License & Terms of Service

These Terms of Service ("Terms") govern the relationship between INTAKEACCESS.AI LLC (DBA: IntakeAccess Health Solutions), an Alabama limited liability company with offices at 181 W Valley Ave STE 245-1742, Birmingham, AL 35209 ("Company," "we," "us," "our") and the individual or entity ("User," "you," "your") accessing or using the platform at https://intakeaccess.ai ("Platform").

Key defined terms used throughout these Terms:

• "PHI" means Protected Health Information as defined under HIPAA (45 C.F.R. § 160.103).
• "Covered Entity" means a healthcare provider, health plan, or healthcare clearinghouse as defined under HIPAA.
• "BAA" means Business Associate Agreement as required by HIPAA when a business associate handles PHI on behalf of a covered entity.
• "Provider" means any licensed healthcare professional, clinician, therapist, or prescriber using the Platform.
• "Facility" means any hospital, clinic, skilled nursing facility (SNF), rehabilitation center, FQHC, assisted living facility, senior home, or other healthcare organization subscribing to the Platform.
• "Patient" means an individual receiving care through a Provider or Facility using the Platform.
• "Subscription" means the monthly fee-based access to Platform features under a selected pricing tier.
• "RCM Services" means Revenue Cycle Management services including claims submission (837P, 837I), ERA enrollment, insurance verification, prior authorization, denial management, payment posting, and MDS submissions.
• "AI Features" means all artificial intelligence, machine learning, and automated decision-support tools embedded in the Platform, including but not limited to: AI Staff Scheduling, AI Bed Management, AI Walk-In Management, AI Medication Management, AI Meals & Activities, AI Assistant, AI PAC Management (Post-Acute Care), AI Referral Management, AI Medicaid Center, AI Inventory Management, AI Order Management, Chemotherapy Order Sets, Lab Monitoring Protocol, Tumor Registry, eMAR (Electronic Medication Administration Record), MDS Assessments, Progress Notes, Clinical Trial Enrollment, Survivorship Care Plan, Claims Management, EHR Integration, AI Specialty Templates (50+ specialties), Telemedicine Suite, Telepsychiatry Suite, AI Appointments Management, Patient Portal, Family Portal, MCO Cards, Onboarding, Audit Logs, Support Center, Security Center, Trust Center, and Facility Billing/RCM.

Anti-Kickback & Stark Law Compliance

The parties expressly agree that all compensation under these Terms, including subscription fees and RCM fees, is for bona fide services actually performed, is set in advance, is commercially reasonable, and is not determined in any manner related to the volume or value of referrals or business otherwise generated between the parties. This arrangement is intended to comply with the federal Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)) and the Stark Law personal services safe harbor (42 C.F.R. § 411.357(d)).

Additional Compliance Commitments: IntakeAccess.ai further agrees that:

• No Upcoding: It will not upcode any services (i.e., will not submit codes that reflect higher reimbursement than warranted by documented services) for the purpose of receiving higher fees. All claims submitted reflect accurate coding based on documentation provided by the Facility.
• Regular Audits: It will conduct regular internal audits to ensure services are coded and billed accurately. Audit findings are documented and corrective actions implemented as needed.
• No Referrals: It will not, directly or indirectly, refer individuals to the healthcare provider for services. The Platform is a technology and billing tool only and does not engage in patient referral or steering practices.
• Billing & Coding Exclusion: Clinical billing and coding services are excluded from this arrangement as permitted under the Anti-Kickback Statute personal services safe harbor (42 C.F.R. § 1001.952(d)). Clinical coding, medical necessity determinations, and documentation accuracy remain the sole responsibility of the Facility.
• Audit Cooperation: It will cooperate fully with Facility audits, CMS audits, and OIG investigations related to billing and coding accuracy. Platform audit logs and claims submission records will be made available as required.

Subject to full payment of all applicable fees and compliance with these Terms, INTAKEACCESS.AI LLC (DBA: IntakeAccess Health Solutions) grants Facility a non-exclusive, non-transferable, revocable license to access and use the Platform solely for Facility's internal business operations. This license is limited to the number of authorized users specified in Facility's subscription and the features included in Facility's selected pricing tier.

This license does NOT include the right to:

• Sublicense, resell, or distribute access to the Platform to any third party
• Copy, modify, or create derivative works of the Platform software or AI models
• Reverse engineer, decompile, or extract source code from any Platform component
• Use the Platform to build a competitive product or service
• Access the Platform for benchmarking or competitive analysis without written permission
• Use AI models or algorithms outside the Platform environment

All rights not expressly granted to Facility are reserved by INTAKEACCESS.AI LLC (DBA: IntakeAccess Health Solutions).

IntakeAccess.ai is a comprehensive AI-powered healthcare platform designed to serve Medicare/Medicaid providers, hospitals, clinics, SNFs, rehab centers, assisted living facilities, senior homes, and private practices. The Platform provides:

