TERMS AND CONDITIONS OF USE
Terms and Conditions of Use Agreement By partnering with us and booking your onboarding, you are agreeing to the following Terms and Conditions of Use Agreement (“Agreement”), effective upon completion of your pre-onboarding Discovery Call. These Terms and Conditions of Use are entered into by and between Your Orthodontic Practice (“Covered Entity”) and Retainers For Life LLC (the “Company”).
1. This Agreement shall remain in effect for the duration of Covered Entity’s relationship with Company and shall apply to all services and/or supplies delivered by the Company pursuant to this Agreement.
2. Repayment of Services Rendered By engaging with the Company and selling the Company’s services and products, Covered Entity acknowledges considerable expense. Depending on your customizations and training needs, a fee may be applied.
3. Retainers For Life® Membership, Scan Compensation, and Consumer Protection Compliance.
Purpose: To ensure compliance with consumer protection laws by maintaining clear, transparent communication regarding patient membership benefits, pricing, and potential costs, while aligning internal operations and doctor compensation accordingly.
Membership Overview:
Patients who purchase a Retainers For Life (RFL) membership receive:
This membership is a one-time fee with no recurring membership charges from RFL. It includes the cost of the initial intraoral scan. RFL compensates doctors via a revenue share model, effectively reimbursing them for the scan and onboarding support.
Consumer Protection Compliance:
To comply with applicable consumer protection laws, RFL must ensure:
Policy on Additional Costs:
RFL members should not incur additional charges outside the scope of their membership unless clinically necessary. The only instance in which an additional fee may apply is:
4. Continuation of Company’s Services
Company acknowledges that Covered Entity may wish to terminate their relationship with the Company. Covered Entity acknowledges Company must still be able to provide services to the Company’s customers acquired through the Company’s relationship with Covered Entity. If Covered Entity wishes to terminate their relationship with the Company, then Covered Entity agrees to make all reasonable attempts to secure an alternative location for scanning Company’s customers in the Covered Entity’s local area.
5. Remote System Access
Covered Entity authorizes Company to remotely access its computer systems and/or Practice Management Software (“PMS”) solely for the purposes of retrieving patient contact information and performing services described in this Agreement. Remote access will be conducted through secure, encrypted software approved by both parties, which may include third-party remote access tools such as LogMeIn. Covered Entity shall provide Company with unique user credentials and necessary permissions, and may revoke such access at any time upon written notice. Company shall not access any systems, applications, or data beyond what is reasonably necessary to perform the agreed-upon services.
6. Third-Party Software Compliance
Company may utilize third-party software tools, including but not limited to LogMeIn, to facilitate secure remote access. Covered Entity acknowledges that such third-party providers are independent from Company and, where applicable, maintain their own security, privacy, and HIPAA compliance programs. Company shall ensure that any such third-party provider used for handling PHI has executed a Business Associate Agreement with either Company or Covered Entity, as required by HIPAA.
7. Remote Access Security
All remote sessions shall use end-to-end encryption of not less than 128-bit (256-bit preferred), multi-factor authentication, and shall be logged for audit purposes. Company shall not download, copy, or locally store PHI except as necessary to fulfill contractual obligations, and any such data shall be securely deleted immediately after use in accordance with NIST standards.
8. Incident Reporting – Remote Access
In the event of any suspected or actual unauthorized access to Covered Entity’s systems via remote access tools, Company shall notify Covered Entity without unreasonable delay, but no later than 24 hours after discovery.
9. System Security Indemnification
Covered Entity shall maintain commercially reasonable administrative, physical, and technical safeguards on its own systems to prevent unauthorized access during remote sessions. Covered Entity shall indemnify and hold Company harmless from any claims, damages, or liabilities arising from Covered Entity’s failure to maintain such safeguards.
