Patient Portal User Agreement


RockApp, LLC, a Delaware corporation (“RockApp” “we” “our” or “us”) provides a secure viewing and communication service (the “Patient Portal”) to patients who receive treatment from and on behalf of healthcare providers who use the RockApp electronic health record (“Providers”). RockApp is not a medical provider and does not provide medical advice, provide medical or diagnostic services, or prescribe medication. RockApp is not invoved in medical decisions and does not have any involvement in Provider treatement decisions. RockApp is not an insurance company or an insurance provider of any type, nor is it a pharmacy or prescription fulfillment center or warehouse. 

Use of the Patient Portal involves creating, using, and sharing treatment-related protected health information (“PHI”). Applicable laws permit Providers to disclose PHI to other healthcare participants (like other doctors, hospitals, laboratories, pharmacies, health systems, and payers) without the patient’s consent. Use of the Patient Portal is strictly voluntary, and you are under no obligation to agree to this Patient Portal User Agreement (this “Agreement”) if you do not wish to use the Patient Portal. Your Provider’s treatment is not conditioned on your agreement to use the Patient Portal.

The Patient Portal must never be used for emergency communications or urgent requests. If you have an emergency or an urgent request, you should dial 9-1-1.

This Agreement applies to your use of the Patient Portal. By obtaining an account, and/or by accessing or using the Patient Portal, you are entering into this Agreement and agreeing to be bound by its terms. Please read this Agreement carefully, and do not sign up for an account or use the Patient Portal if you are unwilling or unable to agree to and/or be bound by this Agreement. The Patient Portal is made available on our website (, the use of which is governed by our Terms of Use ( and our Privacy Policy ( Please review each carefully. By registering an account and/or accessing the Patient Portal you are confirming that you have read, understand, and agree to the terms of this Agreement, the Terms of Use, and the Privacy Policy. In the event of a conflict between the terms of this Agreement and of the Terms of Use or the Privacy Policy, the terms of this Agreement control.

The Patient Portal 

The Patient Portal is a type of internet-based secure webpage that uses encryption to keep unauthorized users from reading communications, information, or attachments. Secure messages and information can only be read by someone who knows the right password to log into the Patient Portal. The connection channel between your device and the Patient Portal uses secure sockets layer technology so you can read or view information on your personal computer or other device, but it is still encrypted in transmission between the Patient Portal and your personal computer or device.

All data, information, images, and files entered or uploaded by you or someone on your behalf (“Your Information”) remains your sole property, as between RockApp and you, subject to the other terms of this Agreement. You grant RockApp a non-exclusive, royalty-free license to modify, store, transmit, and otherwise use Your Information for purposes that are described in or implied under this Agreement. You represent and warrant to RockApp that all Your Information provided under your account, by you or on your behalf, is true, correct, and accurate. If you learn that any information provided to RockApp through the Patent Portal is not true, correct, or accurate, you must and agree to immediately notify your Provider and RockApp in writing of this fact, and provide the true, correct, and accurate information to your Provider. RockApp and your Provider rely on your representations regarding the truth, accuracy, and compliance with all applicable laws regarding Your Information.

The Patient Portal allows your Provider to make certain health information available to you. This might include your PHI. It might also include the PHI of another person (for example, your child or someone for whom you are a guardian), if applicable law permits and that person’s Provider grants you access privileges for that individual’s health information through the Patient Portal.

The Patient Portal allows you to (1) review the electronic medical record used by your Provider, (2) review your medications and laboratory results managed by your Provider, (3) schedule and view upcoming appointments with your Provider, (4) update your personal information, (5) view your account history and statements, (6) receive appointment, treatment, and medication reminder notices from your Provider, (7) pay your bills on line, and (8) access other health-related information.

The Patient Portal is used to share and access information – it is not intended to be used for the purpose of generating, recommending, or providing medical diagnosis or treatment, which can only be done by your Provider. The information posted by your Provider on the Patient Portal may not be complete, nor should it be relied on to suggest a course of treatment. Diagnosis and treatment will only be done by your Provider – the Patient Portal is merely a tool your Provider may use to facilitate diagnosing and treating you. You should always seek the advice of your Provider for any question you may have regarding a medical condition and you should never disregard medical advice or delay in seeking it because of something you may read on or may be missing in the Patient Portal.

