Read-Only Access Agreement

KALEIDA SERVICES AGREEMENT

PLEASE READ THIS KALEIDA SERVICES AGREEMENT (“AGREEMENT”) CAREFULLY. THIS AGREEMENT IS A BINDING AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) (“USER” OR “YOU”) AND KALEIDA SYSTEMS SOFTWARE LLC (“KALEIDA”). BY CLICKING THE “I ACCEPT” BUTTON, SIGNING AN ORDER FORM, ACCESSING OR OTHERWISE USING THE eRSP, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS AND CONDITIONS AND AGREE TO BE LEGALLY BOUND BY THEM. THIS AGREEMENT IS ENFORCEABLE AGAINST YOU AND THE LEGAL ENTITY THAT YOU REPRESENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT USE THE eRSP.

  1. AUTHORITY TO CONTRACT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF YOUR EMPLOYER OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT (i) you have full legal authority to bind the entity on whose behalf you are agreeing to these terms and conditions; and (ii) you have read and understand this Agreement. Each You and Kaleida may be referred to as a “party” or collectively as the “parties.”
  2. REGISTRATION AND ACCESS. Kaleida offers an online scheduling and order processing application through an Internet website named eResourceSchedulingPro (eRSP). Kaleida will register the User’s eRSP website domain. Kaleida shall issue a User identification and password to User that will allow User to access User’s account on the eRSP website. User shall be responsible for maintaining the security and confidentiality of its User identification and password, and for all authorized and unauthorized uses of them. User shall give Kaleida immediate written notice of any unauthorized use or disclosure of User’s User identification and password of which User becomes aware, and Kaleida shall cancel the old User identification and password and issue new ones to User. User shall comply at all times with all applicable laws, statutes, ordinances, rules, regulations and orders in connection with its use of eRSP. Kaleida shall be entitled to use User’s name and logo in connection with setting up and maintaining the eRSP website for User. If applicable, Kaleida may provide eRSP website read-only access to parent entities or franchisors (collectively, “Authorized Parties”) upon request. User agrees that if the previous sentence is applicable, User authorizes such read-only access. User agrees that User is responsible for notifying Kaleida if you wish to opt out of this provision.
  3. ACCESS TO KALEIDA SYSTEMS; SERVICES. During the term of this Agreement, Kaleida grants to User a non-exclusive, non-sublicensable and non-transferable right to access, in limited read only functionality, the eRSP for User’s own internal purposes only. User’s employees shall be entitled to access and use the eRSP solely in connection with their relationship with User, provided that all such employees are in compliance with the terms of this Agreement. User acknowledges and agrees that it shall be responsible for all such employees’ use of the eRSP. Kaleida reserves the right to update and modify the services available through eRSP (the “Services”) from time to time. User will not, nor will it permit its employee users or others to: (i) modify, disable, circumvent, deactivate or otherwise interfere with features of the eRSP; (ii) decompile, disassemble, reverse-engineer or otherwise attempt to derive the source code of the eRSP, except to the limited extent, if any, these activities may be permitted by law despite this restriction; (iii) modify or create derivative works of the eRSP; (iv) use the eRSP for a purpose or in a manner not permitted by the terms of this Agreement; or (v) sell, rent, lease, sublicense or redistribute eRSP or User’s access credentials. If User or its employees provide suggestions, ideas, feedback, recommendations or other information relating to the eRSP (“Feedback”), Kaleida shall be free to possess and use such Feedback in its business for all purposes without obligation to User (or, where applicable, to any employee of User), including without payment obligation.
  4. FEES AND PAYMENT.
    • Invoices and Fees. User shall pay Kaleida the fees invoiced. Unless otherwise stated in the quote, fees are due net 30 days from the invoice date. In the event User disputes any charges set forth in an invoice, User shall notify Kaleida in writing and the parties shall work together in good faith to resolve the dispute.
