5thPort LLC End User License Agreement
BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDERING DOCUMENT THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
WHEREAS, Provider provides access to software-as-a-service offerings to health care industry customers in the form of Patient intervention on key risks and benefits of health care procedures and medications; and
WHEREAS, Customer desires to access certain software-as-a-service offerings described herein, and Provider desires to provide Customer access to such offerings, subject to the terms and conditions set forth in this Agreement.
NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
“Access Credentials” means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device used, alone or in combination, to verify an individual’s identity and authorization to access and use the Services.
“Action” means any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory, or other, whether at law, in equity, or otherwise.
“Affiliate” of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. The term “control” (including the terms “controlled by” and “under common control with”) means the direct or indirect power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise.
“Agreement” or “License Agreement” means this 5thPort LLC End User License Agreement.
“Concurrent User” means the Customer’s employees, consultants, contractors, and agents (a) who are authorized by Customer to log in, access and simultaneously use along with other Concurrent Users the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased hereunder. The number of Concurrent Users shall be as set forth the Ordering Document, as the same may be amended from time to time pursuant to the provisions of Section 2.1 of this Agreement.
“Backup Policy” has the meaning set forth in Section 6.
“Business Associate Agreement” or “BAA” means the Business Associate Agreement to be executed by the parties, which Business Associate Agreement will be substantially in the form of Exhibit A hereto, or such other form as the parties may agree, consistent with applicable Law.
“Confidential Information” has the meaning set forth in Section 9.1.
“Customer” means the individual accepting and entering into this Agreement with Provider; provided that if such individual is accepting and entering into this Agreement on behalf of a company or other legal entity, then “Customer” means the legal entity on behalf of which such individual is accepting and entering into this Agreement.
“Customer Data” means information, data, and other content, in any form or medium, that is collected, downloaded, or otherwise received, directly or indirectly from Customer or a Concurrent User by or through the Services. For the avoidance of doubt, Customer Data does not include Resultant Data or any other information reflecting the access or use of the Services by or on behalf of Customer or any Concurrent User.
“Customer Failure” has the meaning set forth in Section 4.2.
“Customer Indemnitee” has the meaning set forth in Section 12.1.
“Customer Systems” means the Customer’s information technology infrastructure, including computers, tablets, iPads, cell phones, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.
“Disclosing Party” has the meaning set forth in Section 9.1.
“Effective Date” has the meaning set forth in the Ordering Document.
“Electronic Consent” means Customer’s provision of an Electronic Informed Consent to Treat Form to a Patient. Each time a Customer presents a Patient with an Electronic Informed Consent to Treat form and Patient so completes and executes the Electronic Informed Consent to Treat form it will be considered one Electronic Consent.
“Electronic Health Record” or “EHR” is the digital version of a Patient’s paper chart. An EHR contains the medical and treatment history of a Patient from all clinicians involved in a Patient’s care. An EHR is capable of being shared with providers across more than one health care organization.
“Electronic Medical Record” or “EMR” is the digital version of a Patient’s paper chart in a particular clinician’s office. An EMR contains the medical and treatment history of a Patient in one practice.
“Electronic Protected Health Information” or “EPHI” means any Protected Health Information that is produced, saved, transferred, transmitted, maintained, or received by electronic media or in electronic form.
“Fees” has the meaning set forth in Section 8.1.
“Force Majeure Event” has the meaning set forth in Section 15.9.
“Harmful Code” means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Concurrent User from accessing or using the Services or Provider Systems as intended by this Agreement. Harmful Code does not include any Provider Disabling Device.
“Indemnitee” has the meaning set forth in Section 12.3.
“Indemnitor” has the meaning set forth in Section 12.3.
“Initial Term” has the meaning set forth in Section 14.1.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any federal, state, local, or foreign government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction.
“Losses” means any and all losses, damages, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers.
“Ordering Document” means a form that sets forth the party names, Fees, Services, Term, Concurrent Users, service managers and such other information as may be included by the parties. The Ordering Document shall be executed by each of the parties (or issued electronically by Provider and electronically accepted by Customer) and in the event of any conflict between the terms of this Agreement and the Ordering Document, the terms of the Ordering Document shall control.
“Patient” means a person receiving medical treatment from the Customer.
“Patient Encounter” means a patient (including Caregivers) interaction with the 5thPort Platform for digital counseling and informed consent to treat for a single patient procedure. The Patient Encounter may cover one or more office visits as well as any combination of an education plan comprising of one or more videos and video views (including remote watches, re-watches and related Patient reminders) and/or any applicable Consent to Treat Form(s).
“Patient Information” means medical, prescribing or related information specific to a Patient that has been created in the course of medical treatment or diagnosis.
“Permitted Use” means any use of the Services by a Concurrent User for the benefit of Customer in the ordinary course of its internal business operations.
“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.
“Privacy and Security Policy” has the meaning set forth in Section 7.1.
“Process” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, process, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy. “Processing” and “Processed” have correlative meanings.
“Protected Health Information” or “PHI” means individually identifiable health information:
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information:
(i) In education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
(ii) In records described at 20 U.S.C. 1232g(a)(4)(B)(iv);
(iii) In employment records held by a covered entity in its role as employer; and
(iv) Regarding a person who has been deceased for more than 50 years.
“Provider” means 5thPort LLC, a Delaware limited liability company with offices located at 5 Community Drive, Suite 1, Augusta, ME 04330.
“Provider Disabling Device” means any software, hardware, or other technology, device, or means (including any back door, time bomb, time out, drop dead device, software routine, or other disabling device) used by Provider or its designee to disable Customer’s or any Concurrent User’s access to or use of the Services automatically with the passage of time or under the positive control of Provider or its designee.
“Provider Equipment” or “Equipment” means any Provider-owned equipment (including without limitation laptops, tablets, iPads and similar devices) loaned or leased to Customer to facilitate Customer’s use of or access to the Services as described in the Ordering Document.
“Provider Indemnitee” has the meaning set forth in Section 12.2.
“Provider Materials” means the Services and Provider Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Provider or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or Provider Systems. For the avoidance of doubt, Provider Materials include Resultant Data and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data.
“Provider Personnel” means all individuals involved in the performance of Services as employees, agents, or independent contractors of Provider or any Subcontractor.
“Provider Systems” means the information technology infrastructure used by or on behalf of Provider in performing the Services, including all computers, tablets, iPads, cell phones, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Provider or through the use of third-party services.
“Receiving Party” has the meaning set forth in Section 9.1.
“Renewal Term” has the meaning set forth in Section 14.2.
“Representatives” means, with respect to a party, that party’s and its Affiliates’ employees, officers, directors, members, managers, consultants, agents, independent contractors, service providers, sublicensees, subcontractors, and legal advisors.
