PLEASE READ THIS AGREEMENT CAREFULLY. BY SIGNING THIS AGREEMENT (DIGITALLY OR OTHERWISE), CLICKING ON THE “I AGREE” BUTTON/BOX BELOW OR THE “I ACCEPT THIS QUOTE” BUTTON ON ANY QUOTE OR ORDER FORM INTO WHICH THIS AGREEMENT WILL BE INCORPORATED, OR USING PRODUCTS OR SERVICES DESCRIBED IN THIS AGREEMENT OR ASSOCIATED ORDER FORM OR QUOTE, YOU ARE ACCEPTING AND AGREEING TO BE LEGALLY BOUND BY THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT.
INTENDING TO BE LEGALLY BOUND HEREBY, TeamCare Dental, LLC, a Pennsylvania limited liability company with an address of [insert address] (“Provider”), and the Customer identified above the signature line at the end of this Agreement (“Customer”) enter into and agree to be bound by this Software-as-a-Service Agreement (this “Agreement”).
PROVIDER PROVIDES THE SERVICE SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE CONDITION THAT CUSTOMER ACCEPTS AND COMPLIES WITH THEM. BY SIGNING THIS AGREEMENT (DIGITALLY OR OTHERWISE), CLICKING ON THE “I AGREE” BUTTON/BOX BELOW OR THE “I ACCEPT THIS QUOTE” BUTTON ON ANY QUOTE OR ORDER FORM INTO WHICH THIS AGREEMENT WILL BE INCORPORATED, OR USING PRODUCTS OR SERVICES DESCRIBED IN THIS AGREEMENT OR ASSOCIATED ORDER FORM OR QUOTE, YOU (A) ACCEPT THIS AGREEMENT AND AGREE THAT CUSTOMER IS LEGALLY BOUND BY ITS TERMS; AND (B) REPRESENT AND WARRANT THAT: (I) YOU ARE OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT; AND (II) IF CUSTOMER IS A CORPORATION, GOVERNMENTAL ORGANIZATION, OR OTHER LEGAL ENTITY, YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER AND BIND CUSTOMER TO ITS TERMS. IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROVIDER WILL NOT AND DOES NOT LICENSE ANY SERVICE OR PRODUCT TO CUSTOMER AND YOU MUST NOT PROCEED TO USE ANY SERVICES OR PRODUCTS DESCRIBED IN THIS AGREEMENT.
The capitalized terms below will have the following meanings for purposes of this Agreement:
2.1 “Affiliate” of a party means an entity that directly or indirectly controls, is controlled by, or is under common control with that party, in each case through majority voting power.
2.2 “Authorized User” means Customer’s employee, contractor or agent authorized by Customer or its Affiliate to use the Service. Authorized Users are limited to the number
set forth in the Order Form or, if no number is entered there, one.
2.3 “Authorized User Data” means the electronic data, information, and/or files entered, imported, uploaded, transferred into, and/or used with the Service and/or Software
by or on behalf of Customer or an Authorized User that pertains to or could be used to identify an Authorized User.
2.5 “Business Associate Agreement” or “BAA” means the HIPAA Business Associate Agreement attached hereto as Exhibit C and incorporated herein.
2.6 “Customer Content” means the electronic data, information, and/or files entered, imported, uploaded, transferred into, and/or used with the Service and/or Software
by or on behalf of Customer or an Authorized User, including, without limitation, Authorized User Data. Customer Content expressly excludes any Provider Content and Provider Data.
2.7 “Customer Work Product” means any content generated with or exported from the Service and/or Software by Customer and/or an Authorized User. Customer Work
Product excludes any Provider Content and Provider Data.
2.8 “Documentation” means the product functionality descriptions and release notes provided by Provider to Customer from time to time or made available to Customer.
2.9 “Order Form” means a quote or an order form signed and/or agreed to (digitally or otherwise) by Customer and Provider with respect to the Service, including the first
Order Form and any renewal or other Order Form.
2.10 “Provider Content” means any forms, samples and other support and informational materials provided by Provider
for use in connection with the Service, as the same may be modified from time to time by Provider.
2.11 "Provider Data" means any data concerning, or materials applicable to, the dental, medical, or other clinical practice management field that is obtained through the
2.12 “Representative” means, with respect to each party, its officers, managers, members serving in a managerial role, general partners, directors, employees, contractors, and
2.13 “Service” means the provision of access to the Software, such accessibility being in a software-as-a-service format as hosted by Provider on its or a third party’s servers.
2.14 “Service Period” means the period of time that the Service will remain in effect, as set forth in an Order Form.
2.15 “Software” means Provider’s “[identify name of software]” software that permits Customer to access Provider Data.
2.16 “Support & Maintenance Policy” means the Support & Maintenance Policy attached hereto as Exhibit A, as may be modified from time to time pursuant hereto.
3.1 Service. Subject to the terms and conditions set forth in this Agreement, during the term of this Agreement, Provider will make the Service and Provider Content available to Customer pursuant to this Agreement and the applicable Order Form, all on a non-exclusive, non-transferable, non-
3.2 Service, Provider Content and Provider Data. Subject to the terms and conditions set forth in this Agreement, Customer may allow its Authorized Users to use the Service solely in connection with Customer’s business, and use the Documentation, Provider Content, and Provider Data solely to support use of the Service under this Agreement. Customer will remain fully responsible and liable for the acts and omissions of its Authorized Users.
3.3 Changes to Service. From time to time, Customer may add one or more additional Authorized Users to the Service, either by signing a new Order Form or by signing an addendum to this Agreement, at Provider's then current rates.
3.4 Provider Services. Provider will host, support, and maintain the Service substantially in accordance with the Support & Maintenance Policy. Updates (as defined in the Support & Maintenance Policy) will be deemed part of the Service. Provider also will deliver the training, consulting and
other services to the extent set forth in an Order Form. Any additional services to be provided by Provider, including, but not limited to, any customization services, will be subject to a separate services agreement to be executed between
Provider and Customer.
3.5 Third-Party Products and Services. From time to time, Provider may enable or allow access to products, services and websites provided by other persons or entities (each, a “Third-Party Product”). Customer is solely responsible for entering into and complying with any contractual agreement or other terms and conditions that are required by the provider of any Third-Party Product. Provider does not make any representation regarding or endorse any Third-Party Product. Provider will have no obligation or liability relating to any Third-Party Product. Except as expressly set forth in an addendum to this Agreement duly executed by both Provider and Customer, Provider's sole responsibility for any connector or other link or connection to a Third-Party Product identified in an Order Form is to make the Service available to receive and send data between the
Service and the Third-Party Product in accordance with the Documentation, subject to the usage and other limitations set forth in an Order Form, the Documentation, or an addendum to this Agreement.
3.6 Limitation on Use. Except as expressly set forth in this Agreement, Provider Content and Provider Data may not be used in any other manner or for any other purpose. In particular, Customer shall not: (i) repackage any of the Software, Provider Content, or Provider Data under any other
name, mark or brand, nor may Customer sell, license or otherwise provide any Provider Content or Provider Data to any third party on a periodic or continuing basis, except as expressly permitted herein; (ii) deconstruct, disassemble, or reserve engineer any of the Software, Provider Content, or
Provider Data, or otherwise attempt to learn the source code, structure, algorithms or ideas underlying the Software; (iii) create derivative works of the Software, Provider Content, or Provider Data; or (iv) allow or assist an Authorized User or other third party to do any of the foregoing. In addition, except to the extent expressly permitted under this Agreement, Customer shall not be permitted to rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make available the Service, the Software, any Provider Content or Provider Data, or any Customer Work Product to any person or entity, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud or other technology or service.
4.1 Authorization of Users. Customer will be responsible for designating from time to time which of its personnel are to be Authorized Users of the Service.
Customer will give Provider prior written notice of: (a) new Authorized Users, including each Authorized User’s full name and business address, telephone number and e-mail address; and (b) any current Authorized User whose authority to use the Service is to be suspended or discontinued. Customer will take all reasonable steps to ensure that its personnel other than Authorized Users do not access or use the Service, including by sharing usernames and passwords. Customer agrees that all Authorized Users shall be located in the United States.
4.2 User Credentials. Provider may control access to the Service by authenticating unique user IDs and passwords assigned by Provider to Authorized Users, or by any other manual or automated means that Provider may implement from time to time. Upon Customer identifying new Authorized Users as provided in Section 3.1, Provider will enable each Authorized User to obtain a unique username and password to be used for access to the Service solely by that Authorized User in accordance with this Agreement.