You may only gain access to the Patient Portal by registering for an account, either on your own or upon an invitation from your Provider.

Because your account will contain personally identifiable information (“PII”) and PHI, which you should protect, you need to safeguard your user ID, password, and other log-on/log-in information and maintain them in a secure location that is inaccessible to anyone else. Do not share them with anyone unless you are certain you want that person to have access to your PII or PHI. In order for RockApp to help you improve security and reduce the risk of unauthorized access to your sensitive information, you agree to, at all times, (1) provide us and your Provider with your current email address, (2) carefully maintain and monitor your email and Patient Portal, and (3) ensure that only you, or someone you authorize, can access the messages sent through the Patient Portal. You should exit and log out of your account when you are not using it. You agree to inform your Provider and us in writing if there is information you do not want sent electronically. If you believe someone has had unauthorized access to your Patient Portal, please contact your Provider immediately. 

The Patient Portal uses industry standard security measures to reduce the possibility that an unauthorized person intercepts communication between the Patient Portal and your receiving personal computer or device. While no system is perfect, we will use commercially reasonable effort to maintain electronic security. Together, you and we can minimize the risk of unauthorized access. Even so, please understand that all electronic communications carry some degree of risk, even in a secured environment. Despite our collective efforts, your online communications may be intercepted, forwarded, or changed without your or the Provider’s knowledge, and there may be delays, failure, interruption, or corruption of data or other information transmitted in connection with using the Patient Portal. By using or accessing the Patient Portal, you agree that you expressly and solely accept these risks.

Providers and those with whom they share your PHI are solely responsible for the information made available to you through the Patient Portal. RockApp does not generate, alter, or add to your information. The information your Provider creates, uses, or shares may contain typographical errors, inaccuracies, or omissions. In addition, although the Patient Portal displays certain information from your medical records, it does not necessarily display all information in the health records used, retained, or shared by or shared with, your Provider. If you think that your medical information displayed in the Patient Portal is inaccurate or incomplete, or if you would like to request a complete copy of your medical record, please contact your Provider directly. Because your Patient Portal includes information that is part of your Provider’s health record about you, you cannot delete such information. You may, however, terminate your access to the Patient Portal by first contacting your Provider directly and then us in writing at Your Provider also retains the ability to revoke your access to the Patient Portal.

Use of Patient Portal on Behalf of Minors

You are not eligible to use the Patient Portal unless you are at least 18 years old and otherwise have the legal capacity to enter into a binding contract in your jurisdiction.

If You are an unemancipated minor under the laws of your state at the time of use, you may only use the Service if: (i) such use has been approved of by your parent or legal guardian, (ii) you use the Patient Portal under the parent’s or legal guardians’ supervision, and (iii) your parent or legal guardian has agreed to this Agreement on your behalf.

If you are the parent or guardian of an unemancipated minor, you may use the Patient Portal and enter into this agreement on behalf of such minor. By doing so, you represent and warrant that you have the legal capacity to act on behalf of such minor; and you agree, in such capacity, that all provisions of this Agreement that are applicable to you is equally applicable to such minor.

Under no circumstances may the Patient Portal be used by a child under 18 years old.

Term and Termination

This Agreement continues until all services are terminated with or without cause by RockApp, you, or your Provider. Notwithstanding the foregoing, RockApp may terminate your access to and use of the services, at its sole discretion, at any time and without notice to you. You may terminate this Agreement by deleting your account on the Patient Portal.

RockApp may immediately suspend your access to the Patient Portal and remove your information if we in good faith believe that, as part of using the Patient Portal, you may have violated a law or any term of this Agreement. RockApp may try to contact you in advance, but we are not required to do so.

Applicable Fees

Your Provider may, under applicable law or regulations, charge you a non-refundable processing fee for each request for information through the Patient Portal. The processing fee is charged per each request you make to a Provider and/or any other healthcare provider whose information is available to you on the Patient Portal. You may elect not to pay the processing fee, in which case your Provider my not deliver the requested information request to the selected Provider or provider.

Regulations Concerning Information Included in the Patient Portal

RockApp does not control your Provider’s creation, use, or disclosure of your health information. Your Provider should give you a notice of privacy practices that describes how he or she uses and discloses health information about you. Your Provider’s ability to disclose your health information for these and similar purposes is restricted by applicable laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. If you wish to restrict the disclosures that your Provider makes of your health information, please contact your Provider directly.

