Since 1998
Trusted by doctors
(877) 523-2120

Master Agreement

IMPORTANT–READ CAREFULLY: This Master Agreement ("Master Agreement") is a legal contract between the entity that is entering this Master Agreement to allow your End Users access and use of the SaaS Service (“Customer”) and Quality Systems, Inc. (“Company”), the owners of the MediTouch® software. This Master Agreement shall collectively mean this document as well as any Order Forms, Schedules, Addenda, Appendices, Exhibits and/or Attachments thereto.

BY CLICKING THE [ENTER] OR [ACCEPTED] ICON BELOW, OR BY COPYING, OR OTHERWISE USING THE SAAS SERVICE, CUSTOMER AGREES TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT ACCESS OR USE THE SAAS SERVICE OR INSTALL ANY PLUG-IN SOFTWARE (IF ANY) TO OBTAIN USE OR ACCESS, AND EXIT NOW.

PLEASE REVIEW THIS AGREEMENT, AND ANY END USER AGREEMENT ASSOCIATED WITH THIS MASTER AGREEMENT, EVERY TIME CUSTOMER USES THE SAAS SERVICE AS THERE MAY BE CHANGES AND UPDATES FROM TIME TO TIME. DO NOT USE, AND HALT YOUR END USERS FROM USING, THIS WEBSITE OR ANY COMPANY SERVICE OR PRODUCT FOR A MEDICAL EMERGENCY.

GENERAL TERMS AND CONDITIONS

  1. Payment of Fees.

    • 1.1    Payment. Customer must pay the fees per the payment terms set forth in the applicable Schedule or Order Form. Customer understands that any payment terms offered by Company are an extension of credit by Company and may require that Customer provide credit information to Company. Should Company be unable to obtain through commercially reasonable means using reasonable commercial underwriting principles a favorable creditworthiness approval of Customer (as determined by Company in its sole discretion), Company may require alternate payment terms or, at its option, immediately terminate the Master Agreement (or any applicable Order Form) upon written notice to Customer. Any customer requirements as it relates to needed information on any Company invoice must be identified, in writing, within 10 days from the Effective Date. Any subsequent changes requested to be included within the invoice shall be sent to billingquestions@qsii and any agreed to change will only be effective for invoices prospectively issued. Any fees that are owed as of the date of termination or expiration of this Master Agreement will be immediately due and payable. Except as provided in an Order Form, Schedule or Statement of Work, Implementation Services and Consulting Services are supplied on a time and materials basis (and not on a fixed fee basis) at the rates set forth in the Order Form. Hours and timelines presented in an Order Form or Statement of Work shall be estimates only. Payment is due as set forth in the Order Form or applicable Schedule. Company will invoice monthly for Service Hours, fees and out of pocket expenses incurred and/or rendered during the prior month. Implementation Services contracted and paid for, but not utilized by Customer, are non-refundable and expire 18 months after the Effective Date.
    •  
    • 1.2    Billing Disputes. If Customer believes in good faith that Company has incorrectly billed Customer, Customer may withhold from payment the disputed amount, not to exceed the estimated fair value of the disputed item, provided Customer timely pays all undisputed portions of the invoice and contacts Company in writing (at billingquestions@qsii ) prior to the date payment is due, which notice shall specify, in detail, the error. Unless Customer has properly notified Company of the dispute, Customer may be required to reimburse Company’s reasonable collection costs. If Company does not agree with Customer’s notice, the parties will resolve the dispute in accordance with Section 13.4.
    •  
    • 1.3    Failure to Pay. If Customer fails to pay any undisputed amount due under this Master Agreement within 30 days of the date of Company’s notice of Customer’s failure to pay, Company may, in its sole discretion, (A) terminate this Master Agreement or the applicable Order Form, (B) suspend or restrict provision of the Products and Services, (C) discontinue any currently provided discount for the affected Products and Services, (D) discontinue any future right to purchase Products and Services, whether at a discount price or otherwise and/or (E) withdraw any previously granted, non-standard payment terms. (For items (C) (D) and (E), Company will provide an adjusted invoice that reflects the applicable list price and revise the associated payment schedule as applicable to reflect the new remaining balance and/or payment terms.) Unless otherwise agreed to by the parties in writing, Company’s failure to invoice for any item set forth in the Order Form shall not relieve Customer’s obligation to pay for the item. Company may charge interest at a monthly rate equal to the lesser of 1½% per month or the maximum rate permitted by applicable Law on any overdue, undisputed fees, from the due date until the date the overdue amount (plus applicable interest) is paid in full. However, Company will not exercise its rights under items (A) through (D) above or apply any interest charge if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.
    •  
    • 1.4    Taxes. Prices do not include applicable taxes. Company will invoice Customer for any applicable taxes, and Customer must pay these taxes. Where applicable, Customer must provide any tax-exemption claim to Company before, or contemporaneously, when, placing an order.
    •  
  2.  

