$today = date(“Y-m-d”) ;
if (array_key_exists(‘company’, $_GET)):
$company = $_GET[‘company’];
$company = ‘Your Company’;
if (array_key_exists(‘contactname’, $_GET)):
$name = $_GET[‘contactname’];
$name = ‘Your Name’;
if (array_key_exists(‘title’, $_GET)):
$title = $_GET[‘title’];
$title = ‘Your Title’;
if (array_key_exists(‘product’, $_GET)):
$product = $_GET[‘product’];
$product = ‘WoundWiseIQ’;
$address = “”;
if (array_key_exists(‘address’, $_GET)):
$address = $_GET[‘address’];
if (array_key_exists(‘city’, $_GET)):
$address = $address . ” ” .$_GET[‘city’];
if (array_key_exists(‘state’, $_GET)):
$address = $address . ” ” .$_GET[‘state’];
if (array_key_exists(‘country’, $_GET)):
$address = $address . ” ” .$_GET[‘country’];
if (array_key_exists(‘zip’, $_GET)):
$address = $address . ” ” .$_GET[‘zip’];
Software as a Service Agreement
This Software as a Service Agreement (this “Agreement”), effective as of [insert_php] echo $today; [/insert_php] (the “Effective Date”), is a binding agreement between Med-Compliance IQ, Inc., an Ohio corporation with an address of 1275 Kinnear Road, Columbus, Ohio 43212 (“Med-IQ”), and [insert_php] echo $company; [/insert_php] (“Customer”), with respect to Customer’s access to and use of the [insert_php] echo $product; [/insert_php] Product and related services.
WHEREAS, Med-IQ has developed a photo imaging and analytics tool that is intended to improve the process for measurement and documentation of chronic wounds (the “ [insert_php] echo $product; [/insert_php] Product”), used to transmit, process and store wound images;
WHEREAS, Customer wishes to procure from Med-IQ the [insert_php] echo $product; [/insert_php] Product and related services described herein, and Med-IQ wishes to provide the [insert_php] echo $product; [/insert_php] Product and services to Customer, each on the terms and conditions set forth in this Agreement.
NOW, THEREFORE, in consideration of the mutual covenants, terms and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
- Definitions. Capitalized terms have the meanings set forth in Schedule AA, or in the Section in which they first appear in this Agreement.
- Services. Subject to and conditioned on Customer’s and its Authorized Users’ compliance with the terms and conditions of this Agreement, during the Term, Med-IQ shall use commercially reasonable efforts to provide to Customer and its Authorized Users the services described in the attached Schedule A and this Agreement (collectively, the “Services”) in accordance with the Specifications and terms and conditions hereof, including to host, manage, operate and maintain the Software for remote electronic access and use by Customer and its Authorized Users (“Hosted Services”) in substantial conformity with the Specifications 24 hours per day, seven days per week, every day of the year, except for:
- Scheduled Downtime.
- Service downtime or degradation due to a Force Majeure Event;
- any other circumstances beyond Med-IQ’s reasonable control, including Customer’s or any Authorized User’s use of Third Party Materials, misuse of the Hosted Services, or use of the Services other than in compliance with the express terms of this Agreement and the Specifications; and
- any suspension or termination of Customer’s or any Authorized Users’ access to or use of the Hosted Services as permitted by this Agreement.
- Service and System Control. Except as otherwise expressly provided in this Agreement, as between the parties:
- Med-IQ has and will retain sole control over the operation, provision, maintenance and management of the Services and Med-IQ Materials, including the: (i) Med-IQ Systems; (ii) selection, deployment, modification and replacement of the Software; and (iii) performance of Service maintenance, upgrades, corrections and repairs; and
- Customer has and will retain sole control over the operation, maintenance and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of the Services and Med-IQ Materials by any Person by or through the Customer Systems or any other means controlled by Customer or any Authorized User, including any: (i) information, instructions or materials provided by any of them to the Services or Med-IQ; (ii) results obtained from any use of the Services or Med-IQ Materials; and (iii) conclusions, decisions or actions based on such use.
- Changes. Med-IQ reserves the right, in its sole discretion, to make any changes to the Services and Med-IQ Materials that it deems necessary or useful to: (a) maintain or enhance (i) the quality or delivery of Med-IQ’s services to its customers, (ii) the competitive strength of or market for Med-IQ’s services or (iii) the Services’ cost efficiency or performance; or (b) to comply with applicable Law. Without limiting the foregoing, either party may, at any time during the Term, request in writing changes to the Services. The parties shall evaluate all such requested changes in good faith. No requested changes will be effective unless and until memorialized in a written change order signed by both parties.
- Subcontractors. Med-IQ may from time to time in its discretion engage third parties to perform Services (each, a “Subcontractor”).
- Suspension or Termination of Services. Med-IQ may, directly or indirectly, and by use of a Med-IQ Disabling Device or any other lawful means, suspend, terminate or otherwise deny Customer’s, any Authorized User’s or any other Person’s access to or use of all or any part of the Services or Med-IQ Materials, without incurring any resulting obligation or liability, if: (a) Med-IQ receives a judicial or other governmental demand or order, subpoena or law enforcement request that expressly or by reasonable implication requires Med-IQ to do so; or (b) Med-IQ believes, in its reasonable discretion, that: (i) Customer or any Authorized User has failed to comply with, a term of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement or in a manner that does not comply with the instructions or requirements of the Specifications; (ii) Customer or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading or unlawful activities relating to or in connection with any of the Services; or (iii) this Agreement expires or is terminated. This Section 2.5 does not limit any of Med-IQ’s other rights or remedies, whether at law, in equity or under this Agreement.
- Authorization and Customer Restrictions.
