AltaPoint/HealthBiller SaaS Agreement

This Software as a Service Agreement (this “Agreement”), together with any exhibits and attachments, constitutes a binding agreement by and between MedPharm Services LLC, a Puerto Rico limited liability with offices located at 3100 CARR 199 STE 202 San Juan PR 00926 (“MPS”) and you (“You” or “Client”). MPS and Client may be referred to herein collectively as the “Parties” or individually as a “Party.” BY CLICKING “I AGREE TO ALL TERMS AND CONDITIONS”, OR BY OTHERWISE ENTERING INTO THIS AGREEMENT, YOU AGREE TO BE LEGALLY BOUND BY ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

WHEREAS, Company provides access to the Services to its customers; and

WHEREAS, Customer desires to access the Services, and Company desires to provide Customer access to the Services, subject to the terms and conditions of this Agreement.

NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

1.  Definitions.

a.  “Aggregated Statistics” means data and information related to Customer’s use of the Services that is used by Company in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services.

b.  “Authorized User” means the Providers and the Customer Personnel.

c.  “Company IP” means the Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Company IP includes Aggregated Statistics and any information, data, or other content derived from Company’s monitoring of Customer’s access to or use of the Services but does not include Customer Data.

d.  “Customer Data” means, other than Aggregated Statistics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services.

e.  “Documentation” means Company’s user manuals, handbooks, and guides relating to the Services provided by Company to Customer either electronically or in hard copy form.

f.  “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended.

g.  “Providers” means the total number of Provider licenses purchased to use the Services

h.  “Providers” mean those Physicians, Nurse Practitioners, Physician Assistants, Audiologists, Optometrists, Ophthalmologist, Opticians, Therapists, Occupational Therapists, Physical Therapists, Music Therapist, Speech Therapists, Massage Therapists, Chiropractors, Anesthesiologists, Psychologists, Dentists, Hygienists, Licensed Social Workers, Midwife, Nutritionists, Dietitians, Counselors, Mental Health Practitioners, Neurophysiologists, care managers, care coordinators and Podiatrists employed by or under contract with Customer to provide services within the medical field. The term Provider shall not include Customer personnel employed by or under contract with Customer as office managers, secretaries, or other administrative staff, or Nurses (other than Nurse Practitioners), and (hereinafter referred to as “Customer Personnel”). For any category of Customer staff not identified above, Company and Customer shall agree in writing as to who is a Provider

i.  “Services” means the software-as-a-service offering described in the Purchase Order provided separately. .

j.  “Third-Party Products” means any third-party products provided with or incorporated into the Services.

2.  Access and Use.

a.  Provision of Access. Subject to and conditioned on Customer’s payment of Fees and compliance with all the terms and conditions of this Agreement, Company hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 11(g)) right to access and use the Services during the Term, solely for use by the Providers and the Customer Personnel in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Company shall provide to Customer the necessary passwords and network links or connections to allow Customer to access the Services. The total number of Providers with the right to access and use the Services during the Term will not exceed the number set forth in the Purchase Order to be provided separately and incorporated herein by this reference as Exhibit A., except as expressly agreed to in writing by the Parties and subject to any appropriate adjustment of the Fees payable hereunder.

b.  Documentation License. Subject to the terms and conditions contained in this Agreement, Company hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 11(g)) license to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.

c.  Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, permit any Authorized Users to: (i) copy, modify, or create  derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation, (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) remove any proprietary notices from the Services or Documentation; or (v) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.

d.  Reservation of Rights. Company reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Company IP.

e.  Suspension. Notwithstanding anything to the contrary in this Agreement, Company may temporarily suspend Customer’s and any Authorized End User’s access to any portion or all of the Services if: (i) Company reasonably determines that (A) there is a threat or attack on any of the Company IP; (B) Customer’s or any Authorized End User’s use of the Company IP disrupts or poses a security risk to the Company IP or to any other customer or vendor of Company; (C) Customer, or any Authorized End User, is using the Company IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (E) Company’s provision of the Services to Customer or any Authorized End User is prohibited by applicable law; (ii) any vendor of Company has suspended or terminated Company’s access to or use of any third-party services or products required to enable Customer to access the Services; or (iii) in accordance with Section (a)(iii) (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Company shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. Company shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Company will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.

f.  Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Company may monitor Customer’s use of the Services and collect and compile Aggregated Statistics. As between Company and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by Company. Customer acknowledges that Company may compile Aggregated Statistics based on Customer Data input into the Services. Customer agrees that Company may (i) make Aggregated Statistics publicly available in compliance with applicable law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable law; provided that such Aggregated Statistics do not identify Customer or Customer’s Confidential Information.