RockApp is a Business Associate (as defined by HIPAA) so, like your Provider, we are subject to laws and regulations, including HIPAA, which govern the use and disclosure of certain personal and health information. We make your Patient Portal available to you on behalf of your Provider pursuant to licensing agreement and a business associate agreement. Under those agreements, we are prohibited from, among other things, using individually identifiable health information in a manner that your Provider may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information we store and process on behalf of your Providers. An example of our business associate agreement can be found at [].

Liability and Indemnification

RockApp does not assume any liability for the materials, information, opinions, diagnoses, treatments or medical advice provided on, or available through, the Patient Portal (the “Site Content”). Reliance on the Site Content is solely at your own risk. You agree to indemnify and hold harmless RockApp and its officers, directors, employees, agents, affiliates, third party information providers, licensors, and others involved in the Patient Portal from and against any and all liabilities, expenses, damages, and costs, including reasonable attorneys’ fees, arising from any violation by you of RockApp’s Terms of Service or your use of the Patient Portal or any products, services, or information obtained from or through this Patient Portal.

RockApp disclaims any liability for injury or damages resulting from the use of any Site Content. RockApp is not liable for any indirect, special, or consequential damages (including without limitation, costs of delay, loss of data or information, lost profits or revenues or anticipated cost savings) arising under or related to this agreement, even if advised of the possibility of such loss or damage.

RockApp’s total liability for all damages arising under or related to this Agreement (in contract, tort, or otherwise) will not exceed $500.



Governing Law and Arbitration. 

a. Governing Law. This Agreement and any action related thereto is governed by the Federal Arbitration Act, federal arbitration law, and the laws of the State of Delaware (without regard to conflicts of law principles). 

b. General Arbitration Process. Any dispute or claim that may arise between the parties relating in any way to or arising out of this Agreement, or your use of or access to our services, including the Patient Portal (Claim), must be resolved exclusively through final and binding arbitration (rather than in court) under the then current commercial rules of the American Arbitration Association. Any judgment on the award rendered by the arbitrator is final and may be entered in any court of competent jurisdiction. Nothing in this agreement prevents either party from seeking injunctive or equitable relief in any court of competent jurisdiction. The prevailing party in any arbitration or litigation is entitled to recover its attorneys’ fees and costs from the other party. The arbitration will be held in New Castle County, Delaware. 

c. Optional Arbitration for Claims Less than $10,000.  Notwithstanding the foregoing, for any Claim (excluding claims for injunctive or other equitable relief) where the total amount of the award sought is less than $10,000, the party requesting relief may choose to resolve the dispute in a more cost-effective manner through binding non-appearance-based arbitration. If a party elects arbitration, they must initiate such arbitration through an established alternative dispute resolution (ADR) provider mutually agreed upon by the parties. The ADR provider and the parties must comply with the following rules: (i) the arbitration will be conducted by telephone or online and be solely based on written submissions, the specific manner of which to be chosen by the party initiating the arbitration; (ii) the arbitration will not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (iii) any judgment on the award rendered by the arbitrator is final and may be entered in any court of competent jurisdiction. 

d. Enforcement. Notwithstanding Sections b. and c. above, RockApp may bring an action to enforce its intellectual property or other proprietary rights in any court of competent jurisdiction. 

e. Equitable Relief.  Notwithstanding anything above, RockApp may seek and obtain injunctive and equitable relief in any court of competent jurisdiction without restriction or required process in this agreement.

f. Prohibition Of Class And Representative Actions. Each party may bring claims against the other only on an individual party basis, and not as a plaintiff or class member in any purported class or representative action or proceeding. The arbitrator may not consolidate or join more than one party’s claims, and may not otherwise preside over any form of a consolidated, class, or representative proceeding. If this class action and representative action waiver provision is held to be unenforceable, then Sections b. and c. above shall also be unenforceable.

g. Survival Clause. Any part of this agreement to arbitrate that shall prove to be invalid, void, or illegal shall in no way affect, impair, or invalidate any other provision of this agreement to arbitrate, and such other provisions shall remain in full force and effect.