- Authorization. Subject to and conditioned on Customer’s payment of the Fees and compliance and performance in accordance with all other terms and conditions of this Agreement, Med-IQ hereby authorizes Customer to access and use, solely in the Territory and during the Term, the Services and such Med-IQ Materials as Med-IQ may supply or make available to Customer solely for the Permitted Use by and through Authorized Users in accordance with the Specifications, and the conditions and limitations set forth in this Agreement. This authorization is non-exclusive and non-transferable.
- Reservation of Rights. Nothing in this Agreement grants any right, title or interest in or to (including any license under) any Intellectual Property Rights in or relating to, the Services, Med-IQ Materials or Third Party Materials, whether expressly, by implication, estoppel or otherwise. All right, title and interest in and to the Services, the Med-IQ Materials and the Third Party Materials are and will remain with Med-IQ and the respective rights holders in the Third Party Materials.
- Authorization Limitations and Restrictions. Customer shall not, and shall not permit any other Person to, access or use the Services or Med-IQ Materials except as expressly permitted by this Agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:
- copy, modify or create derivative works or improvements of the Services or Med-IQ Materials;
- rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make available any Services or Med-IQ Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud or other technology or service;
- reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of the Services or Med-IQ Materials, in whole or in part;
- bypass or breach any security device or protection used by the Services or Med-IQ Materials or access or use the Services or Med-IQ Materials other than by an Authorized User through the use of his or her own then valid Access Credentials;
- input, upload, transmit or otherwise provide to or through the Services or Med-IQ Systems, any information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code;
- damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner the Services, Med-IQ Systems or Med-IQ’s provision of services to any third party, in whole or in part;
- remove, delete, alter or obscure any trademarks, Specifications, Documentation, warranties or disclaimers, or any copyright, trademark, patent or other intellectual property or proprietary rights notices from any Services or Med-IQ Materials, including any copy thereof;
- access or use the Services or Med-IQ Materials in any manner or for any purpose that infringes, misappropriates or otherwise violates any Intellectual Property Right or other right of any third party, or that violates any applicable Law;
- access or use the Services or Med-IQ Materials for purposes of competitive analysis of the Services or Med-IQ Materials, the development, provision or use of a competing software service or product or any other purpose that is to the Med-IQ’s detriment or commercial disadvantage;
- access or use the Services or Med-IQ Materials in, or in association with, the design, construction, maintenance, operation of any hazardous environments, systems or applications, any safety response systems or other safety-critical applications, or any other use or application in which the use or failure of the Services could lead to personal injury or severe physical or property damage; or
- otherwise access or use the Services or Med-IQ Materials beyond the scope of the authorization granted under this Section 3.
- Customer Obligations.
- Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain and operate in good repair and in accordance with the Specifications all Customer Systems on or through which the Services are accessed or used; (b) provide Med-IQ Personnel with such access (remote or physical) to Customer’s premises and Customer Systems as is necessary for Med-IQ to perform the Services in accordance with the Availability Requirement and Specifications; and (c) provide all cooperation and assistance as Med-IQ may reasonably request to enable Med-IQ to exercise its rights and perform its obligations under and in connection with this Agreement.
- Effect of Customer Failure or Delay. Med-IQ is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer’s delay in performing, or failure to perform, any of its obligations under this Agreement (each, a “Customer Failure”).
- Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 3.3, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Med-IQ Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify Med-IQ of any such actual or threatened activity.
- Service Levels and Credits.
- Service Levels. Subject to the terms and conditions of this Agreement, Med-IQ will use commercially reasonable efforts to make the Hosted Services Available at least ninety-nine (99.0%) of the time as measured over the course of each calendar month during the Term (each such calendar month, a “Service Period”), excluding unavailability as a result of any of the Exceptions described below in this Section 5 (the “Availability Requirement”). “Service Level Failure” means a material failure of the Hosted Services to meet the Availability Requirement. “Available” means the Hosted Services are available for access and use by Customer and its Authorized Users over the Internet and operating in material accordance with the Specifications. For purposes of calculating the Availability Requirement, the following are “Exceptions” to the Availability Requirement, and neither the Hosted Services will be considered un-Available nor any Service Level Failure be deemed to occur in connection with any failure to meet the Availability Requirement or impaired ability of Customer or its Authorized Users to access or use the Hosted Services that is due, in whole or in part, to any: (a) act or omission by Customer or any Authorized User/access to or use of the Hosted Services by Customer or any Authorized User, or using Customer’s or any Authorized User’s Access Credentials, that does not strictly comply with this Agreement and the Specifications; (b) Customer Failure; (c) Customer’s or its Authorized User’s Internet connectivity; (d) Force Majeure Event; (e) failure, interruption, outage or other problem with any software, hardware, system, network, facility or other matter not supplied by Med-IQ pursuant to this Agreement; (f) Scheduled Downtime; or (g) disabling, suspension or termination of the Services pursuant to Section 2.5. No credits will be issued for performance level below the 99.0% uptime goal.
- Service Level Failures and Remedies. In the event of a Service Level Failure, Med-IQ shall credit to Customer a pro-rata portion of the monthly Fees for the Hosted Services due for the Service Period the Service Level Failure occurred (each a “Service Credit”). This Section 5.2 sets forth Med-IQ’s sole obligation and liability and Customer’s sole remedy for any Service Level Failure.
- Scheduled Downtime. Med-IQ will use commercially reasonable efforts to give Customer prior notice of all scheduled outages of the Hosted Services (“Scheduled Downtime”).
- Data Backup.
The Services do not replace the need for Customer to maintain regular data backups or redundant data archives. Med-IQ HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION OR RECOVERY OF CUSTOMER DATA.