10. BUSINESS ASSOCIATE AGREEMENT (HIPAA)HIPAA Assurances:
In the event Company creates, receives, maintains, or otherwise is exposed to personally identifiable or aggregate patient or other medical information defined as Protected Health Information (“PHI”) in the Health Insurance Portability and Accountability Act of 1996 or its relevant regulations (“HIPAA”) and otherwise meets the definition of Company as defined in the HIPAA Privacy Standards (45 CFR Parts 160 and 164), Company shall:
11. Protected Health Information upon Termination
Upon the termination of this Agreement, in order to continue providing goods and/or services to Company’s customers, Company shall retain all PHI received from the Covered Entity or created or received by Company on behalf of the Covered Entity in which Company maintains in any form. Disclosure of any PHI shall be used or disclosed solely as required by law for so long as Company maintains such Protected Health Information.
12. No Third-Party Beneficiaries
The parties agree that this Agreement shall apply only to themselves and are not for the benefit of any third-party beneficiaries.
13. Amendment
Company may amend this Agreement from time to time as necessary to allow for compliance with the Privacy Standards, the Standards for Electronic Transactions, the Security Standards, or other relevant state or federal laws or regulations created or amended to protect the privacy of patient information. Company will notify Covered Entity in writing of all such amendments made.
14. Interpretation
Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the then most current version of HIPAA and the HIPAA privacy regulations.
15. Definitions
Capitalized terms used in this Agreement shall have the meanings assigned to them as outlined in HIPAA and its related regulations.
1. This Agreement shall remain in effect for the duration of Covered Entity’s relationship with Company and shall apply to all services and/or supplies delivered by the Company pursuant to this Agreement.
2. Repayment of Services Rendered By engaging with the Company and selling the Company’s services and products, Covered Entity acknowledges considerable expense. Depending on your customizations and training needs, a fee may be applied.
3. Retainers For Life® Membership, Scan Compensation, and Consumer Protection Compliance.
Purpose: To ensure compliance with consumer protection laws by maintaining clear, transparent communication regarding patient membership benefits, pricing, and potential costs, while aligning internal operations and doctor compensation accordingly.
Membership Overview:
Patients who purchase a Retainers For Life (RFL) membership receive:
- A one-time intraoral scan.
- Lifetime access to order retainers online at wholesale pricing.
- Mailbox delivery of retainers ordered through our system.
This membership is a one-time fee with no recurring membership charges from RFL. It includes the cost of the initial intraoral scan. RFL compensates doctors via a revenue share model, effectively reimbursing them for the scan and onboarding support.
Consumer Protection Compliance:
To comply with applicable consumer protection laws, RFL must ensure:
- Transparent disclosure of what the membership includes.
- Clarity that there are no hidden or recurring fees.
- Patients understand the service scope and any situations in which additional costs may arise.
Policy on Additional Costs:
RFL members should not incur additional charges outside the scope of their membership unless clinically necessary. The only instance in which an additional fee may apply is:
- Rescanning Fee – If a patient fails to follow the prescribed retainer wear protocol, resulting in significant tooth movement, a new scan may be required. In such cases, a rescanning fee may be charged at the discretion of the doctor. This fee is not charged by RFL but is a clinical service billed directly by the provider.
4. Continuation of Company’s Services
Company acknowledges that Covered Entity may wish to terminate their relationship with the Company. Covered Entity acknowledges Company must still be able to provide services to the Company’s customers acquired through the Company’s relationship with Covered Entity. If Covered Entity wishes to terminate their relationship with the Company, then Covered Entity agrees to make all reasonable attempts to secure an alternative location for scanning Company’s customers in the Covered Entity’s local area.
5. Remote System Access
Covered Entity authorizes Company to remotely access its computer systems and/or Practice Management Software (“PMS”) solely for the purposes of retrieving patient contact information and performing services described in this Agreement. Remote access will be conducted through secure, encrypted software approved by both parties, which may include third-party remote access tools such as LogMeIn. Covered Entity shall provide Company with unique user credentials and necessary permissions, and may revoke such access at any time upon written notice. Company shall not access any systems, applications, or data beyond what is reasonably necessary to perform the agreed-upon services.