4.3 Equipment and Resources. Customer is solely responsible for any travel, accommodations, computer equipment, telecommunications, internet access, and expenses required for Customer or its Authorized Users to access or use the Service.
responsible for any configuration of the Service and any electronic forms, materials, communications, content, and processes selected by Customer or its Authorized Users for use in or in connection with the Service. Customer is solely responsible for any use of the Service, Software, Provider
Content, and/or Provider Data by Customer or its Authorized Users, including reports or exports of Provider Data created by or for Customer, and Customer will ensure that any process, action or decision does not violate any law, rule or regulation. Customer will notify Provider promptly upon becoming aware of any unauthorized or improper use of the Service, Software, Provider Content, and/or Provider Data. Subject to Provider's
compliance with Section 4 of this Agreement, Customer is solely responsible for and will ensure that use or disclosure of any Customer Content or Customer Work Product in accordance with this Agreement complies with applicable laws, rules and regulations, including any required notices or
4.5 Inspection. Upon reasonable prior written notice from Provider, Customer will provide Provider or its Representatives with access to any records and systems reasonably necessary for Provider to audit Customer’s compliance with the terms of this Agreement. Any such audit will be conducted at a mutually acceptable time on at least thirty (30) days’ prior written notice, without unreasonable disruption to Customer’s business operations. Upon Provider's reasonable request, an officer of Customer will provide written certification to Provider that Customer has complied and is complying with the terms of this Agreement.
4.6 Customer Systems. Customer has and will retain sole responsibility for: (a) all Customer Content, including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Service; (c) Customer’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services (”Customer Systems”); (d) the security and use of
Customer’s and its Authorized Users’ access credentials; and (e) all access to and use of the Service, Software, Provider Content, Provider Data, and Documentation directly or indirectly by or through the Customer Systems or its or its Authorized Users’ access credentials, with or without
Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.
5.1 Data Use and Disclosure. Provider may usCustomer Content and Customer Work Product only for the purpose of providing the Service and related services under this Agreement or as otherwise set forth in this Agreement or the BAA. Provider may disclose Customer Content andCustomer Work Product to one or more contractors underwritten agreements requiring such contractors to use and disclose the Customer Content and Customer Work Product only for the purposes permitted under this Agreement and the BAA. Provider also may disclose Customer Content andCustomer Work Product to Customer’s contractors, providers of Third-Party Products, and other third parties, only for purposes of providing the Service or as otherwise directed or permitted by Customer or its Authorized Users and the BAA.Notwithstanding anything to the contrary in this Agreement:a. Provider may use and disclose Customer Content and Customer Work Data as reasonably necessary to comply with applicable laws, rules and regulations, cooperate with law enforcement agencies, or attempt to prevent or respond to illegal conduct, fraud, abuse, or a threat to the security or integrity of systems or data, including the Service, theSoftware, Customer Content, or Customer Work Product;b. Provider may derive or create bench marking, transactional, or performance information, and other forms ofstatistics or analytics on an aggregated basis that may not reasonably be used on its own (or in conjunction with other data available from Provider or its Affiliates) to distinguish ortrace the identity of a Customer or its Authorized Users(collectively, “Analytics”). Provider will maintain policies andprocedures, which may include de-identification, aggregationor other steps, reasonably necessary to prevent Analytics fromincluding information that may be used on its own (or inconjunction with other data available from Provider or itsAffiliates) to distinguish or trace the identity of a Customer orits Authorized Users; andc. Nothing in this Agreement prohibits Provider fromusing Customer Content or the same or similar informationthat: (i) is or becomes publicly available except throughviolation of this Agreement by Provider or its Affiliates; (ii) is orwas received by Provider from a third party that to Provider'sknowledge is not under a confidentiality obligation with respectto the Customer Content; or (iii) is or was previously known toor independently developed by Provider without use of theCustomer Content.
5.2 Right to Customer Data. Customer represents and warrants that it has a right to use and provide Provider with the Customer Content entered, imported, uploaded, transferred into, and/or used with the Service and/or theSoftware.
5.3 Data Protection. Without limiting Customer’s obligations set forth in Section 3.6, Provider will maintainadministrative, physical, and technical safeguards intended to protect the security, privacy and integrity of Customer Content and Customer Work Product.
6.1 Fees and Expenses.a. In consideration of the rights granted herein, and subject to the further terms of this Agreement, upon signing anOrder Form, Customer shall pay the fee(s) set forth in suchOrder Form (each such fee, a “Fee”). Unless otherwise set forth in the applicable Order Form, Provider will invoice any recurring Fee (or portion thereof) in advance, on a monthly basis, and such Fee (or portion thereof) shall be paid bySoftware-as-a-Service Agreement Page 4 of 19 Confidential Information136576149.3Customer within thirty (30) days after delivery of each such invoice. All fees paid under this Agreement, including each of the Fee(s), are non-refundable.b. Provider reserves the right to increase the Fee(s)under this Agreement and/or under any Order Form by givingCustomer at least sixty (60) days prior written notice of such increase, and the applicable Order Form(s) will be deemed amended accordingly; provided that Provider may increase aFee no more than twice (2x) annually for any contract year.
6.2 Taxes. Customer will be solely responsible for paying any sales, value-added, business use or other similar taxes relating to the Service or any other product or service provided by Provider, exclusive of Provider's income taxes. The fees listed in an Order Form (or in any increases thereto) are exclusive of all taxes.
6.3 Purchase Orders. Any terms or conditions in any purchase order or other document issued by Customer are void and of no force or effect as between Customer andProvider and any attempt to modify, supersede, supplement or otherwise alter this Agreement will not modify this Agreement or be binding on the parties. Issuance of a purchase order or other document is not a condition of Customer’s payment obligations.
6.4 Overdue Payments. Provider may charge Customer overdue payment fees/charges on the unpaid balance from the original due date at a rate equal to the lesser of one and one-half percent (1.5%) per month or the maximum interest charge permitted by applicable law, and may suspend access and use of the Service by Customer and its Authorized Users until any overdue payment has been made.
6.5 Invoice Disputes. Any invoice must be disputed within thirty (30) days of delivery. If, within such thirty (30) day period, Customer delivers written notice disputing an invoiced amount and describing the basis for such dispute with reasonable particularity, the parties will use good faith efforts to confer and resolve the dispute within thirty (30) days of receipt of Customer’s notice. Notwithstanding the foregoing,Customer will pay all undisputed sums on an invoice as required by this Agreement. If Customer has paid all undisputed amounts and engages in good faith negotiations in accordance with the foregoing provision, Provider's rights under this Agreement to assess overdue payment charges, suspend access to the Service, and terminate this Agreement for material breach based on non-payment of the disputed payment shall be suspended during, and only during, that thirty (30) day dispute resolution period.
7.1 Service Period.a. The Service Period under each Order Form begins on the date that the Provider first makes the Service andProvider Content available to Customer (the “CommencementDate”) and ends on the same day of the immediately subsequent calendar month following the CommencementDate. Upon expiration of the initial Service Period or any subsequent Service Period under an Order Form, the ServicePeriod will automatically renew for additional successive terms of one (1) calendar month, unless either party notifies the other in writing, at least thirty (30) days prior to the end of the then current term, of its decision to terminate this Agreement.Provider may require the Service Period under any subsequent Order Form to end on the same date as theService Period under the first Order Form (or subsequent renewal), so that all Service Periods share the same expiration date, and in such event Provider will prorate the fees for the Service Period of each Order Form accordingly.
7.2 Term. The term of this Agreement (the “Term”)begins on the last date of signature or acceptance of the firstOrder Form (the “Effective Date”) and will remain in effect until the Service Periods of all Order Forms have expired, or the date of on which this Agreement is otherwise terminated, as provided herein, whichever is earlier.
7.3 Termination for Cause.a. Either party (the “Non-Breaching Party”) may terminate this Agreement upon written notice to the other party(the “Breaching Party”) if the Breaching Party fails to cure any material breach of this Agreement within thirty (30) days of its receipt of written notice from the Non-Breaching Party stating its intent to terminate and describing the breach with reasonable particularity. Nonpayment by Customer of any amount within thirty (30) days of the due date constitutes material breach, subject to the disputed payment resolution procedures set forth in Section 5.5 above. Reference to the unpaid amount and applicable invoice constitutes sufficiently reasonable particularity for the notice of breach.b. Either party may terminate this Agreement on written notice to other party if such other party: (i) terminates or suspends its business operations; (ii) makes an assignment of its assets for the benefit of its creditors; (iii) becomes insolvent; (iv) institutes proceedings for its full or partial liquidation or dissolution; (v) is adjudged bankrupt by a court of competent jurisdiction; (vi) has a trustee or receiver appointed for it or any substantial part of its assets; (vii) has filed against it a voluntary or involuntary petition under theUnited States Bankruptcy Code or other similar law, whether state or federal, for the relief of debtors, which petition is not discharged within thirty (30) days of the date of filing; or (viii)consents to the appointment of a receiver or a trustee for itself or any substantial part of its assets.
7.4 Effect of Termination. Upon the expiration or termination of this Agreement, all rights and licenses granted by a party under this Agreement will immediately terminate, and Customer and its Authorized Users will immediately cease use of the Service, Software, Provider Data, and ProviderContent. Termination by either party will not relieve Customer of any obligation to pay fees due for periods prior to termination. Provider may provide post-termination or expiration assistance services as further agreed by the parties in writing, including the fees payable for such assistance.Notwithstanding this Section 6.4, Provider may continue to use the Customer IP and Customer Marks (as defined below)to satisfy its post-termination or expiration obligations or as otherwise set forth in this Agreement.
