Terms of Service

1. Acceptance of Terms

By accessing or using BabyKong Enterprise ("Service"), you agree to be bound by these Terms of Service ("Terms") and our Business Associate Agreement ("BAA"). If you are using the Service on behalf of a healthcare organization, you represent and warrant that:

• You have the authority to bind the organization to these Terms
• Your organization is a Covered Entity or Business Associate under HIPAA
• You will comply with all applicable healthcare privacy and security regulations
• You have implemented appropriate administrative, physical, and technical safeguards

2. Healthcare Arbitration Services

2.1 Service Scope

BabyKong provides AI-powered healthcare arbitration services specifically for:

• CMS Independent Dispute Resolution (IDR) processing
• Healthcare billing dispute arbitration
• Automated factor analysis and decision generation
• Compliance documentation and audit trail management
• PHI processing using homomorphic encryption

2.2 Not Medical Advice

2.3 Regulatory Compliance

The Service is designed to comply with:

• HIPAA Privacy Rule (45 CFR Part 160 and Part 164, Subparts A and E)
• HIPAA Security Rule (45 CFR Part 160 and Part 164, Subparts A and C)
• CMS IDR Requirements (45 CFR 149.510)
• State healthcare privacy laws where applicable
• HITECH Act requirements

3. Protected Health Information (PHI) Handling

3.1 PHI Processing

When processing PHI through the Service:

• All PHI is encrypted using H33.ai's homomorphic encryption technology
• PHI never exists in plaintext during processing, storage, or transmission
• Access is limited to the minimum necessary for arbitration purposes
• All access is logged and auditable
• Data retention complies with healthcare regulatory requirements

3.2 Security Obligations

Both parties agree to:

• Implement administrative safeguards (workforce training, access management, security officer designation)
• Maintain physical safeguards (facility access controls, workstation security)
• Deploy technical safeguards (access controls, encryption, audit controls)
• Report any suspected or actual breach within 24 hours
• Cooperate in breach investigations and notifications

4. Business Associate Agreement

4.1 Business Associate Obligations

As a Business Associate, BabyKong will:

• Not use or disclose PHI except as permitted by these Terms and the BAA
• Use appropriate safeguards to prevent unauthorized use or disclosure
• Report any use or disclosure not provided for by these Terms
• Ensure any subcontractors agree to the same restrictions
• Make PHI available for access, amendment, and accounting as required by HIPAA
• Make our practices available for HHS investigation
• Return or destroy PHI upon termination when feasible

4.2 Permitted Uses and Disclosures

BabyKong may use and disclose PHI only:

• To perform healthcare arbitration services
• For proper management and administration of the Service
• As required by law
• With appropriate authorization from the individual
• For data aggregation services relating to healthcare operations

5. Healthcare User Responsibilities

5.1 Compliance Obligations

As a healthcare user, you must:

• Maintain your own HIPAA compliance program
• Obtain necessary patient authorizations when required
• Ensure minimum necessary standards for PHI access
• Train workforce members on privacy and security
• Implement sanctions for policy violations
• Maintain accurate and complete records

5.2 Accurate Information

You represent and warrant that all information submitted for arbitration is accurate, complete, and submitted in good faith. Falsification of healthcare records or arbitration information may result in:

• Immediate termination of Service
• Reporting to regulatory authorities
• Civil and criminal penalties under healthcare fraud statutes

6. Healthcare Arbitration Decisions

6.1 Decision Authority

BabyKong provides AI-assisted arbitration decisions based on CMS IDR factors and healthcare billing standards. You acknowledge that:

• Decisions are binding per CMS IDR regulations
• Human arbitrators maintain ultimate decision authority
• Appeals must follow CMS-prescribed procedures
• Decisions are based on submitted documentation only

6.2 No Guarantee of Outcomes

BabyKong does not guarantee any particular arbitration outcome. Decisions are based on regulatory factors, submitted evidence, and applicable healthcare billing standards.

7. Healthcare-Specific Fees

7.1 Per-Case Pricing

Fees are structured to comply with CMS cost-sharing requirements:

• Simple arbitration cases: $3.99 per case
• Complex arbitration cases: $4.99 per case
• Bulk pricing available for high-volume organizations
• No fees charged to patients

7.2 Compliance with Fee Restrictions

All fees comply with CMS IDR fee limitations and anti-kickback statutes. No fees are contingent on arbitration outcomes.

8. Breach Notification Procedures

8.1 Breach Detection and Reporting

In the event of a suspected or actual breach of unsecured PHI:

• Immediate notification within 24 hours of discovery
• Preliminary assessment within 48 hours
• Full investigation and risk assessment within 30 days
• Coordination of patient notifications as required
• Reporting to HHS and other authorities as required

8.2 Mitigation Obligations

Both parties agree to mitigate, to the extent practicable, any harmful effects of unauthorized use or disclosure of PHI.

9. Termination and PHI Disposition

9.1 Termination Rights

Either party may terminate these Terms:

• For material breach after 30 days written notice and opportunity to cure
• Immediately if cure is not possible
• If Business Associate violates HIPAA obligations
• Upon mutual written agreement

9.2 Effect of Termination

Upon termination:

• Return or destruction of all PHI within 60 days
• Certification of destruction when complete
• Retention only as required by law with continued protections
• Continued compliance with breach notification requirements

10. Healthcare Liability and Indemnification

10.1 Limitation of Liability

Except for breaches of HIPAA obligations, violations of healthcare privacy laws, or gross negligence:

• Neither party liable for indirect, consequential, or punitive damages
• Total liability limited to fees paid in prior 12 months
• No limitation for breaches resulting in regulatory penalties

10.2 Indemnification

Each party agrees to indemnify the other for:

• Breaches of HIPAA obligations
• Unauthorized use or disclosure of PHI
• Violations of healthcare regulations
• False Claims Act violations

11. Healthcare Audit Rights

You have the right to audit BabyKong's compliance with HIPAA and these Terms:

• Annual audit rights with 30 days notice
• Access to policies, procedures, and training records
• Security assessment results and remediation plans
• Subcontractor compliance documentation
• Reasonable cooperation with your compliance auditors

12. Governing Law and Healthcare Regulations

These Terms are governed by:

• Federal healthcare laws including HIPAA, HITECH, and CMS regulations
• State healthcare privacy laws where more stringent
• California law for non-healthcare matters
• Exclusive jurisdiction in federal courts for healthcare regulatory matters