- Med-IQ Systems and Security Obligations. Med-IQ will employ security measures in accordance with applicable Law and standard industry practice.
- Prohibited Data. Customer acknowledges that the Services are not designed with security and access management for Processing the following categories of information: (a) data that is classified and or used on the U.S. Munitions list, including software and technical data; (b) articles, services and related technical data designated as defense articles or defense services; and (c) ITAR (International Traffic in Arms Regulations) related data, (each of the foregoing, “Prohibited Data”). Customer shall not, and shall not permit any Authorized User or other Person to, provide any Prohibited Data to, or Process any Prohibited Data through, the Services, the Med-IQ Systems or any Med-IQ Personnel. Customer is solely responsible for reviewing all Customer Data, shall ensure that no Customer Data constitutes or contains any Prohibited Data, and shall be responsible for the compliance of Customer and any Authorized User with all applicable United States and foreign Laws and regulations with respect to the export and re-export of Prohibited Data.
- Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) Customer Systems; (d) the security and use of Customer’s and its Authorized Users’ Access Credentials; and (e) all access to and use of the Services and Med-IQ Materials directly or indirectly by or through the Customer Systems or its or its Authorized Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions and actions based on, such access or use.
- Access and Security. Customer shall employ all physical, administrative and technical controls, screening and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Hosted Services; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Hosted Services.
- Fees; Payment Terms.
- Fees. Customer shall pay Med-IQ the fees set forth in Schedule A (“Fees”) in accordance with this Section 8.1.
- Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any federal, state or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Med-IQ’s income.
- Payment. Customer shall pay all Fees and Reimbursable Expenses within thirty days after the date of the invoice therefor.
- Late Payment. If Customer fails to make any payment when due then, in addition to all other remedies that may be available:
- Med-IQ may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable Law;
- Customer shall reimburse Med-IQ for all reasonable costs incurred by Med-IQ in collecting any late payments or interest, including attorneys’ fees, court costs and collection agency fees; and
- if such failure continues for thirty days following written notice thereof, Med-IQ may suspend performance of the Services until all past due amounts and interest thereon have been paid, without incurring any obligation or liability to Customer or any other Person by reason of such suspension.
- No Deductions or Setoffs. All amounts payable to Med-IQ under this Agreement shall be paid by Customer to Med-IQ in full without any setoff, recoupment, counterclaim, deduction, debit or withholding for any reason (other than Service Credits issued pursuant to Section 5.2 or any deduction or withholding of tax as may be required by applicable Law).
- Intellectual Property Rights.
- Services and Med-IQ Materials. All right, title and interest in and to the Services and Med-IQ Materials, including all Intellectual Property Rights therein, are and will remain with Med-IQ and the respective rights holders in the Third-Party Materials. Customer has no right, license or authorization with respect to any of the Services or Med-IQ Materials (including Third-Party Materials) except as expressly set forth in Section 3, in each case subject to Section 3.3. All other rights in and to the Services and Med-IQ Materials (including Third-Party Materials) are expressly reserved by Med-IQ and the respective third-party licensors.
- Customer Data. As between Customer and Med-IQ, Customer is and will remain the sole and exclusive owner of all right, title and interest in and to all Customer Data, including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 9.3.
- Consent to Use Customer Data. Customer hereby irrevocably grants to Med-IQ, its Subcontractors and the Med-IQ Personnel all such rights and permissions in or relating to Customer Data as are necessary or useful: (a) to perform the Services or improve the Med-IQ Materials; (b) to enforce this Agreement and exercise its rights and perform its hereunder; (c) to use aggregated and de-identified data derived from the Customer Data to create Med-IQ Data, and (d) for Med-IQ’s internal business operations, including but not limited to quality control purposes.
- Confidential Information. In connection with this Agreement each party (as the “Disclosing Party”) may disclose or make available Confidential Information to the other party (as the “Receiving Party”). Subject to Section 10.1, “Confidential Information” means information in any form or medium (whether oral, written, electronic or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party’s technology, trade secrets, know-how, business operations, plans, strategies, customers, patients, patient care, and pricing, and information with respect to which the Disclosing Party has contractual or other confidentiality obligations, in each case whether or not marked, designated or otherwise identified as “confidential”. Without limiting the foregoing, all Med-IQ Materials are the Confidential Information of Med-IQ and the financial terms and existence of this Agreement are the Confidential Information of each of the parties.
- Exclusions. Confidential Information does not include information that the Receiving Party can demonstrate by written or other documentary records: (a) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information’s being disclosed or made available to the Receiving Party in connection with this Agreement; (b) was or becomes generally known by the public other than by the Receiving Party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the Receiving Party on a non-confidential basis from a third party that was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) was or is independently developed by the Receiving Party without reference to or use of any Confidential Information. Confidential Information further excludes Protected Health Information which is governed separately by the obligations set forth in the Business Associate Agreement between the parties detailed in Exhibit 1.
- Protection of Confidential Information. As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall:
- not access or use Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement;
- except as may be permitted by and subject to its compliance with Section 10.4, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party’s obligations under this Section 10.3; and (iii) are bound by confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 10.3;
- safeguard the Confidential Information from unauthorized use, access or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care; and
- ensure its Representatives’ compliance with, and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 9.3.
- Compelled Disclosures. If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information then, to the extent permitted by applicable Law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy or waive its rights under Section 10.3; and (b) provide reasonable assistance to the Disclosing Party in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 10.4, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that, on the advice of the Receiving Party’s outside legal counsel, the Receiving Party is legally required to disclose and, on the Disclosing Party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.
- Term and Termination.
- Initial Term. The initial term of this Agreement commences as of the Effective Date and, unless terminated earlier pursuant any of the Agreement’s express provisions, will continue in effect one year from such date (the “Initial Term”).
