License Agreement


This online end user license agreement (this “Agreement”) is a legal agreement between You (either an individual person or a single legal entity, referred to in this Agreement as “Licensee”, “You”, “Your”), and Zargis Medical Corp. (referred to in this Agreement as “Zargis”, “we”, “our” or “us”). This terms and conditions in this Agreement govern Your use of StethAssist and the Zargis Telemed Server (collectively, referred to in this Agreement as the “Software,” as further defined in Paragraph 2 below).


You must accept the terms and conditions of this Agreement before accessing or otherwise using the Software or any of the Services (as defined in Paragraph 2 below) that may be provided under this Agreement. If You do not agree to the terms of this Agreement, You are not granted any rights whatsoever with respect to Software and Services. By clicking “ACCEPT” and/or by accessing or otherwise using the Software, You agree to be bound by the terms and conditions of this Agreement governing Your access and use of the Software and Services. If You are not willing to be bound by these terms and conditions, You should not click on the "ACCEPT" button, and may not access or otherwise use the Software or Services.


Terms and Conditions:


1. LICENSE GRANT AND RESTRICTIONS. Subject to the terms and conditions of this Agreement, Zargis grants You, and Your Authorized Users (as defined below), if any, a personal, limited, non-exclusive, non-transferable right to electronically access and use the Software solely to create, store, share, access, and review auscultation files in electronic or written form (the “License”), beginning with the date upon which You agree to the terms and conditions of this Agreement by clicking the “Accept” button (the “Effective Start Date”) and continuing until this Agreement is terminated by either party pursuant to Paragraph 11 (the “License Period”). You shall have no right to download, obtain and/or otherwise be provided with a copy of the Software, and Your use of the Software shall be exclusively through Zargis’ Telemedicine server and client application hosted at Zargistelemed.com (the “Website”). At Zargis' discretion, the first thirty (30) days of the License Period may be offered as a trial period (the “Trial Period”). During the Trial Period, You will be subject to all the terms and conditions set forth in this Agreement, except that You will not be charged a Monthly Fee (as described in Paragraph 10) for access to and use of the Software or Services during such Trial Period.


The License does NOT include the right to, and You shall not, directly or indirectly, and/or assist any third party, to do any of the following (except as otherwise expressly permitted under this Agreement): (i) access or attempt to access any other Zargis systems, programs or data that are not generally made available for the use by Zargis’ customers licensing the Software; (ii) copy, reproduce, republish, upload, post, transmit, resell or distribute in any way the material from the Website; (iii) publish, distribute via the Internet or other public computer based information system, create derivative works (including translating), transfer, sell, lease, license or otherwise make available the auscultation files or any portion thereof to any third party, (iv) permit any third party to benefit from the use or functionality of the Software or Services via a rental, lease, timesharing, service bureau, or other arrangement; (v) transfer any of the rights granted to You under this Agreement; (vi) work around any technical limitations in the Software, use any tool to enable features or functionalities that are otherwise disabled in the Software, or directly or indirectly decompile, disassemble, or otherwise reverse engineer the Software; (vi) perform or attempt to perform any actions that would interfere with the proper working of the Software or Services, prevent access to or the use of the Software or Services by Zargis’ other licensees or customers, or impose an unreasonable or disproportionately large load on Zargis’ infrastructure; or (vii) otherwise use the Software except as expressly allowed under this Paragraph 1.



2. SOFTWARE AND Services. The “Software” licensed to You under this Agreement includes the Zargis Telemed Server and other programs, tools, internet-based services (i.e., the Website), components and any “updates” (for example, bug “fixes”, upgrades, new version releases etc.) of the Software that we provide or make available to You (and Your Authorized Users, if any). The “Services” provided under this Agreement may include maintenance, technical support, service information, among other services that may be provided to support the Software functionality. Provided that You otherwise agree to and comply with all the terms and conditions of this Agreement, we will provide you with access to and use of the Software during the License Period.


