These Software & Services Terms and Conditions (“Agreement”) supplement any additional online terms acknowledged by Customer or any separate written agreement executed by the parties (“Order”) and set forth the terms and conditions under which Leading Reach, Inc. (“LeadingReach”) will provide access to certain proprietary technology to the party accessing the Software. The Agreement sets forth the terms and conditions under which Customer may Use (as defined herein) LeadingReach’s software (“Software”). Customer cannot use the Software until Customer has carefully read and agreed to this Agreement by clicking “I Accept”. If Customer disagrees with the terms and conditions of this Agreement, Customer cannot use the Software. Furthermore by accessing, loading, or otherwise using the Software, which may include related materials and documentation, or any portion thereof, Customer agrees to be bound by all of the terms of this Agreement.

  1. SUBSCRIPTION GRANT, RIGHT OF USE, AND SERVICES
    1. Subscription Grant. Subject to all limitations and restrictions contained herein and the Order, LeadingReach grants Customer a subscription, software as a service (SaaS), nonexclusive and nontransferable right to use the Software as hosted by LeadingReach as described in the Software documentation (“Use”).
    2. Use.  Customer shall not allow any website, that is not fully owned by Customer, to frame, syndicate, distribute, replicate, or copy any portion of Customer’s web site that provides direct or indirect access to the Software.  In addition, Customer understands and acknowledges that upon accepting this Agreement, an account will be created for Customer. Customer shall only use the Software in accordance with its applicable documentation.
    3. Additional Restrictions. In no event shall Customer disassemble, decompile, or reverse engineer the Software or Confidential Information (as defined herein) or permit others to do so. Disassembling, decompiling, and reverse engineering include, without limitation: (i) converting the Software from a machine-readable form into a human-readable form; (ii) disassembling or decompiling the Software by using any means or methods to translate machine-dependent or machine-independent object code into the original human-readable source code or any approximation thereof; (iii) examining the machine-readable object code that controls the Software’s operation and creating the original source code or any approximation thereof by, for example, studying the Software’s behavior in response to a variety of inputs; or (iv) performing any other activity related to the Software that could be construed to be reverse engineering, disassembling, or decompiling. To the extent any such activity may be permitted pursuant to written agreement, the results thereof shall be deemed Confidential Information subject to the requirements of this Agreement. Customer may use LeadingReach’s Confidential Information solely in connection with the Software and pursuant to the terms of this Agreement.
  2. PAYMENT – if applicable. No payment required for Free Accounts.
    1. Fees. Customer shall pay LeadingReach the then-current fees of the Software by recurring credit card charge. If Customer has negotiated to pay the fees indicated on the Order by invoice, all fees shall be paid to LeadingReach within thirty (30) days of receipt of invoice. Any late payment shall be subject to any costs of collection (including reasonable legal fees) and shall bear interest at the rate of one and one-half percent (1.5%) per month (prorated for partial periods) or at the maximum rate permitted by law, whichever is less.
    2. Taxes. The subscription, service fees, and other amounts required to be paid hereunder do not include any amount for taxes or levy (including interest and penalties). Customer shall reimburse LeadingReach and hold LeadingReach harmless for all sales, use, VAT, excise, property or other taxes or levies which LeadingReach is required to collect or remit to applicable tax authorities. This provision does not apply to LeadingReach’s income or franchise taxes, or any taxes for which Customer is exempt, provided Customer has furnished LeadingReach with a valid tax exemption certificate.
  3. MAINTENANCE AND SUPPORT SERVICES
    1. Maintenance. LeadingReach shall use commercially reasonable efforts to provide corrections to reported problems that (i) prevent the Software from conforming in material respects to its specifications, and (ii) are replicated and diagnosed by LeadingReach as defects in the Software (“Maintenance and Support Services”). LeadingReach shall use commercially reasonable efforts to begin working on a resolution to Customer’s written notice of reported problems within fourteen (14) days, provided corrections shall be prioritized in LeadingReach reasonable discretion. A response is not a guaranty of a solution to the reported problem; however LeadingReach will keep Customer apprised of the resolution closure. Additional features and functions are not included as part of the maintenance and support services.