7.5 Survival. In no event shall any expiration or termination of this Agreement excuse either party from any breach or violation of this Agreement and full legal andSoftware-as-a-Service Agreement Page 5 of 19 Confidential Information136576149.3equitable remedies shall remain available therefor. Sections1, 2.6, 3.4, 3.5, 3.6, 5, 6.4, 6.5, 7, 8.1, 8.2, 9.2, 10, 11, 12, and the provisions of Section 13 that by their terms naturally survive will survive the expiration or termination of thisAgreement. The Receiving Party’s obligations under Section 7of this Agreement with respect to the other party’s ConfidentialInformation will survive: (a) with respect to ConfidentialInformation that constitutes a trade secret of the DisclosingParty, as long as that Confidential Information remains a trade secret; and (b) with respect to all other ConfidentialInformation, for a period of five (5) years after the expiration or termination of this Agreement.
8.1 Confidential Information Defined. “ConfidentialInformation”, as used in this Agreement, means any information that, during the Term, is disclosed by or on behalf of a party (the “Disclosing Party”) to the other party (the“Receiving Party”) and at the time of disclosure: (a) is designated in writing as confidential or proprietary; (b) is designated orally as confidential or proprietary, and embodied by the Disclosing Party in written or other tangible form, including meeting minutes, memos, diagrams, flow charts and software; or (c) should reasonably be understood by theReceiving Party to be Confidential Information of theDisclosing Party under the circumstances. Notwithstanding the absence of any designation of confidentiality, the parties agree that any Order Form, non-public Documentation, ProviderData, Provider Content, specifications regarding the Service and/or Software and/or their respective functionality, anAnalytics are the Confidential Information of Provider.Notwithstanding the foregoing, the parties agree thatConfidential Information shall not include Protected HealthInformation as defined under the BAA, the confidentiality of which shall be governed by the terms of the BAA.
8.2 Obligations. Except as expressly approved by theDisclosing Party in writing, the Receiving Party will not: (a) use the Confidential Information of the Disclosing Party except to perform or exercise its rights and obligations under thisAgreement; or (b) disclose the Confidential Information of theDisclosing Party to any third party except to the ReceivingParty’s Representatives who are under a duty in substance and effect to use and disclose the Confidential Information only as permitted under this Agreement. The Receiving Party will be responsible for any use by its Representatives of theConfidential Information that it discloses to or shares with itsRepresentatives. Upon the expiration or termination of thisAgreement, each party will cease use of, and, within thirty (30)days of the date of expiration or termination, will destroy or return, all Confidential Information of the other party, except that: (i) Provider may retain Confidential Information ofCustomer as needed to comply with any post-expiration or termination obligation under this Agreement; (ii) each party may retain Confidential Information as required to comply with its obligations under applicable laws, rules or regulations; and(iii) Confidential Information may be stored on secured backup media that are destroyed no more than twelve (12) months after the month in which this Agreement expires or terminates.
8.3 Exceptions. Neither party’s obligations under thisSection 7 will apply to: (a) information that is or becomes publicly available except through any act or omission of theReceiving Party in violation of a duty to the Disclosing Party;(b) information rightfully obtained by the Receiving Party from a third party without restriction and without breach of thisAgreement or any similar agreement; (c) information known to the Receiving Party at the time of disclosure; or (d) information in dependently developed by the Receiving Party without any use of or access to the Disclosing Party’s ConfidentialInformation. The Receiving Party may disclose ConfidentialInformation in accordance with a subpoena, judicial or other governmental order, or requirement of any law, regulation or the rules of any applicable stock exchange, provided that where legally permissible the Receiving Party must give theDisclosing Party reasonable written notice prior to such disclosure and seek confidential treatment for the disclosedConfidential Information, at the sole cost and expense of theDisclosing Party.
9.1 Provider IP Ownership. As used in this Agreement,“Intellectual Property Right” means any patent application, patent, copyright, moral right, database right, trademark right, trade secret or other intellectual property or proprietary right recognized or enforceable under any U.S., foreign or international law, rule or regulation. Provider retains ownership of and reserves all Intellectual Property Rights in or related to the Service, Software, Provider Content, Analytics, or ProviderData (collectively, “Provider IP”). Provider does not convey toCustomer or its Authorized Users any Intellectual PropertyRight in or to any Provider IP except for the non-exclusive right to use the Service, Software, Provider Data, and ProviderContent as set forth in this Agreement. Customer agrees thatProvider is free to use and incorporate into Provider IP any comment, feedback, review or other input provided byCustomer or its Authorized Users, and that such use or incorporation does not create or give rise to any IntellectualProperty Right of Customer or its Authorized Users in anyProvider IP.
9.2 Customer IP Ownership. Customer retains ownership of and reserves all Intellectual Property Rights in or related to the Customer Content, Customer Work Product or any other materials, communications or content that Customer or its Authorized Users supply for use in connection with theService (collectively, “Customer IP”). Customer does not convey to Provider any Intellectual Property Right in or to anyCustomer IP, except as expressly set forth in this Agreement, including without limitation pursuant to Sections 4.2 and 4.3.
9.3 Customer IP License. Customer grants to Provider a non-exclusive, non-sublicensable right, during the Term, to use, copy, create derivative works based on and display theCustomer IP in connection with the performance of Provider's obligations under or as otherwise set forth in this Agreement or any Order Form.
9.4 Customer Marks. Customer grants to Provider anon-exclusive, non-sublicensable right, during the Term, to use any Customer trademark, service mark or trade name included in the Customer IP or designated by Customer for use in the Service (the “Customer Marks”), in connection with the performance of Provider's obligations under or as otherwise set forth in this Agreement or any Order Form, andSoftware-as-a-Service Agreement Page 6 of 19 Confidential Information136576149.3to identify Customer in Provider's customer lists and other marketing and promotional materials and communications referencing Customer as a customer of Provider. Provider will comply with Customer’s written guidelines for trademark usage provided reasonably in advance.
10.1 Warranty. Provider warrants that, during eachService Period, the Service will perform in all material respects in accordance with the Documentation; provided however that if any training, consulting and other services set forth on anyOrder Form are provided to Customer pursuant to Section 2.4hereof, or if any other services are provided to Customer pursuant to a separate service agreement pursuant to Section2.4, Provider makes no representation, warranty, or guarantee of any kind with respect to the provision of such services.Provider's warranty does not apply to: (a) any Third-PartyProduct; (b) any use of the Service not in accordance with theDocumentation, Provider's published policies, this Agreement or any applicable Order Form; (c) any Customer Content; or(d) failure of Customer or its Authorized Users to follow reasonable support or maintenance instructions provided byProvider (each of (a), (b) (c), and (d) above, an “ExcludedCondition”). Provider's sole liability and obligation for breach of the foregoing warranty will be to use commercially reasonable efforts to promptly repair or replace the Service to correct the breach, and the sole remedy of Customer is that it may terminate this Agreement upon written notice and receive a refund of any pre-paid but unused amounts if the breach extends for at least sixty (60) consecutive days or for any one-hundred and twenty (120) days in any three-hundred and sixty(360) day period.
10.2 Limitations. EXCEPT AS EXPRESSLY SET FOR THIN THIS SECTION 9, PROVIDER DOES NOT MAKE AND EXPRESSLY DISCLAIMS ANY WARRANTY OF ANY KIND,WHETHER EXPRESS, IMPLIED, STATUTORY, ARISING AT COMMON LAW, OR OTHERWISE RELATED TO THE SUBJECT MATTER OF THIS AGREEMENT, INCLUDING THE SERVICE, SOFTWARE, PROVIDER CONTENT,PROVIDER DATA, OR ANY OTHER PRODUCTS OR SERVICES PROVIDED UNDER THIS AGREEMENT OR ANY ORDER FORM. WITHOUT WAIVING OR LIMITING THE GENERALITY OF THE FOREGOING, PROVIDER DOES NOT MAKE, AND EXPRESSLY DISCLAIMS, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, DATA OR SYSTEM INTEGRITY, AVAILABILITY, TIMELINESS,COMPLETENESS, NON-INFRINGEMENT, OR THAT THE SERVICE OR SOFTWARE WILL PERFORM WITHOUT INTERRUPTION OR WILL BE ERROR FREE, AND ANY WARRANTY REGARDING CUSTOMER’S (OR ITS AUTHORIZED USERS') USE OF THE SERVICE,SOFTWARE, PROVIDER CONTENT, PROVIDER DATA ORANY INFORMATION OBTAINABLE THEREFROM, ANY DECISION MADE USING THE SERVICE, SOFTWARE,UNAUTHORIZED ACCESS TO THE SERVICE OR SOFTWARE, OR CUSTOMER’S USE OF ANY EQUIPMENT OR SOFTWARE IN CONNECTION WITH THE SERVICE OR SOFTWARE IS EXPRESSLY DISCLAIMED.NOTWITHSTANDING ANYTHING TO THE CONTRARY INTHIS AGREEMENT, PROVIDER MAY MAKE CHANGES TOTHE SERVICE OR SOFTWARE FROM TIME TO TIME, ORTHE CORRESPONDING DOCUMENTATION, AND THOSE CHANGES WILL NOT BE DEEMED TO GIVE RISE TO BREACH OF WARRANTY OR IMPOSE ANY LIABILITY ON PROVIDER.