- Renewal. This Agreement will renew for additional successive one year terms unless earlier terminated pursuant to this Agreement’s express provisions or either party gives the other party written notice of non-renewal at least thirty days prior to the expiration of the then-current term (each a “Renewal Term” and, collectively, together with the Initial Term, the “Term”).
- Termination. In addition to any other express termination right set forth elsewhere in this Agreement:
- Either party may terminate this Agreement, effective on written notice to the other party, if the other party breaches this Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty days after the non-breaching party provides the breaching party with written notice of such breach;
- Med-IQ may terminate this Agreement, effective immediately, if Customer files, or has filed against it, a petition for voluntary or involuntary bankruptcy or pursuant to any other insolvency Law, makes or seeks to make a general assignment for the benefit of its creditors or applies for, or consents to, the appointment of a trustee, receiver or custodian for a substantial part of its property; and
- Med-IQ may terminate this Agreement for convenience at any time during a Renewal Term upon providing ninety days advance written notice to Customer.
- Customer may terminate this Agreement within 45 days from execution of this agreement, for any reason, by providing written notice to Med-IQ by the 45th day. Customer will still need to pay for any Implementation services provided for per Schedule A.
- Effect of Expiration or Termination. Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:
- all rights, licenses, consents and authorizations granted by either party to the other hereunder will immediately terminate;
- Med-IQ shall immediately cease all use of any Customer Data or Customer’s Confidential Information and (i) promptly return to Customer, or at Customer’s written request destroy, all documents and tangible materials containing, reflecting, incorporating or based on Customer Data or Customer’s Confidential Information; and (ii) permanently erase all Customer Data and Customer’s Confidential Information from all systems Med-IQ directly or indirectly controls, provided that, for clarity, Med-IQ’s obligations under this Section 11.4(b) do not apply to any Med-IQ Data;
- Customer shall immediately cease all use of any Services or Med-IQ Materials and (i) promptly return to Med-IQ, or at Med-IQ’s written request destroy, all documents and tangible materials containing, reflecting, incorporating or based on any Med-IQ Materials or Med-IQ’s Confidential Information; (ii) permanently erase all Med-IQ Materials and Med-IQ’s Confidential Information from all systems Customer directly or indirectly controls; and (iii) certify to Med-IQ in a signed and notarized written instrument that it has complied with the requirements of this Section 11.4(c);
- notwithstanding anything to the contrary in this Agreement, with respect to information and materials then in its possession or control: (i) the Receiving Party may retain the Disclosing Party’s Confidential Information in its then current state and solely to the extent and for so long as required by applicable Law; (ii) Med-IQ may also retain Customer Data in its backups, archives and disaster recovery systems until such Customer Data is deleted in the ordinary course; and (iii) all information and materials described in this Section 11.4(d) will remain subject to all confidentiality, security and other applicable requirements of this Agreement;
- Med-IQ may disable all Customer and Authorized User access to the Hosted Services and Med-IQ Materials;
- if Customer terminates this Agreement for cause, Customer will be relieved of any obligation to pay any Fees attributable to the period after the effective date of such termination;
- if Med-IQ terminates this Agreement for cause, all Fees that would have become payable had the Agreement remained in effect until expiration of the Term will become immediately due and payable, and Customer shall pay such Fees, together with all previously-accrued but not yet paid Fees and Reimbursable Expenses, on receipt of Med-IQ’s invoice therefor.
- Surviving Terms. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Section 3.3, Section 10, Section 11.4, this Section 11.5, Section 12, Section 13, Section 14 and Section 16.
- Representations and Warranties.
- Mutual Representations and Warranties. Each party represents and warrants to the other party that:
- it is duly organized, validly existing and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;
- it has the full right, power and authority to enter into and perform its obligations and grant the rights, licenses, consents and authorizations it grants or is required to grant under this Agreement;
- the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party; and
- when executed and delivered by both parties, this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its terms.
- Additional Med-IQ Representations, Warranties and Covenants.
- Med-IQ represents, warrants and covenants to Customer that Med-IQ will perform the Services using personnel of required skill, experience and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services; and
- it is not, as of the Effective Date excluded from participation in the Medicare, Medicaid or any other federally-funded health programs; or controlled by a person or entity that is so excluded.
- Additional Customer Representations, Warranties and Covenants. Customer represents, warrants and covenants to Med-IQ that Customer owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by Med-IQ and Processed in accordance with this Agreement, they do not and will not infringe, misappropriate or otherwise violate any Intellectual Property Rights of any third party or violate any applicable Law.
- DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 12.1, SECTION 12.2 AND SECTION 12.3, ALL SERVICES AND Med-IQ MATERIALS ARE PROVIDED “AS IS” AND Med-IQ HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHER, AND Med-IQ SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, Med-IQ MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR Med-IQ MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
- Med-IQ Indemnification. Med-IQ shall indemnify, defend and hold harmless Customer from and against any and all Losses incurred by Customer arising out of or relating to any claim, suit, action or proceeding (each, an “Action”) by a third party (other than an affiliate of Customer) to the extent that Customer’s use of the Services (excluding Customer Data and Third Party Materials) in compliance with this Agreement (including the Specifications) infringes a U.S. Intellectual Property Right of a Third Party. The foregoing obligation does not apply to any Action or Losses arising out of or relating to any:
- access to or use of the Services or Med-IQ Materials in combination with any hardware, system, software, network or other materials or service not provided or authorized in writing by Med-IQ;
- modification of the Services or Med-IQ Materials other than: (i) by or on behalf of Med-IQ; or (ii) with Med-IQ’s written approval in accordance with Med-IQ’s written specification;
- failure to timely implement any modifications, upgrades, replacements or enhancements made available to Customer by or on behalf of Med-IQ; or
- act, omission or other matter described in Section 13.2(a)-(d), whether or not the same results in any Action against or Losses by any Med-IQ Indemnitee.
