These Terms of Use constitute a legally binding agreement between you, whether personally or on behalf of an entity (“you”) and KFMC Health Improvement Partners, a Kansas nonprofit corporation (“KFMC” “we” or “us”), regarding your access to and use of the https://www.sraplus.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). You agree that by accessing the Site, you have read, understood, and agree to be bound by all of these Terms of Use. You are expressly prohibited from using the Site if you do not agree with all of these Terms of Use.

General Terms

KFMC has developed a web-based software application to conduct security risk assessments for purposes of determining compliance with the administrative, technical, and physical safeguards of the HIPAA Security Rule (“SRA+™”) that it licenses to healthcare providers (known as “Covered Entities” under HIPAA) or business associates of Covered Entities subject to the provisions of HIPAA. You are a Covered Entity or Business Associate and desire to use SRA+™. The following capitalized terms will have the following meanings as used in this Agreement:
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations, each as amended.
“Users” mean your current employees, contractors, and agents whom who you authorize to enroll in, access, and use SRA+™ and whom we furnish Credentials to access SRA+™ in accordance with this Agreement.


We agree to provide you access to SRA+™ for the purpose of conducting security risk assessments according to the provisions of HIPAA. Your right to use SRA+™ and any and all additional materials furnished by us under this Agreement is a limited “License” which means you acknowledge that we solely own the same, that your rights are limited to the purposes and uses expressly permitted by this Agreement, and that you acquire no ownership of any copyright, patent, trademark or service mark, or any other intellectual property under this Agreement. We own and have the exclusive right to the protection afforded to all such intellectual property and trade secrets by federal law, the laws of the State of Kansas, and such laws of other states as may apply. SRA+™ and any and all other materials provided by us may not be copied, reproduced, or distributed except as provided and expressly permitted by the terms of this Agreement. All Users will be bound by the same obligations you are as a licensee. We retain all rights to provide SRA+™ to other clients and to be the exclusive provider of the same.

Support Services

We will provide technical support relating to SRA+™. We will have no obligation to provide technical support relating in any way to software or hardware that is not included under this Agreement.

Our Duties

Subject to the terms of this Agreement we agree to employ commercially reasonable efforts to (a) make SRA+™ available to you and your Users and (b) correct performance and technical errors affecting your use of SRA+™ within a reasonable time after receiving notice of the same. We will protect your data through the use of encryption (see Privacy Policy).

Your Duties

In addition to your other duties set forth in this Agreement, you will (a) take commercially reasonable precautions to assure that only authorized Users access or use SRA+™ and fully cooperate with us to prevent any such unauthorized access or use; (b) comply with all applicable local, state, federal, and foreign laws, treaties, and regulations in using SRA+™; (c) cooperate with us to diagnose and correct any technical and performance errors as they may arise from time to time in our provision of SRA+™, including promptly reporting all such errors to us; and (d) obtain and maintain access to the world wide web, either directly or through devices that access web-based content, and provide all equipment necessary to make (and maintain) such connection to the world wide web in accordance with our standard requirements. You will use SRA+™ solely for the purposes of conducting security risk assessments and analysis and documenting risk remediation activities planned and implemented. You grant to us the nonexclusive, nontransferable, royalty-free worldwide right to copy, store, record, transmit, display, view, print, or otherwise use, to the extent necessary to provide SRA+™, data created by and about Users in the course of using SRA+™ and your trademarks, service marks, trade names, logos, and other intellectual property for the purpose of including them in your user interface with SRA+™. We will maintain certain data that you transmit to the Site for the purpose of managing the performance of the Site, as well as data relating to your use of the Site. Although we perform regular backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Site. You agree that we shall have no liability to you for any loss or corruption of any such data, and you herby waive any right of action against us arising from any such loss or corruption of such data.