    • Overdue Payments. Any payment not received from User by the due date shall accrue late charges at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is greater, from the date such payment was due until the date paid. User agrees to pay all costs incurred by Kaleida in collecting any unpaid amounts, including attorneys’ fees and costs, except to the extent such costs, fees, or expenses are prohibited by law.
    • Suspension of Service. If User’s account is 30 days or more overdue (except with respect to charges then under reasonable and good faith dispute), in addition to any of its other rights or remedies, Kaleida reserves the right to suspend the Services, without liability to User, until such amounts are paid in full.
    • Early Termination. In the event that Kaleida elects to terminate this Agreement in accordance with Section 5.3 or User terminates this agreement before the end of the then current Term, Kaleida shall be entitled to recover immediately from User all sums due for the Services provided prior to such termination, together with liquidated damages in a sum equal to the most recent monthly fee, times the number of months remaining in the Term.
    • Prices are exclusive of all applicable taxes. User agrees to pay all taxes (including but not limited to sales, use, excise, and value-added taxes), tariffs, duties, customs fees or similar charges imposed or levied on the eRSP and Services it acquires pursuant to this Agreement, with the exception of taxes on Kaleida’s net income and employment-related taxes incurred by Kaleida.
  5. TERM AND TERMINATION.
    • Initial Term. The term of this Agreement shall begin on the Effective Date and shall remain in effect for three (3) months (“Term”) and shall continue until: (i) the expiration of the Term; or (ii) termination in accordance with the provisions of this Section.
    • Renewal Term. This Agreement shall automatically renew for additional periods equal to the length of the Term unless earlier terminated pursuant to this Section or either party providing notice of non-renewal to the other party in accordance with the notice provisions herein at least thirty (30) days prior to the expiration of the Term.
    • Termination Due to Default. The occurrence of any of the following shall constitute an event of default by User: (i) User’s failure to pay any sum to Kaleida as and when due; or (ii) User’s material breach of any other term of this Agreement which is not cured within 30 days after Kaleida gives User written notice of default. Upon the occurrence of an event of default by User, Kaleida shall be entitled, in its reasonable discretion, to discontinue or suspend the Services and the eRSP, terminate this Agreement, and pursue its other rights and remedies.
    • Kaleida Default. Kaleida’s failure to cure any material breach of this Agreement within 30 days after User gives Kaleida written notice shall constitute an event of default by Kaleida. Upon the occurrence of an event of default by Kaleida, User’s sole and exclusive remedy shall be to terminate this Agreement and its obligation to pay subsequent fees.
    • Fees. All fees due and owing on the date of termination shall remain due. Upon termination for any reason, except for termination under Section 5.4, User shall cease all access to and use of the eRSP and Services.
  6. INFORMATION AND CONFIDENTIALITY.
    • “Confidential Information” means with respect to Kaleida’s eRSP, including all templates and screen displays associated with the software hosted on the Kaleida website, and with respect to User, the personal information of User’s clients provided to or obtained by Kaleida under this Agreement; provided that User’s Confidential Information shall not include the User’s transaction and use data for the Kaleida website that does not identify User’s clients. The receiving party shall not use any Confidential Information of the disclosing party for any purpose other than performing its obligations under this Agreement. The receiving party shall keep confidential and not disclose to any person or entity any Confidential Information of the disclosing party. The receiving party shall limit the disclosure and dissemination of the Confidential Information