In general, Cardioscan and StethAssist allows a User to store, retrieve, and, in some cases, process cardiac auscultation data that have been generated through proper use of a specialized electronic stethoscope (the “Stethoscope”) on a patient and transmitted remotely from the Stethoscope to the Software (the “Files”). The Zargis Telemed Server is a web-based program that is designed to allow Cardioscan and StethAssist users to then transmit, share, receive, access, and review the Files, whether such users are within the same office, or in different geographic locations. The Zargis Telemed Server is not intended for mission critical applications (for example, patient monitoring). By agreeing to the terms and conditions of this Agreement, You are expressly acknowledging and agreeing that the user of the Stethoscope is solely and ultimately responsible for assuring that he or she operates and uses the Stethoscope equipment properly, and that if the user does not properly use the Stethoscope, the Files created and stored on the Software may be inaccurate, unreliable, of poor quality, or have other user-generated issues. In addition, You also acknowledge and agree that if the Stethoscope equipment utilized by a user is defective or otherwise not functioning properly, this may also cause the auscultation data in the Files to be inaccurate, unreliable, or of poor quality. Zargis disclaims any and all warranties, express or implied, including without limitation the implied warranties of merchantability and fitness for a particular purpose, use or application, with respect to the Stethoscope, including the Files created by Users through the use of the Stethoscope. In no event will Zargis be liable for any damages, including, but not limited to, any direct or indirect personal, exemplary, special, incidental, or consequential damages of any kind whatsoever, or for any lost profits, lost business, lost information or other pecuniary loss, suffered or incurred by You, or any other third party, including but not limited any patient, as a consequence of the use or performance of the Stethoscope, even if Zargis has been advised of the possibility of such damages.


3. RESERVATION OF RIGHTS AND OWNERSHIP. The Software is licensed not sold, and we reserve all rights not expressly granted to You in this Agreement. The Software is protected by copyright, trade secret and other intellectual property laws. Zargis and Zargis’ licensors, if any, own the title, copyright, and other worldwide intellectual property rights in the Software and all copies of the Software. This Agreement does not grant You any rights to trademarks or service marks of Zargis. All rights not expressly granted in this Agreement are reserved to us. No other rights or licenses, whether express implied, arising by estoppel, or otherwise are conveyed or intended by the Agreement.


4. REGISTRATION DATA AND USER ACCOUNT. You, and any and every additional user at your organization You wish to allow access to and use of the Software and Services under this Agreement (hereinafter, a “Authorized User”), must first successfully register through our Website (You and any and every additional Authorized User, each a “Registrant”). Each Registrant must provide us with the information requested during the registration process, including a name, contact information, billing information, among other data (the “Registration Data”). We will keep such information confidential in accordance with Paragraph 8 of this Agreement. Registration Data that is complete and accurate will be used to establish and maintain a Your “User Account.” We may also use the Registration Data, at any time, to verify and authenticate the identity of a Registrant or Authorized User, and by agreeing to the terms and conditions of this Agreement, You expressly authorize and consent to our using such information as we determine, in our sole and unfettered discretion, to be necessary and appropriate, in accordance with any applicable law, for such verification and authentication purposes.


The Registration Data provided to us by a Registrant must be complete, true, accurate, current, and must otherwise meet our criteria for an Authorized User. You are responsible for all information provided to us in connection with registration, or otherwise, and we assume that any communications we receive from You or any Registrant at your organization were transmitted or authorized by You. You are responsible for promptly informing us, and insuring that any other Authorized User at your organization inform us, of any changes, updates or inaccuracies in the Registration Data. If any of the Registration Data is inaccurate, incomplete or not current, or we have reasonable grounds to suspect that any information contained in the Registration Data is inaccurate, incomplete, not current, or otherwise does not meet, in any way, our criteria for an Authorized User, we may, in our sole and unfettered discretion, suspend or terminate any one or all User Accounts established by You under this Agreement, and refuse any and all current or future access to and use of the Software or Services (or any portion thereof).