“Resultant Data” means data and information related to Patients, Patient Information, and Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, including without limitation to compile statistical and performance information related to the provision and operation of the Services and de-identified PHI pursuant to the terms of the applicable Business Associate Agreement.
“Services” means the software-as-a-service offering described in an Ordering Document.
“Subcontractor” has the meaning set forth in Section 2.6.
“Term” has the meaning set forth in Section 14.
“Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Provider.
“Video View” means Customer’s provision of intervention video to a Patient. Each time a Customer presents a Patient with an intervention video and the Patient does so start to view the video whether or not the video is viewed in its entirety, it will be considered one Video View.
2.1 Access and Use. Subject to and conditioned on Customer’s and its Concurrent Users’ compliance with the terms and conditions of this Agreement, Provider hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 15.8) right to access and use the Services during the Term, solely for use by Concurrent Users in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Provider shall provide to Customer the Access Credentials within a reasonable time following the Effective Date. The total number of Concurrent Users will not exceed the number set forth in the Ordering Document, except as expressly agreed to in the Ordering Document.
2.2 Service and System Control. Except as otherwise expressly provided in this Agreement, as between the parties:
(a) Provider has and will retain sole control over the operation, provision, maintenance, and management of the Provider Materials; and
(b) Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of the Provider Materials by any Person by or through the Customer Systems or any other means controlled by Customer or any Concurrent User, including any: (i) information, instructions, or materials provided by any of them to the Services or Provider; (ii) results obtained from any use of the Services or Provider Materials; and (iii) conclusions, decisions, or actions based on such use.
(c) Notwithstanding anything to the contrary in this Agreement, all Services, including all Processing of Customer Data by or on behalf of Provider shall be provided solely from within, and on computers, systems, networks, and other infrastructure located in, the United States.
2.3 Reservation of Rights. Nothing in this Agreement grants any right, title, or interest in or to (including any license under) any Intellectual Property Rights in or relating to, the Services, Provider Materials, or Third-Party Materials, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in and to the Services, the Provider Materials, and the Third-Party Materials are and will remain with Provider and the respective rights holders in the Third-Party Materials.
2.4 Service Management. Customer shall, throughout the Term, maintain within its organization one or more service or technology managers to serve as Customer’s primary point(s) of contact for day-to-day communications, consultation, technical support, troubleshooting, and decision-making regarding this Agreement. Such service manager or managers shall be responsible for providing first line technical support and troubleshooting in connection with Customer Systems and all day-to-day communications on behalf of Customer under this Agreement, including without limitation relay of all Support Services inquiries to Provider and related technical support and troubleshooting emails. Customer’s initial service manager(s) are identified in the Ordering Document. If one or more service managers cease to be employed by Customer or Customer otherwise wishes to replace one or more of its service managers, Customer shall promptly name such new service managers by written notice to Provider.
2.5 Changes. Provider reserves the right, in its sole discretion, to make any changes to the Services and Provider Materials that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of Provider’s services to its customers; (ii) the competitive strength of or market for Provider’s services; or (iii) the Services’ cost efficiency or performance; or (b) to comply with applicable Law.
2.6 Subcontractors. Provider may from time to time in its discretion engage third parties to perform Services (each, a “Subcontractor”).
2.7 Suspension or Termination of Services. Provider may, directly or indirectly, and by use of a Provider Disabling Device or any other lawful means, suspend, terminate, or otherwise deny Customer’s, any Concurrent User’s, or any other Person’s access to or use of all or any part of the Services or Provider Materials, without incurring any resulting obligation or liability, if: (a) Provider receives a judicial or other governmental demand or order, subpoena, or law enforcement request that expressly or by reasonable implication requires Provider to do so; or (b) Provider believes in its good faith that: (i) Customer or any Concurrent User has failed to comply with any term of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement or in any manner that does not comply with any instruction or requirement communicated by Provider; (ii) Customer or any Concurrent User is, has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities relating to or in connection with any of the Services; (iii) this Agreement expires or is terminated, or (iv) Customer fails to timely make payment in accordance with the provisions of Section 8 of this Agreement. This Section does not limit any of Provider’s other rights or remedies, whether at law, in equity, or under this Agreement.
- Use Restrictions. Customer shall not, and shall not permit any other Person to, access or use the Services or Provider Materials except as expressly permitted by this Agreement and, in the case of Third-Party Materials, the applicable third-party license agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:
(a) copy, modify, or create derivative works or improvements of the Services or Provider Materials;
(b) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Services or Provider Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service;
(c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Services or Provider Materials, in whole or in part;
(d) bypass or breach any security device or protection used by the Services or Provider Materials or access or use the Services or Provider Materials other than by a Concurrent User through the use of his or her own then valid Access Credentials;
(e) input, upload, transmit, or otherwise provide to or through the Services or Provider Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code;
(f) damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the Services, Provider Systems, or Provider’s provision of services to any third party, in whole or in part;
(g) remove, delete, alter, or obscure any trademarks, EULA, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Services or Provider Materials, including any copy thereof;
(h) access or use the Services or Provider Materials in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third party or that violates any applicable Law;
(i) access or use the Services or Provider Materials for purposes of competitive analysis of the Services or Provider Materials, the development, provision, or use of a competing software service or product or any other purpose that is to the Provider’s detriment or commercial disadvantage; or
(k) otherwise access or use the Services or Provider Materials beyond the scope of the access and use rights granted under Section 2.1.
- Customer Obligations.
4.1 Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair and in accordance with Provider instructions all Customer Systems on or through which the Services are accessed or used; (b) provide Provider Personnel with such access to Customer’s premises and Customer Systems as is necessary for Provider to perform the Services; and (c) provide all cooperation and assistance as Provider may reasonably request to enable Provider to exercise its rights and perform its obligations under and in connection with this Agreement.
4.2 Effect of Customer Failure or Delay. Provider is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer’s delay in performing, or failure to perform, any of its obligations under this Agreement (each, a “Customer Failure”).
4.3 Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 3.1, Customer shall, and shall cause its Concurrent Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Provider Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify Provider of any such actual or threatened activity.
4.4 Non-Solicitation. During the Term and for three (3) years after, Customer shall not, and shall not assist any other Person to, directly or indirectly recruit or solicit (other than by general advertisement not directed specifically to any Person or Persons) for employment or engagement as an independent contractor any Person then or within the prior twenty-four (24) months employed or engaged by Provider or any Subcontractor involved in any respect with the Services or the performance of this Agreement.
- Service Support. The Services include Provider’s standard customer support services (“Support Services”) in accordance with the Provider service support schedule then in effect, a current copy of which is available at Exhibit B. Provider may amend the service support schedule from time to time in its sole discretion.