to its employees and agents who have a need to know for the purposes of this Agreement and who have agreed to maintain the Confidential Information in confidence. Confidential Information will not include information that is or becomes available to the public through no breach of this Agreement, information that was previously known by the receiving party without any obligation to hold it in confidence, information that the receiving party receives from a third party who is free to disclose that information, information that the receiving party develops independently without using Confidential Information, and information that the disclosing party approves for release in writing. If the receiving party is required by law, government regulation, subpoena or court order to disclose any of the Confidential Information, the receiving party will give prior written notice of the proposed disclosure to the disclosing party. The disclosing party will be entitled to take those actions it deems necessary or appropriate, including seeking to prevent the disclosure of the Confidential Information.
    • Upon the termination of this Agreement for any reason, each disclosing party shall have the right to require the other party to return or destroy promptly all Confidential Information provided by that disclosing party under this Agreement by delivering a written request. The receiving party shall confirm any requested return or destruction promptly in writing. Notwithstanding the foregoing, the receiving party and its agents: (a) shall not be required to return or destroy any Confidential Information to the extent that it is otherwise required by law, regulation, rule or practice governing the receiving party or its agents’ professionals or the receiving party or its agents’ bona fide document retention policies; (b) will not be obligated to erase any Confidential Information that is contained in any archived computer system backup in accordance with its or their security and/or disaster recovery procedures; and (c) may retain copies of Confidential Information prepared for archival or record retention purposes, provided, in each case, the receiving party shall continue to be bound by its obligations of confidentiality and other obligations and agreements under this Agreement.
    • The eRSP is made available to User to access online and is not sold. User acknowledges that the eRSP and all intellectual property rights embodied in the eRSP are and will remain the property of Kaleida and its licensors. User will have no right, title or interest in or to the eRSP, except those rights expressly granted to User by Kaleida pursuant to this Agreement. There shall be no licenses or rights implied under this Agreement, based on any course of conduct, or other construction or interpretation thereof. All rights and licenses not expressly granted are reserved by Kaleida.
    • User acknowledges that if it is a franchise or subsidiary, then Authorized Parties shall be entitled to access Confidential Information. For further clarity, Kaleida providing Authorized Parties access to User’s account information does not constitute a breach by Kaleida of this Section. User agrees that User is responsible for notifying Kaleida if you wish to opt out of this provision.
  7. DISCLAIMERS, REMEDIES AND LIMITATIONS OF LIABILITY.
    • EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, KALEIDA DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS AND IMPLIED, WITH RESPECT TO eRSP AND THE SERVICES, INCLUDING THE IMPLIED WARRANTIES OF INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. User’s sole and exclusive remedy with respect to any Services or eRSP shall be for Kaleida to re-perform the particular Services or to use commercially reasonable efforts to correct eRSP.
    • IN NO EVENT SHALL KALEIDA BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR INDIRECT DAMAGES OF ANY KIND, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. KALEIDA’S MAXIMUM AGGREGATE LIABILITY UNDER THIS AGREEMENT OR WITH RESPECT TO THE SERVICES OR ERSP, WHETHER IN TORT, STRICT LIABILITY, CONTRACT OR OTHERWISE, SHALL NOT EXCEED THE FEES PAID OR PAYABLE TO KALEDIA IN THE THREE (3) MONTHS PRIOR TO THE DATE OF THE EVENT THAT IS THE BASIS OF THE CLAIM OR CAUSE OF ACTION OR $10,000, WHICHEVER IS LESS.