5. AUTHORIZED USERS AND ACCESS. A Registrant who has successfully registered through our Website must also establish a user identification name (and “User ID”) and password through the Website before he or she can access and use the Software. Each Authorized User who has obtained a User ID and password under Your User Account, including You, shall be permitted to access and use the Software and Services, subject to the terms and conditions of this Agreement. We will assume that any Authorized User that establishes a User ID and password under Your User Account has been authorized by You to do so. You are solely responsible for insuring that You, and any and all of Your Authorized Users: (i) maintain the strict confidentiality and security of his/her User ID and password, and any other information used to access the Software and Services; (ii) prevent unauthorized access to or use of the information, files or data that stored or in the Software and Services; (iii) prevent unauthorized users from accessing the Software under Your User Account; (iv) ensure that each of Your Authorized Users, if any, complies with this Agreement. You are also responsible for any charges, damages, or losses that may be incurred or suffered as a result of the failure by You, or any Authorized User, to comply with the terms and conditions of this Agreement.


6. SOFTWARE USE, SOFTWARE REVISIONS AND MODIFICATIONS AND MAINTENANCE. The Software employs industry standard encryption technology to reduce the probability of an unauthorized interception of any information contained in the Files while being maintained or transmitted using the Software. However, You acknowledge and agree that no form of encryption is foolproof. It is Your responsibility to insure that the Files, and any confidential information contained therein, are not transmitted to any recipient in a manner that would violate applicable law or otherwise be inappropriate. You acknowledge and agree that the transmission of the Files, including any information contained therein, to recipients by any means other than through the proper use of the Software may not be secure. In addition, You shall be solely responsible for maintaining the confidentiality and security of any of the Files maintained in any location other than on the Zargis Telemed Server (e.g., on Your hard drive). Zargis will not be responsible for any File or information transmitted through any means other than through the use of the Software and the Website, and maintained in any other location than on the Zargis Telemed Server.


We shall have the right, in our sole and unfettered discretion, with or without notice, to revise, update, or otherwise modify the Software and/or Services and establish or change limits concerning use of the Software and Services, temporarily or permanently. We also have the right, with or without notice, to make any such changes effective immediately to maintain the security of the Software or to comply with any laws or regulations (including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and its related privacy and security regulations (collectively “HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act and regulations promulgated thereunder (collectively, “HITECH”)). Your continued use of the Software will constitute Your acceptance of and agreement to any such changes. Notwithstanding the foregoing sentence, You hereby agree to any and all changes made by us to comply with any laws or regulations (including, but not limited to, HIPAA and HITECH). You understand and agree that You are solely responsible for periodically reviewing the Website for any change, deletion, discontinuance, or imposition of conditions on any feature or aspect of Software and Services. We may, from time to time, perform maintenance upon the Software which could result in interrupted service, delays or errors in the Software. We will attempt to provide prior notice of scheduled maintenance, but do not guarantee that such notice will be provided.


7. CONDUCT AND CONTENT. You are solely responsible for the content of transmissions of the Files through the use of the Software, and we reserve the right to take any action we deem necessary or appropriate, in our sole discretion, if we believe You or Your transmissions or use of the Software are not in compliance with any applicable law, and/or in Zargis’ best interests. In no way limiting the foregoing, You agree: (1) to comply with all laws, rules and other regulations that may be applicable to the use of the Software and transmission of the Files by You, or any Authorized User, including, but not limited to, HIPAA, HITECH, and any other federal or state laws governing the transmission and/or use of such information electronically; (2) not to use the Software and Services for illegal purposes; (3) not to interfere or disrupt networks connected to the Software and Services; (4) not to use the Software and Services to infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; and (5) not to transmit through the Software any unlawful, harassing, libelous, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable material of any kind or nature.