Limitations on Use

You agree to use, and ensure that all Users, use SRA+™ only for permitted purposes within the scope of the License granted hereunder. To carry out this promise, you further agree that you will not, without our prior written consent, in any way or by any method whatsoever including by any form of reverse engineering: (a) make by any means new versions, new applications, and other derivative works of SRA+™ (including any of its source code, source files, structure, functioning, or features), including combining all or part of SRA+™ (including any of its source code, source files, structure, functioning, or features) with other code, materials, or documentation ("Derivative Works"); (b) store, archive, extract, gather, use, and/or reproduce SRA+™ (including any of its source code, source files, structure, functioning, or features) for the purpose of compiling, revising, updating, upgrading, enhancing, displaying, storing, transmitting, or altering them or otherwise creating Derivative Works; (c) demonstrate, copy, or distribute SRA+™ (including any of its source code, source files, structure, functioning, or features) to persons not authorized as Users; (d) provide training or explanations of SRA+™ (including any of its source code, source files, structure, functioning, or features) in any form; (e) use, publish, transmit, reproduce our trademarks, service marks, logos, and trade names in connection with advertising, promotion, or marketing; (f) access or use SRA+™ (including any of its source code, source files, structure, functioning, or features) to create a product or service directly or indirectly competitive with SRA+™; or (g) use or attempt to use, or permit your Users, employees, agents, contractors, representatives, to use or attempt to use, any method, technology, process, or device to gather or extract data or information of any kind from SRA+™, including by data mining, scraping or screen scraping, crawling, or any automated device or process.


You may request any number of users within your organization. Only persons currently employed as employees or contractors by you may be authorized as Users. You will provide us with the name and email address of each User and all other information reasonably necessary for us to furnish a unique user ID, password, or other credentials (“Credentials”) for each User to access SRA+™. Each User, as a condition to receiving Credentials and accessing SRA+™, must acknowledge acceptance of these Terms of Use. Notwithstanding the foregoing, you will be responsible to us for (a) authorizing, monitoring, and controlling access to and maintaining the strict confidentiality of, each User’s Credentials; (b) prohibiting unauthorized use of a User’s Credentials; (c) promptly informing us of any need to deactivate Credentials due to unauthorized use of or access to SRA+™ by unauthorized persons or by Users in violation of the limitations of use set forth in this Agreement; and (d) the compliance by each and every User with the terms of this Agreement and any user agreement or terms of service between us and a User. We reserve the right to deny Credentials or access to SRA+™ to any person who in our reasonable opinion is not legally eligible for such access or whose access would cause substantial harm to us or others. In addition to authorized Users, we will also provide Credentials solely for the purpose of administrative access to SRA+™ to monitor Users’ activity, progress, and compliance, to individuals identified by you to us in writing.


You acknowledge that SRA+™, or any part or function thereof, is subject to temporary, periodic interruptions of service or access due to outages, technical errors or bugs, or maintenance or repair activities. You agree that your obligation for payment of fees under this Agreement will not be affected by, because of, or during such temporary service interruptions.

Subscription Fees

You agree to pay us fees as outlined on the Site for the License. All fees are noncancelable and nonrefundable. We may pass through to you all amounts charged to us by any third-party KFMC in connection with SRA+™. All invoices from us will be due and payable within thirty (30) days after receipt thereof. You agree to pay all applicable foreign, federal, state, and local taxes. The License fees set forth do not include charges for any services or materials we may provide in addition to your License to use SRA+™. In addition to any remedies we may have under this Agreement or at law or equity for nonpayment, we may suspend your access, or the access of any User, to SRA+™ upon reasonably contemporaneous telephonic or email notice to you. You agree to reimburse us for all costs and expenses (including attorneys’ fees) we incur to collect unpaid overdue fees.

Modification and Suspension of Service

We reserve the right at any time and from time to time to modify, temporarily or permanently, SRA+™, and any other software or service or software as a service offered to you under this Agreement, provided such modification does not materially diminish the functionality of SRA+™ to you. We will use commercially reasonable efforts to notify you prior to any such modification. We may, with reasonably contemporaneous telephonic or email notice to you, suspend your access, or the access of any User, to SRA+™ (a) to comply with applicable law or order; (b) to prevent interference with or damage to our software or systems; (c) to mitigate or eliminate a security breach; (d) if legally required by a third-party KFMC; or (e) under exigent circumstances as reasonably necessary to minimize injury to persons or property. We will use commercially reasonable efforts to resolve the issues causing the suspension of service. You agree that we will not be liable to you, any User, or to any third party for any service suspension under such circumstances as described in this section.