Any action or proceeding by User arising out of this Agreement, the Services or eRSP shall be forever barred unless it is commenced within the earlier of one year after the claim or cause of action has accrued or the period prescribed by the applicable statute of limitation or repose. User must give Kaleida prompt written notice of any claim regarding this Agreement, the Services or eRSP.

  1. MISCELLANEOUS.
    • Relationship of the Parties. Kaleida is an independent contractor, and nothing in this Agreement or the applicable order form shall be construed as creating a partnership, joint venture, agency or fiduciary relationship.
    • Assignment. User may not assign all or any portion of its rights or obligations under this Agreement without Kaleida’s prior written consent and any such assignment shall be void. This Agreement shall be binding on, and shall inure to the benefit of, the parties and their respective successors, heirs and permitted assignees.
    • Choice of Law and Venue. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without giving effect to applicable principles of conflicts of law to the extent that the application of the laws of another jurisdiction would be required thereby. In case of any dispute related to this Agreement, the parties agree to submit to personal jurisdiction in the State of Delaware. Furthermore, the parties hereby irrevocably and unconditionally submit to the exclusive jurisdiction of any court of the State of Delaware or any federal court sitting in the State of Delaware for purposes of any suit, action or other proceeding arising out of this Agreement. THE PARTIES HEREBY IRREVOCABLY WAIVE ANY AND ALL RIGHTS TO A TRIAL BY JURY IN ANY ACTION, SUIT OR OTHER PROCEEDING ARISING OUT OF OR RELATING TO THE TERMS, OBLIGATIONS AND/OR PERFORMANCE OF THIS AGREEMENT.
    • Enforceability. If any provision of this Agreement is declared void, illegal or unenforceable, the provision will be deemed amended as necessary to conform to applicable laws or regulations. If the provision cannot be so amended without materially altering the intention of the parties, the remainder of the Agreement will continue in full force and effect as if the offending provision were not a part of this Agreement.
    • Merger. This Agreement contains the entire agreement of the parties relating to the subject matter and supersedes all previous and contemporaneous agreements, understandings, usages of trade and courses of dealing, whether written or oral.
    • NOTICES. Any notice permitted or required under this Agreement shall be deemed given if in writing and delivered personally, deposited in the United States Postal Service certified mail, return receipt requested, overnight commercial carrier or sent by facsimile to the respective addresses of Kaleida, as indicated below, or the User address associated with your account in your account profile.

Kaleida Systems Software LLC                                            

  • Devall Drive, Suite 301                    

Auburn, AL 36832    

  • Survival. The terms of this Agreement which by their nature should survive this Agreement shall continue in force and effect after the termination of this Agreement. This includes, but is not limited to Sections 4, 6, 7, and 8.

 

 

EXHIBIT A

 

BUSINESS ASSOCIATE AGREEMENT

 

This Business Associate Agreement (“Agreement”) is made and entered into as an integral part of the Services Agreement to which it is attached.

 