- Customer Indemnification. Customer shall indemnify, defend and hold harmless Med-IQ and its Subcontractors and affiliates, and each of its and their respective officers, directors, employees, agents, successors and assigns (each, a “Med-IQ Indemnitee”) from and against any and all Losses incurred by such Med-IQ Indemnitee in connection with any Action by a third party (other than an affiliate of a Med-IQ Indemnitee) to the extent that such Losses arise out of or relate to any:
- Customer Data, including any Processing of Customer Data by or on behalf of Med-IQ in accordance with this Agreement;
- any other materials or information (including any documents, data, specifications, software, content or technology) provided by or on behalf of Customer or any Authorized User, including Med-IQ’s compliance with any specifications or directions provided by or on behalf of Customer or any Authorized User to the extent prepared without any contribution by Med-IQ;
- allegation of facts that, if true, would constitute Customer’s breach of any of its representations, warranties, covenants or obligations under this Agreement; or
- negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any Authorized User, or any third party on behalf of Customer or any Authorized User, in connection with this Agreement.
- Indemnification Procedure. Each party shall promptly notify the other party in writing of any Action for which such party believes it is entitled to be indemnified. The party seeking indemnification (the “Indemnitee”) shall cooperate with the other party (the “Indemnitor”) at the Indemnitor’s sole cost and expense. The Indemnitor shall immediately take control of the defense and investigation of such Action and shall employ counsel reasonably acceptable to the Indemnitee to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee’s failure to perform any obligations under this Section 13.3 will not relieve the Indemnitor of its obligations under this Section 13 except to the extent that the Indemnitor can demonstrate that it has been prejudiced as a result of such failure. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing.
- Mitigation. If any of the Services or Med-IQ Materials are, or in Med-IQ’s opinion are likely to be, claimed to infringe, misappropriate or otherwise violate any third-party Intellectual Property Right, or if Customer’s or any Authorized User’s use of the Services or Med-IQ Materials is enjoined or threatened to be enjoined, Med-IQ may, at its option and sole cost and expense:
- obtain the right for Customer to continue to use the Services and Med-IQ Materials materially as contemplated by this Agreement;
- modify or replace the Services and Med-IQ Materials, in whole or in part, to seek to make the Services and Med-IQ Materials (as so modified or replaced) non-infringing, while providing materially equivalent features and functionality, in which case such modifications or replacements will constitute Services and Med-IQ Materials, as applicable, under this Agreement; or
- by written notice to Customer, terminate this Agreement with respect to all or part of the Services and Med-IQ Materials, and require Customer to immediately cease any use of the Services and Med-IQ Materials or any specified part or feature thereof.
SECTION 13 SETS FORTH CUSTOMER’S SOLE REMEDIES AND Med-IQ’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED OR ALLEGED CLAIMS THAT THIS AGREEMENT OR ANY SUBJECT MATTER HEREOF (INCLUDING THE SERVICES AND Med-IQ MATERIALS) INFRINGES, MISAPPROPRIATES OR OTHERWISE VIOLATES ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHT.
- Limitations of Liability.
- EXCLUSION OF DAMAGES. IN NO EVENT WILL Med-IQ OR ANY OF ITS LICENSORS, OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES, OTHER THAN FOR THE ISSUANCE OF ANY APPLICABLE SERVICE CREDITS PURSUANT TO SECTION 5.2, (c) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY, OR (d) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
- CAP ON MONETARY LIABILITY. IN NO EVENT WILL THE AGGREGATE LIABILITY OF Med-IQ AND ITS LICENSORS AND SUPPLIERS UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, EXCEED ANY DAMAGES IN EXCESS OF THE GREATER OF THE AMOUNT OF FEES RECEIVED BY Med-IQ FROM CUSTOMER PURSUANT TO THIS AGREEMENT OR THE LIMITS OF ANY INSURANCE COVERING THE CLAIM. THE FOREGOING LIMITATION APPLIES NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
- Force Majeure.
- No Breach or Default. In no event will Med-IQ be liable or responsible to Customer, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by any circumstances beyond Med-IQ’s reasonable control (a “Force Majeure Event”), including acts of God, flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of this Agreement, national or regional emergency, strikes, labor stoppages or slowdowns or other industrial disturbances, passage of Law or any action taken by a governmental or public authority, including imposing an embargo, export or import restriction, quota or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation.
- Affected Party Obligations. In the event of any failure or delay caused by a Force Majeure Event, Med-IQ shall give prompt written notice to Customer stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
- Miscellaneous .
- Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
- Public Announcements. Neither party shall issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or otherwise use the other party’s trademarks, service marks, trade names, logos, domain names or other indicia of source, affiliation or sponsorship, in each case, without the prior written consent of the other party, which consent shall not be unreasonably withheld, conditioned or delayed.
- Notices. All notices, requests, consents, claims, demands, waivers and other communications under this Agreement have binding legal effect only if in writing and addressed to a party as follows (or to such other address or such other person that such party may designate from time to time):
If to Med-IQ:
1275 Kinnear Road, Columbus, Ohio 43212
Attention: Gary Ross, CEO
If to Customer:
Notices sent in accordance with this Section will be deemed effectively given: (a) when received, if delivered by hand (with written confirmation of receipt); (b) when received by the addressee if sent by a nationally recognized overnight courier (receipt requested); (c) on the date sent by facsimile or e-mail of a PDF document (with confirmation of transmission) if sent during normal business hours of the recipient, and on the next business day if sent after normal business hours of the recipient; or (d) on the third day after the date mailed, by certified or registered mail, return receipt requested, postage prepaid.