Term and Termination

The initial Agreement will begin on the Date of Purchase, and continue through the calendar year. For initial purchases made in October-December, the agreement will continue through the end of the subsequent calendar year. The term may be renewed for a successive calendar year period by the User renewing and paying the annual License fee. Notwithstanding the foregoing, this Agreement may be terminated before the end of its term: (a) at any time by agreement of the parties; (b) immediately by us if the use of SRA+™ becomes or, in our sole opinion, is likely to become, the subject of a claim or suit for intellectual property infringement or misappropriation; and (c) immediately by the aggrieved party upon the occurrence of (i) material default by a party under this Agreement and failure to cure that default within thirty (30) days after written notice thereof from the aggrieved party, or (ii) filing of a petition in bankruptcy or other insolvency statute by or against a party, the appointment of a receiver in respect of all or substantial party of a party’s assets, a party ceases to do business, or a party becomes insolvent.

Duties upon Termination

Upon termination or expiration of this Agreement, we may without liability to you or any User or third party immediately deactivate your, and all Users’, access to SRA+™, and you will discontinue all use of and access to SRA+™ and promptly return to us materials provided by us in whatever form in your possession; provided, however, that any hard copies of any materials distributed to individual Users may be retained by the Users. All duties imposed by this Agreement relating to the protection and preservation of our copyrights, trademarks, and proprietary information will continue in effect notwithstanding termination.

Assignment and Sublicensing

The License granted to you by this Agreement is personal to you. Rights under this Agreement are otherwise not assignable, and sublicensing is not permitted.

Disclaimer of Warranties

You acknowledge and agree that, notwithstanding anything to the contrary in this Agreement, that (a) you are solely responsible for complying with the provisions of HIPAA; (b) SRA+™ is merely a tool and your use of it does not guarantee compliance with the provisions of HIPAA or that you will satisfy or pass an audit conducted by the United States Department of Health & Human Services Office for Civil Rights (OCR) or other state or federal agencies; and (c) your use of SRA+™ is at your sole risk. Except as otherwise stated in this agreement, we do not represent that use of SRA+™ will be secure, timely, uninterrupted or error free, or that it will meet your requirements or that all errors in SRA+™ will be corrected or that the system that makes the same available will be free of viruses or other harmful components or that the service will operate in combination with other hardware, software, systems or data not provided by us or that the operation of the services will be secure or that we will be able to prevent third parties from accessing your or users’ data or confidential information, or that any stored data will be accurate or reliable. SRA+™ is furnished “as is” and “as available” and we make no warranties or representations of any kind concerning SRA+™, or any results to be achieved through use of the same.

Limitations on Liability

Neither party WILL BE liable for any special, indirect, incidental, or consequential damages, or any punitive damages arising from or relating to this agreement, including any damages for bodily injury, death, or loss of revenue or otheR benefits, or any claims by a third party. The foregoing limitation applies to all causes of action and theories of liability including without limitation, breach of contract, breach of warranty, negligence, strict liability and other torts, indemnity, or other ground of fault or liability, including comparative or contributory Fault. OUR LIABILITY TO YOU AND ANY THIRD PARTY UNDER THIS AGREEMENT FOR ANY REASON (INCLUDING BREACH OF WARRANTY) WILL NOT EXCEED THE TOTAL FEES PAID TO US BY YOU DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.


Each party (the “Indemnifying Party”) agrees to defend at its expense and indemnify and hold harmless the other party and its affiliates, directors, officers, employees, agents, successors and assigns (each an “Indemnified Party”), in accordance with the procedures described in this section, from and against any and all losses, costs, damages, liabilities and expenses including without limitation, reasonable attorney fees and expenses paid to or for the benefit of an unaffiliated third party (collectively, “Losses”) arising from or in connection with any such third party claim for: (a) the death or bodily injury of any person caused by the negligence, willful misconduct, or material breach of this Agreement of the Indemnifying Party; or (b) the damage, loss, or destruction of any real or personal property caused by the negligence, willful misconduct, or material breach of this Agreement of the Indemnifying Party. The Indemnifying Party will advance funds to the Indemnified Party for legal expenses and other costs incurred as a result of a legal action, provided that the Indemnified Party undertakes in writing to repay the advanced funds if it is found by a court of competent jurisdiction that the Indemnified Party is not entitled to indemnification.