• AI Patient Intake: Voice-enabled forms and 50+ specialty-specific templates for streamlined patient onboarding
• AI Staff Scheduling: Automated shift scheduling, conflict detection, and staff optimization
• AI Bed Management: Real-time bed tracking, occupancy predictions, and discharge planning
• AI Walk-In Management: Wait time predictions, patient prioritization, and digital check-in
• AI Medication Management: Drug interaction checking, dosage suggestions, and medication reconciliation
• AI Meals & Activities: Dietary recommendations and activity planning based on patient data
• AI Assistant: Conversational AI for staff and patient inquiries
• AI PAC Management: Post-acute care coordination for SNFs, rehab, and home health
• AI Referral Management: Automated referral generation, tracking, and specialist matching
• AI Medicaid Center: Eligibility verification, coverage estimates, and application tracking
• AI Inventory Management: Stock level predictions, reorder alerts, and supply chain optimization
• AI Order Management: Order set suggestions and protocol management
• Chemotherapy Order Sets: Oncology-specific protocol management and safety checks
• Lab Monitoring Protocol: Abnormal result alerts and protocol-driven follow-up
• Tumor Registry: Cancer data abstraction, staging, and reporting
• eMAR (Electronic Medication Administration Record): Digital medication administration tracking and verification
• MDS Assessments: Minimum Data Set assessment completion, RUG calculation, and CMS submission
• Progress Notes: AI-assisted clinical documentation with specialty templates
• Clinical Trial Enrollment: Patient matching, trial eligibility screening, and enrollment tracking
• Survivorship Care Plan: Post-treatment care planning and patient education
• Claims Management (RCM): Full revenue cycle management including claim submission, ERA enrollment, denial management, and payment posting
• Facility Billing: Complete billing suite with claim scrubber, electronic submission, and remittance processing
• EHR Integration: Bidirectional data exchange with major EHR platforms
• AI Specialty Templates: 50+ specialty-specific documentation templates for oncology, dermatology, cardiology, neurology, behavioral health, and more
• Telemedicine Suite: Secure HIPAA-compliant video consultations with virtual waiting room
• Telepsychiatry Suite: Psychiatric assessments (PHQ-9, GAD-7, MDQ), crisis resources, 988 integration
• AI Appointments Management: Smart scheduling, no-show predictions, and automated reminders
• Patient Portal: Secure, 2FA-protected patient access to records, messaging, and payments
• Family Portal: HIPAA-compliant family member access with granular permissions
• MCO Cards: Managed care organization card scanning and data extraction
• Onboarding: AI-guided credentialing, facility setup, and staff training
• Audit Logs: Complete activity tracking with AI anomaly detection
• Support Center: AI-powered knowledge base and ticket management
• Security Center: Threat detection, MFA enforcement, and compliance monitoring
• Trust Center: HIPAA compliance dashboard, security certifications, and transparency reports
• Prior Authorization (PA) Processing: AI-assisted PA generation, submission, and tracking
• Insurance Verification: Real-time eligibility checks and benefits verification
• Secure Messaging: Encrypted patient-provider and staff-to-staff communications
• E-Prescribing: Electronic prescription management and transmission including EPCS
• Wound Imaging AI: AI-assisted wound staging, measurement, and progression tracking

The Platform provides comprehensive RCM services including but not limited to:

• Claim Submission: Electronic submission of professional and institutional claims (837P, 837I) via Stedi EDI clearinghouse
• ERA Enrollment: Automated Electronic Remittance Advice enrollment on behalf of Facilities with payer contracts
• Insurance Verification: Real-time eligibility and benefits verification via Stedi Eligibility API
• Prior Authorization: AI-assisted prior authorization generation and submission to payers
• MDS Submission: Minimum Data Set submissions to iQIES/HARP on behalf of SNF Facilities
• Payment Processing: Patient and family payments processed through Stripe Connect
• Denial Management: Automated denial tracking and resubmission workflows

Use of the Platform as a Provider or Facility requires:

• Valid professional licensure in good standing in the applicable jurisdiction(s)
• A valid National Provider Identifier (NPI) for billing-enabled accounts
• PTAN (Provider Transaction Access Number): For facilities utilizing RCM services, valid PTAN numbers for each payer relationship must be provided during registration or onboarding
• CCN (CMS Certification Number): For SNFs, rehab centers, and other Medicare/Medicaid certified facilities, valid CCN must be provided for MDS submissions and vendor authorization requests
• Facility ID / State License Number: State-issued facility identifier required for vendor enrollment with payers and regulatory compliance
• Execution of a Business Associate Agreement (BAA) before any PHI access
• Completion of credentialing and onboarding verification
• Agreement to these Terms and all applicable policies

Patient access requires completion of the intake process, identity verification, and consent to the Platform's Terms and Privacy Policy. You represent that all information provided during registration is accurate, complete, and current.

Accounts are non-transferable. You are responsible for all activity under your account and must maintain the confidentiality of your login credentials. Multi-factor authentication is mandatory for all Provider and Facility accounts. Patients must use the 2FA-protected portal. Report any unauthorized account access immediately to security@intakeaccess.ai.

IntakeAccess.ai offers the following subscription tiers for Provider and Facility accounts:

• All plans include a one-time setup fee due upon trial completion or plan activation. Implementation timelines are estimates, not guarantees.
• RCM fees are calculated as 1% of collected payments processed through the Platform.
• Pricing is subject to change with 30 days' written notice to active subscribers.
• Patient access to the portal is included with all Provider/Facility subscriptions at no additional charge to patients for portal use.
• Setup fees are waived for the 14-day free trial period and only apply if Facility continues beyond the trial.

Subscription fees are billed monthly in advance. RCM fees (1% of net billed charges submitted) are billed monthly based on claims submitted during the prior month. All payments are processed via Stripe (BAA executed where applicable).

• Payment is due on the billing date associated with your account. Failed payments will result in a grace period of 5 business days, after which service may be suspended.
• All fees are in U.S. Dollars. Applicable taxes are the responsibility of the subscriber.
• The Company does not guarantee insurance reimbursement, payer payment, prior authorization approval, or MDS acceptance. Platform and RCM fees are owed regardless of claim outcomes or MDS submission results.
• Disputed charges must be raised in writing within 30 days of the billing date. Undisputed charges are final.
• Setup fees are one-time, non-refundable charges due prior to implementation commencement.

