be revoked or changed at any time at the sole discretion of SHIFOX. User will adopt and maintain reasonable and appropriate security precautions for User IDs to prevent their disclosure to or use by unauthorized persons.

You are solely responsible for ensuring that your use of the System and the Services complies with applicable law and policies or procedures dictated by your employer or institution (hospitals, clinics, or facilities) and contracts (third party payers, partners, and affiliates). You will not undertake or permit any unlawful use of the System, or take any action that would render the operation or use of the System by us or any other User unlawful. We offer no assurance that your use of the System and the Services under the terms of this Agreement will not violate any law or regulation applicable to you.

You may utilize the Affiliate feature of the system to permit your Staff to share your data on your behalf, subject to the terms of this Agreement. You will:

a. Verify each of your Affiliates;

b. Ensure that only you and your Affiliates access the System for Your data;

c. Immediately utilize the termination of Affiliate Feature to end your authorization for any member of your previously authorized staff upon termination of employment.

d. Immediately utilize the termination of Affiliate Feature to terminate Affiliate for any member of your previously authorized s upon discovery of any violation of this Agreement.

5. Payment for License and Professional Services.

In consideration for the grant of the license and the use of the Software, Licensee agrees to pay SHIFOX only if the User elects to use the SHIFOX Premium services as they are offered to Users. Premium Fees shall be paid within two (2) days of the start of each billing cycle and will be automatically charged to the credit card you provide if and when you choose to participate in the Premium Product. Utilization of Premium Product features can be discontinued without notice in the event payment is not received within ten (10) business days. Taxes: All charges and fees shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and you agree to pay any tax (excluding taxes on SHIFOX net income) that SHIFOX may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services purchased under this Agreement. In the event any overdue amount owed by Licensee is not paid following thirty (30) days written notice from SHIFOX, then in addition to any other amount due SHIFOX may impose and User/Licensee shall pay a late payment charge at the rate of one percent (1%) per month on any overdue amount.

6. Support Services.

SHIFOX shall provide Support Services, including technical support, Software upgrades, and maintenance releases to User. It is Users responsibility to meet all Minimum System Requirements as well as all Hardware, other equipment, and software necessary to access the System as well as the security of your data from that hardware. It is the responsibility of User to have appropriate virus protection on their systems.

7. Warranty of Title.

SHIFOX hereby represents and warrants to User that SHIFOX is the owner of the Software or otherwise and SHIFOX has the right to grant to User the rights set forth in this Agreement.

8. Trade Secrets: Title.

User acknowledges and agrees that the structure, sequence and organization of the Software are the valuable trade secrets of SHIFOX. User agrees to hold such trade secrets in confidence. User further acknowledges and agrees that ownership of, and title to, the Software and all subsequent copies thereof regardless of the form or media are held by SHIFOX.

9. Term and Termination.

Term: The term of this Agreement shall be for a period of One (1) year and shall be automatically renewable for three (3) successive one (1) year terms unless either party shall notify the other in writing at least 60 days prior to the conclusion of the initial term of any successive term of this Agreement.

Modification. SHIFOX may change the Services and the terms under which they are provided to User (including terms set forth in this Agreement) by providing you not less than thirty (30) days' notice of a change affecting financial terms, or fifteen (15) days' notice of any other change. Upon receipt of such a notice, you may terminate this Agreement by giving written notice to us on or before the effective date of the change. You agree that your failure to give notice of termination prior to the effective date of the change constitutes acceptance of the change, which shall thereupon become part of this Agreement.

Termination: Either party may terminate this contractual agreement (termination must be submitted in writing) on not less than 60 days' notice. Within the life of the notice period, will perform in accordance with this contract. User is required to make payments for all services provided by SHIFOX during the notice period and any other outstanding payments that are past due.

10. Limitation of Liability.

SHIFOX nor it suppliers make any specific promises about the services. We do not make any commitment about the specific function of the services, or their reliability, availability, or ability to meet your needs. We provide this system and all services “As Is”. In no event shall SHIFOX be liable to User or any other party for any incidental, special or consequential damages, loss of data or data being rendered inaccurate, loss of profits or revenue, or interruption of business in any way arising out of or related to the use or inability to use the software and/or documentation, regardless of the form of action, whether in contract, tort, strict product liability or otherwise, even if any representative of SHIFOX has been advised of the possibility of such damages as permitted by law.

You will be solely responsible for the use of the System by you and your Designees, and shall indemnify us and hold us harmless from any claim, cost or liability arising from such use, including reasonable attorneys' fees.

SHIFOX relies on the assurances of the recipients of the information as to (i) their identity and credentials, (ii) the purposes for which they are accessing the System, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the System will contain certain technical safeguards against misuse of the System, it will rely to a substantial extent on the representations and undertakings of Users. User agrees that SHIFOX will not be responsible for any unlawful access to or use of Patient Information by any User resulting from the User's misrepresentation to us, or breach of the User's agreement.

