Provider Legal

Malama Provider Portal Terms of Service

Last Updated: May 19, 2026

Effective Date: May 19, 2026

These Malama Provider Portal Terms of Service (“Provider Terms”) govern access to and use of the Malama provider portal, provider dashboard, reports, patient invitation tools, care coordination tools, remote monitoring tools, provider-facing software, documentation, and related services made available by Malama Health, Inc. (“Malama,” “we,” “us,” or “our”) to healthcare providers, healthcare facilities, health centers, care teams, care coordination organizations, doulas, community-based care organizations, payers, and other healthcare-related organizations.

These Provider Terms are in addition to Malama’s general Terms of Service, Privacy Policy, Notice of Privacy Practices, and, where applicable, Malama’s Business Associate Agreement. If there is a conflict between these Provider Terms and the Business Associate Agreement with respect to protected health information, the Business Associate Agreement controls.

By registering for, accessing, or using the Malama Provider Portal, or by clicking “I Agree,” “Agree and Sign,” or a similar button, the individual completing registration represents that they have authority to bind the healthcare practice, facility, organization, or care team identified during registration (“Provider Organization”) and agrees to these Provider Terms on behalf of that Provider Organization.

If you do not have authority to bind Provider Organization, or if Provider Organization does not agree to these Provider Terms, you may not register for, access, or use the Malama Provider Portal.

1. Definitions

“Authorized User” means an employee, contractor, clinician, care coordinator, administrator, doula, staff member, or other workforce member of Provider Organization who is authorized by Provider Organization to access and use the Malama Provider Portal.

“Business Associate Agreement” or “BAA” means Malama’s Business Associate Agreement, as updated from time to time, that applies when Malama creates, receives, maintains, or transmits protected health information on behalf of a covered entity or business associate.

“Malama Provider Portal” or “Provider Portal” means Malama’s provider-facing software, dashboards, reports, patient invitation tools, patient data views, care coordination tools, remote monitoring tools, documentation, and related services made available to Provider Organization.

“Patient Data” means information relating to a patient, member, client, or individual that is submitted to, accessed through, generated by, transmitted through, or displayed in the Provider Portal. Patient Data may include protected health information under HIPAA.

“Provider Organization” means the healthcare practice, facility, health center, care team, care coordination organization, doula organization, community-based care organization, payer, or other healthcare-related organization identified during registration.

2. Eligibility

The Provider Portal is intended for use by Provider Organizations and Authorized Users who are authorized to provide healthcare services, care coordination, remote monitoring, patient navigation, social care navigation, doula services, health plan services, or related services.

Malama may require Provider Organization to provide information to verify eligibility, including organization name, organization type, work email domain, address, NPI, facility identifier, tax identifier, role/title, professional credentials, or other information.

Malama may approve, deny, suspend, limit, or revoke access to the Provider Portal at any time if Malama determines that access may create legal, privacy, security, operational, patient-safety, or compliance risk.

3. Authority to Bind Provider Organization

The individual registering for the Provider Portal represents and warrants that they have authority to accept these Provider Terms, the Malama Privacy Policy, and, if applicable, the Business Associate Agreement on behalf of Provider Organization.

Provider Organization agrees that electronic acceptance has the same legal effect as a handwritten signature.

Malama may maintain records of electronic acceptance, including signer name, signer email, signer role/title, Provider Organization name, timestamp, IP address, user agent, checkbox text, document versions, and agreement snapshot.

4. Free Base Portal Access

Subject to these Provider Terms, Malama may provide Provider Organization with access to a base version of the Provider Portal at no charge.

The free base Provider Portal may include features for reviewing patient-submitted information, viewing reports, inviting patients, inviting Authorized Users, supporting care coordination, supporting remote monitoring, or using other functionality made available by Malama from time to time.

Malama may modify, limit, suspend, discontinue, or add features to the free base Provider Portal at any time.

Free base access does not include any right to receive custom implementation, EHR integration, custom analytics, dedicated support, payer program services, contracted care management services, remote patient monitoring operations, billing support, custom workflows, or premium features unless Malama agrees separately in writing.

Certain features or services may require a separate written agreement.