30-Day Money-Back Guarantee

New subscribers may request a full refund of their first month's subscription fee within 30 days of initial activation, provided the account has not been used to process more than 10 patient encounters. The refund guarantee does not apply to collection fees, custom Enterprise configurations, or subsequent billing cycles.

Cancellation

• Subscriptions may be canceled with 30 days' written notice to billing@intakeaccess.ai or through the account settings portal.
• Access continues through the end of the current billing cycle following the cancellation effective date.
• Outstanding collection fees accrued through the cancellation date remain due and payable.
• Upon cancellation, you may request an export of your data within 30 days (see Section 17).
• Accounts canceled for non-payment forfeit the 30-day data export window unless payment is cured.

IntakeAccess.ai is a HIPAA-compliant platform. All PHI processed through the Platform is handled in accordance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, and the HITECH Act.

BAA Requirement

Any Covered Entity (healthcare provider, health plan, or healthcare clearinghouse) using IntakeAccess.ai must execute a signed Business Associate Agreement (BAA) before any PHI is accessed or transmitted through the Platform. The Company will not permit PHI access on behalf of a Covered Entity without an executed BAA on file.

To request a BAA: contact compliance@intakeaccess.ai. The Company will provide a standard BAA within 3 business days of request. Enterprise customers may negotiate BAA terms as part of their Order Form process.

Security Measures

• AWS HIPAA Eligible Infrastructure with executed AWS BAA
• AES-256 encryption at rest; TLS 1.3 in transit
• MFA required for all Provider/Facility accounts; 2FA for patient portal
• RBAC with least-privilege enforcement
• Automatic 15-minute session timeouts
• Complete audit logging of all PHI access with 6-year retention
• AWS CloudTrail for infrastructure monitoring
• AWS WAF and Shield for DDoS protection
• VPC with private subnets and NAT gateways
• Regular penetration testing and annual third-party risk assessments
• SOC 2 Type II certified infrastructure

Provider Compliance Obligations

Providers and Facilities using the Platform remain independently responsible for their own HIPAA compliance obligations as Covered Entities. Use of the Platform does not transfer, replace, or satisfy a Provider's or Facility's independent obligations under HIPAA.

Facilities utilizing RCM services authorize IntakeAccess.ai to:

• Submit claims to Medicare, Medicaid, and commercial payers on Facility's behalf using Facility's PTAN and billing credentials
• Enroll Facility in Electronic Remittance Advice (ERA) with payers
• Submit MDS assessments to iQIES/HARP via Facility's authorized PSO approval
• Verify insurance eligibility through Stedi and other clearinghouse partners
• Process patient payments through Stripe Connect on Facility's behalf

IntakeAccess.ai incorporates artificial intelligence and machine learning across multiple platform features. All AI features are clinical decision support tools only. They are designed to assist — not replace — the clinical judgment of licensed healthcare professionals.

Specific AI Feature Limitations — Full Platform (35+ AI Features)

• AI Patient Intake: Intake data accuracy depends on patient-provided information. AI summaries require Provider review and correction before use in clinical documentation.
• AI Staff Scheduling: AI-generated shift recommendations and conflict detection are advisory only. Final scheduling decisions and compliance with labor laws remain Facility responsibility.
• AI Bed Management: Bed availability predictions and occupancy forecasting are estimates only. Facility maintains final authority over bed assignments and admissions.
• AI Walk-In Management: Wait time predictions and patient prioritization suggestions do not guarantee clinical triage accuracy. Final patient sorting decisions remain clinical staff responsibility.
• AI Medication Management: Drug interaction alerts and dosage suggestions are clinical decision support only. Prescribing provider must verify all medication orders independently.
• AI Meals & Activities: Dietary and activity recommendations based on patient data are suggestions only. Clinical and dietary staff retain final approval authority.
• AI Assistant: Conversational AI responses are generated by large language models and may contain errors or omissions. Do not rely on AI Assistant for clinical or emergency decisions.
• AI PAC Management / Post-Acute Care: Discharge predictions and care transition recommendations are estimates. Clinical team must verify all post-acute care decisions.
• AI Referral Management: Referral suggestions and specialist matching are algorithmic recommendations only. Provider must verify referral appropriateness and network participation.
• AI Medicaid Center: Eligibility predictions and coverage estimates do not guarantee Medicaid approval. Facility responsible for final eligibility verification.
• AI Inventory Management: Stock level predictions and reorder suggestions are estimates. Facility maintains ultimate responsibility for inventory accuracy.
• AI Order Management: Order set suggestions are clinical decision support. Prescribing provider must verify all orders before execution.
• Chemotherapy Order Sets: AI-suggested protocols require oncologist review and approval. Patient-specific factors may override AI recommendations.
• Lab Monitoring Protocol: AI-flagged abnormal results are preliminary alerts only. All critical results require independent clinical confirmation.
• Tumor Registry: AI-assisted abstraction and staging are decision support tools. Final cancer registry reporting is facility responsibility.
• eMAR (Electronic Medication Administration Record): AI administration reminders and alerts are support tools. Medication administration remains nursing/providers sole responsibility.
• MDS Assessments: AI-assisted MDS coding and RUG calculations are suggestions. Facility retains full responsibility for MDS accuracy and CMS compliance.
• Progress Notes: AI-generated note drafts require provider review, editing, and signature. Provider is fully responsible for all documentation.
• Clinical Trial Enrollment: AI patient matching suggestions are algorithmic recommendations. Clinical team must verify all eligibility criteria independently.
• Survivorship Care Plan: AI-generated care plan drafts require oncology provider review and approval before patient distribution.
• Claims Management (RCM): AI-driven claim predictions and denial risk scores do not guarantee approval. Facility responsible for all claim accuracy and documentation.
• EHR Integration: Data mapping and reconciliation AI assists with interoperability. Facility responsible for verifying data accuracy across systems.
• AI Specialty Templates: Specialty-specific documentation templates are starting points only. Provider must customize and verify all clinical content.
• Telemedicine Suite: AI video quality optimization and connection routing do not guarantee diagnostic-quality encounters. Provider responsible for determining telemedicine appropriateness.
• Telepsychiatry Suite: AI-assisted crisis detection alerts are not suicide risk guarantees. Standard emergency protocols apply regardless of AI alerts.
• AI Appointments Management: Scheduling optimization and no-show predictions are estimates. Facility maintains final scheduling authority.
• Patient & Family Portal: AI-generated patient education and communication drafts require clinical review before release to patients.
• MCO Cards: AI-populated insurance card data requires facility verification before claims submission.
• Onboarding: AI-guided credentialing assistance does not guarantee compliance. Facility responsible for verifying all provider credentials.
• Audit Logs: AI anomaly detection flags suspicious access patterns but does not guarantee breach identification. Facility must conduct independent security audits.
• Support Center: AI chat responses may contain errors. Escalate complex issues to human support.
• Security Center: AI threat detection alerts are indicators only. Facility responsible for independent security incident response.
• Trust Center: AI-generated compliance estimates do not guarantee regulatory adherence. Facility retains full compliance responsibility.
• Facility Billing / RCM (Claims): AI claim scrubber and denial predictor do not guarantee claim acceptance. Facility fully responsible for billing compliance under False Claims Act.
• Stedi AI-Driven Claims: Platform utilizes Stedi's AI for claim formatting and EDI transactions. Stedi assumes liability for their AI outputs per their terms.