  1. Definitions. Terms used, but not otherwise defined in this Agreement, shall have the same meaning as those terms in the Privacy Rule, Security Rule, and HITECH Act.
  2. Agent. “Agent” shall have the meaning as determined in accordance with the federal common law of agency.
  3. Breach. “Breach” shall have the same meaning as the term “breach” in 45 CFR §164.402.
  4. Business Associate. “Business Associate” shall mean Kaleida Systems Software, LLC.
  5. Covered Entity. “Covered Entity” shall mean the entity which accepted the Services Agreement.
  6. Data Aggregation. “Data Aggregation” shall have the same meaning as the term “data aggregation” in 45 CFR §164.501.
  7. Designated Record Set. “Designated Record Set” shall have the same meaning as the term “designated record set” in 45 CFR §164.501.
  8. Disclosure. “Disclosure” and “Disclose” shall have the same meaning as the term “Disclosure” in 45 CFR §160.103.
  9. Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term in Section 13400 of the HITECH Act.
  10. Health Care Operations. “Health Care Operations” shall have the same meaning as the term “health care operations” in 45 CFR §164.501.
  11. HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
  12. HITECH Act. “HITECH Act” shall mean The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009 (“ARRA” or “Stimulus Package”), specifically DIVISION A: TITLE XIII Subtitle D—Privacy, and its corresponding regulations as enacted under the authority of the Act.
  13. Individual. “Individual” shall have the same meaning as the term “individual” in 45 CFR §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).
  14. Minimum Necessary. “Minimum Necessary” shall mean the Privacy Rule Standards found at §164.502(b) and §164.514(d)(1).
  15. Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.
  16. Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 CFR §160.103, limited to the information created, received, maintained or transmitted by Business Associate on behalf of Covered Entity.
  17. Required By Law. “Required By Law” shall have the same meaning as the term “required by law” in 45 CFR §164.103.
  18. Secretary. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee.
  19. Security Incident. “Security Incident” shall have the same meaning as the term “Security Incident” in in 45 CFR §164.304.
  20. Security Rule. “Security Rule” shall mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. parts §160 and §164, Subparts A and C.
  21. Subcontractor. “Subcontractor” shall mean a person or entity “that creates, receives, maintains, or transmits protected health information on behalf of a business associate” and who is now considered a business associate, as the latter term is defined in in in 45 CFR §160.103.
  22. Subject Matter. “Subject Matter” shall mean compliance with the HIPAA Rules and with the HITECH Act.
  23. Unsecured Protected Health Information. “Unsecured Protected Health Information” shall have the same meaning as the termunsecured protected health information” in 45 CFR §164.402.
  24. Use. “Use” shall have the same meaning as the term “Use” in 45 CFR §164.103.
  25. Obligations and Activities of Business Associate.
  26. Business Associate agrees to not Use or Disclose Protected Health Information other than as permitted or required by this Agreement or as Required By Law.
  27. Business Associate agrees to use appropriate safeguards to prevent Use or Disclosure of Protected Health Information other than as provided for by this Agreement. Business Associate further agrees to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any electronic Protected Health Information, as provided for in the Security Rule and as mandated by Section 13401 of the HITECH Act.
  28. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. Business Associate further agrees to report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this Agreement of which it becomes aware, and in a manner as prescribed herein.
  29. Business Associate agrees to report to Covered Entity any Security Incident, including all data Breaches or compromises, whether internal or external, related to Protected Health Information, whether the Protected Health Information is secured or unsecured, of which Business Associate becomes aware.
  30. If the Breach, as discussed in paragraph 2(d), pertains to Unsecured Protected Health Information, then Business Associate agrees to report any such data Breach to Covered Entity within ten (10) business days of discovery of said Breach; all other compromises, or attempted compromises, of Protected Health Information shall be reported to Covered Entity within twenty (20) business days of discovery. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity.
  31. If Business Associate is an Agent of Covered Entity, then Business Associate agrees that any Breach of Unsecured Protected Health Information shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Breach, and under no circumstances later than one (1) business day thereafter. Business Associate further agrees that any compromise, or attempted compromise, of Protected Health Information, other than a Breach of Unsecured Protected Health Information as specified in 2(e) of this Agreement, shall be reported to Covered Entity within ten (10) business days of discovering said compromise, or attempted compromise.
  32. Business Associate agrees to ensure that any Subcontractor, to whom Business Associate provides Protected Health Information, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. Business Associate further agrees that restrictions and conditions analogous to those contained herein shall be imposed on said Subcontractors via a written agreement that complies with all the requirements specified in §164.504(e)(2), and that Business Associate shall only provide said Subcontractors Protected Health Information consistent with Section 13405(b) of the HITECH Act. Further, Business Associate agrees to provide copies of said written agreements to Covered Entity within ten (10) business days of a Covered Entity’s request for same.
  33. Business Associate agrees to provide access, at the request of Covered Entity and during normal business hours, to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual, in order to meet Covered Entity’s requirements under 45 CFR §164.524, provided that Covered Entity delivers to Business Associate a written notice at least three (3) business days in advance of requesting such access. Business Associate further agrees, in the case where Business Associate controls access to Protected Health Information in an Electronic Health Record, or controls access to Protected Health Information stored electronically in any format, to provide similar access in order for Covered Entity to meet its requirements the HIPAA Rules and under Section 13405(c) of the HITECH Act. These provisions do not apply if Business Associate and its employees or Subcontractors have no Protected Health Information in a Designated Record Set of Covered Entity.