    GENERAL TERMS AND CONDITIONS

     
  3. CUSTOMER RESPONSIBILITIES

    • 2.1    General. Customer will comply, and Customer will cause all Affiliated Organizations, End Users, Personnel and other persons to whom Customer provides any access to Products, Services or other Company Confidential Information to comply, with the provisions of this Master Agreement, and Customer shall be responsible for the non-compliance of any such Affiliated Organization, End User, Personnel or other person.
    • 2.2    Required Resources. Except as provided in the Master Agreement or as otherwise provided in a SaaS or Hosting Schedule and/or any other Schedule, Customer must provide, at its own expense, all Facilities & Equipment (including any Third Party licenses therein) and Personnel required for use of Products and Services, whether required under a Schedule or otherwise, for the proper conduct of Customer’s business. Customer must, also obtain any consents, authorizations and approvals necessary to enable Company to perform its obligations under this Master Agreement.
    • 2.3    Special Programs. Company has no responsibility to identify, evaluate or assist Customer in Customer’s decision to participate in any Special Program. Customer is solely responsible for determining whether to participate in such opportunities. Customer will notify Company in writing before agreeing to participate in any Special Program that will require change to Products or Services or affect Company’s performance under this Master Agreement. Company is not required to take or refrain from taking any action relating to or arising from such Special Program, except as otherwise set forth in an Order Form, Statement of Work, or Schedule.
    • 2.4    Professional Diagnosis and Treatment. Products and Services do not make clinical, medical or other professional decisions, and are not substitutes for Customer’s Personnel applying professional judgment and analysis. Customer is solely responsible for (A) verifying the accuracy of all information and reports produced by Products and Services; (B) obtaining necessary consents for use and disclosure of patient information; (C) determining data necessary for decision-making by Customer and its Personnel; and (D) making all diagnoses and treatments and determining compliance, and complying, with all Laws and licensing requirements for the operation of Customer’s business. Company is not responsible for: (A) ensuring that any Providers (i) have active professional licenses and any other credentials required for the provision of services by them, (ii) are not suspended from providing services and (B) performing reasonable credentialing activities to ensure that Providers are authorized and suitable for providing services pursuant to applicable Law or otherwise.
    • 2.5    Limitations on Use. Except to the limited extent expressly permitted in this Master Agreement, Customer will not:
      (A) record or capture in electronic form any Software or Services, including without limitation transmitting, transferring or disclosing, such content through any means including social media or other content sharing services;
      (B) sell, transfer, lease, assign, or sublicense any Software or Services;
      (C) use any Software or Services as a service bureau, for outsourcing, for sharing access to any Services with any Third Party (except for authorized End Users), or for otherwise offering or making available the functionality of the Products or Services to any Third Party;
      (D) permit any End User or other person to access or use Products or Services using another End User’s ID, login or password or otherwise make an End User’s ID, login or password available to any Third Party;
      (E) import, add, modify or delete data in any Software or Service database by any method other than direct data entry through the Software, Service or through a Company-developed Interface or Company-developed API, unless such method is pre-approved in writing by Company; or
      (F) use any Software or Service to process anything other than Customer’s, an Affiliated Organization’s, or an End User’s data.
  4. CONFIDENTIALITY