3.  Customer Responsibilities.

a.  General. Customer is responsible and liable for all uses of the Services and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Services and shall cause Authorized Users to comply with such provisions.

b.  Third-Party Products. Company may from time to time make Third-Party Products available to Customer. For purposes of this Agreement, such Third-Party Products are subject to their own terms and conditions. If Customer does not agree to abide by the applicable terms for any such Third-Party Products, then Customer should not install or use such Third-Party Products.

c.  Hardware Requirements. Customer shall procure and maintain all equipment, computers, software, and communication services that meet the minimum requirements specified by Company.

d.  Acceptable Use Policy. Customer shall comply with the terms and conditions of Company’s Acceptable Use Policy provided here: https://docs.google.com/document/d/1F40BvFidEbZspTOc-8xBkOiVqkn4hC-1/edit#heading=h.gjdgxs

e.  Implementation and Training. Customer shall comply with all implementation and training recommendations of Company and shall ensure that all Authorized Users are appropriately trained to use the Company IP. Company will be reimbursed for travel, lodging, transportation, and other reasonable business expenses when incurred at Customer’s request.

f.  Security Measures. Customer shall implement and maintain commercially reasonable technical, physical, administrative, and organizational security measures as are appropriate for Customer’s circumstances to comply with the HIPAA Privacy and Security rules.

​​

4.  Fees and Payment.

a.  Fees. Customer shall pay Company the fees (“Fees”) as set forth in the Purchase Order without offset or deduction. Customer shall make all payments hereunder in US dollars on or before the due date set forth in the Purchase Order\. If Customer fails to make any payment when due, without limiting Company’s other rights and remedies: (i) Company may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Company for all reasonable costs incurred by Company in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for thirty (30) days or more, Company may suspend Customer’s and its Authorized Users’ access to features or functionalities of the Services until such amounts are paid in full and subject to applicable law.

b.  Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Company’s income.

c.  Auditing Rights and Required Records. Company may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer’s records solely with respect to matters covered by this Agreement, provided that if such inspection and audit reveals that Customer has underpaid Company with respect to any amounts due and payable during the Term, Customer shall promptly pay the amounts necessary to rectify such underpayment, together with interest in accordance with Section 4(a). All such fees shall be retroactive. Customer shall pay for the costs of the audit if the audit determines that Customer’s underpayment equals or exceeds 5% for any quarter. Such inspection and auditing rights will extend throughout the Term of this Agreement and for a period of two years after the termination or expiration of this Agreement.

d.  Fees Increase. Company reserves the right to increase the Fees for any Renewal Term upon ninety (90) days prior written notice in advance of the expiration of the applicable Term or Renewal Term then in-effect. Any such fee increases shall not exceed the prior Term or Renewal Term’s Fees by more than five percent (5%). Notwithstanding the foregoing, Fees for Third-Party Products may be subject to increase at any time during the applicable Term or Renewal Term then in-effect.

5.  Confidential Information. From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media, whether or not marked, designated or otherwise identified as “confidential” (collectively, “Confidential Information”). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.

6.  Intellectual Property Ownership; Feedback.

a.  Company IP. Customer acknowledges that, as between Customer and Company, Company owns all right, title, and interest, including all intellectual property rights, in and to the Company IP and, with respect to Third-Party Products, the applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third-Party Products.

b.  Customer Data. Company acknowledges that, as between Company and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Company a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Company to provide the Services to Customer under this Agreement, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Aggregated Statistics. To the extent that the Customer Data also constitutes Protected Health Information (“PHI”) under HIPAA, the handling of subject PHI shall be subject to the terms and conditions of the Business Associate Agreement incorporated herein by this reference as Exhibit B. .

c.  Feedback. If Customer or any of its employees or contractors sends or transmits any communications or materials to Company by mail, email, telephone, or otherwise, suggesting or recommending changes to the Company IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (”Feedback”), Company is free to use such Feedback irrespective of any other obligation or limitation between the Parties governing such Feedback. Customer hereby assigns to Company on Customer’s behalf, and on behalf of its employees, contractors and/or agents, all right, title, and interest in, and Company is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although Company is not required to use any Feedback.