- Data Backup; Availability of Services. The Provider Systems are programmed to perform routine data backups as set out in Provider’s backup policy in effect from time to time (the “Backup Policy”). Provider warrants during the Term of this Agreement, that it will use commercially reasonably efforts to maintain the availability of the Services and Customer Data stored on Provider Systems and, in the event of an outage or other circumstance causing the unavailability of the Services or Customer Data stored on Provider Systems during the Term, Provider will in all cases restore Customer’s access to the Services and Customer Data on Provider Systems as soon as reasonably practicable. Provided that Provider complies with the promises set forth herein, it shall be deemed to have satisfied its obligation with respect to this warranty. Customer’s access to the Services and Customer Data stored on Provider Systems shall end upon termination of this Agreement. Accordingly, the Services do not replace the need for Customer to download and maintain regular data reports and backups or redundant data archives of any Customer Data, PHI, EPHI, and Patient Information stored on Provider Systems. PROVIDER HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF PHI, EPHI, PATIENT INFORMATION, CUSTOMER DATA OR CUSTOMER’S DATA BACKUPS IN CONNECTION WITH ANY CUSTOMER DATA DOWNLOADED TO OR MAINTAINED ON CUSTOMER SYSTEMS.
7.1 Provider Systems and Security Obligations. Provider will employ security measures in accordance with Law, applicable industry practice, and Provider’s data privacy and security policy in effect and as amended from time to time.
7.2 Data Breach Procedures. Each party maintains a data breach plan in accordance with Law and applicable industry standard and shall implement the procedures required under such data breach plan on the occurrence of a “Data Breach” (as defined in such plan). Each party shall provide prompt notice to the other party of any Data Breach or other breach in security in such party’s Systems, whether internal or external, which could affect the security of any information or Systems of the other party. Customer shall notify Provider in writing upon the termination of employment of any Concurrent User. The foregoing notices shall be provided in accordance with Section 15.4. In addition, a copy of any notice required under this Section shall be forwarded to the parties at the following email addresses:
Provider: Navroze Eduljee, Chief Information Officer, firstname.lastname@example.org
Customer: See Ordering Document
7.3 HIPAA Compliance. Customer acknowledges that it is a Covered Entity as defined in the Health Insurance Portability and Accountability Act of 1996 and the related regulations, as amended from time to time (“HIPAA”), and agrees to comply with all applicable HIPAA requirements in using and accessing PHI and EPHI through the Provider Systems. Customer further acknowledges that Provider shall act as a Business Associate of Customer, as defined by the HIPAA privacy regulations, 45 C.F.R. §160.103, in carrying out Provider’s responsibilities under this Agreement. Customer and Provider shall execute a Business Associate Agreement which is incorporated herein by reference. Customer and Provider each agree to maintain the security of the PHI and EPHI and protect it from loss and destruction. Furthermore, Customer and Provider each agree to take all appropriate action to ensure that adequate technical, physical and administrative security measures are in place and utilized so as to prevent the unauthorized use of or access to, or the disclosure, loss or destruction of the PHI and EPHI, including, without limitation, using its best efforts to maintain a current industry standard intrusion detection monitoring system that protects its infrastructure against system risk from unauthorized access.
7.4 Customer Control and Responsibility. Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer or any Concurrent User in connection with the Services; (c) the Customer Systems; (d) the security and use of Customer’s and its Concurrent Users’ Access Credentials; and (e) all access to and use of the Services and Provider Materials directly or indirectly by or through the Customer Systems or its or its Concurrent Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.
7.5 Access and Security. Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services.
- Fees and Payment.
8.1 Fees. Customer shall pay Provider the fees set forth in the Ordering Document (the “Fees”).
8.2 Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Without limiting the foregoing, Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Provider’s income.
8.3 Payment. Customer shall pay all Fees in accordance with the terms of the Ordering Document. Fees for Services shall be paid annually or monthly in advance pursuant to the terms and on the day of the year or month specified in the Ordering Document. Customer shall make all payments hereunder in U.S. dollars. Customer shall make payments by such method and to such address or account specified in the Ordering Document or such other address or account as Provider may specify in writing from time to time.
8.4 Late Payment. If Customer fails to make any payment when and as due then, in addition to all other remedies that may be available:
(a) Provider may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable Law;
(b) Customer shall reimburse Provider for all reasonable costs incurred by Provider in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and
(c) if such failure continues for 48 hours following Provider’s email notice of payment failure, Provider may suspend performance of the Services until all past due amounts and interest thereon have been paid, without incurring any obligation or liability to Customer or any other Person by reason of such suspension.
8.5 No Deductions or Setoffs. All amounts payable to Provider under this Agreement shall be paid by Customer to Provider in full without any setoff, recoupment, counterclaim, deduction, debit, or withholding for any reason (other than any deduction or withholding of tax as may be required by applicable Law).
8.6 Fee Increases. Provider may periodically increase Fees in accordance with the procedures set forth in the Ordering Document.
8.7 Customer’s Professional Practice Responsibilities. Customer shall not rely on Provider Materials as the sole means of obtaining or verifying Patient informed consent or communicating life threatening or critically important risk factors or Patient education or intervention. The availability of Provider Materials is as a convenience tool only and use of such Provider Systems shall not relieve Customer or Concurrent Users of the obligation and responsibility for exercising medical judgment and providing appropriate medical advice in accordance with established standards of professional practice. Under no circumstances shall Provider be deemed a “health care practitioner” as that term is defined in the Maine Health Security Act, 24 M.R.S. § 2501 et seq., as amended from time to time. Customer acknowledges that the professional duty to the Patient in providing healthcare services lies solely with the healthcare professional providing such services. Customer takes full responsibility for the use of information provided in the Services and acknowledges that the Services are in no way intended to replace or serve as a substitute for professional judgment. Provider does not assume any responsibility for actions of Customer, any Concurrent User, or any third party acting on behalf of or under the supervision of Customer which may result in any liability or damages due to malpractice, failure to warn, negligence, strict product liability, or other basis. Customer shall ensure that Concurrent Users and other healthcare professionals using the Services are aware of the limitations on and assume all risks in connection with the use of the Systems and the Services.
9.1 Confidential Information. In connection with this Agreement each party (as the “Disclosing Party”) may disclose or make available Confidential Information to the other party (as the “Receiving Party”). Subject to Section 9.2, “Confidential Information” means information in any form or medium (whether oral, written, electronic, or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party’s technology, trade secrets, know-how, business operations, plans, strategies, customers, product offerings, and pricing, and information with respect to which the Disclosing Party has contractual or other confidentiality obligations, in each case whether or not marked, designated, or otherwise identified as “confidential”. Without limiting the foregoing: (i) all Provider Materials and Resultant Data are the Confidential Information of Provider and (ii) the financial terms and existence of this Agreement are the Confidential Information of each of the parties.