AI models are continuously updated and improved. The Company does not warrant that AI models will be error-free, bias-free, or consistently accurate. Model performance may vary across patient populations, specialties, and clinical contexts.

Patient Consent

Patients must provide informed consent to receive care via telehealth before their first telemedicine or telepsychiatry encounter. Consent must be documented in the Platform. Providers are responsible for ensuring consent is obtained in compliance with applicable state telehealth consent laws.

Technology Requirements

Telemedicine services require a compatible device with camera, microphone, and stable internet connection. The Company does not guarantee video quality, connection stability, or service availability. Technical limitations do not waive or reduce billing obligations.

Provider Licensure

Providers are solely responsible for ensuring they hold a valid, unrestricted license to practice in the patient's state at the time of each telehealth encounter. Cross-state telehealth licensure is the Provider's responsibility. IntakeAccess.ai does not verify or guarantee Provider licensure compliance across jurisdictions.

Prescribing via Telemedicine

E-prescribing through the Platform, including for controlled substances, is subject to the DEA's telemedicine prescribing rules, the Ryan Haight Act, applicable state pharmacy laws, and any applicable SAMHSA regulations. Providers are solely responsible for compliance with all prescribing laws and regulations.

Recording Policy

Telemedicine sessions are not recorded by the Platform without the explicit prior consent of all parties. Providers who wish to record sessions must obtain patient consent in accordance with applicable state wiretapping and consent laws before initiating recording.

Emergency Protocols

Telehealth is not appropriate for emergency situations. If a patient is experiencing a life-threatening emergency, they must call 911 immediately. Providers must have documented emergency protocols and escalation procedures for patients in crisis. The Platform's telepsychiatry suite includes integrated 988 Suicide & Crisis Lifeline resources; Providers must ensure patients are made aware of these resources.

Platform Availability

The Company targets 99.9% platform uptime but does not guarantee uninterrupted service. Providers must have backup communication and emergency care protocols that do not rely solely on Platform availability.

All Providers and Facilities using IntakeAccess.ai agree to the following:

• Accurate Credentialing: Provide accurate, complete, and current professional credentials, NPI numbers, PTAN (Provider Transaction Access Number), CCN (CMS Certification Number), licensure information, organization details and facility details. Update information promptly upon any change.
• Licensure Compliance: Maintain valid, unrestricted licensure in all jurisdictions where patients are treated. Providers treating patients in multiple states via telemedicine are responsible for obtaining and maintaining all required licenses.
• Legal Compliance: Comply with all applicable federal, state, and local laws and regulations, including HIPAA, the False Claims Act, Anti-Kickback Statute, Stark Law, CMS billing regulations, DEA prescribing rules, and all applicable state practice acts.
• Professional Liability Insurance: Maintain professional liability (malpractice) insurance in amounts required by applicable law and standard of practice in their specialty.
• Emergency Backup Plans: Maintain documented protocols for emergency situations, including failure of telemedicine systems, patient crises, and situations requiring immediate in-person care.
• Patient Consent: Obtain and document all required patient consents, including telehealth consent, treatment consent, AI tool disclosure, and any state-specific consents.
• AI Tool Use: Use AI features as assistive tools only. Review all AI outputs before clinical use. Never act on an AI-generated suggestion without independent clinical evaluation.
• Record Retention: Maintain patient records for periods required by applicable state and federal law, independent of the Platform's data retention schedule.
• Credential Security: Maintain the confidentiality of login credentials, enable MFA on all accounts, and immediately report unauthorized access or suspected breach to the Company.
• Billing Accuracy: Ensure that all claims submitted through the Platform are accurate, medically necessary, properly documented, and compliant with applicable coding and billing guidelines.