7.  Limited Warranty and Warranty Disclaimer.

a.  Company warrants that the Services will conform in all material respects to the service being provided when accessed and used in accordance with Company’s indications. Company does not make any representations or guarantees regarding uptime or availability of the Services. The remedies set forth are Customer’s sole remedies and Company’s sole liability under the limited warranty set forth in this Section 7(a). THE FOREGOING WARRANTY DOES NOT APPLY, AND COMPANY STRICTLY DISCLAIMS ALL WARRANTIES, WITH RESPECT TO ANY THIRD-PARTY PRODUCTS.

b.  EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), THE COMPANY IP IS PROVIDED “AS IS” AND COMPANY HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. COMPANY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), COMPANY MAKES NO WARRANTY OF ANY KIND THAT THE COMPANY IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.

8.  Indemnification.

a.  Company Indemnification.

1.  Company shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (”Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (”Third-Party Claim”) that the Services, or any use of the Services in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights, patents, copyrights, or trade secrets, provided that Customer promptly notifies Company in writing of the claim, cooperates with Company, and allows Company sole authority to control the defense and settlement of such claim.

2.  If such a claim is made or appears possible, Customer agrees to permit Company, at Company’s sole discretion, to (A) modify or replace the Services, or component or part thereof, to make it non-infringing, or (B) obtain the right for Customer to continue use. If Company determines that neither alternative is reasonably available, Company may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.

3.  This Section 8(a) will not apply to the extent that the alleged infringement arises from: (A) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Company or authorized by Company in writing; (B) modifications to the Services not made by Company; (C) Customer Data; or (D) Third-Party Products.

b. Customer Indemnification. Customer shall indemnify, hold harmless, and, at Company’s option, defend Company from and against any and all Losses resulting from any Third-Party Claim that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights and any Third-Party Claims based on Customer’s or any Authorized User’s (i) negligence or willful misconduct; (ii) use of the Services in a manner not authorized by this Agreement; (iii) use of the Services in combination with data, software, hardware, equipment or technology not provided by Company or authorized by Company in writing; or (iv) modifications to the Services not made by Company, provided that Customer may not settle any Third-Party Claim against Company unless Company consents to such settlement, and further provided that Company will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.

c.  Sole Remedy. THIS SECTION 8 SETS FORTH CUSTOMER’S SOLE REMEDIES AND COMPANY’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

9.  Limitations of Liability. IN NO EVENT WILL COMPANY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER COMPANY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL COMPANY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO COMPANY UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. NOTWITHSTANDING THE FOREGOING, THE LIMITATION OF LIABILITY SET FORTH IN THIS SECTION 9 SHALL NOT INCLUDE THE PROCEEDS PAID UNDER ANY INSURANCE POLICY THAT COMPANY OR ITS SUBCONTRACTORS IS REQUIRED TO OBTAIN PURSUANT TO THIS AGREEMENT. NEITHER PARTY MAY INSTITUTE AN ACTION IN ANY FORM ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT MORE THAN ONE (1) YEAR AFTER THE TERMINATION OF THIS AGREEMENT, OR IN THE CASE OF NONPAYMENT, MORE THAN ONE (1) YEAR FROM THE DATE OF LAST PAYMENT OR PROMISE TO PAY, EXCEPT THAT THIS LIMITATION DOES NOT APPLY TO ANY ACTION FOR THE PAYMENT OF TAXES.

10.  Term and Termination.

a.  Term. The term of this Agreement shall be month-to-month. Either party may terminate this agreement by providing written notice of termination at least sixty (60) days prior to the termination date. Customer shall be liable to pay all past due fees and charges.

b.  Termination. In addition to any other express termination right set forth in this Agreement:

1.  Company may terminate this Agreement, effective on written notice to Customer, if Customer: (A) fails to pay any amount when due hereunder, and such failure continues more than ten (10) days after Company’s delivery of written notice thereof; or (B) breaches any of its obligations under Section 2(c) or Section 5;

2.  either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured sixty (60) days after the non-breaching Party provides the breaching Party with written notice of such breach; or