11.1 Provider Indemnification. Provider will defendCustomer and its Representatives (each, a “Customer Indemnitee”) from and against any and all third-party claims, demands, lawsuits, or legal actions: (a) alleging that theProvider IP infringes or violates an Intellectual Property Right of a third party; (b) arising from Provider's failure to perform under Section 4.1 (Data Use and Disclosure) or Section 4.3(Data Protection) above; or (c) arising from Provider's violation of its obligations under this Agreement with respect toConfidential Information (each of (a), (b), and (c), a “ProviderIndemnified Claim”), and indemnify each Customer Indemnitee from and against any and all out of pocket damages, expenses and/or other costs awarded against it(including reasonable attorney's fees associated therewith) in a final, non-appealable judgment in connection with a ProviderIndemnified Claim. Provider's obligations under this Section10.1 do not apply to any Excluded Condition.
11.3 Indemnification Conditions.a. As an express condition to either party’s duty to defend or indemnify under this Section 10, the person or entity seeking defense or indemnification must: (i) give the defending and indemnifying party prompt written notice of the applicable claim, demand or legal action; (ii) allow the defending and indemnifying party sole control of the defense and settlement; and (iii) reasonably cooperate in the defense and settlement at the defending and indemnifying party’s reasonable cost, except that the indemnified person or entity will not be required to make any settlement payment unless the defending and indemnifying party agrees to include that payment as an indemnified expense.b. In the event of any claim, demand, legal action or notice alleging infringement of Provider IP, Provider may either: (i) replace or modify the Provider IP in whole or in part in a manner that does not materially degrade the Service;(ii) obtain a license or other grant of rights necessary to continue to provide the Provider IP in accordance with thisSoftware-as-a-Service Agreement Page 7 of 19 Confidential Information136576149.3Agreement; or (iii) terminate this Agreement upon written notice to Customer. In such event, Provider's sole liability will be its obligations under Section 10.1 above and to refund toCustomer any pre-paid but unused fees.
12.1 IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ITS SUBJECT MATTER, WHETHER UNDER ANY THEORY OF CONTRACT, NEGLIGENCE, INTENTIONAL OR UNINTENTIONAL TORT, OR ANY OTHER LEGAL THEORY,FOR LOST REVENUE, LOST PROFITS, LOST DAMAGES,LOSS OF DATA, LOSS OF USE, ANY CLAIM OR ACTION OF ANY THIRD PARTY (EXCEPT UNDER SECTION 10(INDEMNIFICATION) OF THIS AGREEMENT), OR ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES, WHETHER OR NOT SUCH PARTY OR ITS AFFILIATE MAY HAVE ANTICIPATED OR BEEN ADVISED OF SUCH DAMAGES.
12.2 THE TOTAL CUMULATIVE LIABILITY OF PROVIDER AND ITS REPRESENTATIVES ARISING OUTOF OR RELATED TO THIS AGREEMENT, ANY ORDER FORM OR THE SUBJECT MATTER HEREOF, WHETHER UNDER CONTRACT, TORT OR ANY OTHER LEGAL THEORY, WILL NOT EXCEED, IN THE AGGREGATE, THE AMOUNT OF FEES PAID BY CUSTOMER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TOTHE DATE ON WHICH THE FIRST OF ANY SUCH LIABILITIES AROSE. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY DAMAGES FOR BREACH OF CONTRACT UNDER THIS AGREEMENT OR ANY ORDER FORM UNLESS SUCH PARTY FIRST PROVIDED THE BREACHING PARTY WITH AT LEAST THIRTY (30) DAYS’PRIOR WRITTEN NOTICE OF SUCH BREACH AND AN OPPORTUNITY FOR SUCH BREACHING PARTY TO CURE SUCH BREACH WITHIN THOSE THIRTY (30) DAYS.
12.3 TO THE MAXIMUM EXTENT PERMITTED BY LAW,THE LIMITATIONS IN THIS SECTION 11 WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE.
13.1 Business Associate Agreement. Each party acknowledges and agrees that in the performance of each party’s obligations hereunder and in connection withCustomer’s use of the Services, Customer may Disclose (as that term is defined in the BAA) to Provider certain ProtectedHealth Information (as that term is defined in the BAA).Customer and Provider intend to protect the privacy and provide for the security of Protected Health Information that may be Disclosed to Provider in connection with the Services in compliance with the Health Insurance Portability andAccountability Act of 1996, Public Law 104-191, as amended, along with its implementing regulations promulgated by theSecretary of the Department of Health and Human Services(“HHS”), including, the “Privacy Rule” (45 C.F.R. Part 160and Subparts A and E of Part 164), the “Security Rule” (45C.F.R. Part 160 and Subparts A and C of Part 164), and the“Breach Notification Rule” (45 C.F.R. Part 160 and SubpartsA and D of Part 164), as each may be amended from time to time (collectively, “HIPAA”). In connection therewith, Provider and Customer intend for the BAA to meet those requirements under HIPAA that mandate a written agreement between aCovered Entity (as that term is defined in the BAA) and itsBusiness Associate (as that term is defined in the BAA), and for the BAA to set forth each party’s respective obligations in connection with each Party’s Use (as that term is defined in the BAA) and Disclosure of Protected Health Information in connection with Provider’s performance of the Services.Accordingly, each of Customer and Provider agree that by signing this Agreement (digitally or otherwise), clicking on the“I Agree” Button/Box below or the “I Accept this Quote” button on any Quote or Order Form into which this Agreement will be incorporated, or using products or services described in thisAgreement or associated Order Form or Quote, each such party shall immediately and automatically be a party to and bound by the Business Associate Agreement, which is hereby incorporated by reference, as though they were a direct signatory thereto, with Customer constituting and having the rights and obligations of “Covered Entity” thereunder and withProvider constituting and having the rights and obligations of“Service Provider” thereunder.
14.1 Relationship of the Parties. Each party agrees that it is an independent entity and that nothing in this Agreement creates a partnership, joint venture, fiduciary, agency, or affiliate relationship between the parties. Each party is solely responsible for the supervision, management, direction and payment of compensation and benefits to its own employees, contractors, and agents.
14.2 Force Majeure. Neither party will be deemed to be in default of its obligations under this Agreement or any OrderForm (other than an obligation to pay money) to the extent that performance of its obligations or attempts to cure any breach are materially delayed or prevented by reason of any event that is beyond the reasonable control of that party and could not reasonably have been foreseen and protected against by that party, including without limitation any breakdown, damage, or destruction of equipment, delay in, shortage of, or inability to secure: fuel, utilities, services, materials, information, transportation, or labor due to enemy or hostile action, sabotage, war, terrorism, blockade, insurrection, government declared emergency, riot, epidemic, pandemic, viral outbreak, flood, earthquake, act of God, pandemic, epidemic, governmentally-imposed isolations or quarantines, failure of utilities providers, breakdown or damage to generation and transmission facilities, civil disturbance, explosion, fire or other casualty, provided that the non-performing party gives the other party prompt written notice of the event. If the delay or nonperformance by Provider as described in this Section 13.3 continues for a period of at least forty-five (45) consecutive days, then Customer may elect to terminate this Agreement by written notice no more than thirty(30) days’ after the end of the forty-five (45) day period, and receive a refund of any pre-paid fees for unused portions of the remaining Service Period (effective as of the start of the period of force majeure). This Section 13.3 does not apply to payment obligations. Software-as-a-Service Agreement Page 8 of 19 Confidential Information136576149.3
14.3 Notices. All notices and other communications required or permitted under this Agreement will be in writing and will be deemed duly given if hand delivered against assigned receipt therefor, sent by certified mail, return receipt requested, first class postage prepaid, sent by nationally recognized overnight delivery service, or sent by electronic mail (read-receipt requested), in each case addressed to the party entitled to receive the same at the address set forth inthe Order Form. Either party may alter the address to which communications are to be sent by giving notice of such change of address in conformity with the provisions of thisSection providing for the giving of notice.
14.4 Assignment. Customer shall not and may not assignor delegate any of its rights or obligations under thisAgreement without prior written consent from Provider.Provider may freely assign and/or delegate any of its rights and obligations hereunder. Any purported assignment or delegation in violation of this paragraph is void and constitutes a material breach of this Agreement. In the event of a permitted assignment, the assigning party will provide not less than ten (10) days’ prior written notice of the assignment to the other party. Subject to the foregoing, this Agreement inures to the benefit of and is binding on each of the parties, their successors, permitted assigns and legal representatives.
14.6 Third-Party Beneficiaries. Except for the parties, no other person has any rights, interest or claims under thisAgreement or any Order Form, or is entitled to any benefits under or on account of this Agreement or any Order Form, asa third-party beneficiary or otherwise.