Patients using the IntakeAccess.ai platform agree to:

• Provide accurate and complete health information during intake and throughout care
• Attend scheduled telehealth appointments or provide timely notice of cancellation
• Fulfill payment obligations for services rendered, including co-pays, deductibles, and self-pay balances
• Treat all healthcare providers, staff, and platform personnel with respect and dignity
• Meet technology requirements for telemedicine (compatible device, camera, microphone, internet connection)
• Call 911 in any life-threatening emergency; not use the Platform as a substitute for emergency services
• Maintain the security of portal login credentials and enable 2FA as required
• Report any unauthorized access to their patient portal account immediately
• Not share login credentials with any other person
• Acknowledge that AI-generated platform content does not constitute medical advice
• Authorize or revoke family member access to their health information through the Patient Portal

Family members granted access to a patient's health information through the Family Portal agree to:

• Only access health information for the specific patient who granted authorization
• Maintain the confidentiality of all patient health information accessed through the Portal
• Not share PHI with any third party without the patient's explicit written consent
• Fulfill payment obligations for patient balances when authorized as a responsible party
• Maintain the security of Family Portal login credentials and enable 2FA as required
• Report any unauthorized access to their Family Portal account immediately
• Not share login credentials with any other person, including other family members
• Respect patient privacy and only access information necessary for care coordination or payment
• Acknowledge that family access can be revoked by the patient at any time without notice
• Comply with all applicable laws regarding protected health information

By providing a mobile number and opting into SMS communications during intake, portal registration, or by texting START, you consent to receive text messages from IntakeAccess.ai Healthcare Communications. Message frequency: up to 4 messages per month. Message and data rates may apply.

• Opt-Out: Text STOP at any time. Opt-out is immediate and logged.
• Help: Text HELP or call 205-855-4545.
• No Marketing SMS: Mobile numbers are used only for healthcare-related communications. No mobile information is shared with third parties for marketing purposes.
• Carrier Support: AT&T, T-Mobile, Verizon, Sprint, Boost, Cricket, MetroPCS, U.S. Cellular, and other major carriers.
• SMS opt-in and opt-out records are maintained in our HIPAA-compliant audit system in compliance with CTIA guidelines and the Telephone Consumer Protection Act (TCPA).

The e-prescribing module transmits prescriptions electronically to pharmacies in compliance with applicable state and federal law. Providers using the e-prescribing module represent and warrant that:

• They hold a valid DEA registration (where required) and all applicable state prescribing licenses
• All prescriptions are issued based on a valid prescriber-patient relationship and clinical assessment
• Prescriptions for controlled substances comply with the DEA's Electronic Prescriptions for Controlled Substances (EPCS) regulations and applicable state EPCS laws
• They will not use the e-prescribing module to prescribe medications in violation of the Ryan Haight Act or applicable telemedicine prescribing restrictions

IntakeAccess.ai is not a pharmacy and does not dispense medications. The Company is not responsible for pharmacy fulfillment, drug interactions not captured in the Platform, or clinical prescribing decisions.

Providers and Facilities using the Platform for Medicare and/or Medicaid billing, claims submission, or MDS submission represent and warrant that:

• They are enrolled in the Medicare and/or Medicaid programs and are not excluded from participation under OIG or SAM exclusion lists
• Valid PTAN (Provider Transaction Access Number) and CCN (CMS Certification Number) are on file with the Platform before any claims or MDS submissions are processed
• All claims submitted through the Platform are accurate, medically necessary, properly documented, and compliant with applicable CMS coverage and coding requirements
• All MDS assessments submitted through the Platform are accurate, complete, and compliant with CMS RAI Manual guidelines
• They will not submit false, fraudulent, or duplicate claims or MDS assessments through the Platform
• They understand that the Platform does not guarantee claim approval, reimbursement, or MDS acceptance
• They will maintain complete medical records supporting all billed services and MDS assessments for a minimum of 10 years as required by CMS
• Facility has obtained all required PSO (Patient Safety Organization) approvals for MDS submission vendor authorization prior to using Platform MDS features
• They have authorized IntakeAccess.ai as a billing vendor or MDS submission vendor with applicable payers and CMS as required

Anti-Upcoding & Billing Accuracy Commitment

IntakeAccess.ai expressly commits to the following billing and coding compliance standards:

• No Upcoding: IntakeAccess.ai will not upcode any services (i.e., will not submit codes that reflect higher reimbursement than warranted by documented services). All claims submitted through the Platform reflect accurate coding based on documentation provided by the Facility.
• Regular Audits: IntakeAccess.ai conducts regular internal audits of claims submissions to ensure services are coded and billed accurately. Audit findings are documented and corrective actions implemented as needed.
• No Referrals: IntakeAccess.ai does not and will not, directly or indirectly, refer individuals to any healthcare provider for services. The Platform is a technology and billing tool only and does not engage in patient referral or steering practices.
• Billing & Coding Exclusion: IntakeAccess.ai's RCM services are limited to claims submission, ERA enrollment, denial management, and payment posting. Clinical coding, medical necessity determinations, and documentation accuracy remain the sole responsibility of the Facility. This exclusion reduces Anti-Kickback Statute risk under the personal services safe harbor (42 C.F.R. § 1001.952(d)).
• Audit Cooperation: IntakeAccess.ai will cooperate fully with Facility audits, CMS audits, and OIG investigations related to billing and coding accuracy. Platform audit logs and claims submission records will be made available as required.