9.2 Exclusions. Confidential Information does not include information that the Receiving Party can demonstrate by written or other documentary records: (a) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information’s being disclosed or made available to the Receiving Party in connection with this Agreement; (b) was or becomes generally known by the public other than by the Receiving Party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the Receiving Party on a non-confidential basis from a third party that, to the Receiving Party’s knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) the Receiving Party can demonstrate by written or other documentary records was or is independently developed by the Receiving Party without reference to or use of any Confidential Information.
9.3 Protection of Confidential Information. As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall:
(a) not access or use Confidential Information other than in accordance with the terms of this Agreement and applicable Law and as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement;
(b) except as may be permitted by and subject to its compliance with Section 9.4, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party’s obligations under this Section 9.3; and (iii) are bound by confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 9;
(c) safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its most sensitive information and in no event less than a reasonable degree of care; and
(d) promptly notify the Disclosing Party of any unauthorized use or disclosure of Confidential Information and reasonably cooperate with Disclosing Party to prevent further unauthorized use or disclosure; and
(e) ensure its Representatives’ compliance with, and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 9.
(f) Notwithstanding any other provisions of this Agreement, the Receiving Party’s obligations under this Section 9 with respect to any Confidential Information that constitutes a trade secret under any applicable Law will continue until such time, if ever, as such Confidential Information ceases to qualify for trade secret protection under one or more such applicable Laws other than as a result of any act or omission of the Receiving Party or any of its Representatives.
9.4 Compelled Disclosures. If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information or otherwise receives a request from any third party for discovery, including without limitation document requests, subpoenas, notices of deposition, and orders to produce documents, information or individuals, then, to the extent permitted by applicable Law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy; and (b) provide reasonable assistance to the Disclosing Party in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 9.4, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that the Receiving Party is legally required to disclose and, on the Disclosing Party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.
10. Intellectual Property Rights.
10.1 Provider Materials. All right, title, and interest in and to the Provider Materials, including all Intellectual Property Rights therein, are and will remain with Provider and, with respect to Third-Party Materials, the applicable third-party providers own all right, title, and interest, including all Intellectual Property Rights, in and to the Third-Party Materials. Customer has no right, license, or authorization with respect to any of the Provider Materials except as expressly set forth in Section 2.1 or the applicable third-party license, in each case subject to Section 3.1. All other rights in and to the Provider Materials are expressly reserved by Provider. In furtherance of the foregoing, and to the extent allowed by Law, Customer hereby unconditionally and irrevocably grants to Provider an assignment of all right, title, and interest in and to the Resultant Data, including all Intellectual Property Rights relating thereto.
10.2 Customer Data. As between Customer and Provider, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer Data, including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 10.3.
10.3 Consent to Use Customer Data. Customer hereby irrevocably grants all such rights and permissions in or relating to Customer Data as are necessary or useful to Provider, its Subcontractors, and the Provider Personnel to enforce this Agreement and exercise Provider’s, its Subcontractors’, and the Provider Personnel’s rights and perform Provider’s, its Subcontractors’, and the Provider Personnel’s obligations hereunder.
- Representations and Warranties.
11.1 Mutual Representations and Warranties. Each party represents and warrants to the other party that:
(a) it is duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;
(b) it has the full right, power, and authority to enter into and perform its obligations and grant the rights, licenses, consents, and authorizations it grants or is required to grant under this Agreement;
(c) the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party;
(d) when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms; and
(e) the Services are provided at a price that’s consistent with fair market value and in compliance with applicable Law, including without limitation law and regulations regarding the federal Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)) and Limitation on Certain Physician Referrals, also known as the “Stark Law” (42 U.S.C. § 1395), and the regulations promulgated thereunder, and no part of any consideration paid in connection with this Agreement is a prohibited payment for the recommending or arranging for the referral of business or the ordering of items or services, nor are the payments intended to induce illegal referrals of business.
11.2 Additional Provider Representations, Warranties, and Covenants. Provider represents, warrants, and covenants to Customer that Provider will perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement.
11.3 Additional Customer Representations, Warranties, and Covenants. Customer represents, warrants, and covenants to Provider that Customer owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by Provider and Processed in accordance with this Agreement, they do not and will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights or violate any applicable Law.
11.4 DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 11.1 AND SECTION 11.2, ALL SERVICES AND PROVIDER MATERIALS ARE PROVIDED “AS IS.” PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR PROVIDER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, COMPLY WITH LAW, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
12.1 Provider Indemnification. Provider shall indemnify, defend, and hold harmless Customer and Customer’s officers, directors, employees, agents, permitted successors, and permitted assigns (each, a “Customer Indemnitee”) from and against any and all Losses incurred by a Customer Indemnitee resulting from any Action by a third party (other than an Affiliate of a Customer Indemnitee) that Customer’s or a Concurrent User’s use of the Services (excluding Customer Data and Third-Party Materials) in accordance with this Agreement infringes or misappropriates such third party’s Intellectual Property Rights. The foregoing obligation does not apply to the extent that the alleged infringement arises from:
(a) Third-Party Materials or Customer Data;
(b) access to or use of the Provider Materials in combination with any hardware, system, tablet, iPad, cell phone, device, software, network, or other materials or service not provided by Provider;
(c) modification of the Provider Materials other than: (i) by or on behalf of Provider; or (ii) with Provider’s written approval in accordance with Provider’s written specification;
(d) failure to timely implement any modifications, upgrades, replacements, or enhancements made available to Customer by or on behalf of Provider; or
(e) act, omission, or other matter described in Section 12.2(a), Section 12.2(b), Section 12.2(c), or Section 12.2(d), whether or not the same results in any Action against or Losses by any Provider Indemnitee.
12.2 Customer Indemnification. Customer shall indemnify, defend, and hold harmless Provider and its Subcontractors and Affiliates, and each of its and their respective officers, directors, employees, agents, successors, and assigns (each, a “Provider Indemnitee”) from and against any and all Losses incurred by such Provider Indemnitee resulting from any Action by a third party (other than an Affiliate of a Provider Indemnitee) arising out of or resulting from, or are alleged to arise out of or result from:
(a) Customer Data, including any Processing of Customer Data by or on behalf of Provider in accordance with this Agreement;
(b) any other materials or information (including any documents, data, specifications, software, content, or technology) provided by or on behalf of Customer or any Concurrent User, including Provider’s compliance with any specifications or directions provided by or on behalf of Customer or any Concurrent User to the extent prepared without any contribution by Provider;
(c) allegation of facts that, if true, would constitute Customer’s breach of any of its representations, warranties, covenants, or obligations under this Agreement; or
(d) negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any Concurrent User, or any third party on behalf of Customer or any Concurrent User, including without limitation claims of medical malpractice, failure to warn, negligence, strict product liability, and all other bases relating to such parties’ obligations to exercise professional judgment in accordance with established standards of professional practice.