    • 3.1.    No Use or Disclosure. Recipient will only use Confidential Information for the purposes of this Master Agreement and will not reproduce, disseminate, or disclose Confidential Information to any Third Party, except to its employees and authorized representatives (i.e., temporary employees, consultants, and contractors) who need to know the Confidential Information for the purposes of this Master Agreement and are bound by confidentiality obligations at least as restrictive as those in this Section 3.1. Recipient will treat all Confidential Information with at least the same degree of care as it treats its own information of similar sensitivity, but never with less than reasonable care. Recipient shall notify Discloser of any breaches of security that result in or are likely to result in disclosure of Discloser’s Confidential Information.
    • 3.2    Required Disclosure. Recipient may disclose Confidential Information:
      (A) as approved in a writing signed by Discloser;
      (B) as necessary to comply with any Law; or
      (C) as necessary to establish the rights of either Party, but only if, in the case of Sections 3.2(B) or 3.2(C), Recipient: (1) promptly notifies Discloser with the particulars of the required disclosure; and (2) gives Discloser all assistance reasonably required by Discloser to enable Discloser to take available steps to prevent the disclosure or to ensure that disclosure occurs subject to an appropriate obligation of confidence.
    • 3.3    Government Audits of Customer. If any government agency requires auditing Company as the result of its provision of Services to Customer, Company will cooperate to the extent required subject to its lawful actions to protect Company Confidential Information. Customer may be required to reimburse Company on a time and materials basis at then-current hourly rates in connection with any such audit.
  5. PRIVACY

    • 4.1    Personal Information. If Customer orders Services that require Customer to provide to Company personal health information that is protected under any Laws, the Parties will enter into a mutually agreed Business Associate Agreement or similar agreement if Customer itself is a Business Associate rather than a Covered Entity. Company will request, and Customer will provide Company with, only the minimum personal health information required to perform the Services hereunder.
    • 4.2    De-Identified Data. Company may De-Identify Customer Data before such data is incorporated into any Analytics Database. Customer grants Company a non-exclusive, worldwide, paid-in-full, perpetual and irrevocable right and license to:
      (A) extract, copy, aggregate, process and create derivative works of De-Identified Data to derive, or add to, Analytics Databases;
      (B) employ data analytics on the Analytics Databases for purposes of developing Data Analytics solutions; and
      (C) prepare derivative works of the Analytics Databases, and use, execute, reproduce, display, perform, transfer, distribute, and sublicense the Analytics Databases and such derivative works.
      De-Identified Data will be aggregated with de-identified data from a sufficient number of other customers in a manner reasonably designed to prevent Company or others from using the Analytics Databases to analyze the particular characteristics of Customer’s business. Company will not individually identify Customer as a source of the De-Identified Data for the Analytics Databases, although Company may disclose that certain of its customers allow the use of customer data for such purposes.
  6. CONSULTING SERVICES, IMPLEMENTATION SERVICES AND ELEARNING.

    • 5.1    Consulting Services. Company will perform Consulting Services set forth in any Order Form in accordance with a mutually agreed to Statement of Work and, if applicable, additional terms within the Order Form and/or applicable Schedule.
    • 5.2    Implementation Services. Each Statement of Work will include an implementation project plan and target timeline that: (A) best utilizes the Implementation Services purchased and/or (B) identifies the date of achievement of mutually agreed to milestones. Upon execution, Company will perform Implementation Services in accordance with the applicable Statement of Work and this Master Agreement.
    • 5.3    eLearning Materials Subscription/Training Materials. For certain Company Software and/or Services, as part of certain required Company training thereon:
      (A) a subscription for access by End Users to Company’s “eLearning” online training materials (the “eLearning Materials”) may be required to be purchased by Customer. Company provides eLearning Materials only for online access by End Users for the sole purpose of learning how to use Software and/or Services. Customer may not make any copies or download any of the eLearning Materials unless such materials expressly state otherwise. Except as may be set forth in the Order Form, each End User must have his or her own subscription and use his or her own ID and password to access eLearning Materials; and/or
      (B) use of printed materials (as may be provided during onsite training sessions) and/or electronic materials (available for download for remote training sessions) may be required. Materials are licensed to Customer for their own use and may need to be purchased by Customer. Customer may not make any copies of these materials unless such materials expressly state otherwise.
      Except under SaaS offerings: the Order Form sets forth the subscription fees for eLearning Materials and/or Training Materials. Such fees are due in advance for each Service Term. The initial Service Term is 1 year commencing upon the Effective Date. Subscriptions automatically renew for successive 1 year terms at then-current rates unless a Party provides written notice of its intent not to renew at least 60 days before the end of the then-current Service Term.
  7. SOFTWARE MAINTENANCE SERVICES.