Submission of false claims or inaccurate MDS assessments through the Platform may constitute a violation of the False Claims Act (31 U.S.C. §§ 3729–3733) and may result in substantial civil and criminal penalties. IntakeAccess.ai cooperates fully with CMS, OIG, and other governmental program integrity audits and investigations.

Patient Data Ownership

Patients own their PHI. IntakeAccess.ai holds and processes PHI solely as a service to Covered Entity healthcare providers and facilities. The Company does not claim ownership of any patient PHI.

Provider/Facility Data

Providers and Facilities retain ownership of their own clinical records, operational data, claims data, MDS assessments, and billing information submitted to the Platform. The Company holds a limited license to process such data to provide the Platform services, including RCM, claims submission, ERA enrollment, and MDS submission.

Platform Data

Aggregate, de-identified, non-PHI platform usage data may be used by IntakeAccess.ai for platform improvement, product development, AI model training, and analytics purposes. De-identification meets the HIPAA Safe Harbor standard (45 C.F.R. § 164.514(b)).

Data Storage & Infrastructure

• All PHI is stored on AWS HIPAA Eligible services with executed AWS BAA
• Data is encrypted at rest using AES-256 and in transit using TLS 1.3
• Backup and disaster recovery: Daily automated backups with 30-day retention
• Data replication across multiple AWS Availability Zones
• VPC with private subnets; no direct public database access
• AWS CloudTrail for all API access logging

Data Retention & Deletion

• Active data: Retained for duration of Facility subscription
• Terminated accounts: PHI retained for minimum 7 years (or 10 years for Medicare/Medicaid records) as required by law
• After retention period: PHI is permanently deleted using NIST 800-88 compliant methods
• Facilities may request data export within 30 days of termination (see Section 17)

Security Obligations of Users

Users are responsible for maintaining the security of their login credentials, enabling MFA/2FA, logging out after each session, and not accessing the Platform from unsecured or shared devices where possible. The Company's security responsibilities do not cover breaches caused by User negligence, credential sharing, or use of compromised devices.

Breach Notification

In the event of a breach of unsecured PHI, IntakeAccess.ai will notify affected Covered Entities and patients in accordance with HIPAA Breach Notification Rule requirements (45 C.F.R. §§ 164.400-414). Notification will be made without unreasonable delay and within 60 days of breach discovery.

All technology, software, algorithms, AI models (including but not limited to prior auth AI, wound imaging AI, staff scheduling AI, bed management AI, RCM prediction AI, and clinical decision support AI), machine learning systems, user interfaces, platform architecture, trademarks, service marks, logos, proprietary data processing methods, and content comprising the IntakeAccess.ai platform are the exclusive intellectual property of IntakeAccess.ai and are protected by applicable U.S. and international intellectual property laws.

Users are granted a limited, non-exclusive, non-transferable, revocable license to use the Platform solely for lawful healthcare purposes in accordance with these Terms. This license does not include the right to: copy, modify, or create derivative works from the Platform; reverse engineer, decompile, or extract source code from any Platform component; sublicense or resell access; use any Platform AI models, algorithms, or RCM logic outside the Platform; scrape, crawl, or extract Platform data for competitive purposes; or train any third-party AI models using Platform outputs or data.

Feedback, suggestions, and improvement ideas submitted by Users may be used by the Company to improve the Platform without obligation or compensation to the submitting User.

Third-Party IP & Integrations

• Stedi: Claims processing, prior authorization, and insurance verification utilize Stedi's APIs and IP. Stedi's terms of service and IP rights apply separately.
• Stripe: Payment processing utilizes Stripe Connect. Stripe's terms of service and IP rights apply separately.
• AWS: Infrastructure services subject to AWS IP and licensing terms.
• iQIES/HARP: MDS submission utilizes CMS systems. CMS retains all rights to iQIES/HARP platform.

Termination by User

Providers and Facilities may cancel subscriptions with 30 days' written notice. Patients may request account deactivation at any time through the patient portal or by contacting support.

Termination by Company

The Company may immediately suspend or terminate any account upon: (a) material breach of these Terms; (b) non-payment after the 5-day grace period; (c) HIPAA violation or security incident; (d) fraudulent billing or false claims submission; (e) inaccurate MDS submissions; (f) loss of professional licensure; (g) OIG/SAM exclusion; (h) revocation of vendor authorization by CMS or payers; or (i) conduct posing a risk to patient safety or platform integrity.

Data Following Termination

• Data Export: Upon termination, Providers and Facilities may request a complete export of their clinical, operational, claims, and MDS data within 30 days of account termination. Export is provided in a standard electronic format.
• PHI Retention: PHI is retained for the legally required period (minimum 7 years for medical records; 10 years for Medicare/Medicaid claims and MDS records) following termination, as required by applicable law.
• Post-Retention Deletion: Following the applicable retention period, PHI is permanently deleted or de-identified in compliance with the HIPAA Safe Harbor standard.
• Outstanding Obligations: Termination does not relieve any party of payment obligations (including RCM fees) accrued through the termination date.

Disclaimers

THE PLATFORM IS PROVIDED "AS IS" AND "AS AVAILABLE." THE COMPANY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY OF AI OUTPUTS, UNINTERRUPTED SERVICE, CLAIM APPROVAL, PRIOR AUTHORIZATION APPROVAL, MDS ACCEPTANCE, COMPATIBILITY WITH PAYER SYSTEMS OR STATE REGULATIONS, OR ANY GUARANTEE OF RCM OUTCOMES.