3.  either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

4.  Except as otherwise provided for in this Agreement, neither Party shall have the right to terminate at will for any reason

c.  Effect of Expiration or Termination

1.  Upon termination of this Agreement, Customer shall immediately:

a.  discontinue use of the Company IP and, without limiting Customer’s obligations under Section 5, Customer shall delete, destroy, or return all copies of the Company IP and certify in writing to the Company that the Company IP has been deleted or destroyed. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund.

b.  promptly identify in writing a named individual authorized to whom Company can deliver a copy of any Customer Data stored by the Company. Company will deliver such identified representative with a copy of your Data. Upon confirmation of receipt of Customer Data, Company will delete all of Customer Data residing on hardware controlled by Company to the extent allowed by law. Customer may procure additional transition services at Company’s then current hourly rates and standard terms and conditions.

c.  If Customer does not comply with this Section 10(c), Company shall deliver, the Customer Data in encrypted and password-protected media (or discs) with limited read-only access sufficient to allow Customer to satisfy the Customer’s obligations to provide access to individuals’ PHI under HIPAA at Customer’s sole expense within thirty (30) days of the termination the Agreement.

2.  Survival. This Section 10(d) and Sections 1, 4, 5, 6, 7, 8(b), 9, 10, and 11 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.

11.  Miscellaneous.

a.  Entire Agreement. This Agreement, together with any other documents incorporated herein by reference and all related Exhibits, Addendums, and Amendments incorporated herein by this reference, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs: (i) first, this Agreement, excluding its Exhibits; (ii) second, the Exhibits to this Agreement as of the Effective Date; and (iii) third, any other documents incorporated herein by reference.

b.  Marketing. Company may contact Customer regarding goods, services, or promotional offers that may be of interest to Customer that are offered by Company or by third parties, which may be related or unrelated to Company. Company shall require the recipient to both keep Customer’s information confidential and not use it for any purpose except for such purposes. Customer may opt-out at any time by sending an email to admin@altapoint.com.

c.  Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice”) must be in writing and addressed to the Parties at the addresses set forth on the first page of this Agreement (or to such other address that may be designated by the Party giving Notice from time to time in accordance with this Section). All Notices must be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid), facsimile, or email (with confirmation of transmission) or certified or registered mail (in each case, return receipt requested, postage pre-paid). Except as otherwise provided in this Agreement, a Notice is effective only: (i) upon receipt by the receiving Party; and (ii) if the Party giving the Notice has complied with the requirements of this Section.

d.  Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement (except for any obligations to make payments), if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, governmental closure orders, epidemics, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.

e.  Amendment and Modification; Waiver. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each Party. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.

f.  Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.

g.  Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the Commonwealth of Puerto Rico without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the Commonwealth of Puerto Rico. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the Commonwealth of Puerto Rico in each case located in the city of San Juan, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding. In the event that any action, suit, or other legal or administrative proceeding is instituted or commenced by either party against the other party arising out of or related to this Agreement, the prevailing party is entitled to recover its reasonable attorney’s fees and court costs from the non-prevailing party.

h.  Assignment. Customer may not assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Company, which consent shall not be unreasonably withheld, conditioned, or delayed. Any purported assignment or delegation in violation of this Section will be null and void. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.

i.  Export Regulation. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Services or any Customer Data outside the US.

j.  US Government Rights. Each of the Documentation and the software components that constitute the Services is a “commercial item” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the US Government or any contractor therefor, Customer only receives those rights with respect to the Services and Documentation as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.

k.  Non-solicitation. During the period commencing on the Effective Date and ending two (2) years following the termination of this Agreement, neither Party shall, without the other Party’s prior written consent, directly or indirectly; (i) solicit or encourage any person to leave the employment or other service either Party or its Affiliates; or (ii) hire, on behalf of either Party or any other person or entity, any person who has left the employment within the two (2) year period following the termination of that person’s employment with the other Party.

l.  Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Section 5 or, in the case of Customer, Section 2(c), would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

m.  Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement.

Exhibit B

Business Associate Agreement

1.  PREAMBLE AND DEFINITIONS.

 

1.1.  Pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), you (“Covered Entity”) and MedPharm Services LLC or any of its corporate affiliates (“Business Associate”), a Puerto Rico limited liability company, enter into this Business Associate Agreement (“BAA”) as of today's date (the “Effective Date”) that addresses the HIPAA requirements with respect to “business associates,” as defined under the privacy, security, breach notification, and enforcement rules at 45 C.F.R. Part 160 and Part 164 (“HIPAA Rules”). A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.