12.3 Indemnification Procedure. Each party shall promptly notify the other party in writing of any Action for which such party believes it is entitled to be indemnified pursuant to Section 12.1 or Section 12.2, as the case may be. The party seeking indemnification (the “Indemnitee”) shall cooperate with the other party (the “Indemnitor”) at the Indemnitor’s sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel of its choice to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Action on any terms or in any manner that affects the rights of any Indemnitee without the Indemnitee’s prior written consent, which shall not be unreasonably withheld or delayed. If the Indemnitor fails or refuses to assume control of the defense of such Action, the Indemnitee shall have the right, but no obligation, to defend against such Action, including settling such Action after giving notice to the Indemnitor, in each case in such manner and on such terms as the Indemnitee may deem appropriate. The Indemnitee’s failure to perform any obligations under this Section 12.3 will not relieve the Indemnitor of its obligations under this Section 12, except to the extent that the Indemnitor can demonstrate that it has been prejudiced as a result of such failure.
12.4 Mitigation. If any of the Services or Provider Materials are, or in Provider’s opinion are likely to be, claimed to infringe, misappropriate, or otherwise violate any third-party Intellectual Property Right, or if Customer’s or any Concurrent User’s use of the Services or Provider Materials is enjoined or threatened to be enjoined, Provider may, at its option and sole cost and expense:
(a) obtain the right for Customer to continue to use the Services and Provider Materials as contemplated by this Agreement;
(b) modify or replace the Services and Provider Materials, in whole or in part, to seek to make the Services and Provider Materials (as so modified or replaced) non-infringing, while providing materially equivalent features and functionality, in which case such modifications or replacements will constitute Services and Provider Materials, as applicable, under this Agreement; or
(c) by written notice to Customer, terminate this Agreement with respect to all or part of the Services and Provider Materials, and require Customer to immediately cease any use of the Services and Provider Materials or any specified part or feature thereof, provided that if such termination occurs, subject to Customer’s compliance with its post-termination obligations set forth in Section 14.4, Customer will be entitled to a refund of all monthly Fees actually paid during the three months immediately preceding termination.
12.5 Sole Remedy. THIS SECTION 12 SETS FORTH CUSTOMER’S SOLE REMEDIES AND PROVIDER’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES AND PROVIDER MATERIALS OR ANY SUBJECT MATTER OF THIS AGREEMENT INFRINGES, MISAPPROPRIATES, OR OTHERWISE VIOLATES ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.
- Limitations of Liability.
13.1 EXCLUSION OF DAMAGES. EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL PROVIDER OR ANY OF ITS LICENSORS, SERVICE PROVIDERS, OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES; (c) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (d) COST OF REPLACEMENT GOODS OR SERVICES; (e) LOSS OF GOODWILL OR REPUTATION; OR (f) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
13.2 CAP ON MONETARY LIABILITY. EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL THE AGGREGATE LIABILITY OF PROVIDER ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID AND AMOUNTS ACCRUED BUT NOT YET PAID TO PROVIDER UNDER THIS AGREEMENT IN THE TWELVE MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
13.3 Exceptions. The exclusions and limitations in Section 13.1 and Section 13.2 do not apply to Provider’s obligations under Section 12 or liability for Provider’s gross negligence or willful misconduct.
- Term and Termination.
14.1 Term. The term of this Agreement shall be as set forth in the Ordering Document.
14.2 Termination. In addition to any other express termination right set forth elsewhere in this Agreement:
(a) Provider may terminate this Agreement, effective on written notice to Customer, if Customer: (i) fails to pay any amount when and as due hereunder, and such failure continues for 48 hours following Provider’s email notice of payment failure; or (ii) breaches any of its obligations under Section 3.1 or Section 9;
(b) either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice of such breach; and
(c) either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (i) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (ii) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency Law; (iii) makes or seeks to make a general assignment for the benefit of its creditors; or (iv) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
14.3 Effect of Termination or Expiration. Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:
(a) all rights, licenses, consents, and authorizations granted by either party to the other hereunder will immediately terminate;
(b) Customer shall immediately cease all use and return all Provider Equipment and cease all use of any Services or Provider Materials;
(c) notwithstanding anything to the contrary in this Agreement, with respect to information and materials then in its possession or control: each party may retain such information and materials in its backups, archives, and disaster recovery systems until such information and materials are deleted in the ordinary course and all information and materials described in this Section 14.4(c) will remain subject to all confidentiality, security, and other applicable requirements of this Agreement;
(d) Provider may disable all Customer and Concurrent User access to the Provider Materials;
(e) if Customer terminates this Agreement pursuant to Section 14.3(b), Customer will be relieved of any obligation to pay any Fees attributable to the period after the effective date of such termination;
(f) if Provider terminates this Agreement pursuant to Section 14.3(a) or Section 14.3(b), all Fees that would have become payable had the Agreement remained in effect until expiration of the Term will become immediately due and payable, and Customer shall pay such Fees, together with all previously-accrued but not yet paid Fees on receipt of Provider’s invoice therefor; and
(g) if Customer requests in writing, Provider shall deliver to Customer the then most recent version of Customer Data (including any requested informed consent reports) maintained by Provider, provided that Customer has at that time paid all Fees then outstanding and any amounts payable after or as a result of such expiration or termination, including any expenses and fees, on a time and materials basis, for Provider’s services in transferring such Customer Data.
14.4 Surviving Terms. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Section 3.1, Section 9, Section 11.4, Section 12, Section 13, Section 14.3, this Section 14.4, and Section 15.
15.1 Further Assurances. On a party’s reasonable request, the other party shall, at the requesting party’s sole cost and expense, execute and deliver all such documents and instruments, and take all such further actions, as may be necessary to give full effect to this Agreement.
15.2 Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
15.3 Public Announcements. Neither party shall issue or release any announcement, statement, press release, or other publicity or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other party’s trademarks, service marks, trade names, logos, domain names, or other indicia of source, association, or sponsorship, in each case, without the prior written consent of the other party, provided, however, that Provider may include Customer’s name and other indicia in its lists of Provider’s current or former customers of Provider in promotional and marketing materials.
15.4 Notices. Any notice, request, consent, claim, demand, waiver, or other communications under this Agreement have legal effect only if in writing and addressed to a party as follows (or to such other address or such other person that such party may designate from time to time in accordance with this Section 15.4):
If to Provider:
5 Community Drive, Suite 1,
Augusta, ME 04330
Attention: Navroze Eduljee, Chief Executive Officer
If to Customer:
See Ordering Document
Notices sent in accordance with this Section 15.4 will be deemed effectively given: (a) when received, if delivered by hand; (b) when received, if sent by a nationally recognized overnight courier; (c) when sent, if by facsimile or email, (in each case, with confirmation of transmission), if sent during the addressee’s normal business hours, and on the next business day, if sent after the addressee’s normal business hours; and (d) on the third day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.