 

  1. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 CFR §164.526, at the request of Covered Entity or an Individual. This provision does not apply if Business Associate and its employees or Subcontractors have no Protected Health Information from a Designated Record Set of Covered Entity.
  2. Unless otherwise protected or prohibited from discovery or disclosure by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures (collectively “Compliance Information”), relating to the Use or Disclosure of Protected Health Information and the protection of same, available to the Covered Entity or to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Rules and the HITECH Act. Business Associate further agrees, at the request of Covered Entity, to provide Covered Entity with demonstrable evidence that its Compliance Information ensures Business Associate’s compliance with this Agreement over time. Business Associate shall have a reasonable time within which to comply with requests for such access and/or demonstrable evidence, consistent with this Agreement. In no case shall access, or demonstrable evidence, be required in less than five (5) business days after Business Associate’s receipt of such request, unless otherwise designated by the Secretary.
  3. Business Associate agrees to maintain necessary and sufficient documentation of Disclosures of Protected Health Information as would be required for Covered Entity to respond to a request by an Individual for an accounting of such Disclosures, in accordance with 45 CFR §164.528.
  4. On request of Covered Entity, Business Associate agrees to provide to Covered Entity documentation made in accordance with this Agreement to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. §164.528. Business Associate shall provide said documentation in a manner and format to be specified by Covered Entity. Business Associate shall have a reasonable time within which to comply with such a request from Covered Entity and in no case shall Business Associate be required to provide such documentation in less than three (3) business days after Business Associate’s receipt of such request.
  5. Except as provided for in this Agreement, in the event Business Associate receives an access, amendment, accounting of disclosure, or other similar request directly from an Individual, Business Associate shall redirect the Individual to the Covered Entity.
  6. To the extent that Business Associate carries out one or more of Covered Entity’s obligations under the HIPAA Rules, the Business Associate must comply with all requirements of the HIPAA Rules that would be applicable to the Covered Entity.
  1. A Business Associate must honor all restrictions consistent with 45 C.F.R. §164.522 that the Covered Entity or the Individual makes the Business Associate aware of, including the Individual’s right to restrict certain disclosures of protected health information to a health plan where the individual pays out of pocket in full for the healthcare item or service, in accordance with HITECH Act Section 13405(a).
  2. Permitted Uses and Disclosures by Business Associate.
  3. Except as otherwise limited by this Agreement, Business Associate may make any Uses and Disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such Use or Disclosure would not violate the Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other Uses or Disclosures by Business Associate not authorized by this Agreement, or by specific instruction of Covered Entity, are prohibited.
  4. Except as otherwise limited in this Agreement, Business Associate may Use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
  5. Except as otherwise limited in this Agreement, Business Associate may Disclose Protected Health Information for the proper management and administration of the Business Associate, provided that Disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that it will remain confidential and used, or further Disclosed, only as Required By Law, or for the purpose for which it was Disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
  6. Except as otherwise limited in this Agreement, Business Associate may Use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to Covered Entity only wherein said services pertain to Health Care Operations. Business Associate further agrees that said services shall not be provided in a manner that would result in Disclosure of Protected Health Information to another covered entity who was not the originator and/or lawful possessor of said Protected Health Information. Further, Business Associate agrees that any such wrongful Disclosure of Protected Health Information is a direct violation of this Agreement and shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Disclosure and, under no circumstances, later than three (3) business days thereafter.
  7. Business Associate may Use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with §164.502(j)(1).
  8. Business Associate shall make Uses, Disclosures, and requests for Protected Health Information consistent with the Minimum Necessary principle as defined herein.
  9. Obligations and Activities of Covered Entity.
  10. Covered Entity shall notify Business Associate of the provisions and any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such provisions and limitation(s) may affect Business Associate’s Use or Disclosure of Protected Health Information.
  11. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that the changes or revocation may affect Business Associate’s use or disclosure of Protected Health Information.
  12. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR §164.522, and also notify Business Associate regarding restrictions that must be honored under section 13405(a) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s Use or Disclosure of Protected Health Information.
  13. Covered Entity shall notify Business Associate of any modifications to accounting disclosures of Protected Health Information under 45 CFR §164.528, made applicable under Section 13405(c) of the HITECH Act, to the extent that such restrictions may affect Business Associate’s use or disclosure of Protected Health Information.
  14. Covered Entity shall provide Business Associate, within thirty (30) business days of Covered Entity executing this Agreement, a description and/or specification regarding the manner and format in which Business Associate shall provide information to Covered Entity, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(e) of this Agreement. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the HIPAA Rules or the HITECH Act, and Business Associate is provided sixty (60) business days notice before the requested modification takes effect.
  15. Covered Entity shall provide Business Associate, within thirty (30) business days of Covered Entity executing this Agreement, a description and/or specification regarding the manner and format in which Business Associate shall provide information to Covered Entity, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(l) of this Agreement. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the HIPAA Rules or the HITECH Act, and Business Associate is provided sixty (60) business days notice before the requested modification takes effect.
  16. Covered Entity shall not require Business Associate to Use or Disclose Protected Health Information in any manner that would not be permissible under the HIPAA Rules if done by the Covered Entity.