    2. Service Availability. LeadingReach’s goal is to provide Software Availability twenty-four hours per day, seven (7) days per week (referred to as “24×7 Availability”) EXCEPT during times of scheduled updates. However, the parties recognize that 24×7 Availability is only a GOAL, and LeadingReach cannot represent or guarantee that such goal can be achieved. These response time goals apply only to public production servers (i.e. web servers, application servers, and database servers). LeadingReach shall use reasonable efforts to achieve 99% Software Availability in North America. The Software Availability goal exclude any time Customer requests the site be taken down for scheduled updates. LeadingReach does not and cannot control the flow of data to or from LeadingReach’s network and other portions of the Internet. Such flow depends in large part on the performance of Internet services provided or controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt Customer’s connections to the Internet (or portions thereof). Although LeadingReach will use reasonable efforts to take actions it deems appropriate to remedy and avoid such events, LeadingReach cannot guarantee that such events will not occur. Accordingly, LeadingReach disclaims any and all liability resulting from or related to such events.
    3. Exclusions. LeadingReach shall not be obligated to provide Maintenance and Support Services for any software other than the generally available Software delivered to Customer pursuant to this Agreement (collectively the “Unsupported Code”). Any LeadingReach support services related to Unsupported Code shall be subject to execution of a mutually agreed upon assignment order issued under a professional services agreement.
    4. Third Parties. LeadingReach shall have the right to use third parties, including employees of LeadingReach’s affiliates and subsidiaries (“Subcontractors”) in performance of its obligations and services hereunder and, for purposes of this Section, all references to LeadingReach or its employees shall be deemed to include such Subcontractors.
  4. OWNERSHIP
    1. Reservation of Rights. Customer irrevocably acknowledges that, subject to the subscriptions granted herein, Customer has no ownership interest in the Software, Deliverables, or LeadingReach materials provided to Customer. LeadingReach shall own all right, title, and interest in such Software, and LeadingReach materials, subject to any limitations associated with intellectual property rights of third parties. LeadingReach reserves all rights not specifically granted herein.
    2. Protected Health Information. LeadingReach may de-identify protected health information (“PHI”) in accordance with HIPAA and use the de-identified data for any lawful purpose.  Customer acknowledges that the services provided by LeadingReach include data analytics on Customer’s data (including PHI) and that a byproduct of such data analysis may result in improvements to LeadingReach’s products and solutions and the foregoing shall be deemed LeadingReach materials.
  5. CONFIDENTIALITY
    1. Definition. “Confidential Information” includes all information marked pursuant to this Section and disclosed by either party, before or after the Effective Date, and generally not publicly known, whether tangible or intangible and in whatever form or medium provided, as well as any information generated by a party that contains, reflects, or is derived from such information.
    2. Confidentiality of Software. . All Confidential Information in tangible form shall be marked as “Confidential” or the like or, if intangible (e.g. orally disclosed), shall be designated as being confidential at the time of disclosure and shall be confirmed as such in writing within thirty (30) days of the initial disclosure. Notwithstanding the foregoing, the following is deemed LeadingReach Confidential Information with or without such marking or written confirmation: (i) the Software and other related materials furnished by LeadingReach; (ii) the oral and visual information relating to the Software; and the terms and conditions of this Agreement.
    3. Exceptions.  Without granting any right or license, the obligations of the parties hereunder shall not apply to any material or information that: (i) is or becomes a part of the public domain through no act or omission by the receiving party; (ii) is independently developed by the other party without use of the disclosing party’s Confidential Information; (iii) is rightfully obtained from a third party without any obligation of confidentiality; or (iv) is already known by the receiving party without any obligation of confidentiality prior to obtaining the Confidential Information from the disclosing party. In addition, neither party shall be liable for disclosure of Confidential Information if made in response to a valid order of a court or authorized agency of government, provided that notice is promptly given to the disclosing party so that the disclosing party may seek a protective order and engage in other efforts to minimize the required disclosure. The parties shall cooperate fully in seeking such protective order and in engaging in such other efforts.