1.2.  This BAA is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information (“PHI”) (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use, or disclose in connection with the functions, activities, and services that Business Associate performs for Covered Entity. The functions, activities, and services that Business Associate performs for Covered Entity are defined in the End User License Agreement.

1.3.  Pursuant to changes required under the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”) and under the American Recovery and Reinvestment Act of 2009 (“ARRA”), this BAA also reflects federal breach notification requirements imposed on Business Associate when “Unsecured PHI” (as defined under the HIPAA Rules) is acquired by an unauthorized party and the expanded privacy and security provisions imposed on business associates.

1.4.  Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and use.

1.5.  A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the “Privacy Rule”) as interpreted under applicable regulations and guidance of general application published by HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA, and the HIPAA Rules.

2.  GENERAL OBLIGATIONS OF BUSINESS ASSOCIATE.

 

2.1.  Business Associate agrees not to use or disclose PHI, other than as permitted or required by this BAA or as Required by Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI.

2.2.  Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent use or disclosure of PHI other than as provided for by the BAA.

2.3.  Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA’s requirements or that would otherwise cause a Breach of Unsecured PHI.

2.4.  The Business Associate agrees to the following breach notification requirements: 2.4.1. Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within sixty (60) calendar days of “discovery” within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate’s notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time.

 

2.4.1.  In the event of Business Associate’s use or disclosure of Unsecured PHI in violation of HIPAA, the HITECH Act, or ARRA, Business Associate bears the burden of demonstrating that notice as required under this Section 2.4 was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a Breach of Unsecured PHI.

 

2.5.  Business Associate agrees, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.

2.6.  Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.

 

2.6.1.  Business Associate agrees to comply with an individual’s request to restrict the disclosure of their personal PHI in a manner consistent with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.

2.6.2.  Business Associate agrees that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure, as interpreted under related guidance issued by the Secretary from time to time.

 

2.7.  Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526 or take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.

2.8.  Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.

2.9.  Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule (as defined in Section 8).

 

2.10.  To the extent that Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).

2.11.  Business Associate agrees to account for the following disclosures:

2.11.1.  Business Associate agrees to maintain and document disclosures of PHI and Breaches of Unsecured PHI and any information relating to the disclosure of PHI and Breach of Unsecured PHI in a manner as would be required for Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.

2.11.2.  Business Associate agrees to provide to Covered Entity, or to an individual at Covered Entity’s request, information collected in accordance with this Section 2.11, to permit Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.

2.11.3.  Business Associate agrees to account for any disclosure of PHI used or maintained as an Electronic Health Record (as defined in Section 5) (“EHR”) in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of EHR by the Business Associate made on behalf of the Covered Entity only during the three years prior to the date on which the accounting is requested whether from Covered Entity or directly from the Business Associate.

2.11.4.  In the case of an EHR that the Business Associate acquired on behalf of the Covered Entity as of January 1, 2009, paragraph 2.11.3 above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after January 1, 2014. In the case of an EHR that the Business Associate acquires on behalf of the Covered Entity after January 1, 2009, paragraph 2.11.3 above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after the later of January 1, 2011, or the date that it acquires the EHR.

 

2.12.  Business Associate agrees to comply with the “Prohibition on Sale of Electronic Health Records or Protected Health Information,” as provided in Section 13405(d) of Subtitle D (Privacy) of ARRA, and the “Conditions on Certain Contacts as Part of Health Care Operations,” as provided in Section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.

2.13.  Business Associate acknowledges that, effective on the Effective Date of this BAA, it shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended, for failure to comply with any of the use and disclosure requirements of this BAA and any guidance issued by the Secretary from time to time with respect to such use and disclosure requirements.

 

3.  PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE.

 

3.1.  General Uses and Disclosures. Business Associate agrees to receive, create, use, or disclose PHI only in a manner that is consistent with this BAA, the Privacy Rule, or Security Rule (as defined in Section 5) and only in connection with providing services to Covered Entity; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. § 164.504(e), if the use or disclosure would be done by Covered Entity. For example, the use and disclosure of PHI will be permitted for “treatment, payment, and health care operations,” in accordance with the Privacy Rule.