14.7 Governing Law; Venue. This Agreement is governed by, and will be construed in accordance with, the laws of the Commonwealth of Pennsylvania, without regard to the conflict of law principles thereof or of any other state. TheUnited Nations Convention on Contracts for the InternationalSale of Goods, and the Uniform Computer InformationTransactions Act will not apply to this Agreement or the transactions contemplated hereby. Any lawsuit action, or proceeding related to this Agreement, its subject matter, any breach hereof or any termination will be heard exclusively in the federal or state courts located in Bucks County,Pennsylvania, and the parties hereby submit to the personal jurisdiction of and venue in those courts.
14.8 Rules of Interpretation. It is the intention of the parties that, if a court of competent jurisdiction determines that any provision of this Agreement is unenforceable, the remaining provisions of this Agreement will remain in full force and effect. In the event of any conflict between this Agreement and an Order Form, addendum or exhibit, this Agreement will be given precedence, except as expressly set forth in the applicable Order Form, statement of work, addendum or exhibit. Unless explicitly specified to the contrary, the word“including” wherever used herein means “including, but not limited to”. This Agreement shall be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted.
14.9 Entire Agreement; Amendment; and Waiver. NoOrder Form or addendum or exhibit to this Agreement is binding on the parties unless agreed by both parties in writing.Each binding Order Form, addendum and exhibit is incorporated into and made part of this Agreement. ThisAgreement supersedes all prior discussions, statements, representations and agreements, oral or written, between the parties relating to the subject matter of this Agreement and constitutes the entire agreement between the parties relating to its subject matter. Except as set forth herein, thisAgreement may be amended, modified, or supplemented only by a written document signed by an authorized representative of each party. The failure of either party, at any time, to enforce any right or remedy available to it under this Agreement or otherwise with respect to any breach or failure by the other party does not constitute a waiver of such right or remedy with respect to any other breach or failure by the other party.
14.10 Counterparts. This Agreement may be executed by facsimile or other electronic means, and in one or more counterparts, each of which is deemed to be an original, but all of which together constitute one and the same Agreement.Original signatures transmitted and received by means of facsimile, e-mail, or other electronic transmission of a scanned document, (e.g., pdf or similar format) will constitute true and valid signatures for all purposes hereunder and will have the same force and effect as the delivery of an original.Software-as-a-Service Agreement Page 9 of 19 Confidential Information136576149.3[SIGNATURES ON NEXT PAGE]Software-as-a-Service Agreement Page 10 of 19 Confidential Information136576149.3
IN WITNESS WHEREOF, each party hereto, intending to be legally bound, has caused its duly authorized representative to execute this Agreement effective as of the Effective Date.
BY SIGNING THIS AGREEMENT (DIGITALLY OR OTHERWISE), CLICKING ON THE “I AGREE” BUTTON/BOX BELOW OR THE“I ACCEPT THIS QUOTE” BUTTON/BOX ON ANY QUOTE OR ORDER FORM INTO WHICH THIS AGREEMENT WILL BE INCORPORATED, OR USING PRODUCTS OR SERVICES DESCRIBED IN THIS AGREEMENT OR ASSOCIATED QUOTE OR ORDER FORM, CUSTOMER ACKNOWLEDGES THAT CUSTOMER HAS READ AND UNDERSTOOD THIS AGREEMENT AND AGREES TO BE BOUND BY ALL OF THE TERMS AND CONDITIONS CONTAINED HEREIN.
During the term of the Agreement, Provider shall provide Customer with the following maintenance and support services:
1. Defect Resolution. Provider will use commercially reasonable efforts to correct Defects (as hereinafter defined) in theService within a reasonable time after Provider reports a Defect to Provider or Provider otherwise learns about a Defect.
2. Software Updates. Provider will make Updates (as hereinafter defined) to the Service available to Customer as and when such Updates are made available by Provider to its customers generally or, if Provider does not have any other customers, as soon as reasonably practicable. All Updates that are provided to Provider will be subject to all of the terms and conditions of the Agreement. For the avoidance of doubt, Provider will not be required to provide Customer with any enhancements, modifications, upgrades, improvements or other change in or to the functionality of the Service. For the further avoidance of doubt, any Updates to the Service made by the Provider may eliminate or make unavailable certain features of theService. Provider shall not have any obligation to restore or make available any such features to Customer.
3. Telephone/E-Mail/Online Support. During Provider’s normal business hours on Mondays through Fridays (excluding holidays), Provider will provide Customer’s Authorized Users with access to Provider’s support personnel via telephone, email, and/or such online ticketing system as may be designated by Provider from time to time, as reasonably necessary or appropriate under the circumstances, to answer questions and/or provide guidance and assistance in the use and operation of the Service.
4. Customer Cooperation. Customer will cooperate with Provider by granting all reasonable and necessary access and login capabilities to the Service and by providing Provider with all data and information that may be reasonably required by Provider to correct a Defect.
5. Update Training. After providing an Update to Customer, Provider will provide Customer with instructions and guidelines on the use of such Update, in written or electronic form.
6. Definitions. As used in this Exhibit, the following terms will have the following meanings:
(a) “Defect” will mean any programming or software design error that impairs the performance, utility and/or functionality of the Service, as well as any failure of the Service to conform to the specifications for the Service. Notwithstanding the foregoing, the term “Defect” will not include any such failure that is caused by: (i) the use or operation of the Service with any third party software or in an environment or with an operating system configuration other than as intended or recommended by Provider, including any use or operation not in accordance with the Documentation, Provider's published policies, the Agreement or any applicable OrderForm; (ii) modifications to the Service not made by or at the request of Provider; (iii) Customer’s or its Authorized User’s internet connectivity; (iv) the failure to implement critical updates and security patches released by the operating system’s manufacturer; (v) any bug, defect or error in third party software or any other failure of such third-party software to conform to its published specifications; (vi)failure, interruption, outage, or other problem with any software, hardware, system, network, facility, or other matter not supplied byProvider pursuant to this Agreement; or (f) schedule downtime for routine maintenance of the Service.
(b) “Update” will mean executable code for change to or modifications of the Service that correct the functioning of the Service, including, but not limited to, the correction or elimination of any bug, defect, or error in the Service.Software-as-a-Service Agreement Page 12 of 19 Confidential Information136576149.3
a. the expiration or earlier termination of the SaaS Agreement; or
b. your ceasing to be authorized by Customer to use or access the Service for any or no reason.
2. Use Restrictions. You shall not, directly or indirectly:
a. use or access the Service or Documentation except as set forth in Section 1;
b. copy any of the software included in the Service or in the Documentation (all such software, the “Software”), in whole or in part;
c. modify, translate, adapt, or otherwise create derivative works or improvements, whether or not patentable, of theService, the Documentation, the Software, or any part thereof;
d. combine the Software or any part thereof with, or incorporate the Software or any part thereof in, any other programs;
e. reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code of the Service, the Software, or any part thereof;
f. remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other intellectual property or proprietary rights notices included on or in the Service, Documentation, or Software, including any copy thereof;
g. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise provide any access to or use of theService, Documentation, Software or any features or functionality thereof, for any reason, to any other person or entity, whether or not over a network and whether or not on a hosted basis, including in connection with the internet, web hosting, wide area network (WAN), virtual private network (VPN), virtualization, time-sharing, service bureau, software as a service, cloud, or other technology or service;
h. use the Service, Documentation, or Software in, or in association with, the design, construction, maintenance, oroperation of any hazardous environments or systems, including:
(i) power generation systems;
(ii) aircraft navigation or communication systems, air traffic control systems, or any other transport management systems;
(iii) safety-critical applications, including medical or life-support systems, vehicle operation applications, or any police, fire, or other safety response systems; and
(iv) military or aerospace applications, weapons systems, or environments.
i. use the Service, Documentation, or Software in violation of any law, regulation, or rule; or
j. use the Service, Documentation, or Software for purposes of competitive analysis of the Software, the development of a competing software product or service, or any other purpose that is to the Provider’s commercial disadvantage.
3. Compliance Measures. The Service and Software may contain technological copy protection or other security features designedto prevent unauthorized use of the Software, including features to protect against use of the Software:Software-as-a-Service Agreement Page 13 of 19 Confidential Information136576149.3a. beyond the scope of the license granted to pursuant to Section 1; orb. prohibited under Section 2.You shall not, and shall not attempt to, remove, disable, circumvent, or otherwise create or implement any workaround to, any suchcopy protection or security features.
4. Collection and Use of Information. Provider may, directly or indirectly through the services of others, collect and store information regarding use of the Service and Software by means of: (i) providing maintenance and support services; and (ii) security measures included in the Service and Software as described in Section 3. You agree that the Provider may use such information for any purpose related to any use or access of the Service and/or Software by you, including but not limited to improving the performance of the Service and Software or developing updates and verifying compliance with the terms of this Agreement and enforcing Provider’s rights, including all intellectual property rights in and to the Service, Software, and Documentation.