5. No Referral Requirement; Patient Choice

Provider Organization acknowledges and agrees that access to the Provider Portal is not conditioned on, and does not require, any referral, recommendation, order, prescription, purchase, use, or arrangement involving Malama or any Malama service.

Provider Organization is not required to refer patients to Malama. Provider Organization remains free to refer patients to any clinically appropriate provider, service, technology, program, or support resource. Patients remain free to choose any provider, service, technology, or program available to them.

Nothing in these Provider Terms is intended to induce, reward, or compensate Provider Organization, any healthcare professional, any staff member, or any other person for referrals, recommendations, orders, prescriptions, purchases, or other business reimbursable by Medicare, Medicaid, any other federal healthcare program, state healthcare program, commercial payer, or patient.

Provider Organization is solely responsible for ensuring that any recommendation, referral, or discussion involving Malama is based on clinical appropriateness, patient need, patient choice, and applicable law.

6. Limited License

Subject to these Provider Terms, Malama grants Provider Organization a limited, revocable, non-exclusive, non-transferable, non-sublicensable right for its Authorized Users to access and use the Provider Portal solely for Provider Organization’s internal healthcare, care coordination, remote monitoring, patient support, social care navigation, administrative, and related operational purposes.

Provider Organization may not use the Provider Portal for any purpose not expressly permitted by these Provider Terms or by Malama in writing.

Malama and its licensors retain all right, title, and interest in and to the Provider Portal, including all software, technology, documentation, workflows, templates, reports, dashboards, designs, analytics, algorithms, improvements, modifications, and intellectual property.

No rights are granted except as expressly stated in these Provider Terms.

7. Authorized Users and Account Administration

Provider Organization is responsible for ensuring that only Authorized Users access the Provider Portal.

Provider Organization is responsible for all activity under its accounts, including all activity by Authorized Users.

User accounts may not be shared. Each Authorized User must use their own unique login credentials.

Provider Organization must promptly remove access for any Authorized User who is no longer employed by, contracted with, affiliated with, or authorized by Provider Organization.

Provider Organization is responsible for maintaining the confidentiality and security of all usernames, passwords, devices, systems, and account credentials used to access the Provider Portal.

Provider Organization must notify Malama promptly if it becomes aware of unauthorized access, credential compromise, or suspected misuse of the Provider Portal.

8. Patient Data Authorization

Provider Organization represents and warrants that it has all rights, permissions, consents, authorizations, notices, and legal bases necessary to:

  • invite patients to use Malama;

  • access Patient Data through the Provider Portal;

  • submit Patient Data to Malama;

  • use Patient Data available through the Provider Portal;

  • communicate with patients, care teams, or Malama-supported personnel using Malama-supported workflows;

  • use the Provider Portal for treatment, payment, healthcare operations, care coordination, remote monitoring, patient navigation, social care navigation, or other legally permitted purposes.

Provider Organization may not access, upload, disclose, or use Patient Data through the Provider Portal unless it has a legally permitted basis to do so.

Provider Organization is responsible for ensuring that its access to and use of Patient Data complies with HIPAA, state privacy laws, consumer health data laws, professional licensing rules, consent requirements, and all other applicable laws.

9. HIPAA; Business Associate Agreement

To the extent Provider Organization is a covered entity or business associate under HIPAA and Malama creates, receives, maintains, or transmits protected health information on behalf of Provider Organization, Malama will act as a business associate or subcontractor business associate, as applicable.

In that case, the Malama Business Associate Agreement is incorporated into these Provider Terms and governs Malama’s use and disclosure of protected health information.

If there is a conflict between these Provider Terms and the Business Associate Agreement with respect to protected health information, the Business Associate Agreement controls.

If Provider Organization is not a covered entity or business associate under HIPAA, Provider Organization remains responsible for complying with all privacy, confidentiality, consent, authorization, consumer protection, and healthcare laws applicable to its access to and use of Patient Data.

10. Clinical Responsibility

Malama does not provide medical care, medical advice, diagnosis, treatment, prescribing, emergency services, or clinical decision-making through the Provider Portal.

Provider Organization and its healthcare professionals are solely responsible for all clinical decisions, patient communications, diagnosis, treatment, escalation, documentation, follow-up, and use of information available through the Provider Portal.

The Provider Portal is not a substitute for professional medical judgment and should not be used as the sole basis for clinical decisions.