    4. Ownership of Confidential Information. Nothing in this Agreement shall be construed to convey any title or ownership rights to the Software or other Confidential Information to Customer or to any patent, copyright, trademark, or trade secret embodied therein, or to grant any other right, title, or ownership interest to the LeadingReach Confidential Information. Neither party shall, in whole or in part, sell, lease, license, assign, transfer, or disclose the Confidential Information to any third party and shall not copy, reproduce or distribute the Confidential Information except as expressly permitted in this Agreement. Each party shall take every reasonable precaution, but no less than those precautions used to protect its own Confidential Information, to prevent the theft, disclosure, and the unauthorized copying, reproduction or distribution of the Confidential Information.
    5. Non-Disclosure. Each party agrees at all times to keep strictly confidential all Confidential Information belonging to the other party. Each party agrees to restrict access to the other party’s Confidential Information only to those employees or Subcontractors who (i) require access in the course of their assigned duties and responsibilities; and (ii) have agreed in writing to be bound by provisions no less restrictive than those set forth in this Section.
    6. Injunctive Relief. Each party acknowledges that any unauthorized disclosure or use of the Confidential Information would cause the other party imminent irreparable injury and that such party shall be entitled to, in addition to any other remedies available at law or in equity, temporary, preliminary, and permanent injunctive relief in the event the other party does not fulfill its obligations under this Section.
    7. HIPAA. To the extent Customer is authorized by LeadingReach to process or store protected health information as defined by HIPAA (PHI) in the Software or the Leading Reach environment hosting the Software, LeadingReach and Customer each agree to comply with their respective obligations in the Business Associate Agreement attached to this Agreement as Exhibit A.
    8. Suggestions/Improvements to Software. Notwithstanding this Section, unless otherwise expressly agreed in writing, all suggestions, solutions, improvements, corrections, and other contributions provided by Customer regarding the Software or other LeadingReach materials provided to Customer shall be owned by LeadingReach, and Customer hereby agrees to assign any such rights to LeadingReach . Nothing in this Agreement shall preclude LeadingReach from using in any manner or for any purpose it deems necessary, the know-how, techniques, or procedures acquired or used by LeadingReach in the performance of services hereunder.
  6. WARRANTY
    1. Authorized Representative.  Customer and LeadingReach warrant that each has the right to enter into this Agreement and that the Agreement shall be executed by an authorized representative of each entity.
    2. Disclaimer of Warranties. Customer acknowledges and agrees that it is not relying on any statement or warranty not expressly provided herein with respect to the Software or maintenance, or other services provided hereunder. EXCEPT AS OTHERWISE STATED IN THIS AGREEMENT, THE SOFTWARE IS PROVIDED “AS IS” AND LEADINGREACH MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
    3. No Modifications. Notwithstanding anything to the contrary in this Section, any and all warranties under this Agreement are VOID if Customer has made changes to the Software or has permitted any changes to be made other than by or with the express, written approval of LeadingReach.
  7. LIMITATION OF LIABILITY
    1. Liability Cap. IN NO EVENT SHALL LEADINGREACH BE LIABLE UNDER ANY THEORY OF LIABILITY, WHETHER IN AN EQUITABLE, LEGAL, OR COMMON LAW ACTION ARISING HEREUNDER FOR CONTRACT, STRICT LIABILITY, INDEMNITY, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, FOR DAMAGES WHICH, IN THE AGGREGATE, EXCEED THE AMOUNT OF THE FEES PAID BY CUSTOMER IN THE SIX (6) MONTHS PRIOR TO THE CLAIM FOR THE SOFTWARE OR SERVICES WHICH GAVE RISE TO SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
    2. Disclaimer of Damages. IN NO EVENT SHALL LEADINGREACH BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND AND HOWEVER CAUSED INCLUDING, BUT NOT LIMITED TO, BUSINESS INTERRUPTION OR LOSS OF PROFITS, BUSINESS OPPORTUNITIES, OR GOODWILL EVEN IF NOTIFIED OF THE POSSIBILITY OF SUCH DAMAGE, AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
  8. TERM AND TERMINATION
    1. Termination by LeadingReach. This Agreement and any subscription created hereunder may be terminated by LeadingReach (i) if Customer fails to make any payments due hereunder within fifteen (15) days of the due date; (ii) on thirty (30) days written notice to Customer if Customer fails to perform any other material obligation required of it hereunder, and such failure is not cured within such thirty (30) day period; or (iii) Customer files a petition for bankruptcy or insolvency, has an involuntary petition filed against it, commences an action providing for relief under bankruptcy laws, files for the appointment of a receiver, or is adjudicated a bankrupt concern.