3.2.  Business Associate may use or disclose PHI as Required By Law.

3.3.  Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s Minimum Necessary policies and procedures, which shall be provided by Covered Entity in a prompt manner following the Effective Date of the BAA.

3.4.  Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity.

3.5.  Specific Other Uses and Disclosures:

 

3.5.1.  Except as otherwise limited in this BAA, Business Associate may use PHI to provide Data Aggregation Services to Covered Entity as permitted by HIPAA.

3.5.2.  Except as otherwise provided in this BAA, Business Associate may use PHI for its proper management and administration or carry out its legal responsibilities as permitted under applicable law.

3.5.3.  Business Associate shall not directly or indirectly receive remuneration in exchange for any PHI of an individual without Covered Entity’s prior written approval and notice from Covered Entity that it has obtained from the individual, in accordance with 45 C.F.R. § 164.508, a valid authorization that includes a specification of whether the PHI can be further exchanged for remuneration by Business Associate. The foregoing shall not apply to Covered Entity’s payments to Business Associate for services delivered by Business Associate to Covered Entity.

3.5.4.  Business Associate may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).

3.5.5.  Business Associate may use PHI for Marketing purposes in accordance to 45 CFR § 164.501 and 164.508(a)(3) following the due diligences for such use.

 

4.  OBLIGATIONS OF COVERED ENTITY.

 

4.1.  Covered Entity shall:

 

4.1.1.  Provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, to the extent that such changes or limitations may affect Business Associate’s use or disclosure of PHI.

4.1.2.  Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI under this BAA.

4.1.3.  Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate’s permitted or required uses and disclosures of PHI under this BAA.

4.2.  Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under Section 3 of this BAA.

 

5.  COMPLIANCE WITH SECURITY RULE.

 

5.1.  Effective April 20, 2005, Business Associate shall comply with the HIPAA Security Rule, which shall mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act. The term “Electronic Health Record” or “EHR” as used in this BAA shall mean an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.

5.2.  In accordance with the Security Rule, Business Associate agrees to:

 

5.2.1.  Implement the administrative safeguards set forth at 45 C.F.R. § 164.308, the physical safeguards set forth at 45 C.F.R. § 164.310, the technical safeguards set forth at 45 C.F.R. § 164.312, and the policies and procedures set forth at 45 C.F.R. § 164.316, to reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule. Business Associate acknowledges that, effective on the Effective Date of this BAA, (a) the foregoing safeguards, policies, and procedures requirements shall apply to Business Associate in the same manner that such requirements apply to Covered Entity, and (b) Business Associate shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended from time to time, for failure to comply with the safeguards, policies, and procedures requirements and any guidance issued by the Secretary from time to time with respect to such requirements;

5.2.2.  Require that any agent, including a Subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect the PHI; and

5.2.3.  Report to the Covered Entity any Security Incident of which it becomes aware.

6.  INDEMNIFICATION; LIMITATION OF LIABILITY.

 

6.1.  Business Associate shall indemnify, defend, and hold harmless the Covered Entity, and Covered Entity’s affiliates (“Indemnified Parties”), from and against any and all losses, expense, damage, or injury (including, without limitation, all costs and reasonable attorneys’ fees) that the Indemnified Parties may sustain as a result of, or arising out of (a) a breach of this BAA by Business Associate or its agents or Subcontractors, including but not limited to any unauthorized use, disclosure, or breach of PHI, (b) Business Associate’s failure to notify any and all parties required to receive notification of any Breach of Unsecured PHI pursuant to Section 2.4, or (c) any negligence or wrongful acts or omissions by Business Associate or its agents or Subcontractors, including without limitations, failure to perform Business Associate’s obligations under this BAA, the Privacy Rule, or the Security Rule. Notwithstanding the foregoing, nothing in this Section shall limit any rights any of the Indemnified Parties may have to additional remedies under the Underlying Agreement or under applicable law for any acts or omissions of Business Associate or its agents or Subcontractors.