- Interpretation. For purposes of this Agreement: (a) the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; (b) the word “or” is not exclusive; (c) the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole; (d) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (e) words denoting any gender include all genders. Unless the context otherwise requires, references in this Agreement: (x) to sections, exhibits, schedules, attachments and appendices mean the sections of, and exhibits, schedules, attachments and appendices attached to, this Agreement; (y) to an agreement, instrument or other document means such agreement, instrument or other document as amended, supplemented and modified from time to time to the extent permitted by the provisions thereof; and (z) to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The exhibits, schedules, attachments and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein.
- Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.
- Entire Agreement. This Agreement, together with any other documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related exhibits, schedules, attachments and appendices any other documents incorporated herein by reference, the terms of this Agreement shall control.
- Assignment. Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance, under this Agreement, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without Med-IQ’s prior written consent. No delegation or other transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation or transfer in violation of this Section is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective permitted successors and assigns.
- No Third-party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.
- Amendment and Modification; Waiver. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each party. No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any rights, remedy, power or privilege arising from this Agreement shall operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.
- Medicare Access Clause. Consistent with federal law and regulation, until the expiration of four (4) years after the furnishing of the Services, Med-IQ will make available, upon request, to the Secretary of Health and Human Services or the Comptroller General, or to any of their duly authorized representatives, the Agreement, and any books, documents, and records that are necessary to certify the extent of any costs arising from the Agreement.
- Compliance. To the extent applicable, the parties intend to comply with (i) the federal anti-kickback statute (42 U.S.C. 1320a-7(b)) and, to the extent possible, the related safe harbor regulations; (ii) the Limitation on Certain Physician Referrals, also referred to as the “Stark Law” (42 U.S.C. 1395nn); (iii) the Federal False Claims Act (31 U.S.C. § 3729 et. seq.); and (iv) and the Medicare and Medicaid program requirements as applicable.
- Severability. If any provision of this Agreement is invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal or unenforceable, the parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
- Governing Law; Venue. This Agreement is governed by and construed in accordance with the internal laws of the State of Ohio without giving effect to any choice or conflict of law provision. The parties agree that the sole venue for any claims arising out of or in relation to this Agreement shall be a court of competent jurisdiction located in Franklin County, Ohio.
- Equitable Relief. Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Section 10.3 or, in the case of Customer, Section 3.3, Section 4.3 or Section 7.3, would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.
- Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. A signed copy of this Agreement delivered by facsimile, e-mail or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.
IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the Effective Date.
MED-COMPLIANCE IQ, INC.
Name: Gary J. Ross
[insert_php] echo $company; [/insert_php]
Name:[insert_php] echo $name; [/insert_php]
Title: [insert_php] echo $title; [/insert_php]
SERVICES AND FEES
To Be Added After Discussion With Customer
“Access Credentials” means any user name, identification number, password, license or security key, security token, PIN or other security code, method, technology or device used, alone or in combination, to verify an individual’s identity and authorization to access and use the Hosted Services.
“Authorized Users” means an individual who has been granted authority by Customer to access and use the Hosted Services pursuant to the terms and conditions of this Agreement.
“Customer Data” means information, data and other content, in any form or medium, that is collected, downloaded or otherwise received, directly or indirectly from Customer or any Authorized User by or through the Services or that incorporates or is derived from the Processing of such information, data or content by or through the Services.
“Customer Systems” means the Customer’s information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by Customer or through the use of third-party services.
“De-identified Data” (whether such term is capitalized or not in this Agreement) means health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual, and which otherwise meets the requirements of 45 CFR 164.514 (b), as may be amended from time to time.
“Documentation” means any manuals, instructions or other documents or materials that Med-IQ provides or makes available to Customer in any form or medium and which describe the functionality, components, features or requirements of the Services or Med-IQ Materials, including any aspect of the installation, configuration, integration, operation, use, support or maintenance thereof.
“Harmful Code” means any software, hardware or other technology, device or means, including any virus, worm, malware or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system or network or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality or use of any data Processed thereby, or (b) prevent Customer or any Authorized User from accessing or using the Services or Med-IQ Systems as intended by this Agreement. Harmful Code does not include any Med-IQ Disabling Device.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree or other requirement of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction.
“Losses” means any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance Med-IQs.
“Med-IQ Data” means the aggregated, de-identified information that Med-IQ assembles from its customers’ data, including Customer. For the avoidance of doubt, any information incorporated into any Med-IQ Data ceases to be Customer Data.
“Med-IQ Disabling Device” means any software, hardware or other technology, device or means (including any back door, time bomb, time out, drop dead device, software routine or other disabling device) used by Med-IQ or its designee to disable Customer’s or any Authorized User’s access to or use of the Services automatically with the passage of time or under the positive control of Med-IQ or its designee.
“Med-IQ Materials” means the Software, Specifications, Documentation and Med-IQ Systems and any and all other information, data, documents, materials, works and other content, devices, methods, processes, hardware, software and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans or reports, that are provided or used by Med-IQ or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or Med-IQ Systems. For the avoidance of doubt, Med-IQ Materials do not include Customer Data.
“Med-IQ Personnel” means all individuals involved in the performance of Services as employees, agents or independent contractors of Med-IQ or any Subcontractor.
“Med-IQ Systems” means the information technology infrastructure used by or on behalf of Med-IQ in performing the Services, including all computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by Med-IQ or through the use of third-party services.
“Permitted Use” means any use of the Services by an Authorized User for the benefit of Customer solely in or for Customer’s internal business operations.
“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association or other entity.