8. CONFIDENTIALITY OF USER INFORMATION. We abide by our privacy policies with respect to how we may or may not use or disclose information about You, or any Authorized User, including Registration Data and any information maintained in connection with Your User Account. Further details about our Privacy Policy regarding such information are provided through the registration page on the Website.


9. HIPAA COMPLIANCE. You understand and agree that through use of the Software, You may be accessing confidential information, some of which may be considered “protected health information” or “PHI,” as such term is defined under HIPAA. You agree that you are solely responsible for assuring that access, use and any further disclosure of such information, including any PHI, by You, or any Authorized User, complies in all respects with HIPAA, HITECH, and any other state law that may be applicable to You or Your organization, or otherwise protects the privacy and/or security of such information that You, or an Authorized User, may access through the Software. In addition, the specific terms and conditions of the HIPAA Addendum attached as Appendix 1 and made a part of this Agreement shall apply and govern how PHI may be used and disclosed.


10. PAYMENT TERMS. Except for any Trial Period that may be offered, we will charge You on a monthly basis for all License fees and charges related to the access and use of the Software and Services under your User Account (the “Monthly Fee”), until this Agreement is terminated by You or by us in accordance with Paragraph 11. Your Monthly Fee will be calculated based upon pricing information we provided to You when you registered and established a User Account with us, and upon the number of Authorized Users registered under your User Account. We reserve the right to modify pricing, at our discretion, upon any monthly renewal, and to adjust (increase or decrease) the Monthly Fee if any Authorized Users are added or removed from Your User Account.


11. TERMINATION. We may, in our sole and unfettered discretion, immediately and without notice or opportunity to cure, terminate the License and Your right to access and use the Software, for any reason, including but not limited to (a) a breach of any term of this Agreement by You, or any Authorized User; (b) failure to pay in full any Monthly Fee when due; (c) our inability to verify or authenticate information provide to us by You, or an Authorized User; (d) the inaccuracy of such information, or (e) we, in our sole discretion, discontinue offering the Software. We will not be liable to You or any third party for termination of Your ability, or the ability of any other Authorized User, to use and/or receive the Software and/or Services. You may terminate use of the Software in writing at any time, for any reason. Only You may terminate the active registration of an Authorized User, if any, under Your User Account. If you provide written notification of any such termination via email, we reserve the right verify Your termination request in any reasonable manner. Upon termination of Your User Account or an Authorized User, You shall remain liable for all fees incurred or accrued up and through the date of termination. Any fees You may have paid in advance are nonrefundable, without exception.


Upon termination of Your User Account, for any reason and by either party, You, and any and all other Authorized Users under Your User Account, are prohibited from further access or use of the Software and will no longer have access to the Files and other information stored on the Zargis Telemed Server. Such information may be returned, destroyed or otherwise securely retained by us, as we determine in our sole and unfettered discretion, and as otherwise permitted under applicable laws. We shall not be liable to You or any third party, including any Authorized User, for termination of access to the Software.


12. DISCLAIMER OF WARRANTIES. The Software is provided on an “as-is” and “as available” basis and, to the maximum extent permitted by applicable law, Zargis, its affiliates, licensors, agents, service providers, distributors, dealers and suppliers disclaim all guarantees and warranties, express, implied or statutory, regarding the Software, including any warranty of fitness for a particular purpose, title, merchantability, and non-infringement. You expressly agree that use of the Software is at Your sole risk. Zargis makes no warranty that the Software and/or Services will meet Your requirements or that the service will be uninterrupted, timely or error free, nor does Zargis make any warranty as to the results that may be obtained from the use of the Software or the accuracy of any other information obtained through the Software or that defects in the Software will be corrected. You understand and agree that any material and/or data downloaded or otherwise obtained through the use of the Software is done at Your own risk, and that You will be solely responsible for any damage to any computer system or loss of data that results from the download of such material and/or data. You also expressly acknowledge and agree that Zargis makes no warranty or guarantee as to the clinical accuracy, reliability and quality of the information contained in the Files, including the occultation data. No information or advice, whether oral or written, obtained by you from Zargis or through the Software and/or Service shall create any warranty not expressly made herein. Zargis expressly disclaims any representations or warranties that Your use of the Software will satisfy Your statutory or regulatory obligations, or will assist with, guarantee or otherwise ensure Your compliance with any applicable laws or regulations, including but not limited to HIPAA, HITECH, or other applicable federal or state statutes or regulations. Zargis makes no representations that the Software will comply with the rules, regulations or guidelines of any particular health care provider or any health care insurance payor from whom you may seek payment of medical claims.