Each party may have access to information that is confidential to the other party, including SRA+™ itself, which are confidential to us alone (“Confidential Information”). Each party will treat as confidential the other Party’s Confidential Information and will not disclose or use such Confidential Information for any other purpose other than the performance of its responsibilities and duties under this Agreement or as required by law. Neither party will disclose, copy or permit the disclosure of the Confidential Information to third parties (not including its professional advisors who are under equal or greater confidentiality obligations as found in this Agreement), including to its shareholders or owners, without the other party’s prior written consent, as applicable (where it is permissible to seek such consent under applicable law without a breach thereof) except as required by law, a court of competent jurisdiction, or any regulatory body. Immediately upon termination of this Agreement, each party will, in accordance with this Agreement, promptly return to the other party any and all Confidential Information, including all copies and reproductions thereof, in such party’s possession and control or in the possession or control of any employee, contractor, KFMC, or agent of such party, except for records which the party is required to retain and maintain for regulatory purposes. The foregoing restrictions will not apply to any information that: (1) is or becomes a matter of general public knowledge without any violation of this Agreement on the part of the other party; (2) was available to a party or any of its affiliates, officers, members, employees, or representatives on a nonconfidential basis prior to the disclosure of such information by the other party; or (3) comes into a party’s possession from any party not affiliated with such party properly in possession of such information and not known by such party to have been obligated to keep such information confidential. The parties agree that money damages would be an inadequate remedy for a breach of this section and in the event of a breach or threatened breach of this section by either party, the nonbreaching party or its successors or assigns may, in addition to other rights and remedies existing in their favor, apply for specific performance or injunctive or other relief in order to enforce, or prevent any violations of, such provisions, without posting a bond or other security.

Independent Contractor

KFMC shall, for all purposes, be an independent contractor and not an agent or employee of you, nor shall anything herein be construed as making you a partner or co-venturer with KFMC. KFMC shall have no authority to act for, represent, bind, or obligate you except as specifically provided herein.

Force Majeure

Neither party will be liable to the other for any failure or delay in the performance of such party’s non-monetary obligations due to causes beyond its control, such as failure or delay caused, directly or indirectly, by fire, flood, earthquakes, other elements of nature, acts of war, terrorism, riots, civil disorders, rebellions or revolutions, epidemics, communications line or power failures, or governmental laws, court orders, and regulations imposed after the fact.


No contractual services undertaken by KFMC shall affect or otherwise interfere with the contractual relationship of you and any third-party organization paying for health care services provided by you.

Conflict of Interest

If KFMC determines that any requested services under this Agreement would create a conflict of interest, KFMC will promptly notify you of that determination and will have no obligation to perform such service.


Visiting the Site, sending us emails, and completing online forms constitutes electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email and on the Site, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SITE. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.


Except for the limitations on liability and remedies for certain damages stated previously, each party will be entitled to any and all remedies provided by law and equity for breach of this Agreement. In the event of any legal action between the parties relating to this Agreement or any rights or obligations arising out of its performance or breach, including tort actions or actions on other legal grounds, the prevailing party will be awarded reasonable attorneys’ fees and other litigation expenses, including expert witness fees.

Entire Agreement, Binding Effect, Assignment, Modification, Waiver, and Governing Law

This Agreement is the entire agreement between the parties on its subject matter. It supersedes, terminates, and cancels any prior agreements or understandings oral or written, relating to its subject matter. Neither party is relying on, or can rely on, any promise, representation, or inducement not included and stated in this Agreement. Neither party may assign this Agreement or any of its rights or obligations hereunder without the prior written consent of the other party, which shall not be unreasonably delayed, withheld, or conditioned, except that either party may assign this Agreement without consent in connection with any corporate reorganization, recapitalization, or sale of all or substantially all of its assets. In the event of a permitted assignment this Agreement will be binding on and inure to the benefit of the parties and their successors and assigns. This Agreement may not be amended or modified, nor any of its provisions waived or the right to rely thereon lost, except by written agreement signed by the party to be charged therewith. This Agreement is governed by and interpreted under the laws of the State of Kansas.


The following provisions will survive any termination or expiration of this Agreement: License, Your Duties; Limitations on Use; Subscription Fees; Term and Termination; Duties upon Termination; Disclaimer of Warranties; Limitations on Liability; Indemnification; Confidentiality; Independent Contractor; Notices; Remedies, Entire Agreement, Binding Effect, Assignment, Modification, Waver, and Governing Law; and Survival.

Contact Us

To receive further information or resolve a complaint about the Site, please contact us at:
800 SW Jackson, Ste 700
Topeka, KS 66612
United States