    2. Termination by Customer. This Agreement may be terminated by Customer on thirty (30) days written notice to LeadingReach. Any fees paid to LeadingReach will not be prorated and/or refunded.
    3. Termination. Upon termination of this Agreement, Customer shall no longer access the Software and Customer shall not circumvent any security mechanisms contained therein.
    4. Other Remedies. Termination of this Agreement shall not limit either party from pursuing other remedies available to it, including injunctive relief, nor shall such termination relieve Customer’s obligation to pay all fees that have accrued or are otherwise owed by Customer under this Agreement.
  9. CUSTOMER OBLIGATIONS
    1. Ancillary Agreements. Customer agrees that no employees of LeadingReach shall be required to individually sign any agreement in order to perform any services hereunder including, but not limited to, access agreements, security agreements, facilities agreements or individual confidentiality agreements.
  10. MISCELLANEOUS
    1. Compliance With Laws. Customer agrees to comply with all applicable laws, regulations, and ordinances relating to its performance under this Agreement. The parties agree that the Agreement shall not be governed by the United Nations Convention on the International Sale of Goods or by UCITA, the application of which is expressly excluded.
    2. Assignment. Customer may not assign this Agreement or otherwise transfer any subscription created hereunder whether by operation of law, change of control, or in any other manner, without the prior written consent of LeadingReach. Any assignment or transfer in violation of this Section shall be null and void.
    3. Survival. The provisions set forth in Sections 2, 4, 6.2, 7, 8.4, and 10 of this Agreement shall survive termination or expiration of this Agreement and any applicable subscription hereunder.
    4. Notices. Any notice required under this Agreement shall be given in writing and shall be deemed effective upon delivery to the party to whom addressed. All notices to LeadingReach shall be sent to 3721 Executive Center Dr., Suite 102, Austin, TX 78731 or to such other address as LeadingReach may designate in writing. All notices to Customer shall be sent to the address provided by Customer to LeadingReach or the address on file with LeadingReach. Unless otherwise specified, all notices to LeadingReach shall be sent to the attention of the CEO. Any notice of material breach shall clearly define the breach including the specific contractual obligation that has been breached.
    5. Force Majeure. LeadingReach shall not be liable to Customer for any delay or failure of LeadingReach to perform its obligations hereunder if such delay or failure arises from any cause or causes beyond the reasonable control of LeadingReach . Such causes shall include, but are not limited to, acts of God, floods, fires, loss of electricity or other utilities, or delays by Customer in providing required resources or support or performing any other requirements hereunder.
    6. Restricted Rights. Use of the Software by or for the United States Government is conditioned upon the Government agreeing that the Software is subject to Restricted Rights as provided under the provisions set forth in FAR 52.227-19. Customer shall be responsible for assuring that this provision is included in all agreements with the United States Government and that the Software, when delivered to the Government, is correctly marked as required by applicable Government regulations governing such Restricted Rights as of such delivery.
    7. Entire Agreement. This Agreement constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all proposals and prior discussions and writings between the parties with respect thereto. Any signed copy of this Agreement made by reliable means (e.g., photocopy or facsimile) shall be considered an original. In the event Customer is signing on behalf of a third party, Customer represents and warrants that it has the authority such third party’s agent to bind such third party to this Agreement and that all of Customer’s actions related to this Agreement will be within the scope of such agency relationship. Customer will defend, indemnify, and hold harmless LeadingReach from all losses resulting from Customer’s alleged breach of the foregoing sentence.