13. LIMITATION OF LIABILITY AND DAMAGES. Zargis liability for all matters arising from or relating to this Agreement, including from the use of the Software by You, or any Authorized User, shall be limited to the amount paid by you for the Software that directly caused the damage. To the maximum extent permitted by applicable law, Zargis shall not be liable for any direct or indirect, personal, special, incidental, exemplary, or consequential damages or for any damages relating to loss of business, telecommunication failures, loss, corruption, security or theft of data, viruses, spyware, loss of profits or investment, or the like, whether based in contract, tort (including negligence), product liability or otherwise, even if Zargis or its suppliers have been advised of the possibility of such damages, and even if a remedy set forth herein is found to have failed of its essential purpose. This limitation applies to any claim based upon breach of contract, tort, negligence, breach of warranty, strict liability, product liability or any other theory. By accepting the terms of this Agreement, you are acknowledging that the limitation to the price paid is fair, just and reasonable under the circumstances.


14. INDEMNITY. You hereby agree, at Your expense, to indemnify, defend and hold Zargis harmless from and against any third-party claim, action or allegation brought against Zargis and any loss, cost, damages, penalties, liability or expense, including attorneys’ fees, that results from, arises out of or relates from (a) any third-party claim, action or allegation of infringement based on information, data, files or other content submitted by You (or an Authorized User); or (b) any breach of any terms contained in this Agreement by You (or an Authorized User); or (c) use of the Software by You (or an Authorized User); (d) the unauthorized or unlawful use of the Software by You (or an Authorize User), or (e) violation of any state or federal law or regulation, or any third partys rights, including but not limited to infringement of any copyright, violation of any proprietary right or invasion of any privacy rights, by You (or an Authorized User).


15. LIMITATION ON TIME TO SUE. Unless otherwise required by law, an action or proceeding by You to enforce an obligation, duty, or right arising under this Agreement or by law with respect to the Software must be commenced within one year after the cause of action accrues.


16. GOVERNING LAW; VENUE. This Agreement will be governed by the laws of the State of New Jersey, without regard to its choice of law or conflicts of law principles. You hereby consent and submit to the exclusive jurisdiction of the state and federal courts of the State of New Jersey.


17. NO WAIVER. The failure or refusal by Zargis to either insist upon the strict performance of any provision of this Agreement or to exercise any right in any one or more instances or circumstances shall not be construed as a waiver or relinquishment of such provision or right, nor shall such failure or refusal be deemed a custom or practice contrary to such provision or right. A waiver of default shall not be a waiver of any other or subsequent default.


18. MISCELLANEOUS. Any waiver of the terms herein by Zargis must be in writing signed by an authorized officer of Zargis and expressly referencing the applicable provisions of this Agreement. If any provision of this Agreement is invalid or unenforceable under applicable law, then it shall be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law, and the remaining provisions will continue in full force and effect. Headings are included for convenience only, and shall not be considered in interpreting this Agreement. As used in this Agreement, the word “including” means “including but not limited to”. This Agreement does not limit any rights that Zargis may have under trade secret, copyright, patent or other laws. Except as expressly set forth in this Agreement, this Agreement is a complete statement of the agreement between You and Zargis and sets forth the entire liability of Zargis and Your exclusive remedy with respect to the Software and Services. Any termination of this Agreement notwithstanding, provisions which are intended to survive and continue shall so survive and continue.