Provider Organization is responsible for independently reviewing Patient Data and determining what action, if any, is clinically appropriate.

11. No Emergency Use

The Provider Portal is not designed for emergency use, urgent clinical communication, or real-time emergency monitoring.

Provider Organization must not instruct patients to use Malama as a substitute for emergency services, urgent care, after-hours clinical communication, or direct communication with their healthcare provider.

Provider Organization remains responsible for providing patients with appropriate instructions for emergencies, urgent symptoms, after-hours communication, and clinical escalation.

12. Restrictions

Provider Organization and Authorized Users may not:

  • share user accounts or credentials;

  • access information for patients with whom Provider Organization has no legally permitted relationship, authorization, or basis for access;

  • use the Provider Portal for unlawful, fraudulent, harmful, misleading, abusive, or unauthorized purposes;

  • resell, sublicense, rent, lease, transfer, or otherwise make the Provider Portal available to third parties;

  • reverse engineer, decompile, disassemble, or attempt to derive source code, underlying ideas, algorithms, workflows, or structure from the Provider Portal;

  • modify, copy, translate, or create derivative works based on the Provider Portal;

  • interfere with the security, integrity, performance, or operation of the Provider Portal;

  • upload malicious code, viruses, malware, or harmful content;

  • upload, disclose, or use information that Provider Organization does not have the right to provide or use;

  • use the Provider Portal to develop, train, benchmark, or improve a competing product or service;

  • scrape, crawl, harvest, cache, bulk download, or use automated tools to access the Provider Portal, except as expressly authorized by Malama;

  • remove proprietary notices or labels from Malama materials;

  • use the Provider Portal in violation of applicable law, these Provider Terms, or any Malama policy.

13. Provider Equipment and Systems

Provider Organization is responsible for obtaining and maintaining any equipment, internet access, systems, browsers, devices, software, and security controls needed to access and use the Provider Portal.

Provider Organization is responsible for the security of its own systems, devices, networks, accounts, passwords, and files.

Malama is not responsible for failures, delays, corruption, unauthorized access, or security incidents caused by Provider Organization’s systems, devices, networks, users, vendors, or third-party services.

14. Support

Malama may provide standard support, documentation, onboarding materials, and online resources for the Provider Portal.

Unless otherwise agreed in writing, free base Provider Portal access does not include custom implementation, custom training, EHR integration, dedicated account management, guaranteed response times, remote patient monitoring operations, payer program operations, or billing support.

Malama may modify support channels, support hours, and support availability from time to time.

15. Changes to Provider Portal

Malama may modify, update, suspend, discontinue, replace, or remove Provider Portal features at any time.

Malama may introduce new features or services for which payment or a separate written agreement is required.

Provider Organization may stop using the Provider Portal if it does not agree with changes.

16. Data Use; De-Identified and Aggregated Information

Subject to applicable law and the Business Associate Agreement, Malama may use information relating to the provision, use, and performance of the Provider Portal to operate, maintain, secure, improve, and develop Malama’s products and services.

To the extent permitted by applicable law and the Business Associate Agreement, Malama may create, use, disclose, and commercialize de-identified or aggregated information for analytics, benchmarking, research, product improvement, publication, business, and other lawful purposes, provided such information does not identify Provider Organization or any individual unless permitted by applicable law or agreement.

Protected health information is governed by the Business Associate Agreement where applicable.

17. Feedback

Provider Organization and Authorized Users may provide comments, suggestions, ideas, requests, recommendations, or other feedback about the Provider Portal.

Malama may use feedback for any purpose without restriction or compensation, including to improve, develop, market, and commercialize products and services.

Provider Organization agrees that feedback does not create any confidentiality, ownership, royalty, or payment obligation unless otherwise agreed in writing.

18. Confidentiality

Each party may receive non-public information from the other party in connection with the Provider Portal.

Each party agrees to use reasonable care to protect the other party’s confidential information and to use such information only as necessary to perform or receive services, exercise rights under these Provider Terms, comply with applicable law, or as otherwise permitted in writing.

Protected health information is governed by the Business Associate Agreement where applicable.

19. Third-Party Services

The Provider Portal may interoperate with third-party services, systems, devices, applications, platforms, or data sources.