    8. Modifications. The parties agree that this Agreement cannot be altered, amended or modified, except by a writing signed by an authorized representative of each party.
    9. Nonsolicitation.  During the term of this Agreement and for a period of two (2) years thereafter, Customer agrees not to hire, solicit, nor attempt to solicit, the services of any employee or Subcontractor of LeadingReach without the prior written consent of LeadingReach . Customer further agrees not to hire, solicit, nor attempt to solicit, the services of any former employee or Subcontractor of LeadingReach for a period of one (1) year from such former employee’s or Subcontractor’s last date of service with LeadingReach . Violation of this provision shall entitle LeadingReach to liquidated damages against Customer equal to two hundred percent (200%) of the solicited person’s gross annual compensation.
    10. Publicity. Customer agrees to cooperate with LeadingReach (i) in preparation of at least one (1) press release, where the aforementioned materials can be used in/on LeadingReach’s Web site, marketing materials, trade shows, public advertisements, and other associated marketing uses (“LeadingReach Marketing Materials”); and (ii) in preparation of an LeadingReach -sponsored testimonial advertisement to be run in newspapers, magazines, and other publications and for use in LeadingReach Marketing Materials. The parties further agree that LeadingReach may include Customer’s logo on publicly displayed customer lists (including LeadingReach’s Internet Web site and public advertisements). There shall be a “Powered by LeadingReach ” logo, to be provided by LeadingReach, in the bottom portion of any of Customer’s LeadingReach email templates. The LeadingReach logo shall link directly to the then-current LeadingReach Web site home page.
    11. No Waiver. No failure or delay in enforcing any right or exercising any remedy will be deemed a waiver of any right or remedy.
    12. Severability and Reformation. Each provision of this Agreement is a separately enforceable provision. If any provision of this Agreement is determined to be or becomes unenforceable or illegal, such provision shall be reformed to the minimum extent necessary in order for this Agreement to remain in effect in accordance with its terms as modified by such reformation.
    13. Choice of Law. THIS AGREEMENT SHALL BE GOVERNED AND INTERPRETED BY THE LAWS OF THE STATE OF TEXAS WITHOUT REGARD TO THE CONFLICTS OF LAW PROVISIONS OF ANY STATE OR JURISDICTION. ANY ACTION ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL BE BROUGHT IN THE STATE OR FEDERAL COURTS LOCATED IN AUSTIN, TEXAS.

EXHIBIT A
BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”) is hereby entered between Leading Reach, Inc. (“Business Associate”) and the Customer of the LeadingReach Software and services (“Covered Entity”).

  1. Statement of Purpose. Business Associate has been engaged to provide certain Services to Covered Entity as set forth in the Software and Services Terms and Conditions (“Service Agreement”). The parties acknowledge that Business Associate may be exposed to, or become aware of Protected Health Information (also referred to herein as “PHI”) in the performance of the Services. While the parties anticipate that Business Associate’s exposure or access to any PHI will be Incidental, the parties nonetheless wish to enter into this Agreement in the event Business Associate’s access or exposure to PHI is more than Incidental and, thus, rises to the level of a Business Associate to provide Covered Entity with the written assurances required by the Privacy Rule and the Security Rule established pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
  2. Definitions.
    1. “Business Associate” shall have the meaning set forth in 45 C.F.R. Section 160.103.
    2. “Designated Record Set” shall have the meaning set forth in 45 C.F.R. Section 164.501.
    3. “Disclose” and “Disclosure” mean, with respect to Protected Health Information, the release, transfer, provision of access to, or divulging in any other manner of Protected Health Information outside Business Associate’s internal operations or to individuals other than its employees.
    4. “Electronic Protected Health Information” or “EPHI” shall have the same meaning as the term “Electronic Protected Health Information” in 45 C.F.R. § 160.103, limited to more than Incidental information created or received by Business Associate from or on behalf of Covered Entity, and, in this Agreement, shall mean more than Incidental information received by Business Associate or made accessible to Business Associate by Covered Entity in the course of Business Associate’s providing Services under the Service Agreement.