“Process” means to take any action or perform any operation or set of operations that the Software capable of taking or performing on any data, information or other content. “Processing” and “Processed” have correlative meanings.
“Protected Health Information” or “PHI” means any health information received by Med-IQ from Customer or Processed under this Agreement that meets the definition set forth in 45 CFR 160.103.
“Representatives” means, with respect to a party, that party’s employees, officers, directors, consultants, agents, subcontractors and legal advisors.
“Software” means the [insert_php] echo $product; [/insert_php] Product, including all Med-IQ software applications and any third-party or other software, and all new versions, updates, revisions, improvements and modifications of the foregoing, that Med-IQ provides remote access to and use of as part of the Services.
“Specifications” means the specifications for the Services set forth in Schedule A and, to the extent consistent with and not limiting of the foregoing, the Documentation.
“Territory” means the United States.
“Third Party” means any Person other than Customer, Authorized Users, or Med-IQ.
“Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment or components of or relating to the Services that are not proprietary to Med-IQ.
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (this “BAA”), is made and entered into by and between Med-Compliance IQ, Inc., an Ohio corporation with an address of 1275 Kinnear Road, Columbus, Ohio 43212 (“Business Associate”) and [insert_php] echo $company; [/insert_php] (“Covered Entity”) and shall be effective as of the [insert_php] echo $today; [/insert_php] (the “Effective Date”).
- Covered Entity and Business Associate have entered into a relationship (the “Agreement”) and to the extent Business Associate will be, on behalf of Covered Entity, performing or assisting in performing a function or activity involving the use or disclosure of individually identifiable health information or another function regulated by 45 C.F.R. Parts 160-164, or otherwise performing services requiring the disclosure of protected health information to Business Associate (the “Services”), the parties agree to comply with this BAA;
- For purposes of providing the Services, Covered Entity may disclose to Business Associate, and Business Associate may access or use, information that includes Protected Health Information (“PHI”), as defined herein.
- Covered Entity and Business Associate intend to protect a patient’s privacy and provide for the security of the PHI disclosed by Covered Entity or accessed by Business Associate pursuant to the Agreement, in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“HIPAA”) and other applicable laws, including HIPAA amendments contained in the Health Information Technology for Economic and Clinical Health Act (known as the HITECH Act) which is part of the American Recovery and Reinvestment Act of 2009, Public Law 111-05 (“The Act”). HIPAA, the HITECH Act and The Act may collectively be referred to as the “HIPAA Regulations.”
- The HIPAA Regulations require the Covered Entity and the Business Associate to enter into a contract containing specific requirements to protect the confidentiality and security of PHI as set forth in, but not limited to, Title 45, Sections 164.502(e), 164.504(e) and 164.314(a)(2)(i) of the Code of Federal Regulations (“CFR”) and contained in this BAA.
In consideration of the foregoing Background and the mutual promises and the exchange of information pursuant to this BAA, the parties agree to amend the Agreement by incorporating all of the following into the Agreement:
- ‘‘Protected Health Information’’ (“PHI”) shall have the same meaning given to such term under HIPAA and shall include any information, whether oral or recorded in any form or medium, limited to the information created or received by Business Associate from or on behalf of Covered Entity: (i) that relates to the past, present or future physical or mental condition of the patient; the provision of health care to patient; or the past, present or future payment of for the provision of health care to patient; and (ii) that identifies the patient or with respect to which there is a reasonable basis to believe the information can be used to identify the patient.
- Other terms used herein but not otherwise defined, whether capitalized or not, shall have the respective meaning ascribed to them in the HIPAA Regulations.
2. Permitted Uses and Disclosures by Business Associate:
- Except as otherwise limited in the Agreement and this BAA, Business Associate may use or disclose PHI only for the benefit of Covered Entity and to perform functions, activities, or services as specified in the Agreement or the minimum necessary policies and procedures of the Covered Entity. Business Associate warrants and represents that each of the data elements of any PHI that it may access on behalf of Covered Entity is minimally necessary to permit Business Associate to provide the services under the Agreement.
- Except as otherwise limited in the Agreement and this BAA, Business Associate may use or disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that (i) the disclosure is required by law, or (ii) the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that such information will remain confidential and used or further disclosed solely as required by law or for the purpose of assisting Business Associate to meet Business Associate’s obligations under the BAA and the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been Breached.
- Except as otherwise limited in the Agreement and this BAA, Business Associate may use PHI to provide data aggregation services only for Covered Entity. Business Associate shall not sell or otherwise transfer for value to any third party aggregated data.
3. Obligations of Business Associate:
- Business Associate agrees to not use or further disclose PHI other than as permitted or required by the Agreement, this BAA or as required by law. As Covered Entity has not secured individual authorization from the patients whose PHI is contemplated for use under the Agreement, Business Associate is prohibited from directly or indirectly exchanging the Covered Entity’s PHI for remuneration with any other person or entity, in accordance with Section 13405(d) of The Act.
- Business Associate Protection of PHI
(1) Business Associate agrees to implement administrative, physical, technical and policy and documentation safeguards that reasonably and appropriately protect the privacy, security, integrity and availability of the electronic PHI that it creates, receives, maintains or transmits under this Agreement.
(2) Encryption in transit shall be Covered Entity’s sole responsibility. Business Associate agrees to coordinate immediately with Covered Entity to the extent notification of a Breach arising from Business Associate’s acts or omissions is required.
- Business Associate agrees to promptly mitigate, to the extent practicable and reasonable, any harmful effect of a use or disclosure of PHI by Business Associate in violation of the Agreement or this BAA.