Billing & Coding Disclaimer: IntakeAccess.ai does not provide clinical coding, medical necessity determinations, or billing compliance advice. All coding and billing decisions are the sole responsibility of the Facility. IntakeAccess.ai's RCM services are limited to claims submission, ERA enrollment, denial management, and payment posting. The Facility retains full responsibility for the accuracy and completeness of all claims, MDS assessments, and supporting documentation.

Anti-Upcoding & Audit Commitment Disclaimer: While IntakeAccess.ai commits to no upcoding, regular audits, and no referrals as described in Sections 1 and 14, the Company makes no warranty that audit results will identify all billing inaccuracies or that third-party payers will accept any claim. The Facility remains solely responsible for all billing compliance.

Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY'S TOTAL CUMULATIVE LIABILITY FOR ANY CLAIMS ARISING UNDER THESE TERMS OR RELATED TO THE PLATFORM SHALL NOT EXCEED THE TOTAL FEES PAID BY THE SUBSCRIBER IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE CLAIM.

IN NO EVENT SHALL THE COMPANY BE LIABLE FOR: INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES; LOST PROFITS; LOST REVENUE; LOSS OF DATA; CLINICAL OUTCOMES ARISING FROM PROVIDER USE OF AI FEATURES; CLAIM DENIALS OR PRIOR AUTHORIZATION FAILURES; MDS REJECTIONS OR CMS AUDITS; REGULATORY FINES OR PENALTIES (INCLUDING FALSE CLAIMS ACT PENALTIES); THIRD-PARTY SERVICE OUTAGES (INCLUDING STEDI, STRIPE, AWS, OR IQIES/HARP); UPCODING OR BILLING ERRORS (WHICH REMAIN FACILITY RESPONSIBILITY); REFERRAL-RELATED CLAIMS; OR ANY DAMAGES ARISING FROM FORCE MAJEURE EVENTS — EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

These limitations apply regardless of the theory of liability, including contract, tort, negligence, strict liability, or product liability. FACILITY AGREES THAT INTAKEACCESS.AI SHALL NOT BE LIABLE FOR ANY PENALTIES, FINES, OR SANCTIONS IMPOSED BY CMS, OIG, OR ANY PAYER ARISING FROM FACILITY'S BILLING OR CODING ERRORS.

• Claim denials based on clinical documentation are Facility's responsibility
• Payer payment delays are not grounds for RCM fee reduction
• Stedi or clearinghouse outages do not waive RCM fees
• Facility maintains ultimate responsibility for all billing compliance
• Third-party fees (Stripe, Stedi) are passed through at cost

Anti-Upcoding & Billing Compliance

• No Upcoding: IntakeAccess.ai does not and will not upcode services (i.e., will not submit codes that reflect higher reimbursement than warranted). All claims reflect accurate coding based on Facility documentation.
• Regular Audits: IntakeAccess.ai conducts internal audits of claims submissions to verify coding accuracy. Audit results are confidential but may be shared with Facility or CMS as required by law.
• No Referrals: IntakeAccess.ai does not refer individuals to any healthcare provider. RCM services are limited to claims processing only.
• Billing Exclusion: Clinical coding and billing decisions are excluded from RCM services and remain Facility responsibility, reducing Anti-Kickback Statute risk under 42 C.F.R. § 1001.952(d).
• Facility Liability: Facility assumes all liability for coding errors, upcoding, false claims, and billing non-compliance, regardless of any Platform audit or claim scrubbing features.

Audit & Compliance Cooperation

• CMS Audits: IntakeAccess.ai cooperates fully with CMS, OIG, MAC, and UPIC audits. Platform audit logs and claims records will be provided as required.
• Facility Audits: Facilities may request audit logs of their claims submissions. Response within 30 days.
• Voluntary Refunds: If billing inaccuracies are identified, IntakeAccess.ai will assist Facility in submitting voluntary refunds to CMS or payers. Responsibility for refund amounts rests with Facility.
• Exclusion Reporting: Facilities must immediately report any OIG or SAM exclusion. IntakeAccess.ai will suspend RCM services upon notification of exclusion.

Each Provider and Facility agrees to defend, indemnify, and hold harmless IntakeAccess.ai, its officers, directors, employees, agents, and assigns from and against all claims, losses, damages, liabilities, regulatory fines, and expenses (including reasonable attorneys' fees) arising from:

• Breach of these Terms or any representation or warranty herein
• Clinical decisions made by the Provider, including any reliance on AI outputs without independent clinical review
• Submission of false, fraudulent, or unsupported claims to Medicare, Medicaid, or any payer
• Submission of inaccurate, incomplete, or fraudulent MDS assessments to CMS or iQIES/HARP
• Failure to maintain accurate PTAN, CCN, Facility ID, or vendor authorization with CMS or payers
• Claim denials, prior authorization failures, or MDS rejections resulting from Facility-provided inaccurate information
• HIPAA violations caused by the Provider's or Facility's actions or omissions
• Unauthorized prescribing or e-prescribing violations
• Provider licensure violations or unlicensed practice
• Failure to obtain required patient consents
• Negligent or intentional acts or omissions by the Provider or their staff
• Violation of any applicable law, including the False Claims Act, Anti-Kickback Statute, Stark Law, or applicable state law
• Revocation of vendor authorization by CMS or any payer based on Facility's actions or omissions

Informal Resolution: Before initiating formal proceedings, the parties agree to attempt resolution through good-faith negotiations for 30 days following written notice of a dispute.

Binding Arbitration: If not resolved informally, disputes shall be submitted to binding arbitration under the JAMS Healthcare Arbitration Rules, conducted remotely or in the United States, with a single arbitrator. The arbitrator's decision is final and binding and may be entered as a court judgment. Disputes involving RCM fees, claim denials, coding, MDS rejections, or payment disputes shall be resolved exclusively through arbitration.