15.5 Interpretation. For purposes of this Agreement: (a) the words “include,” “includes,” and “including” are deemed to be followed by the words “without limitation”; (b) the word “or” is not exclusive; (c) the words “herein,” “hereof,” “hereby,” “hereto,” and “hereunder” refer to this Agreement as a whole; (d) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (e) words denoting any gender include all genders. Unless the context otherwise requires, references in this Agreement: (x) to sections, exhibits, schedules, attachments, and appendices mean the sections of, and exhibits, schedules, attachments, and appendices attached to, this Agreement; (y) to an agreement, instrument, or other document means such agreement, instrument, or other document as amended, supplemented, and modified from time to time to the extent permitted by the provisions thereof; and (z) to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The exhibits, schedules, attachments, and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein.Notices sent in accordance with this Section 15.4 will be deemed effectively given: (a) when received, if delivered by hand; (b) when received, if sent by a nationally recognized overnight courier; (c) when sent, if by facsimile or email, (in each case, with confirmation of transmission), if sent during the addressee’s normal business hours, and on the next business day, if sent after the addressee’s normal business hours; and (d) on the third day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.
15.6 Headings. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.
15.7 Entire Agreement. This Agreement, together with the Ordering Document and any exhibits and other documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the Ordering Document, and the related exhibits, schedules, attachments, and appendices (other than an exception expressly set forth as such therein) and any other documents incorporated herein by reference, the following order of precedence governs: (a) first, the Ordering Document (b) second, this Agreement, excluding its exhibits, schedules, attachments, and appendices; and (c) third, the exhibits, schedules, attachments, and appendices to this Agreement.
15.8 Assignment. Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance under this Agreement, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without Provider’s prior written consent, which consent shall not be unreasonably withheld, conditioned, or delayed. For purposes of the preceding sentence, and without limiting its generality, any merger, consolidation, or reorganization involving Customer (regardless of whether Customer is a surviving or disappearing entity) will be deemed to be a transfer of rights, obligations, or performance under this Agreement for which Provider’s prior written consent is required. No assignment, delegation, or transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation, or transfer in violation of this Section 15.8 is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns.
15.9 Force Majeure.
(a) No Breach or Default. In no event will either party be liable or responsible to the other party, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, (except for any obligations to make payments), when and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control (a “Force Majeure Event”), including acts of God, flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of this Agreement, national or regional emergency, strikes, labor stoppages or slowdowns or other industrial disturbances, passage of Law or any action taken by a governmental or public authority, including imposing an embargo, export or import restriction, quota, or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation. Either party may terminate this Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of 30 days or more.
(b) Affected Party Obligations. In the event of any failure or delay caused by a Force Majeure Event, the affected party shall give prompt written notice to the other party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
15.10 No Third-Party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
15.11 Amendment and Modification; Waiver. No amendment to or modification of or rescission, termination, or discharge of this Agreement is effective unless it is in writing, identified as an amendment to or rescission, termination, or discharge of this Agreement and signed by an authorized representative of each party. No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
15.12 Severability. If any term or provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
15.13 Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of Maine without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Maine. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Maine in each case located in the city of Portland and County of Cumberland, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding. Service of process, summons, notice, or other document by mail to such party’s address set forth herein shall be effective service of process for any suit, action, or other proceeding brought in any such court.
15.14 Waiver of Jury Trial. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement or the transactions contemplated hereby.
15.15 Equitable Relief. Customer acknowledges and agrees that a breach or threatened breach by Customer of any of its obligations under Section 9, Section 3.1, or Section 4.3 would cause Provider irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, Provider will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.
15.16 Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. A signed copy of this Agreement delivered by facsimile, email, or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.
FORM OF BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (this “Agreement”) is made effective the ____ day of _________, 2018, (“the Effective Date”) by and between ___________, LLC/Inc., a ___________ , duly authorized and existing in the State of Maine, United States of America (“Covered Entity”) and 5th PORT, LLC, a limited liability company duly organized and existing in the State of Delaware (hereinafter referred to as “5thPORT”).
WHEREAS, Covered Entity is a group practice of health care providers or a sole practitioner in the medical field;
WHEREAS, Covered Entity has entered into an agreement with 5thPORT (“the Services Agreement”) involving the access to a certain software product for a digital patient informed consent platform, and such other related uses (“the Product”) and the delivery by 5thPORT of certain development, maintenance, implementation and other services related to the Product (the “Services”);
WHEREAS, in connection with the agreement regarding the Product and the Services (collectively referred to as “the Services Agreement”), 5thPORT may receive or generate protected health information (“PHI”) related to the Covered Entity’s patients and/or clients;
WHEREAS, the parties recognize and agree that the American Recovery and Reinvestment Act of 2009 (ARRA), including the Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. 17921-17954 (HITECH), and the Health Insurance Portability Act of 1996 (HIPAA) and the regulations thereunder, both of which address the protection of PHI and impose standards for the privacy of individually identifiable health information, 45 C.F.R. 164.504 (“the Privacy Rule”) and the security of electronic protected health information (“the Security Rule”), including with respect to : (a) Administrative Safeguards (45 CFR § 164.308); (b) Physical Safeguards (45 CFR § 164.310); (c) Technical Safeguards (45 CFR § 164.312); (d) Policies and Documentation (45 CFR § 164.316); and (e) Breach Notification requirements (HITECH ACT, § 13402) all jointly referred to herein as the “HIPAA and HITECH Laws and Regulations” require Covered Entity and its business associates to protect PHI from unauthorized disclosure;
WHEREAS, the HIPAA and HITECH Laws and Regulations defines a Business Associate as a person who creates, receives, maintains, or transmits PHI for a function or activity on behalf of a Covered Entity, including data transmission services;
WHEREAS, Covered Entity is obligated to ensure that its business associates, as defined by federal laws and regulations, abide by the same provisions and restrictions as Covered Entity with respect to the use and disclosure of PHI;
WHEREAS, the parties recognize and agree that 5thPORT is a Business Associate as defined under the HIPAA and HITECH Laws and Regulations, to the extent it has access to, and engages in any transmission of, PHI; and
WHEREAS, Covered Entity and 5thPORT agree to enter into a Business Associate Agreement to confirm the obligations of the parties with respect to the HIPAA and HITECH Laws and Regulations.
THEREFORE, the parties agree to the provisions of this Agreement.