- Business Associate Notice to the Covered Entity of Non-Authorized Use, Disclosure Access or Breach of PHI
(1) Business Associate agrees to promptly report to Covered Entity any use or disclosure of PHI not provided for by the Agreement and/or this BAA, including any requests for inspection, copying or amendment of such information and including any security incident involving PHI. To the extent required to comply with its accounting obligations under 45 CFR § 164.528, Business Associate shall maintain a record of all such requests for inspection, copying and amendment(s) of PHI not provided for by the Agreement, including those initiated by Patient, Covered Entity, or third parties, and to promptly provide such documentation to Covered Entity upon request.
(2) Business Associate agrees to promptly notify the Covered Entity of any Breach of any unsecured PHI of the Covered Entity in its possession, but in any event no later than thirty (30) days of the discovery of the Breach. The content of the Business Associate notice to the Covered Entity shall conform to the requirements of 45 CFR § 164.410.
- Business Associate agrees to ensure in writing that any agent, including a subcontractor, to whom it provides PHI agrees to the same restrictions and conditions that apply to Business Associate with respect to such information, including appropriate and comparable safeguards.
- Access to PHI held by Business Associate and Business Associate Accounting for Disclosures
(1) Business Associate agrees to provide prompt access to any PHI it maintains in designated record sets to Covered Entity whenever so requested by Covered Entity in order to meet the requirements of HIPAA. If Patient requests directly from Business Associate (i) to inspect or copy his or her PHI, or (ii) requests its disclosure to a third party, the Business Associate shall promptly forward such request to Covered Entity.
(2) As required by 45 CFR 164.528, Business Associate shall promptly provide to Covered Entity all information necessary to permit Covered Entity to respond to a request from an individual for an accounting of all disclosures the Business Associate made in the past three years of the individual’s PHI, including PHI it maintains electronically.
- To the extent Business Associate maintains any PHI in a designated record set, it agrees to promptly make amendment(s) to PHI requested by Covered Entity and shall do so in the time and manner requested by Covered Entity to enable it to comply with 45 CFR 164.526. If Patient requests an amendment to his or her PHI, directly from Business Associate, the Business Associate shall promptly notify Covered Entity’s facility privacy official of such request and await such official’s denial or approval of the request.
- Business Associate agrees to promptly make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate for or on behalf of, Covered Entity available to the Secretary, in a time and manner designated by the Secretary, to enable the Secretary to determine Covered Entity’s compliance with HIPAA, and to cooperate fully with any HIPAA audit of the Business Associate that the Secretary may undertake under Section 13411 of The Act. Business Associate agrees to retain such books, and records relating to the use and disclosure of PHI for a period of six (6) years.
- Business Associate agrees to document and provide to Covered Entity all disclosures of PHI and information related to such disclosures, and shall do so in the time and manner designated by Covered Entity, to enable it to meet HIPAA requirements for an accounting of such disclosures pursuant to 45 CFR 164.528.
- To the extent Business Associate is to carry out Covered Entity’s obligations under Subpart E of 45 CFR Part 164, Business Associate agrees to comply with the requirements of such Subpart that apply to Covered Entity in the performance of such Covered Entity’s obligation.
4. Obligations of Covered Entity:
- Covered Entity shall promptly notify Business Associate of any limitation in its notice of privacy practices in accordance with 45 CFR 164.520 to the extent that such limitation may affect Business Associate’s permitted use or disclosure of PHI.
- Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Patient to the use or disclosure of PHI, to the extent such changes affect Business Associate’s permitted or required uses and disclosures of PHI.
- Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to the extent that such restriction may affect Business Associate’s permitted use or disclosure of PHI.
- Covered Entity shall notify Business Associate of the date it will implement an electronic medical record, to permit Business Associate to implement its accounting for disclosure obligation, per paragraph 3.(g)(2), above.
- Effect of Breach of Obligations:
Should Business Associate breach any of its obligations herein, Covered Entity shall have provide Business Associate an opportunity to cure the breach and end the violation within the time specified by Covered Entity, which shall be no less than 30 days. If Business Associate does not cure the breach or end the violation as specified by Covered Entity, Covered Entity may immediately terminate this Agreement, without prejudice to other legal remedies available to Covered Entity.
6. Effect of Termination:
- Upon termination of this BAA, Business Associate shall promptly return to Covered Entity all PHI, including derivatives thereof or, upon Covered Entity’s request, destroy such data. This provision shall apply to PHI in the possession of subcontractors or agents of Business Associate. Upon destruction of the PHI, Business Associate shall certify in writing that such information has been destroyed. Notwithstanding the foregoing, Business Associate shall notify Covered Entity in writing about its intent to destroy data within ten (10) days before such date of destruction. If Covered Entity requests the return of any PHI, Business Associate shall comply as requested.
- If the return or destruction of PHI infeasible, Business Associate shall promptly notify Covered Entity of the conditions that make such return or destruction infeasible. Upon mutual determination by the parties that return or destruction of PHI is unfeasible; Business Associate shall extend the protections of this BAA to such data and shall limit its further use or disclosure to purposes that make its return or destruction infeasible.
Except as amended by this BAA, all other terms of the Agreement remain in full force and effect. The Agreement and this BAA and attachments thereto are intended to be read and construed in harmony with each other, but in the event that any provision in this BAA conflicts with the provisions of the Agreement or other attachments solely with regard to use and disclosure of PHI, the provisions in this BAA shall be deemed to control, and such conflicting provision or part thereof shall be deemed removed and replaced with the governing provision herein.
IN WITNESS WHEREOF, the parties hereto have executed this BAA as of the Effective Date.
MED-COMPLIANCE IQ, INC.
Name: Gary J. Ross
[insert_php] echo $company; [/insert_php]
Name: [insert_php] echo $name; [/insert_php]
Title: [insert_php] echo $title; [/insert_php]