Class Action Waiver: ALL DISPUTES SHALL BE RESOLVED INDIVIDUALLY. USERS WAIVE ANY RIGHT TO CLASS, COLLECTIVE, OR REPRESENTATIVE ACTION AGAINST INTAKEACCESS.AI LLC.

Exceptions: Either party may seek emergency injunctive relief from a court to prevent irreparable harm. The Company may pursue collections of unpaid fees (including RCM fees) in any appropriate forum. Disputes involving CMS, Medicare, Medicaid, or regulatory agencies are subject to applicable federal or state administrative processes.

Opt-Out: Users may opt out of binding arbitration within 30 days of first agreeing to these Terms by written notice to legal@intakeaccess.ai.

These Terms are governed by the laws of the United States and the State of Alabama, without regard to conflict of law principles. The HIPAA regulations and applicable federal healthcare laws supersede any conflicting provisions of these Terms. Nothing in these Terms limits any rights or obligations under applicable federal law, including HIPAA, the False Claims Act, the Anti-Kickback Statute, the Stark Law, CMS regulations (42 C.F.R.), and Medicare/Medicaid billing requirements.

Any disputes involving Medicare, Medicaid, CMS, or iQIES/HARP submissions shall be subject to applicable federal administrative processes and CMS jurisdiction. The parties agree that venue for any permitted court proceeding shall be Jefferson County, Alabama.

IntakeAccess.ai shall not be liable for delays or failures in platform availability, claim submissions, ERA enrollments, prior authorizations, MDS submissions, or any other RCM services caused by events beyond its reasonable control, including acts of God, cyberattacks, power outages, internet infrastructure failures, government actions, public health emergencies, pandemics, natural disasters, CMS or iQIES/HARP system outages, Stedi or Stripe service disruptions, AWS infrastructure failures, payer system downtime, or third-party service provider outages. Providers and Facilities must maintain independent emergency protocols and backup systems for continuity of patient care and billing operations during any platform outage. RCM fees shall not be waived or reduced due to force majeure events.

The Platform integrates with the following third-party services, each subject to their respective terms of service and, where applicable, Business Associate Agreements:

• Stedi: Claims submission (837P, 837I), prior authorization, insurance verification, ERA enrollment, and EDI transaction processing
• Hathr AI: Healthcare-specific AI models for prior authorization, insurance verification, and RCM predictions
• Comp AI: AI-powered clinical documentation and specialty templates
• Doesspot: E-prescribing (electronic prescription management and transmission, including EPCS for controlled substances)
• Stripe: Patient and family payment processing via Stripe Connect
• AWS (Amazon Web Services): HIPAA-eligible cloud infrastructure, data storage, and computing services with executed AWS BAA
• Twilio: SMS communications and secure messaging
• SendGrid: Email delivery for patient and family notifications
• iQIES/HARP (CMS): MDS assessment submissions for SNF facilities

These integrations are subject to the respective third-party terms of service and, where applicable, Business Associate Agreements. The Company is not liable for outages, errors, data breaches, service failures, or any other damages caused by third-party providers. Facilities using RCM services acknowledge that claim submissions, prior authorizations, e-prescribing, and MDS submissions depend on the availability and proper functioning of these third-party services.

The Company may modify these Terms at any time by posting updated Terms to the Website. Material changes, including changes to subscription fees, RCM fee percentage, setup fees, or service scope, will be communicated by email to registered subscribers at least 30 days before the effective date. Continued use of the Platform following the effective date of modified Terms constitutes acceptance. If you do not agree to the revised Terms, you must cancel your subscription before the effective date of the change. Facilities with active RCM services must notify the Company in writing of non-acceptance and cancel RCM services prior to the effective date to avoid application of modified RCM terms.

Entire Agreement: These Terms, together with any executed BAA, CMS-588 forms, vendor authorization agreements, Order Forms, and the Privacy Policy, constitute the entire agreement between the parties and supersede all prior understandings.

Severability: If any provision is found invalid or unenforceable, it shall be modified or severed, and the remaining Terms shall continue in full force.

Waiver: No failure to enforce any Term constitutes a waiver of that right.

Assignment: Users may not assign these Terms without Company consent. The Company may assign these Terms in connection with a merger, acquisition, or asset sale. Facilities may not assign RCM service obligations without written consent.

No Third-Party Beneficiaries: These Terms do not create rights in any third party, except that patients retain all HIPAA rights regardless of the contractual relationship between a Covered Entity and the Company.

Notices: Legal notices to the Company must be sent to legal@intakeaccess.ai or to the Company's registered address. Platform notices to Users are effective upon transmission to the registered email address. Facilities utilizing RCM services must maintain a valid, monitored email address for billing and compliance communications.

Survival: Sections 1 (Definitions), 7 (HIPAA Compliance), 15 (Data Ownership), 16 (Intellectual Property), 18 (Limitation of Liability), 19 (Indemnification), 20 (Arbitration), and 25 (General Provisions) shall survive any termination of these Terms.

Contact: For all questions, support, compliance, and legal matters:
INTAKEACCESS.AI LLC (DBA: IntakeAccess Health Solutions)
181 W Valley Ave STE 245-1742
Birmingham, AL 35209
Website: https://intakeaccess.ai  |  Privacy: privacy@intakeaccess.ai  |  Compliance: compliance@intakeaccess.ai  |  Legal: legal@intakeaccess.ai  |  RCM Billing: billing@intakeaccess.ai  |  Support: 205-855-4545