 

  1. Term and Termination.
  2. Term. The Term of this Agreement shall begin as of the Effective Date and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Agreement.
  3. Termination for Cause by Covered Entity. Upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall give Business Associate written notice of such breach and provide reasonable opportunity for Business Associate to cure the breach or end the violation. Covered Entity may terminate this Agreement, and Business Associate agrees to such termination, if Business Associate has breached a material term of this Agreement and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary.
  4. Termination for Cause by Business Associate. Upon Business Associate’s knowledge of a material breach of this Agreement by Covered Entity, Business Associate shall give Covered Entity written notice of such breach and provide reasonable opportunity for Covered Entity to cure the breach or end the violation. Business Associate may terminate this Agreement, and Covered Entity agrees to such termination, if Covered Entity has breached a material term of this Agreement and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Business Associate shall report the violation to the Secretary.
  5. Effect of Termination.
  6. Except as provided in paragraph (2) of this section, upon termination of this Agreement for any reason, Business Associate shall return or destroy all Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity. This provision shall also apply to Protected Health Information that is in the possession of Subcontractors of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
  7. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity, within ten (10) business days, notification of the conditions that make return or destruction infeasible. Upon such determination, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.
  8. Entire Agreement.
  9. This Agreement supersedes all other prior and contemporaneous written and oral agreements and understandings between Covered Entity and Business Associate regarding this Subject Matter. It contains the entire Agreement between the parties.
  10. This Agreement may be modified only by a signed written agreement between Covered Entity and Business Associate.
  11. All other agreements entered into between Covered Entity and Business Associate, not related to this Subject Matter, remain in full force and effect.
  12. Governing Law.
  13. This Agreement and the rights of the parties shall be governed by and construed in accordance with Federal law as it pertains to the Subject Matter. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without giving effect to applicable principles of conflicts of law to the extent that the application of the laws of another jurisdiction would be required thereby. In case of any dispute related to this Agreement, the parties agree to submit to personal jurisdiction in the State of Delaware. Furthermore, the parties hereby irrevocably and unconditionally submit to the exclusive jurisdiction of any court of the State of Delaware or any federal court sitting in the State of Delaware for purposes of any suit, action or other proceeding arising out of this Agreement. THE PARTIES HEREBY IRREVOCABLY WAIVE ANY AND ALL RIGHTS TO A TRIAL BY JURY IN ANY ACTION, SUIT OR OTHER PROCEEDING ARISING OUT OF OR RELATING TO THE TERMS, OBLIGATIONS AND/OR PERFORMANCE OF THIS AGREEMENT.
  14. Miscellaneous.
  15. Regulatory References. A reference in this Agreement to a section in the Privacy Rule, Security Rule, or HITECH Act means the section as in effect or as amended.
  16. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity and Business Associate to comply with the requirements of the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act, and its corresponding regulations.
  17. The respective rights and obligations of Business Associate under Section 5(d) of this Agreement shall survive the termination of this Agreement.
  18. Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act, and its corresponding regulations.
  19. Severability. If any provision or provisions of this Agreement is/are determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, this Agreement shall not be unlawful, void or unenforceable thereby, but shall continue in effect and be enforced as though such provision or provisions were omitted.