    5. “Incidental” shall refer to those uses and disclosures covered in 45 C.F.R. 164.502 (a) (1) (iii) which do not rise to the level of a Business Associate and that occur as a by-product of another permissible or required use under HIPAA and that cannot be reasonably prevented and are limited in nature.
    6. “Privacy Rule” shall mean the standards, requirements and specifications promulgated by the Secretary of Health and Human Services at 45 C.F.R. Section 160 subparts A and E promulgated under HIPAA.
    7. “Protected Health Information” or “PHI” shall have the same meaning as the term “Protected Health Information” in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity and, in this Agreement, shall mean more than Incidental information received by Business Associate or made accessible to Business Associate by Covered Entity in the course of Business Associate’s providing Services under the Service Agreement.
    8. “Security Rule” shall mean the standards, requirements and specifications promulgated by the Secretary of Health and Human Services at 45 C.F.R. Section 164 subpart C promulgated under HIPAA.
    9. “Services” has the same meaning as in the Service Agreement.
    10. “Use” or “Uses”  shall have the meaning set forth in 45 C.F.R. Section 160.103.
  3. Obligations of Business Associate. Solely in the event Business Associate’s Services require the Disclosure of PHI or EPHI that is more than Incidental, Business Associate agrees:
    1. not to use or further disclose PHI created or received by Business Associate from, or on behalf of, Covered Entity other than as required to carry out its Service obligations to Covered Entity and as expressly permitted or required by this Agreement or Law, consistent with the HITECH Act. Such use, disclosure or request of PHI shall utilize a limited data set if practicable or otherwise the minimum necessary PHI to accomplish the intended result of the use, disclosure or request;
    2. to use reasonable and appropriate safeguards to prevent the Use or Disclosure of Protected Health Information in any manner other than as permitted by this Agreement, consistent with the HITECH Act;
    3. to report to Covered Entity any use or disclosure of PHI not permitted by this Agreement of which it becomes aware. In addition, Business Associate will report, following discovery and without unreasonable delay, any “Breach” of “Unsecured Protected Health Information” as defined by the HITECH Act and any implementing regulations. Any such report shall include the identification (if known) of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Breach. Business Associate shall report Security Incidents to Covered Entity with the exception of unsuccessful Security Incidents (such as pings, broadcast firewall attacks, port scans, and unsuccessful log-on attempts) which Covered Entity hereby acknowledges occur regularly;
    4. ensure that any agents, including subcontractors of Business Associate, to whom Business Associate provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agree to substantially the same restrictions and conditions that apply to Business Associate with respect to such information;
    5. To the extent (if any) that Business Associate maintains a Designated Record Set for Covered Entity, and is notified of such by Covered Entity, to make available PHI maintained by Business Associate in a Designated Record Set to Covered Entity as required for Covered Entity to comply with its obligation to give an individual the right of access to inspect and obtain a copy of their PHI as set forth in 45 C.F.R. 164.524 and the HITECH Act, where the HITECH Act is applicable to Business Associate’s activities under the Service Agreement and where identified as applicable by Covered Entity, including the date (if any) of such applicability, and where Business Associate agrees to HITECH’s applicability. Consistent with 45 C.F.R. 164.524, Business Associate’s obligation will be limited to the extent such PHI is in the sole possession of Business Associate and is not duplicative of PHI held by Covered Entity. The provision of the access to the individual’s PHI and any denials of access to the PHI shall be the responsibility of Covered Entity;
    6. To the extent (if any) that Business Associate maintains a Designated Record Set for Covered Entity, and is notified of such by Covered Entity, to make available PHI maintained by Business Associate in a Designated Record Set to Covered Entity as required for Covered Entity to comply with its obligation to amend PHI as set forth in 45 C.F.R. 164.526. The amendment of an individual’s PHI and all decisions related thereto shall be the responsibility of Covered Entity;
    7. to make available to Covered Entity information regarding non-Incidental Disclosures by Business Associate to third parties for disclosures for which an accounting is required under 45 C.F.R. Section 164.528 so Covered Entity can meet its requirements to provide an accounting of Disclosures to individuals in accordance with 45 C.F.R. 164.528 and the HITECH Act, where the HITECH Act is applicable, where it is identified as applicable by Covered Entity, including the date (if any) of such applicability, and where Business Associate agrees to HITECH’s applicability;
    8. to make its internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity, available to the Secretary of Health and Human Services for purposes of determining Covered Entity’s compliance with the Privacy and Security Rules;
    9. at termination of this Agreement, if feasible, return or destroy all PHI received from, or created or received by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form and to retain no copies of such information, or, if such return or destruction is not feasible in the sole discretion of Business Associate, extend the protections of this Agreement to the non-Incidental PHI and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible.