6.2.  NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, NEITHER PARTY WILL BE LIABLE TO THE OTHER UNDER THIS BAA FOR CONSEQUENTIAL, INCIDENTAL, PUNITIVE, SPECIAL, EXEMPLARY OR INDIRECT DAMAGES, OR LOST PROFITS IN CONNECTION WITH CLAIMS MADE BY ANY PARTY, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR TORT. EACH PARTY’S MAXIMUM AGGREGATE LIABILITY TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOSSES, DAMAGES OR OTHER LIABILITIES, WHETHER BASED ON WARRANTY, CONTRACT, NEGLIGENCE, OR OTHERWISE, WILL NOT EXCEED THE SUM OF ALL FEES PAID BY CLIENT TO BUSINESS ASSOCIATE DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE OCCURRENCE OF THE EVENT(s) GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY REGARDLESS OF THE CAUSE OF ACTION ASSERTED BY CLIENT OR ANY THIRD PARTY IN ANY JURISDICTION IN WHICH THE FOREGOING LIMITATION OF LIABILITY IS RESTRICTED. BUSINESS ASSOCIATE’S LIABILITY SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW. THE PROVISIONS OF THIS SECTION SHALL SURVIVE TERMINATION OF THIS AGREEMENT FOR ANY REASON.

 

7.  TERM AND TERMINATION.

 

7.1.  This BAA shall be in effect as of the Effective Date above and shall terminate on the earlier of the date that:

 

7.1.1.  Either party terminates the Underlying Agreement.

7.1.2.  Either party terminates the BAA for cause as authorized under Section 7.2.

7.1.3.  All of the PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. If it is not feasible to return or destroy PHI, protections are extended in accordance with Section 7.3.

 

7.2.  Upon either party’s knowledge of a material breach by the other party, the non-breaching party shall provide an opportunity for the breaching party to cure the breach or end the violation; or terminate the BAA. If the breaching party does not cure the breach or end the violation within a reasonable timeframe not to exceed thirty (30) days from the notification of the breach, or if a material term of the BAA has been breached, and a cure is not possible, the non-breaching party may terminate this BAA and the Underlying Agreement, upon written notice to the other party.

7.3.  Upon termination of this BAA for any reason, the parties agree that Business associate shall return to Covered Entity or, if agreed to by Covered Entity, destroy all PHI received from Covered Entity or created, maintained, or received by Business Associate on behalf of Covered Entity, that the Business Associate still maintains in any form. The PHI shall be returned in a format that is reasonably expected to preserve its accessibility and usability. Business Associate shall retain no copies of the PHI.

7.4.  The obligations of Business Associate under this Section 7 shall survive the termination of this BAA.

 

8.  MISCELLANEOUS.

 

8.1.  This BAA shall automatically incorporate any change or modification as of the effective date of the change or modification to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, ARRA, the HITECH Act, the HIPAA Rules, and any other applicable law. The Business Associate agrees to maintain compliance with all changes or modifications.

8.2.  The respective rights and obligations of Business Associate under Section 6 and Section 7 of this BAA shall survive the termination of this BAA.

8.3.  This BAA shall be interpreted in the following manner:

 

8.3.1.  Any ambiguity shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.

8.3.2.  Any inconsistency between the BAA’s provisions and the HIPAA Rules, including all amendments, as interpreted by the HHS, a court, or another regulatory agency with authority over the Parties, shall be interpreted according to the interpretation of the HHS, the court, or the regulatory agency.

8.3.3.  Any provision of this BAA that differs from those required by the HIPAA Rules, but is nonetheless permitted by the HIPAA Rules, shall be adhered to as stated in this BAA.

 

8.4.  This BAA constitutes the entire agreement between the parties related to the subject matter of this BAA, except to the extent that the [UNDERLYING AGREEMENT] imposes more stringent requirements related to the use and protection of PHI upon Business Associate. This BAA supersedes all prior negotiations, discussions, representations, or proposals, whether oral or written. This BAA may not be modified unless done so in writing and signed by a duly authorized representative of both parties. If any provision of this BAA, or part thereof, is found to be invalid, the remaining provisions shall remain in effect.

8.5.  This BAA will be binding on the successors and assigns of the Covered Entity and the Business Associate. However, this BAA may not be assigned, in whole or in part, without the written consent of the other party. Any attempted assignment in violation of this provision shall be null and void.

8.6.  This BAA may be executed in two or more counterparts, each of which shall be deemed an original.

8.7. Except to the extent preempted by federal law, this BAA shall be governed by and construed in accordance with the same internal laws as that of the Underlying Agreement.

 

IN WITNESS WHEREOF, the parties hereto have executed this BAA as of the date first above written.