Healthcare & Enterprise

Terms of Service

Last updated: March 18, 2026

1. Acceptance of Terms

By subscribing to Echoes Clinical, your organization agrees to these Terms of Service. If you do not agree, do not use the service. These terms supplement our standard Terms of Service and include additional obligations for healthcare users.

2. Service Description

Echoes Clinical is a HIPAA-compliant platform that enables healthcare organizations to manage patient communications, care documentation, and therapeutic exercises. It includes patient dashboards, care tracking, secure messaging, and clinical workflow tools.

3. Healthcare Organization Obligations

As a healthcare organization using Echoes Clinical, you agree to:

  • Maintain appropriate HIPAA policies and procedures
  • Ensure all users are trained on HIPAA requirements
  • Obtain necessary patient consents for platform use
  • Report any suspected breaches immediately
  • Maintain current Business Associate Agreements

4. Permitted Use

Echoes Clinical is intended exclusively for legitimate healthcare purposes. Organizations and their authorized users may use the platform to:

  • Manage patient care plans and documentation
  • Conduct secure provider-patient communications
  • Track therapeutic progress and outcomes
  • Coordinate care across team members

5. Prohibited Uses

You may not use Echoes Clinical to:

  • Store or transmit any content that violates HIPAA
  • Share credentials or access beyond authorized users
  • Attempt to reverse engineer security controls
  • Use the service for non-clinical purposes
  • Violate any applicable healthcare laws or regulations

6. Data Ownership

The healthcare organization retains ownership of all patient data and PHI submitted to the platform. Echoes serves as a processor and stores data on behalf of the organization. Upon termination, data is returned or securely destroyed per our BAA.

7. HIPAA Compliance

Echoes Clinical operates as a Business Associate under HIPAA. We maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule. Annual risk assessments and penetration testing are conducted and documented.

8. Business Associate Agreement

A signed Business Associate Agreement is required before any PHI is processed on Echoes Clinical. The BAA governs all PHI handling and is incorporated into these terms by reference.

9. Service Levels

We commit to the following service levels for healthcare customers:

  • Uptime: 99.9% availability, excluding scheduled maintenance
  • Support: Response within 4 hours for critical issues, 24 hours for standard
  • Maintenance: Advance notice for scheduled downtime
  • Backup: Daily encrypted backups with 30-day retention

10. Security & Incidents

We maintain 24/7 security monitoring and have documented incident response procedures. In the event of a security incident affecting PHI, we will notify your organization within 24 hours of discovery and cooperate fully on remediation.

11. Term & Termination

Subscriptions are annual unless otherwise agreed. Either party may terminate with 30 days written notice. Upon termination, we provide a 30-day data export window, after which data is securely destroyed within 60 days.

12. Payment Terms

Payment is due within 30 days of invoice. Enterprise pricing includes a BAA, unlimited patient records, and priority support. Pricing does not include optional implementation services or custom integrations.

13. Liability

Our liability is capped at the total fees paid in the 12 months preceding a claim. We are not liable for indirect damages, lost profits, or consequential losses. We maintain cyber liability insurance appropriate for healthcare technology providers.

14. Indemnification

Each party agrees to indemnify the other against claims arising from willful misconduct, breach of these terms, or violation of applicable laws. Our indemnification obligations are subject to the liability limits in Section 13.

15. Regulatory Compliance

We comply with applicable healthcare regulations including HIPAA, HITECH, and state laws where we operate. We support compliance with Joint Commission standards and can provide documentation for accreditation audits.

16. Changes to Terms

We will provide 30 days notice for material changes to these terms. Continued use after changes constitutes acceptance. We may update BAA terms as regulations evolve.

17. Governing Law

These terms are governed by Delaware law, without regard to conflict of principles. Any disputes will be resolved in Delaware courts.

18. Contact

For enterprise inquiries, BAA requests, or compliance questions:

Email: enterprise@heartechoes.io