5. Intellectual Property Rights. You acknowledge that the Service, Software, and Documentation is provided under license, and not sold, to you. You do not acquire any ownership interest in the Service, Software, and Documentation under this Agreement, or any other rights to the Service, Software, and Documentation other than to use Service, Software, and Documentation in accordance with the license granted under this Agreement, subject to all terms, conditions, and restrictions. Provider and its licensors and service providers reserve and shall retain their entire right, title, and interest in and to Service, Software, andDocumentation and all intellectual property rights arising out of or relating to Service, Software, and Documentation, subject to the license expressly granted to the Customer in this Agreement. You shall use commercially reasonable efforts to safeguard allSoftware (including all copies thereof) from infringement, misappropriation, theft, misuse, or unauthorized access.
6. Disclaimer of Liability. IN NO EVENT WILL PROVIDER OR ITS AFFILIATES, OR ANY OF ITS OR THEIR RESPECTIVE LICENSORS OR SERVICE PROVIDERS, BE LIABLE TO YOU FOR ANY USE, INTERRUPTION, DELAY, OR INABILITY TO USETHE SERVICE, SOFTWARE, OR DOCUMENTATION. YOU ARE PROVIDED THE SERVICE, SOFTWARE, AND DOCUMENTATION PURSUANT TO THE SAAS AGREEMENT BETWEEN PROVIDER AND CUSTOMER, SOLELY FOR THE BENEFIT OF CUSTOMER AND AT CUSTOMER’S DISCRETION. YOU ACKNOWLEDGE THAT YOU HAVE NO RIGHTS UNDER THAT AGREEMENT INCLUDING ANY RIGHTS TO ENFORCE ANY OF ITS TERMS. ANY OBLIGATION OR LIABILITY PROVIDER OR ITS AFFILIATES, OR ANY OF ITS OR THEIR LICENSORS OR SERVICE PROVIDERS, MAY HAVE WITH RESPECT TO YOUR USE OR INABILITY TO USE THE SERVICE, SOFTWARE, AND DOCUMENTATION SHALL BE SOLELY TO CUSTOMER PURSUANT TO THAT AGREEMENT AND SUBJECT TO ALL LIMITATIONS OF LIABILITY SET FORTH THEREIN.
This HIPAA Business Associate Agreement (“Agreement”), dated effective as of the Effective Date (as defined below),is by and between Customer (“Covered Entity”) and TeamCare Dental LLC (“Business Associate”) and relates to BusinessAssociate’s provision of Services on Covered Entity’s behalf as described in the Background paragraphs hereof. Hereinafter,Covered Entity and Business Associate may be referred to, each, as a “Party” and, collectively, as the “Parties”.
Covered Entity has engaged Business Associate, pursuant to that certain Software-as-a-Service Agreement between theParties (as may be amended, the “Services Contract”), to provide certain services for and on behalf of Covered Entity (the“Services”) as a result of which Covered Entity may Disclose Protected Health Information to Business Associate. As used herein, the term “Effective Date” shall have the meaning ascribed in the Services Contract.
To the limited extent that Business Associate creates, receives, maintains, or transmits Protected Health Information on behalf of Covered Entity in connection with Business Associate’s performance of the Services, Business Associate shall be considered a Business Associate of Covered Entity.
Covered Entity and Business Associate intend to protect the privacy and provide for the security of Protected HealthInformation that may be Disclosed to Business Associate in connection with the Services in compliance with this Agreement and theHealth Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended, along with its implementing regulations promulgated by the Secretary of the Department of Health and Human Services (“HHS”), including, the “Privacy Rule”(45 C.F.R. Part 160 and Subparts A and E of Part 164), the “Security Rule” (45 C.F.R. Part 160 and Subparts A and C of Part 164),and the “Breach Notification Rule” (45 C.F.R. Part 160 and Subparts A and D of Part 164), as each may be amended from time to time (collectively, “HIPAA”).
Covered Entity and Business Associate intend for this Agreement to meet those requirements under HIPAA that mandate a written agreement between a Covered Entity and its Business Associate, and for this Agreement to set forth each Party’s respective obligations in connection with each Party’s Use and Disclosure of Protected Health Information in connection withBusiness Associate’s performance of the Services.
NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information provided for herein, the Parties, intending to be legally bound hereby, agree as follows:
1.1 Incorporation. The Background paragraphs of this Agreement are hereby incorporated into this Agreement in full.
1.2 Definitions. Each capitalized term appearing in this Agreement not otherwise expressly defined herein shall have the meaning ascribed to it under HIPAA. The meanings given to the terms “Disclosure” and “Use” in 45 C.F.R. 160.103 shall also apply to those capitalized terms used herein that are in the plural or in any tense or variant of the terms “Disclosure” and “Use”,such as “Disclose”, “Discloses”, “Disclosing” and “Disclosed”, and “Uses”, “Using” and “Used”, respectively. “PHI” shall meanProtected Health Information that is created, received, maintained or transmitted by Covered Entity and is Used or Disclosed byBusiness Associate in order for Business Associate to perform the Services. “e-PHI” shall mean Electronic Protected HealthInformation that is created, received, maintained or transmitted by Covered Entity and is Used or Disclosed by Business Associate in order for Business Associate to perform the Services. “Unsecured PHI” shall mean Unsecured Protected Health Information that is created, received, maintained or transmitted by Covered Entity and is Used or Disclosed by Business Associate in order forBusiness Associate to perform the Services.
1. Term. This Agreement shall be effective as of the Effective Date and shall continue in full force indefinitely until terminated upon the earlier of either Party terminating this Agreement pursuant to Section 7.1 hereof or the termination or expiration of theServices Contract. Upon the termination of this Agreement for any reason, Section 7.2 hereof shall apply.
2. Obligations of Covered Entity.Software-as-a-Service Agreement Page 15 of 19 Confidential Information136576149.32.1 Safeguards; Encryption. Covered Entity shall comply with HIPAA and all applicable federal and state laws governing the privacy and security of health information. Covered Entity shall implement and maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the privacy and security of PHI in accordance with the applicable standards and requirements under HIPAA. With respect to e-PHI, Covered Entity shall: (i) ensure the confidentiality, integrity, and availability of all e-PHI Covered Entity creates, receives, maintains, or transmits; (ii) protect against any reasonably anticipated threats or hazards to the security or integrity of such e-PHI; (iii) protect against any reasonably anticipated uses or disclosures of such e-PHI that are not permitted or required under HIPAA; and (iv) ensure compliance with the Security Rule by its Workforce.Covered Entity shall implement security measures to protect e-PHI transmitted to Business Associate from unauthorized access, which may include use of the Transport Layer Security (“TLS”) protocol or other encryption mechanism.
2.2 Permissible Requests; Minimum Necessary. Covered Entity shall not request Business Associate to Use orDisclose PHI in any manner that, if done by Covered Entity, would not be permissible under HIPAA, all applicable federal and state law or any applicable third-party agreement to which Covered Entity is a party. Furthermore, Covered Entity shall Disclose toBusiness Associate only the amount of PHI that Covered Entity determines to be the minimum necessary for Business Associate to perform its obligations under the Services Contract. Covered Entity shall adhere to all applicable minimum necessary standards established from time to time by HHS or any other federal or state agency.
2.3 Notice of Privacy Practices. If Covered Entity is required under HIPAA to maintain a Notice of Privacy Practices(“NPP”), Covered Entity shall promptly provide Business Associate with its current NPP, and any amendments thereto or replacements thereof, to the extent that the terms of the NPP will affect Business Associate’s performance under the ServicesContract or this Agreement or Business Associate’s compliance with HIPAA.
2.4 Prompt Notification. To the extent that it affects Business Associate’s performance of its obligations under thisAgreement or the Services Contract or Business Associate’s compliance with HIPAA, Covered Entity shall promptly notify BusinessAssociate of any and all requests it receives by or on behalf of any and all Individuals with respect to Covered Entity’s obligations under 45 C.F.R. 164.522 (restricting Disclosure of PHI), 164.524 (providing access to or a copy of PHI), 164.526 (amending PHI), or164.528 (accounting of Disclosures of PHI).
2.5 Authority. Covered Entity represents and warrants that it is authorized under HIPAA, all applicable federal and state laws, and all applicable third-party agreements to which Covered Entity is a party to Disclose PHI to Business Associate for the purpose of Business Associate’s provision of the Services. Covered Entity shall promptly notify Business Associate if the immediately preceding sentence ceases to be true, including instances where a third party implements any restriction or limitation which may affect Business Associate’s ability to render the Services or to Use or Disclose PHI pursuant to the terms of thisAgreement.
3. Obligations of Business Associate.3.1 Permitted Uses and Disclosures, Generally. Subject to the terms of this Agreement and HIPAA, BusinessAssociate may Use or Disclose any and all PHI it creates, receives, maintains or transmits on behalf of Covered Entity, as follows:
3.1.1 Purpose and Scope. Business Associate may Use or Disclose PHI as follows: (i) as permitted hereunder to provide or perform the Services; (ii) as Required by Law; or (iii) as otherwise permitted under HIPAA and applicable law.