If you are using SHIFOX on behalf of a business, that business accepts these terms. It will hold harmless and indemnify SHIFOX and its affiliates, officers, agents, and employees from any claim, suit or action arising from or related to the use of the Services or violation of these terms, including any liability or expense arising from claims, losses, damages, suits, judgments, litigation costs and attorneys’ fees.

11. Notice.

Any notice required by this Agreement or given in connection with it, shall be in writing and shall be given to the appropriate party by personal delivery or by certified mail, postage prepaid, or recognized overnight delivery services. To the address provided below or to such other and different addresses as the Parties may designate in writing. If to SHIFOX: PriMedx Solutions, LLC, 1800 Northern Boulevard, Roslyn, NY 11576.

12. Governing Law.

This Agreement shall be construed and enforced in accordance with the laws of the state of New York, USA.

13. No Assignment.

Neither this Agreement nor any interest in this Agreement may be assigned by either the User or SHIFOX without the prior express written approval of SHIFOX.

14. Force Majeure

No party is liable for failure to perform the party's obligations if such failure is as a result of Acts of God (including fire, flood, earthquake, storm, hurricane or other natural disaster), war, invasion, act of foreign enemies, hostilities (regardless of whether war is declared), civil war, rebellion, revolution, insurrection, military or usurped power or confiscation, terrorist activities, nationalization, government sanction, blockage, embargo, labor dispute, strike, lockout or interruption or failure of electricity or telephone service. No party is entitled to terminate this Agreement under Clause 9 (Termination) in such circumstances.

15. Entire and Final Agreement.

This Agreement sets forth the entire understanding and agreement between SHIFOX and User, and terminates and supersedes all prior understandings or agreements, whether written or oral, with respect to the Software. This Agreement may be modified only by a further writing that is duly executed by all parties to this Agreement.

16. Severability.

In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired and a valid, legal and enforceable provision of similar intent and economic impact shall be substituted therefore.

17. Waiver.

No term of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute consent to, waiver of, or excuse for any other different or subsequent breach

18. Headings.

Headings used in this Agreement are provided for convenience only and shall not be used to construe meaning or intent.

For information about how to contact SHIFOX, please visit our contact page.

THE SHIFOX PRIVACY PROMISE

These written assurances are given by SHIFOX to Users of the SHIFOX web site (each a “Covered Entity”) that SHIFOX in maintaining,using and affording access to Patient Information in accordance Terms of Service and Privacy Policy will abide by the following:

Definitions

Catch-all definition:

The following terms used in these assurances shall have the same meaning as those terms in the HIPAA Rules: breach, data aggregation,designated record set, disclosure, health care operations, individual, minimum necessary, notice of privacy practices,protected health information, required by law, secretary, security incident, subcontractor, unsecured protected health information, and use.

Specific definitions:

(a)Business Associate.“Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to these assurances, shall mean SHIFOX.

(b) Covered Entity. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103.

(c)HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

Obligations and Activities of Business Associate

Business Associate agrees to:

(a) Not use or disclose protected health information other than as permitted or required by the applicable Terms of Service and Privacy Policy, this document, or as required by law;

(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the applicable Terms of Service and Privacy Policy;

(c) Report to Covered Entity, promptly but no later than fifteen (15) business days, any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;

(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;

(e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;

(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;

(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;

(h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and

(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.

Permitted uses and Disclosures by Business Associate

(a) Business Associate may only use or disclose protected health information as necessary to perform the services set forth in the Terms of Service and Privacy Policy.

(b) Business Associate may use or disclose protected health information as required by law.

(c) Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures.

(d) Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth below.

(e) Business Associate may use protected health information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.

Term and Termination

(a)Term. These assurances begin at the time a Covered Entity checks the affirmative box of the Terms of Service and Privacy Policy with SHIFOX and shall continue for as long as SHIFOX is in possession of any Protected Health Information provided by or on behalf of the Covered Entity. SHIFOX will not revoke or change these assurances unless required to do so by law or regulation.

(b)Termination for Cause. Business Associate authorizes termination of the applicable Terms of Service and Privacy Policy or this document, at the option of the Covered Entity, if Covered Entity determines Business Associate has violated a material term of these assurances.

Upon termination of the Terms of Service and Privacy Policy, Business Associate shall:

1. Retain only that protected health information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;

2. Destroy, if practicable, the remaining protected health information that the Business Associate still maintains in any form;

3. Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as Business Associate retains the protected health information;

4. Not use or disclose the protected health information retained by Business Associate other than for the purposes for which such protected health information was retained and subject to the same conditions set out at paragraph (e) above under “Permitted Uses and Disclosures By Business Associate” which applied prior to termination; and

5. Destroy, if practicable, the protected health information retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

6. With respect to any protected health information that cannot practicably be destroyed, to continue measures stated herein to safeguard such information and prevent its use or disclosure except as provided for above.