Except as otherwise defined herein, any and all capitalized terms in this Section shall have the definitions set forth in the Privacy Rule and the Security Rule. In the event of an inconsistency between the provisions of this Agreement and mandatory provisions of the Privacy Rule and the Security Rule, as amended, the Privacy Rule and the Security Rule shall control. Where provisions of this Agreement are different than those mandated in the Privacy Rule and the Security Rule, but are nonetheless permitted by the Privacy Rule and the Security Rule, the provisions of this Agreement shall control.
The term “Protected Health Information” or “PHI” means individually identifiable health information including, without limitation, all information, data, documentation, and materials, including without limitation, demographic, medical and financial information, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. “Protected Health Information” includes without limitation “Electronic Protected Health Information”.
“Electronic Protected Health Information” or “EPHI” means Protected Health Information which is transmitted, stored or maintained by Electronic Media (as defined in 45 CFR § 164.103).
II. CONFIDENTIALITY AND SECURITY REQUIREMENTS.
2.01 Scope of Agreement. 5thPORT acknowledges and agrees that all PHI that is created or received by Covered Entity and disclosed or made available in any form to 5thPORT and any PHI created by 5thPORT with respect to Covered Entity’s patients in connection with the Product or the Services or otherwise, shall be subject to this Agreement. 5thPORT acknowledges that Covered Entity is relying on the administrative, physical and security safeguards of 5thPORT in selecting 5thPORT to provide the Product and the Services. 5thPORT further acknowledges that sections of HIPAA and HITECH Laws and Regulations may apply directly to 5thPORT, just as the provisions apply to Covered Entity, to the extent 5thPORT transmits or maintains PHI, and 5thPORT agrees to comply with such rules and regulations. 5thPORT may use or disclose PHI as necessary to perform its obligations under this Agreement and the Terms and Conditions but only to the extent that such uses are permissible under HIPAA and the HITECH Laws and Regulations.
2.02 Obligations Imposed on Business Associate by Agreement. Without limiting any other requirements set forth in this Agreement, to the extent 5thPORT receives, maintains, or transmits PHI and such PHI is in its possession and control, 5thPORT shall:
(a) protect and safeguard from any verbal and written disclosure all confidential information regardless of the type of media on which it is stored (e.g., paper, fiche, electronic) with which it may come into contact; implement and maintain appropriate policies and procedures to protect and safeguard the PHI;
(b) implement appropriate safeguards to prevent use or disclosure of PHI other than as permitted in this Agreement;
(c) implement administrative, physical, and technical safeguards that are compliant with the HIPAA and HITECH Laws and Regulations to protect the confidentiality, integrity, and availability of any PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity;
(d) use or disclose any PHI solely: (1) for meeting its obligations as set forth in any agreements between the parties evidencing their business relationship, or (2) as required by applicable law, rule or regulation, or by accrediting or credentialing organizations to whom Covered Entity is required to disclose such information, and (3) as would be permitted by the HIPAA and HITECH Laws and Regulations if such use or disclosure were made by Covered Entity;
(e) ensure that its agents, including subcontractors (if any) with whom it shares PHI, agree to the same restrictions and conditions that apply to 5thPORT with respect to such information, and agree to implement reasonable and appropriate safeguards to protect any such information;
(f) take reasonable steps to ensure that 5thPORT’s employees’ actions or omissions do not cause 5thPORT to breach the terms of this Agreement;
(g) provide access to Covered Entity, and in the time and manner reasonably designated by Covered Entity, to any unencrypted PHI in a Designated Record Set, if any is held by 5thPORT, in order to meet the requirements or to assist Covered Entity in meeting the requirements, under 45 CFR §164.524;
(h) utilize where available, health information technology systems and products that meet standards and implementation specifications adopted under §3004 of the Public Health Service Act, as added by §13101, whenever 5thPORT implements, acquires or upgrades its health information technology systems;
(i) make internal practices, books, and records relating to the use and disclosure of PHI received from Covered Entity or generated by 5thPORT available to either the Covered Entity for review purposes, or to the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule; and
(j) disclose to its subcontractors, agents or other third parties, and request from the Covered Entity, only the minimum PHI (if any) necessary to perform or fulfill the Services or any other function required or permitted hereunder.
2.03 Allowable Uses of PHI by Business Associate. Notwithstanding the prohibitions set forth in this Agreement, 5thPORT may use and disclose PHI as follows:
(a) for the proper management and administration of 5thPORT or to carry out the legal responsibilities of 5thPORT, provided that as to any such disclosure, the following requirements are met:
(1) With respect to any disclosures, the disclosure is required by law: or
(2) 5thPORT obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies 5thPORT of any instances of which it is aware in which the confidentiality of the information has been breached.
(b) for data aggregation services, if to be provided by 5thPORT pursuant to written agreement with one or more covered entities. For purposes of this Agreement, data aggregation services means the combining of PHI by 5thPORT with the PHI received by 5thPORT in its capacity as a business associate of another covered entity, to permit data analyses that relate to the health care operations of the respective covered entities;
(c) for the creation of Limited Data Sets (as that term is defined by HIPAA) for research, public health or health care operations of the Business Associate or the Covered Entity; and
(d) de-identifying data obtained from PHI for the purposes of enhancing the Services, technical support and other business purposes, all in compliance with HIPAA. De-identification shall be in accordance with the Office of Civil Rights guidance for De-identifying Data (2012) as such Guidance may be updated or amended from time to time.
2.04 Obligations Imposed on Covered Entity by Agreement.
(a) Covered Entity shall notify 5thPORT of any limitation(s) in the Notice of Privacy Practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect 5thPORT’s use or disclosure of PHI;
(b) Covered Entity shall notify 5thPORT of any changes in, or revocation of, the permission by an individual to use or disclose his or her PHI, to the extent that such changes may affect 5thPORT’s use or disclosure of PHI;
(c) Covered Entity shall notify 5thPORT of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect 5thPORT’s use or disclosure of PHI; and
(d) Covered Entity shall not request 5thPORT to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity.
III. AVAILABILITY OF PHI FOR COVERED ENTITY.
5thPORT agrees to make PHI available to Covered Entity to the extent and in the manner required by the Privacy Rule (i) §164.524 regarding patient access to records; (ii) §164.526 for amendments to PHI; and (iii) §164.528 regarding accounting of disclosures. Accordingly, the Secretary of Health and Human Services shall have the right to audit 5thPORT’s records and practices related to the use and disclosure of PHI to support Covered Entity’s compliance with the terms of the HIPAA and HITECH Laws and Regulations.
III. TERM AND TERMINATION
4.01 Term. The Term of this Agreement shall be effective as of the Effective Date and shall continue in effect until the earlier of (i) the termination of all contractual arrangements between Covered Entity and 5thPORT and written notice by either party that this Agreement is terminated; or (ii) mutual written agreement of the parties: or (iii) in accordance with Section 4.02 herein.