3.1.2 Amount of Information. Business Associate may Use or disclose only the minimum necessary amount ofPHI needed, in Business Associate’s discretion, for Business Associate to render the Services, and Business Associate shall adhere to all applicable minimum necessary standards established from time to time by HHS or any other federal or state agency.
3.1.3 Use for Management and Administration. Business Associate may Use PHI if such Use is necessary: (i)for the proper management and administration of Business Associate; or (ii) to carry out the legal responsibilities of BusinessAssociate.
3.1.4 Disclosure for Management and Administration. Business Associate may Disclose PHI to a third party for the proper management and administration of Business Associate if: (i) the Disclosure is Required By Law; or (ii) BusinessAssociate obtains from such third party reasonable assurances that:
(a) PHI will be held confidentially and in compliance withHIPAA, and Used or further Disclosed by such third party only as Required By Law or for the purpose for which it was Disclosed to such third party; and
(b) the third party will notify Business Associate, without unreasonable delay, of any Breach or potential Breach of PHI of which such third party becomes aware.Software-as-a-Service Agreement Page 16 of 19 Confidential Information136576149.33.2 Uses or Disclosures Requiring Prior Authorization. Business Associate understands that, except as expressly provided in this Agreement or permitted under HIPAA and all applicable federal and state laws, it shall not Disclose PHI to any third party without first having received an authorization that complies with 45 C.F.R. 164.508 (“Authorization”) from the affectedIndividual(s). To the extent Disclosure of PHI to a third party is required for Business Associate to render the Services, CoveredEntity shall assist Business Associate in obtaining, or obtain for Business Associate, the necessary Authorizations. BusinessAssociate shall retain a copy of each Authorization it obtains pursuant to this Section 4.2 in accordance with the retention requirements set forth in 45 C.F.R. 164.508.3.3 Prohibited Uses and Disclosures. Business Associate shall not directly or indirectly accept remuneration in exchange for Using or Disclosing any PHI, except Business Associate may accept such remuneration from Covered Entity in exchange for Services rendered by Business Associate on Covered Entity’s behalf. Furthermore, Business Associate shall not Use or Disclose PHI as follows: (i) for Marketing, except with the applicable Individual’s Authorization; (ii) other than as permitted or required by this Agreement or as Required By Law; or (iii) in any manner that would violate HIPAA or other applicable law if done byCovered Entity. Business Associate shall take reasonable measures to mitigate the harmful effect of any Use or Disclosure of PHI by Business Associate that is not in accordance with the terms of this Agreement.3.4 Security Matters.3.4.1 General. Business Associate shall comply with the requirements of the Security Rule, as it applies toBusiness Associate.
184.108.40.206 Safeguards; Encryption. Business Associate shall comply with HIPAA and all applicable federal and state laws governing the privacy and security of health information. Business Associate shall implement and maintain reasonable and appropriate administrative, technical and physical safeguards to prevent the Use or Disclosure of PHI other than as permitted under this Agreement. With respect to e-PHI, Business Associate shall: (i) ensure the confidentiality, integrity, and availability of all e-PHI Business Associate creates, receives, maintains, or transmits; (ii) protect against any reasonably anticipated threats or hazards to the security or integrity of such e-PHI; (iii) protect against any reasonably anticipated uses or disclosures of such e-PHI that are not permitted or required under HIPAA; and (iv) ensure compliance with the Security Rule by its Workforce.Business Associate shall implement security measures to protect e-PHI transmitted by Business Associate from unauthorized access, which may include use of the TLS protocol or other encryption mechanism.
220.127.116.11 Documentation. Business Associate shall maintain records, in hard copy or electronic format, of the following, and retain such records in accordance with 45 C.F.R. 164.316(b)(2)(i): (i) policies and procedures implemented byBusiness Associate to comply with the Security Rule; and (ii) any action, activity or assessment required of Business Associate under the Security Rule.
3.4.2 Reporting Breaches and Security Incidents.
18.104.22.168 Reporting Breaches of PHI. Business Associate shall comply with the notification requirements under HIPAA relating to a Breach of PHI, including the applicable provisions of the Breach Notification Rule. Business Associate shall promptly report to Covered Entity any Breach of PHI that is not permitted under this Agreement or HIPAA. Business Associate shall make such report to Covered Entity within ten (10) calendar days from the date that Business Associate discovers suchBreach of PHI. For purposes of this Agreement, Business Associate shall be deemed to have “discovered” a Breach of PHI as of:(i) the first day on which such impermissible Use or Disclosure is actually known to any person that is an agent of BusinessAssociate in accordance with the federal common law of agency, or that is a member of Business Associate’s Workforce; or (ii) by exercising reasonable diligence, the first day on which such Breach of PHI should have been known to Business Associate.Business Associate shall take all commercially reasonable steps to allow it to discover Breaches of PHI.
22.214.171.124 Assistance and Cooperation. The Parties shall assist and cooperate with each other as reasonably necessary for each Party to comply with the Breach Notification Rule. Business Associate shall provide Covered Entity with such information known to Business Associate as may be required for Covered Entity to determine if a Breach of PHI occurred, and to notify affected Individuals of such event, if so required under the Breach Notification Rule. If Business Associate is the direct cause of a Breach of PHI, Business Associate shall provide Covered Entity with administrative support and other resources as maybe reasonably requested by Covered Entity to assist Covered Entity to satisfy its obligations, if any, under the Breach NotificationRule.
126.96.36.199 Reporting Security Incidents. Consistent with this Section 188.8.131.52, Business Associate shall report as soon as practicable to Covered Entity any Security Incident of which Business Associate becomes aware that involvesSoftware-as-a-Service Agreement Page 17 of 19 Confidential Information136576149.3PHI. Notwithstanding the immediately foregoing sentence, Business Associate and Covered Entity acknowledge the on going existence and occurrence of attempted but unsuccessful Security Incidents that are inconsequential or harmless in nature, such as pings and port scans, and Business Associate is not required to provide Covered Entity with subsequent notification upon the occurrence of such unsuccessful Security Incidents. Nevertheless, to the extent that Business Associate becomes aware of a pattern or an unusually high number of such unsuccessful Security Incidents involving PHI and resulting from the repeated acts by a single person or entity, Business Associate shall notify Covered Entity of such attempts.
184.108.40.206 Notice of Breach or Security Incident. To the extent Business Associate is required to provideCovered Entity with notice of any Breach of PHI under Section 220.127.116.11 hereof, or any Security Incident involving PHI under Section18.104.22.168 hereof, Business Associate shall provide such notice to Covered Entity in writing pursuant to Section 13.5 hereof (relating to issuing notices hereunder) to Covered Entity’s Privacy Officer, Security Officer, or other person designated by Covered Entity for receipt of such notice or, if Covered Entity has identified an email address for such notifications, by way of electronic mail to the email address identified by Covered Entity.
3.5 Requested Restrictions. To the extent instructed by Covered Entity in writing, Business Associate shall comply with a request by an Individual to restrict Disclosure of the Individual’s PHI to a health plan in accordance with 45 C.F.R. 164.522.Business Associate shall promptly direct to Covered Entity all such requests Business Associate receives directly from anIndividual.
3.6 Availability of Information. Business Associate shall make available to Covered Entity such information inBusiness Associate’s possession that is necessary to permit Covered Entity to fulfill its obligations to provide access to, provide a copy of, to amend and to account for Disclosures of PHI pursuant to 45 C.F.R. 164.524, 164.526, and 164.528.
3.7 Data Aggregation and De-identification. Except as otherwise limited in this Agreement, Business Associate may use PHI to provide data aggregation services to Covered Entity as permitted by 45 C.F.R. 164.504(e)(2)(i)(B) and to create de-identified data in accordance with the implementation specifications set forth at 45 C.F.R. 164.514.
3.8 Business Associate’s Subcontractors. Business Associate shall enter into a written agreement with each of itsSubcontractors that Use or Disclose PHI that satisfies the applicable requirements under HIPAA with respect to Subcontractor’sUse or Disclosure of PHI (the “Subcontractor Agreement”). In the event that Business Associate knows of a pattern of activity or practice of any of those Subcontractors that constitutes a material breach or material violation of the applicable SubcontractorAgreement, Business Associate shall take reasonable steps to cause such Subcontractor to cure such breach or end such violation, as applicable. If such steps to cure such breach or end such violation are unsuccessful, Business Associate shall terminate the applicable Subcontractor Agreement and, to the extent feasible, those provisions of such Subcontractor’s underlying services agreement or arrangement with Business Associate that require or permit the Use or Disclosure of PHI.
3.9 Internal Practices. Business Associate shall make its internal practices, books and records relating to the Use and Disclosure of PHI available to HHS for purposes of determining Covered Entity’s compliance with HIPAA.
3.10 Application of Privacy Rule. To the extent Business Associate is to carry out a function or obligation of CoveredEntity with respect to the Privacy Rule, Business Associate shall comply with the requirements under the Privacy Rule that apply toCovered Entity in the performance of such function or obligation.
