Terms of Service
The following Terms of Service govern your access to and use of the Website (www.mmroinc.com) and the MMRO Access Point Portal (“MAP”) (www.mmroap.com), as operated by Managed Medical Review Organization, Inc. (“MMRO”, the “Company”, “we” or “us”). By accessing or using the Website and/or MAP (collectively, the “MMRO Systems”), you accept and agree to be bound and abide by these Terms of Service. If you do not want to agree to these Terms of Service, you must not access or use the MMRO Systems.
DATA SECURITY; AVAILABILITY; SERVICE LEVEL AGREEMENTS
We reserve the right to withdraw or amend the MMRO Systems, and any service or material we provide thereon, in our sole and absolute discretion, and without notice. We will not be liable if, for any reason, all or any part of the Website and/or MAP is unavailable at any time or for any period. We shall nonetheless communicate any planned outages to the MMRO Systems to our clients at least 24 hours in advance of any such planned outage(s).
In utilizing the MMRO Systems, you are responsible for:
- Notifying us in writing of all requests for the issuance of credentials, as necessary, in order to access the MMRO Systems. We enforce complex password requirements, which expire every 90 days and must be reset. We further require at least five (5) unique passwords before a password can be reused.
- Notifying us in writing to request a set of user credentials be revoked or otherwise removed.
- Ensuring that all persons who access the MMRO Systems through your internet connection are aware of these Terms of Service and comply with them.
- Ensuring that all persons who access the MMRO Systems comply with all applicable laws, including the Health Insurance Portability and Accountability Act of 1996, as amended (collectively, “HIPAA”).
- Ensuring that a modern browser capable of negotiating TLS 1.1 or greater is used when accessing the MMRO Systems.
We have further implemented and maintain an Information Management and Security Policy (the “Information Security Policy”) designed to maintain the integrity, confidentiality, and security of all records and information received from our clients regarding its members, including protected health information (the “Client Data”). The Information Security Policy, in addition to other company policies and procedures, further sets forth the technical, administrative and procedural safeguards put in place to: (i) ensure the security and confidentiality of the Client Data; (ii) protect against any foreseeable threats or hazards to the security or integrity of the Client Data; (iii) protect against unauthorized access to or use of such information; and (iv) ensure appropriate destruction of the Client Data.
Our security controls also include the following:
- User Authentication. Access to MAP requires a valid User ID and password combination granted by an authorized representative of the Company;
- Physical Security. Our office facility permits only authorized personnel to have access to secure areas, including the location where servers are housed. The server room is further under 24-hour video surveillance and limited electronic key card access. The facility is designed to withstand adverse weather and other reasonably predictable natural conditions and is secured by keycard-access locks on exterior doors. The facility is further supported by an on-site back-up generator in the event of a power failure.
- Disaster Recovery. We have a Disaster Recovery Policy and Plan in place which addresses replication of critical systems and data in the event of a disaster or emergency. The plan is tested annually.
- Data Encryption. Our systems use industry standard encryption methods and products to protect Client Aata and communications during transmission between a client’s network and our systems, including encryption for data in transit and data at rest.
COMPLIANCE WITH CONFIDENTIALITY OBLIGATIONS AND HIPAA
To the extent you have a written agreement with us regarding the protection of confidential information and/or protected health information, you agree to comply with the terms of that agreement in your use of the Website and/or MAP, including the submission of any protected health information in connection therewith. Likewise, our obligations as set forth herein are further supplemented by the terms of our written agreement, and as otherwise required under applicable state and federal law.
If you are a covered entity or business associate that does not have a written agreement already in place with us, then you hereby agree to the terms of our standard Business Associate Agreement or Confidentiality Agreement, as applicable, currently in effect. You may request a copy of those agreements by emailing: firstname.lastname@example.org.
CHANGES TO THESE TERMS OF SERVICE
We may revise and/or update these Terms of Service from time to time in our sole and absolute discretion. All changes are effective immediately when we post them. Your continued use of the MMRO Systems following the posting of revised Terms of Service means that you accept and agree to the changes. Please check these Terms of Service periodically for updates.
COMMENTS, QUESTIONS AND CONCERNS
Thank you for visiting the MMRO Systems. If you should have any comments, questions or concerns regarding the Website or MAP, please email us at: email@example.com.