(d) Survival.

The obligations of Business Associate under this section shall survive the termination of the Terms of Service and Privacy Policy and this document.

Mr. Topfer is the President of SHIFOX which is a Health Information Technology company offering a suite of Population Health products. Prior to SHIFOX Mr. Topfer worked with Physicians Reciprocal Insurers (PRI) to develop various health information solutions for its insureds’. Mr. Topfer is also a founder of PriMedx Solutions and Medical Back-Office Solutions which are companies that provide services to healthcare organizations such as electronic health record system, medical transcription and revenue cycle management.

Prior to PRI, Mr. Topfer acted as a consultant for a merchant banking firm, Juris Group, specializing in media, healthcare and technology. He provide strategic, operational and financial advisory services to various clients such as SAIC (a Fortune 300 research and engineering company), and Proprietary Media.

Prior to Juris Group, Mr. Topfer was recruited as a member of the turn-around team for Collegiate Health Care (“CHC”), a national provider of student health services at colleges/universities with 14 Health Centers under management, 200+ employees and annualized revenues of $10 million. As the Senior Vice President of Operations, Mr. Topfer led a transitional operations team that re-positioned the Company for sale and re-engineered the corporate infrastructure reducing corporate overhead by 50%. Mr. Topfer was also the Vice president of Corporate Planning and Development for CHC. In that role, he executed business development, strategic planning, forging of strategic alliance partnerships, and corporate financing functions. He achieved the largest account growth in Company history. Prior to joining CHC, Jeffrey Topfer was a Partner with NOVUS Health Care, a consulting firm in Delray Beach, Florida. Novus provided physicians and other healthcare service organizations assistance with strategic planning, contracting, group practice formation, due diligence and mergers and acquisitions of practices and ancillary services. Prior to NOVUS, Mr. Topfer founded PriMEDx, Inc., a physician practice management company acquiring and managing primary health care practices in rural areas. Mr. Topfer was the Senior Vice President and was responsible for development, clinic and corporate operations and legal concerns. In 1995, PriMEDx, Inc. was sold to Community Care of America, Inc. (CCA) a national rural health care company. Mr. Topfer also provided development and operational support for CCA.

As Counsel and Director of Legislative Affairs for U.S. Strategies Corp., he consulted major, for profit, alternative site health care companies.

Mr. Topfer also worked in the national health care department of Ernst & Young and was a special assistant to Senator Daniel Moynihan’s senior health care aide.

Mr. Topfer earned a Master in Public Health Degree from Columbia University, a J.D. degree from Boston University School of Law and a BBA in Finance from the University of Miami.

Stan Schroeder is Managing Partner of Essential Healthcare Management, LLC. Over the past 20 years, Mr. Schroeder has been responsible for the development of EHM’s various business entities, which have grown to 6 companies serving dozens of suppliers across the healthcare continuum, providing expert guidance in contracting, sales, implementation and infrastructure improvement. He has led the growth of EHM’s new and innovative businesses involved in more than $1 billion in commerce. These companies represent medical device and equipment manufacturers and resellers, software, services, mobile technology and supplies, designed to make healthcare more efficient and to reduce cost while improving patient outcomes and experience. In addition, Mr. Schroeder is President of EHM Partners, a private equity firm focused on healthcare industry investment and performance.

Mr. Schroeder has been on the forefront of Innovative Technology, such as Impedance Threshold Devices, Fluid Warming, Non-Invasive Hemodynamic Monitoring, and UV Light-Based Infection Control, Automated Ventilation, and others. He currently serves as consultant for the following companies: Corporate Contracts, Inc.; Criterion Healthcare Security; Uresil, LLC; Global Parcel Service; HemCon; SunClean, LLC; KMA Media; Vantari Genetics; QMed Pharmacies; and the Healthcare Facilities Executive Society.

Mr. Schroeder has been a leader in promoting diversity in health care. He works closely with the Premier SEEDS Program, and with other Group Purchasing Organizations and healthcare entities to give certified WMBE’s opportunities to penetrate the healthcare market with their products and services.

Mr. Schroeder devotes time to both volunteer and philanthropic activities. Mr. Schroeder is active in raising awareness and funding for Alzheimer ’s disease research, Disease State Testing and Chemotherapeutic Genetic Assessments. Mr. Schroeder received his Bachelor of Science degree from South Dakota State University in 1994

Leadership Team

SHIFOX - Reset Password

SHIFOX - Terms & Conditions

HIPAA Policy

Jeffrey Topfer, President & CEO

Sudarshan W H, Chief Technology Officer

Stan Schroeder, Sales and Marketing

Manjunath KS, Program Manager

Ken Cetin, B.S. PA-C, MBA (April 2015)