4. State Law. Business Associate and Covered Entity shall comply with any provision or requirement concerning privacy or security of information under any state law applicable to Business Associate’s Use and Disclosure of PHI that is more stringent than a similar provision or requirement under HIPAA, as provided in 45 C.F.R. 160.20
3.2. Information on Safeguards. Upon Covered Entity’s reasonable request, which shall be in writing, Business Associate shall provide Covered Entity with information concerning the safeguards and/or other information security practices that theBusiness Associate utilizes to protect the confidentiality of PHI in its possession.
3.1 Terminable Events.
3.1.1 Noncompliance. If either Party (the “Notifying Party”) becomes aware of an activity or practice by the other Party (the “Breaching Party”) that constitutes a material breach or material violation of the Breaching Party’s obligations under this Agreement, HIPAA or any other applicable privacy or security law, the Notifying Party shall notify the Breaching Party of such breach or violation. Thereafter, the Breaching Party shall have an opportunity to cure such breach or end such violation, as applicable, within a reasonable timeframe as agreed to by the Parties (the “Cure Period”). Following receipt of the aforementionedSoftware-as-a-Service Agreement Page 18 of 19 Confidential Information136576149.3notice, if the Breaching Party does not take reasonable steps to or otherwise does not successfully cure the breach or end the violation, as applicable, then, following the expiration of the Cure Period, the Notifying Party is permitted to terminate thisAgreement. An activity or practice that shall constitute a material breach hereof, as referenced in the first sentence of this Section7.1.1, shall include the following occurrences: (i) the other Party is named as a defendant in a criminal proceeding that involves a violation of HIPAA; or (ii) a finding or stipulation is made in any administrative or civil proceeding, in which such other Party has been joined, that the other Party has violated any standard or requirement of HIPAA or other applicable security or privacy law or regulation, federal or state. The foregoing is not intended to, and does not, limit any other remedy which may be available to theNotifying Party hereunder or as a matter of law.
3.1.2 Completion of Services Requiring Use or Disclosure of PHI. In the event that Business Associate’s continued representation of Covered Entity no longer requires Business Associate to Use or Disclose PHI, either Party shall be permitted to terminate this Agreement upon so notifying the other Party of such intent in writing.
4.1 Effect of Termination. Upon termination of this Agreement or the Services Contract for any reason, BusinessAssociate shall return to Covered Entity, or destroy, all PHI that Business Associate still maintains in any form, and shall retain no copies of such PHI, or if return or destruction of all or any portion of PHI is not feasible as determined by Business Associate,Business Associate shall continue to extend the protections of this Agreement to such information, and limit further Use orDisclosure of PHI to those purposes that make the return or destruction of such PHI infeasible. Any term or provision of thisAgreement that, by its nature, is intended to survive the termination of this Agreement, shall survive the termination of thisAgreement, including this Section 7.2 and Sections 4.4.1, 4.4.2, 10, and 13 hereof.
5. Disclaimer. Neither Party represents or warrants to the other Party that compliance by the other Party with thisAgreement will be adequate or satisfactory for such other Party’s own purposes, including such other Party’s compliance with applicable law, or that any information in such other Party’s possession or control, or transmitted or received by such other Party, is or will be secure from unauthorized Use or Disclosure. Each Party is solely responsible for all decisions made by such Party regarding the safeguarding of PHI.
6. Change of Law. The Parties acknowledge that state and federal law and regulation relating to electronic data security and privacy, including, HIPAA, are rapidly evolving and that the Parties may be required to amend this Agreement in order to ensure each Party’s compliance with applicable law or regulation. Accordingly, if either Party reasonably determines that this Agreement must be amended in order for the Parties to be compliant with applicable law or regulation, such Party shall so notify the otherParty, and the Parties shall then promptly enter into negotiations concerning the terms of such amendment, to the extent required for the Parties to be compliant with applicable law or regulation. If either Party requests an amendment to this Agreement pursuant to this Section 9 and (i) the other Party fails to promptly enter into negotiations to establish the terms of such amendment or (ii) the other Party refuses to enter into the agreed upon amendment following such negotiations or terminates such negotiations, the neither Party may terminate this Agreement and that portion of the Services Contract that requires or permits Covered Entity toDisclose PHI to Business Associate, upon thirty (30) days’ advance written notice to the other Party.
7. No Third-Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity and Business Associate and their respective heirs, representatives, successors and assigns, any rights, remedies, obligations or liabilities whatsoever, whether as creditor beneficiary, donor eneficiary or otherwise.
8. Independent Contractor. Nothing contained herein shall be deemed or construed by the Parties hereto or by any third party as creating the relationship of employer and employee, principal and agent, partners, joint venturers or any similar relationship, between the Parties hereto. Covered Entity and Business Associate acknowledge that Business Associate is an independent contractor, and not an agent, of Covered Entity, and Business Associate shall be solely liable for the payment of all income, unemployment, workers’ compensation, Social Security insurance or similar taxes or assessments on the fees or other remuneration paid or to be paid to Business Associate by Covered Entity.
9. Insurance. Each Party represents and warrants that it currently maintains one or more liability insurance policies, with reputable carriers, at commercially reasonable coverage limits, based on the size, operations and business of such Party. EachParty shall maintain such coverage throughout the term of this Agreement.
4.1 Entire Agreement. This Agreement supersedes all prior or contemporaneous agreements, written, oral or electronic, between Covered Entity and Business Associate with respect to the subject matter hereof and contains the entire understanding and agreement between the Parties with respect to the subject matter hereof.Software-as-a-Service Agreement Page 19 of 19 Confidential Information136576149.3
4.2 Governing Law. This Agreement shall be governed by and construed in accordance with the applicable law governing the Services Contract without regard to conflict of laws principles.
4.3 Binding Effect. This Agreement shall be binding upon and inure to the benefit of each Party hereto and the irrespective heirs, representatives, successors and assigns.
4.4 Mutual Negotiation. Each and every provision of this Agreement has been mutually negotiated, prepared and drafted and, in connection with the construction of any provisions hereof, no consideration shall be given to the issue of which Party actually prepared, drafted, requested or negotiated any provision of this Agreement, or its deletion.
4.5 Notices. Except as otherwise expressly permitted under Section 22.214.171.124, all notices, demands and other communications to be made by either Party under this Agreement (“Notice”) shall be given in writing and shall be deemed to have been duly given if personally delivered or sent by confirmed facsimile transmission, confirmed (read receipt) email, recognized overnight courier service which provides a receipt against delivery, or certified or registered mail, postage prepaid, return receipt requested, to the other Party at the address provided by such other Party to the first Party from time to time. Notice shall be deemed effective, if personally delivered, when delivered; if sent by confirmed facsimile transmission, when sent; if sent by confirmed email, when read; if sent by overnight delivery, on the first business day after being sent; and if mailed in accordance herewith, at midnight on the third business day after such Notice is deposited with the U.S. Postal Service.
4.6 Modification. This Agreement shall be amended or superseded only by a written instrument that references thisAgreement and is signed by both Parties.
4.7 Preservation of Rights. No delay on the part of any Party in exercising any right, power or privilege here under shall operate as a waiver thereof, nor shall any waiver on the part of any Party of any such right, power or privilege, nor any single or partial exercise of any right, power or privilege, preclude any further exercise thereof or the exercise of any other such right, power or privilege. No term of this Agreement shall be deemed waived unless such waiver is in writing and such writing is signed by the Party waiving compliance with such term.
4.8 Provisions Severable. The provisions of this Agreement are independent of and severable from each other. No provision will be affected or rendered invalid or unenforceable by virtue of the fact that, for any reason, any one or more of any of the provisions of this Agreement may be deemed invalid or unenforceable in whole or in part.
4.9 Counterparts. This Agreement may be executed by the Parties hereto in separate counterparts, each of which when so executed shall be an original, but all such counterparts shall together constitute one and the same instrument. Each counterpart may consist of a number of copies hereof each signed by less than all, but together signed by all of the Parties. For purposes of this Agreement, signatures received electronically or by facsimile transmission shall be deemed original signatures.
4.10 Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that complies with, and is consistent with, HIPAA. In the event of any conflict with respect to the subject matter of this Agreement between the provisions of this Agreement and the Services Contract, the provisions of this Agreement shall be controlling and effective to the extent of such conflict. The headings in this Agreement are for convenience of reference only and shall not be used to interpret or construe its provisions. Furthermore, any reference in this Agreement to a section in HIPAA or any other law, regulation or guidance means such referenced authority as in effect from time to time. The words “include” or “including” are intended to be interpreted as if followed in each case by the words “without limitation”. For purposes of this Agreement, unless the context of this Agreement clearly requires otherwise, (i) the word “or,” has the inclusive meaning represented by the phrase “and/or”; (ii) the word “hereof”shall have the same meaning as the phrase “of this Agreement”; and (iii) the word “hereunder” shall have the same meaning as the phrase “under this Agreement”.
4.11 Limitation on Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, IN NO EVENT SHALL EITHER PARTY HERETO BE LIABLE TO THE OTHER PARTY HERETO FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING, DAMAGES FOR LOSS OF PROFITS, DATAOR USE, INCURRED BY THE OTHER PARTY OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT,EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.