4.02 Additional Termination Rights. Notwithstanding anything in this Agreement to the contrary, either party shall have the right to terminate this Agreement (a) immediately upon written notice if a party determines that the other party has breached any material term of this Agreement and has failed to cure the breach within thirty (30) business days following receipt of written notice specifying the breach; or (b) if suspected breaching party fails to provide adequate written assurances to the other that it has not or will not breach this Agreement, within a reasonable period of time following receipt of notice from the non-breaching party of the non-breaching party’s belief that a breach, whether inadvertent or intentional, is threatened by the acts or omissions of the other.
4.03 Effect of Termination. Upon termination of this Business Associate Agreement:
At 5thPORT’s option, 5thPORT may either (i) return all PHI within 5thPORT’s possession or control to Covered Entity using such reasonable measures that will permit Covered Entity to access the PHI; (ii) destroy the PHI and certify to such destruction, but only if the destruction of such PHI does not result in the lack of access by the Covered Entity, or any Covered Entity patient (or representative of patient) or the government, for the period of time of six years from the date of the creation of the PHI, or for such longer time as may be required of Covered Entity by law; or (iii) choose to retain the PHI with the condition that 5thPORT continue to use appropriate safeguards as required by HIPAA with respect to maintenance and use of EPHI to prevent unauthorized or otherwise unlawful disclosure of the PHI, for as long as 5thPORT retains the PHI. In any event, at such time as 5thPORT chooses to destroy the PHI following termination of the Business Associate Agreement, 5thPORT shall provide Covered Entity with (xx) advance written notice of the plan for destruction with the opportunity for Covered Entity to elect to recover possession and control of the PHI; and (yy) certification of the destruction of such PHI. In the event that 5thPORT determines that returning or destroying the PHI is infeasible, 5thPORT shall provide to Covered Entity notification of the conditions that make return or destruction infeasible
IV. REPORTING OF DISCLOSURES.
5.01 Reporting of Breach or of Security Incident. 5thPORT shall timely report to Covered Entity any Security Incident involving unencrypted PHI within its possession or control, in accordance with the HITECH Act, 42 U.S.C. 17932(b). In any event, such report shall be made within sixty (60) days of the discovery of the Security Incident. Security Incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations which threatens to or does cause the disclosure of unencrypted PHI.
5.02 Recordkeeping. 5thPORT agrees to document disclosures of PHI as would be required for Covered Entity under HIPAA or HITECH, to facilitate an accounting of disclosures of PHI by Covered Entity, including in accordance with 45 CFR §164.528 and the HITECH Act §13405 codified at 42 USC §17935.
5.03 Notifications to public and/or patients.
(a) Covered Entity shall be responsible for carrying out, at its cost, any notifications required to be made pursuant to applicable laws and regulations in the event of an unauthorized disclosure of PHI.
(b) Notwithstanding Section 5.03(b), 5thPORT agrees to reimburse Covered Entity for the costs of any notifications of a breach required to be made pursuant to applicable laws and regulations, to the extent and only in the event of an unauthorized disclosure of PHI caused solely by the negligent or other wrongful act or omission by 5thPORT or its employees or agents. In the event 5thPORT (or an insurance company on its behalf) agrees to be responsible for payment or reimbursement of HIPAA breach notification costs, 5thPORT shall have the right, in its discretion and pursuant to a timely election, to undertake the process of any notifications, instead of the Covered Entity.
(c) The costs of any notifications or credit reports or similar steps, except as referenced under 5.03(b) shall be the sole responsibility of Covered Entity.
(d) Any notifications to the public regarding or mentioning 5thPORT may not erroneously or misleadingly suggest negligence or other fault or wrongdoing by 5thPORT and may not be distributed without the written consent of 5thPORT, which consent shall not unreasonably be withheld.
V. INDEMNIFICATION AND INSURANCE.
6.01 Indemnification. Covered Entity agrees to indemnify and hold 5thPORT harmless from any and all claims or losses arising from Covered Entity’s business operations including but not limited to any claims involving an alleged unauthorized disclosure of PHI, if and to the extent caused solely by wrongful acts or omissions of Covered Entity in maintaining, storing or transmitting PHI. Such indemnification shall include reimbursement for attorney fees incurred by 5thPORT in responding to any claims by a third party asserting a breach of any HIPAA or HITECH Laws and Regulations. This provision shall survive the termination of this Agreement
6.02 Insurance. Each party agrees to have and maintain cybertech insurance coverage throughout the term of this Agreement, for any claims asserted against such party for a violation of the HIPAA and HITECH Laws and Regulations or any state law protecting the confidentiality of PHI.
7.01 No Rights in Third Parties. Except as expressly stated herein or the HIPAA and HITECH Laws and Regulations, the parties to this Agreement do not intend to create any rights in any third parties.
7.02 Amendments. This Agreement may be amended or modified only in a writing signed by the parties.
7.03 Assignments. No party may assign its respective rights and obligations under this Agreement without the prior written consent of the other party.
7.04 Governing Laws. This Agreement will be governed by the federal laws of the United States and to the extent any state laws apply, then by the laws of the State of Delaware. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasion shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion.
7.05 Enforceability. In the event that any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this Agreement will remain in full force and effect.
IN WITNESS WHEREOF, the parties have executed this Agreement as of the day and year written above.
COVERED ENTITY: 5THPORT:
Title: ___________________________ Title: ___________________________
In order to provide optimal first level support service, all problem and repair requests must first be directed to Customer’s designated Service Manager for preliminary assessment and resolution. Provider shall have no obligation to provide Support Services for problems, outages, or failures relating to Customer Systems. If, after reasonable investigation, Customer’s designated Service Manager is unable to resolve an issue or problem because such Service Manager believes that such problem or issue relates to or arose as a result of problems or issues with Provider Systems, Provider Equipment, or the Services, the Service Manager shall contact Provider’s support team by emailing support@5thPort.com, or logging a ticket on Provider’s Support Portal and providing details concerning the support requested.
Upon receipt of a service support email/ticket from a Service Manager, Provider shall do the following:
- All problems will be recorded and assigned a ticketing number.
- Problems will be resolved or assigned to the appropriate specialist.
- Problems will be monitored.
- Problem resolution will be documented and communicated to the Service Manager.
Support Services will be provided between the hours of 8:00 a.m. and 5:00 p.m., Monday through Friday, except federal holidays.
Support Service response priority will be assigned using the following criteria:
- Number of customers affected;
- Effect on availability of Services and Customer Data;
- Context and cause of problem;
- Estimated solution time;
- Application involved;
- Frequency of problem;
- Customer’s commitment level;
- Availability of Customer workaround; and
- Threat to data integrity or computer security.