6. Third-Party Software Compliance
Company may utilize third-party software tools, including but not limited to LogMeIn, to facilitate secure remote access. Covered Entity acknowledges that such third-party providers are independent from Company and, where applicable, maintain their own security, privacy, and HIPAA compliance programs. Company shall ensure that any such third-party provider used for handling PHI has executed a Business Associate Agreement with either Company or Covered Entity, as required by HIPAA.
7. Remote Access Security
All remote sessions shall use end-to-end encryption of not less than 128-bit (256-bit preferred), multi-factor authentication, and shall be logged for audit purposes. Company shall not download, copy, or locally store PHI except as necessary to fulfill contractual obligations, and any such data shall be securely deleted immediately after use in accordance with NIST standards.
8. Incident Reporting – Remote Access
In the event of any suspected or actual unauthorized access to Covered Entity’s systems via remote access tools, Company shall notify Covered Entity without unreasonable delay, but no later than 24 hours after discovery.
9. System Security Indemnification
Covered Entity shall maintain commercially reasonable administrative, physical, and technical safeguards on its own systems to prevent unauthorized access during remote sessions. Covered Entity shall indemnify and hold Company harmless from any claims, damages, or liabilities arising from Covered Entity’s failure to maintain such safeguards.
10. BUSINESS ASSOCIATE AGREEMENT (HIPAA)HIPAA Assurances:
In the event Company creates, receives, maintains, or otherwise is exposed to personally identifiable or aggregate patient or other medical information defined as Protected Health Information (“PHI”) in the Health Insurance Portability and Accountability Act of 1996 or its relevant regulations (“HIPAA”) and otherwise meets the definition of Company as defined in the HIPAA Privacy Standards (45 CFR Parts 160 and 164), Company shall:
- Recognize that HITECH (the Health Information Technology for Economic and Clinical Health Act of 2009) and the regulations thereunder (including 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity.
- Not use or further disclose the PHI, except as permitted by law.
- Not use or further disclose the PHI in a manner that had the Covered Entity done so, would violate the requirements of HIPAA.
- Use appropriate safeguards (including implementing administrative, physical, and technical safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of and to prevent the use or disclosure of the PHI other than as provided for by this Agreement.
- Comply with each applicable requirement of 45 C.F.R. Part 162 if the Company conducts Standard Transactions for or on behalf of the Covered Entity.
- Report promptly to the Covered Entity any security incident or other use or disclosure of PHI not provided for by this Agreement of which Company becomes aware.
- Ensure that any subcontractors or agents who receive or are exposed to PHI (whether in electronic or other format) are explained the Company obligations under this paragraph and agree to the same restrictions and conditions.
- Make available PHI in accordance with the individual’s rights as required under the HIPAA regulations.
- Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity, which shall include:
- dates of disclosure;
- names of the entities or persons who received the PHI;
- a brief description of the PHI disclosed; and
- a brief statement of the purpose and basis of such disclosure.
- Make its internal practices, books, and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining Customer’s compliance with HIPAA.
- Incorporate any amendments or corrections to PHI when notified by Customer or enter into a Company Agreement or other necessary Agreements to comply with HIPAA.
11. Protected Health Information upon Termination
Upon the termination of this Agreement, in order to continue providing goods and/or services to Company’s customers, Company shall retain all PHI received from the Covered Entity or created or received by Company on behalf of the Covered Entity in which Company maintains in any form. Disclosure of any PHI shall be used or disclosed solely as required by law for so long as Company maintains such Protected Health Information.
12. No Third-Party Beneficiaries
The parties agree that this Agreement shall apply only to themselves and are not for the benefit of any third-party beneficiaries.
13. Amendment
Company may amend this Agreement from time to time as necessary to allow for compliance with the Privacy Standards, the Standards for Electronic Transactions, the Security Standards, or other relevant state or federal laws or regulations created or amended to protect the privacy of patient information. Company will notify Covered Entity in writing of all such amendments made.
14. Interpretation
Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the then most current version of HIPAA and the HIPAA privacy regulations.
15. Definitions
Capitalized terms used in this Agreement shall have the meanings assigned to them as outlined in HIPAA and its related regulations.