HIPAA BUSINESS ASSOCIATE ADDENDUM


This HIPAA Business Associate Addendum (this “Addendum”) is effective as of the Effective Start Date of the underlying Agreement, and is by and between Zargis Medical Corp. (the “Business Associate”) and You, the Covered Entity which is utilizing the Software and Services through Authorized Users who have accepted the terms and conditions of the underlying Agreement (collectively, the “Covered Entity”). Any term which is not otherwise defined in this Addendum shall have the meaning ascribed to such term in the underlying Agreement.

RECITALS


  1. Covered Entity has engaged Business Associate for the purpose of assisting Covered Entity in providing certain functions and services to Covered Entity, as more particularly set forth in the underlying Agreement (collectively, this Addendum and the underlying Agreement are referred to hereinafter simply as the Agreement).


  1. Covered Entity wishes to allow Business Associate to have access to certain information, some of which may constitute Protected Health Information (“PHI”), including electronic protected health information (“e-PHI”) in order for Business Associate to provide the services described in the Underlying Agreement. PHI and e-PHI collectively are, at times, referred to herein as “the PHI”.


  1. Covered Entity and Business Associate intend to protect the privacy and provide for the security of the PHI in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and regulations promulgated there under by the U.S. Department of Health and Human Services (collectively, “HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act, Title XIII, Subtitle D of the American Recovery and Reinvestment Act of 2009, H.R. 1, and any regulations now or in the future promulgated there under (collectively, “HITECH”), as well as any other applicable state privacy and security laws protecting such information.


  1. The safeguards imposed upon Covered Entity and Business Associate with respect to the PHI are imposed in accordance with, and shall satisfy the standards and requirements of, HIPAA and HITECH, as the same may be amended from time to time.


In consideration of the mutual promises below and the exchange of information provided for herein, the Parties agree as follows:


  1. Definition of “Protected Health Information” or “PHI”: Any information, whether oral or recorded in any form or medium: (i) that relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual, and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and shall have the meaning given to such term under HIPAA, including, but not limited to 45 CFR § 160.103. “Electronic Protected Health Information” or “e-PHI” means PHI that is transmitted by or maintained in electronic media.


  1. Obligations of Business Associate.


      1. Permitted Uses and Disclosures. Business Associate may use and/or disclose the PHI as follows:


(i) Purpose: Business Associate may use the PHI for the purpose of providing or performing on behalf of Covered Entity the functions and activities set forth in the Underlying Agreement (the “Business Associate Services”);


(ii) Type of Information: Business Associate may use any and all PHI and e-PHI made available by Covered Entity and is necessary for Business Associate to provide the Business Associate Services to Covered Entity;


(iii) Scope of Use & Disclosure: Business Associate may use and further disclose the PHI to the extent permitted by and in accordance with this Addendum, HIPAA and HITECH, or as required by law;


(iv) Use for Management and Administration: Business Associate may use the PHI if necessary to (a) perform its own proper management and administration functions or (b) carry out its own legal responsibilities;


(v) Disclosure for Management and Administration: Business Associate may disclose the PHI to a third party for the proper management and administration of Business Associate if: (A) the disclosure is required by law, or (B) Business Associate obtains from such third party a written agreement:


(1) that the PHI will be held confidentially and in compliance with HIPAA and HITECH, and used or further disclosed only as required by law or for the purpose for which it was disclosed to such third party, and


(2) to notify the Business Associate, without unreasonable delay, of any instances of which such third party becomes aware that the confidentiality of the PHI has been breached; and


(vi) Uses or Disclosures Requiring Prior Authorization: Business Associate acknowledges and agrees that, except as expressly provided in this Addendum, or permitted under HIPAA, HITECH and state law, Business Associate may not use or disclose the PHI to any other third party without first having obtained a HIPAA-compliant authorization signed by the individual to whom the PHI pertains.