    10. Business Associate is not prohibited from disclosing PHI for its proper management and administration or to carry out its legal responsibilities if the disclosure is required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by Law or for the purpose for which is was disclosed to the person. Business Associate will further require that the person to whom information is disclosed inform the Business Associate of any breach of confidentiality or violation of the HIPAA Regulations with respect to that information. In such event, Business Associate will notify Covered Entity of any instances of which it is aware in which the confidentiality of the information has been breached or the Privacy Rule was otherwise violated.
    11. Business Associate is not prohibited from using PHI to report violations of Law to appropriate Federal and State authorities consistent with the Privacy Rule.
    12. With respect to Electronic Protected Health Information, Business Associate will (i) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Incidental Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of Company, as required by the Security Rule and consistent with the HITECH Act; (ii) strive to ensure that any agent, including a subcontractor, to whom it provides Electronic Protected Health Information agrees to implement reasonable and appropriate safeguards to protect it; and (iii) report to Covered Entity any successful Security Incident of which it becomes aware.
  4. Covered Entity Obligations.
    1. Covered Entity shall use and disclose PHI only in accordance with the Privacy Rule, the Security Rule, and any other applicable Law. Covered Entity acknowledges that Business Associate does not require access to PHI in order to provide Services to Covered Entity. Covered Entity shall limit disclosures of PHI to Business Associate to only those that cannot be reasonably prevented or are limited in nature. Covered Entity shall follow all data security instructions communicated by Business Associate or set forth in the applicable Business Associate Service description or statement of work.
    2. Covered Entity shall be solely responsible for establishing the applicable HIPAA Security Rule safeguards and associated policies for protecting PHI in its facilities. Covered Entity shall communicate the relevant safeguards and policies to Business Associate when Business Associate provides Services at a Covered Entity facility.
    3. Covered Entity shall be responsible for securing PHI through the use of a technology or methodology specified by the Secretary of Health and Human Services as rendering PHI unusable, unreadable, or indecipherable to unauthorized individuals.
  5. Miscellaneous.
    1. Term and Termination. The term of this Agreement shall be the same as the term of the Service Agreement. Upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall notify Business Associate of the breach in writing, and shall provide an opportunity for Business Associate to cure the breach or end the violation within thirty (30) business days of such notification; provided that if Business Associate fails to cure the breach or end the violation within such time period, Covered Entity shall have the right to terminate this Agreement upon written notice to Business Associate. In the event that termination of this Agreement is not feasible as mutually agreed to by Business Associate and Covered Entity, Business Associate hereby acknowledges that Covered Entity shall have the right to report the breach to the Secretary of Health and Human Services. This Agreement shall terminate immediately in the event that a HIPAA Business Associate Agreement is no longer applicable or required under then current Law.
    2. No Third Party Beneficiaries. No provision of this Agreement is intended to benefit any person or entity, nor shall any person or entity not a party to this Agreement have any right to seek to enforce or recover any right or remedy with respect hereto.
    3. Relationship to Services Agreement Provisions. In the event that a provision of this Agreement is contrary to a provision of the, the provision of this Agreement shall control. Otherwise, this Agreement shall be construed under, and in accordance with, the terms of the Service Agreement.

END OF EXHIBIT