Malama does not control third-party services and is not responsible for third-party services, third-party data, third-party downtime, third-party security, third-party privacy practices, or errors caused by third-party services.

Provider Organization is responsible for complying with all terms, laws, consents, and permissions applicable to third-party services it uses in connection with the Provider Portal.

20. Suspension and Termination

Malama may suspend, limit, or terminate Provider Organization’s or any Authorized User’s access to the Provider Portal if Malama reasonably determines that:

  • Provider Organization or any Authorized User has violated these Provider Terms;

  • Provider Organization or any Authorized User has created a security, privacy, legal, operational, or patient-safety risk;

  • Provider Organization or any Authorized User has accessed information without authorization;

  • Provider Organization or any Authorized User has used the Provider Portal unlawfully or improperly;

  • Provider Organization provided inaccurate registration, certification, or eligibility information;

  • continued access could violate applicable law, Malama policy, or third-party rights;

  • the free base Provider Portal is modified, discontinued, or no longer offered;

  • Provider Organization is inactive or no longer eligible.

Provider Organization may stop using the Provider Portal at any time.

Upon termination, Provider Organization and its Authorized Users must stop accessing and using the Provider Portal.

Sections that by their nature should survive termination will survive, including sections relating to Patient Data, HIPAA, confidentiality, intellectual property, restrictions, disclaimers, limitation of liability, and audit records.

21. Disclaimers

The Provider Portal is provided on an “as is” and “as available” basis, except as expressly stated in a separate written agreement.

Malama does not warrant that the Provider Portal will be uninterrupted, error-free, secure, compatible with every device or system, or that all information displayed through the Provider Portal will be complete, accurate, timely, or current.

Provider Organization is responsible for independently verifying Patient Data before making clinical, operational, billing, care coordination, or patient-support decisions.

Malama does not guarantee coverage, reimbursement, payment, patient engagement, clinical outcomes, workflow savings, or regulatory compliance from use of the Provider Portal.

22. Limitation of Liability

To the maximum extent permitted by law, Malama will not be liable for indirect, incidental, consequential, special, exemplary, punitive, or enhanced damages, or for lost profits, lost revenue, loss of data, loss of goodwill, business interruption, or substitute services arising from or related to the Provider Portal or these Provider Terms.

To the maximum extent permitted by law, Malama’s aggregate liability arising from or related to these Provider Terms or the Provider Portal will not exceed one hundred dollars ($100), unless a separate written agreement states otherwise.

This limitation does not limit obligations that cannot be limited under applicable law or, where applicable, obligations under the Business Associate Agreement.

23. Indemnification

Provider Organization will defend, indemnify, and hold harmless Malama and its affiliates, officers, directors, employees, contractors, agents, licensors, and representatives from and against claims, damages, liabilities, penalties, fines, losses, costs, and expenses, including reasonable attorneys’ fees, arising out of or related to:

  • Provider Organization’s or Authorized Users’ use of the Provider Portal;

  • Patient Data submitted, accessed, used, or disclosed by Provider Organization or Authorized Users;

  • Provider Organization’s violation of these Provider Terms;

  • Provider Organization’s violation of applicable law;

  • Provider Organization’s failure to obtain required rights, permissions, consents, authorizations, or notices;

  • clinical decisions, treatment, diagnosis, escalation, documentation, billing, or patient communications by Provider Organization or Authorized Users.

24. Changes to These Provider Terms

Malama may update these Provider Terms from time to time.

For material changes, Malama may require Provider Organization or Authorized Users to accept updated terms before continuing to use the Provider Portal.

Continued use of the Provider Portal after updated Provider Terms become effective constitutes acceptance of the updated Provider Terms, to the extent permitted by applicable law.

25. Relationship to Other Agreements

These Provider Terms govern free base access to the Provider Portal unless Provider Organization has a separate written agreement with Malama.

If Provider Organization has a separate written agreement with Malama, that agreement controls to the extent it conflicts with these Provider Terms.

The Business Associate Agreement controls with respect to protected health information to the extent required by HIPAA.

26. Contact

Questions about these Provider Terms may be directed to:

Malama Health, Inc.

2261 Market St. #4875

San Francisco, CA 94114

Email: hello@heymalama.com