      1. Security Safeguards. Business Associate agrees to use appropriate safeguards to provide for the security of the PHI. Business Associate shall maintain a written security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities, and which otherwise incorporates the elements of and satisfies 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316.


      1. Reporting of Unauthorized Uses & Disclosures, and “Breach” Notification. Business Associate shall promptly inform Covered Entity of any unauthorized uses or disclosures of the PHI of which Business Associate becomes aware. In addition, if Business Associate discovers a breach that results in the unauthorized acquisition, access, use, or disclosure of “unsecured PHI” (as defined below), Business Associate shall, without unreasonable delay, notify Covered Entity of such breach, including providing:


(i) the identification of the individual(s) whose unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such breach;


(ii) a brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known;


(iii) a description of the types of unsecured PHI that were involved in the breach (e.g., name, Social Security number; date of birth etc.);


(iv) a brief description of what Business Associate is doing to

investigate the breach, to mitigate losses and to protect

against any further breaches.


Unsecured PHI” shall mean the PHI provided by Covered Entity to Business Associate that has not been secured by a technology standard or otherwise disposed of or destroyed through methodologies specified by regulation of the Secretary of the Department of Health and Human Services (“HHS”) that would render the PHI unusable, unreadable, or indecipherable to unauthorized individuals.


      1. Business Associate’s Agents. Business Associate shall ensure that any agents, including subcontractors, to whom it provides the PHI, agree in writing to the same HIPAA and HITECH restrictions and conditions that apply to Business Associate with respect to the PHI.

      1. Accounting of Disclosures, Access and Amendment. Business Associate shall make available to Covered Entity such information as Covered Entity may reasonably require to fulfill its obligations to provide access to, provide a copy of, amend, or account for disclosures with respect to the PHI pursuant to HIPAA and HITECH. If Business Associate receives a request for access, amendment, or an accounting of disclosures from an individual who is the subject of the PHI, Business Associate shall direct such request to Covered Entity, which shall be solely responsible for responding to the individual in accordance with HIPAA and HITECH, and at Covered Entity’s cost. Nothing in this provision shall be construed to preclude or limit Business Associate’s obligations under the law, specifically with respect to the provision of access to individuals of their PHI, the amendment of PHI by individuals, or the provision of an accounting of disclosures to individuals of their PHI.





  1. Obligations of Covered Entity.


a. Safeguards. Covered Entity shall be responsible for using appropriate administrative, technical and physical safeguards to maintain and ensure the confidentiality, privacy and security of the PHI transmitted to or accessed by Business Associate pursuant to the Agreement, in accordance with the standards and requirements of HIPAA and HITECH.


b. Notice of Privacy Practices. Covered Entity shall provide Business

Associate with a copy of Covered Entity’s current Notice of Privacy Practices, and immediately notify Business Associate of any change(s) or revision(s) to the same.


c. Requested Restrictions on Use. Covered Entity shall immediately notify Business Associate of any restriction to the use or disclosure of the PHI that Covered Entity has agreed to in accordance with HIPAA or HITECH, to the extent that such restriction may affect Business Associate’s use or disclosure of the PHI.


d. Revocation to Authorization. Covered Entity shall immediately notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose the PHI, to the extent that such changes may affect Business Associate’s use or disclosure of the PHI.


4. Internal Practices. Each Party agrees to make its internal practices, books

and records relating to the use and disclosure of the PHI available to the Secretary of HHS for the purposes of determining the other Party’s compliance with HIPAA and HITECH.


5. Termination.


  1. Material Breach. If a Party is in violation of a material term of this Addendum or a requirement under HIPAA or HITECH (the “Breaching Party”), as determined by the other Party (the “Non-breaching Party”), the Non-breaching Party may immediately terminate the Agreement between the Parties if the Breaching Party does not take reasonable steps to cure the breach or end the violation successfully within fourteen (14) days of receiving from the Non-breaching Party a written notice that sets forth the nature of the breach or violation. If termination of the Agreement is not feasible, and the violation of HIPAA or HITECH requirements continues, the Breaching Party hereby agrees and consents to the problem being reported to the Secretary of HHS.


  1. Judicial or Administrative Proceedings. Either Party may terminate the Agreement, effective immediately, if (i) the other Party is named as a defendant in a criminal proceeding for a violation of HIPAA or HITECH, or (ii) a finding or stipulation that the other Party has violated any standard or requirement of HIPAA, HITECH or other security or privacy laws is made in any administrative or civil proceeding in which the Party has been joined.


  1. Effect of Termination. Upon termination of the Agreement for any reason, Business Associate agrees to return to Covered Entity and destroy all of the PHI that Business Associate still maintains in any form, and not to retain any copies of such PHI, or if return or destruction is not practically feasible, as determined by Business Associate it its reasonable discretion, Business Associate agrees, at Covered Entity’s expense, to continue to extend the protections of this Agreement to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible.


6. Indemnification. Each Party will indemnify, hold harmless and defend the other Party to this Addendum from and against any and all claims, losses, liabilities, costs and other expenses including court costs and reasonable attorneys fees and disbursements, incurred as a result of, or arising directly or indirectly out of or in connection with: (i) any misrepresentation, breach of warranty or non-fulfillment of any undertaking on the part of the Party under this Addendum; and (ii) any claims, demands, awards, judgments, actions and proceedings made by any person or organization arising out of or in any way connected with the Party’s performance under this Addendum.


7. Disclaimer. Business Associate makes no warranty or representation that its own compliance with this Addendum, HIPAA or HITECH will be adequate or satisfactory for Covered Entity’s own purposes or that any information in Covered Entity’s own possession or control is or will be secure from unauthorized use or disclosure. Covered Entity is solely responsible for its decisions made regarding safeguarding of the PHI.


8. Amendment. The Parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this Amendment may be required to provide for procedures to ensure compliance with such developments. The Parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, HITECH, and other applicable laws relating to the security or confidentiality of the PHI. The Parties acknowledge and agree that Covered Entity must receive satisfactory written assurance from Business Associate that Business Associate will adequately safeguard the PHI that it receives or creates pursuant to the delivery of the Business Associate Services and this Addendum, and that the additional requirements of HITECH that relate to security or privacy and are made applicable with respect to Covered Entity must also be incorporated into this Addendum. Upon either Party’s request, both Parties agree to promptly enter into negotiations concerning the terms of an amendment to this Agreement embodying written assurances consistent with the standards and requirements of HIPAA, HITECH, or other applicable laws. Either Party may terminate the Agreement and the Business Associate Services upon 30 days written notice in the event the other party (i) does not promptly enter into negotiations to amend this Addendum when requested pursuant to this Section or (ii) does not enter into an amendment to this Addendum sufficient to satisfy the standards and requirements of HIPAA and HITECH.


9. Assistance in Litigation or Administrative Proceedings. Each Party agrees to make itself and any subcontractors, employees or agents assisting it in the performance of its obligations under the Agreement (collectively, the “Assisting Party”), available to the other Party requesting reasonable and limited assistance (the “Requesting Party”), to testify as witnesses, or otherwise, in the event of litigation or administrative proceedings being commenced against the Requesting Party, its directors, officers or employees based upon claimed violations of HIPAA, HITECH or other laws relating to security and privacy, except where the Assisting Party is named an adverse Party.


10. Interpretation. This Addendum shall be interpreted as broadly as necessary to implement

and comply with HIPAA, HITECH and other applicable laws. To the extent that any terms of this Addendum conflict with terms in the Underlying Agreement, the conflict shall be resolved in favor of strict compliance with HIPAA and HITECH.


11. Notices. All notices, demands and other communications to be made under this Addendum shall be made in accordance with the notice provisions in the Underlying Agreement.