    • 6.1    Support Issues. Company offers Software Maintenance Services to help End Users maintain the Software it accesses and uses under the Master Agreement. Customer is not required to purchase or maintain Software Maintenance, but Customer will only receive Software Maintenance Services while Customer has a current subscription for Software Maintenance. Company’s response times and the actions it takes to resolve Software Maintenance issues is based on an assessment of the impact of the reported technical issue on Customer’s business. The more serious the business impact, the higher the assigned priority. Company’s support consultant may raise or lower priority in its reasonable discretion based on Customer’s information and/or subsequent diagnosis or remediation efforts, including the availability of a work-around pending final resolution. A workaround may include requiring Customer to operate on the most current version of the applicable Company Software (including any Updates thereto) if doing so will resolve the incident. Company’s Help Desk will follow the following response timeframe objectives that are based on ticket priority:

    • Targeted response times# Hours of Availability
      Priority 1: One hour 24x7 support, 365 days a year
      Priority 2: Two Business Hours 8:30am-8:30pm Eastern each Business Day
      Priority 3: One Business Day 8:30am-8:30pm Eastern each Business Day
      Priority 4: Two Business Days 8:30am-8:30pm Eastern each Business Day

      (*Response times commence from the time Customer has properly logged a ticket within Company’s support ticketing system.)

    • 6.2    Ticket Priority. Customer is required to provide, through their Certified Professional(s), End User Support, including but not limited to (A) receiving and logging initial contacts by End Users, (B) reviewing and isolating likely root causes for support cases and ruling out obvious causes such as user error or failure in items not supplied by Company before escalating a problem, and (C) using reasonable efforts to resolve problems prior to contacting the Help Desk Support, including accessing and reviewing web-based support tools and databases such as Company’s Q&A Knowledge Exchange. Company’s support consultants will provide support to Customer’s Certified Professional(s) to provide technical assistance in remedying failures of Company Software and/or Services, which are being used in a production environment, to perform in accordance with their respective User Materials. Customer will utilize Company’s on line support center to enter and document all problems, questions or issues. Each specific and discrete problem, question or issue with Company Software or Service reported by Customer’s Certified Professional to Company’s Help Desk Support shall be issued a ticket, which will include a record of the support incident, a unique tracking number and the identity of the initial Company personnel assigned to the matter. In addition, each ticket will be assigned one of following priority levels.
    • CRITICAL (Priority 1): the problem results in extremely serious interruptions to a production system. It has affected, or could affect, the entire user community. Tasks that should be executed immediately cannot be executed because of a complete crash of the system or interruptions in core functions of the production system. Data integrity is compromised and the service request requires immediate processing as the issue can result in financial losses.
    • URGENT (Priority 2): the problem results in serious interruptions to normal operations, will negatively impact an enterprise-wide installation, or urgent deadlines are at risk. In a production system, important tasks cannot be performed, but the error does not impair essential operations. Processing can still continue in a restricted manner, and data integrity may be at risk. In a preproduction environment, the problem hinders deployment of an enterprise installation. The service request requires timely processing, because the malfunction could cause serious interruptions to critical processes or negatively impact business.
    • IMPORTANT (Priority 3): the problem causes interruptions in normal operations. It does not prevent operation of a production system, or there could be minor degradation in performance. The error is attributed to malfunctioning or incorrect behavior of the software.
    • MINOR (Priority 4): the problem results in minimal or no interruptions to normal operations (no business impact). The issue consists of "how to" questions including issues related to APIs and integration, installation and configuration inquiries, enhancement requests, or documentation questions.
    • 6.3    Exclusions. Software Maintenance Services do not include support for: (A) issues that cannot be reproduced
    • 6.3 Exclusions. Software Maintenance Services do not include support for: (A) issues that cannot be reproduced by Company or for which Customer cannot provide sufficient documentation, (B) issues caused by a modification of Software by any party other than Company or by a third party that has received Company certification for the provision of Software maintenance support, (C) issues that arise because of any cause external to Company Software, such as a force majeure event, Third Party Materials or services except as provided in the License Purchase-Maintenance Schedule, or (D) changes in, or additions to, hardware, other software, configurations, data, or any other items other than the Software.
    • 6.4    Customer Responsibility. Customer will utilize Company’s on line support center to enter and document all issues. For each ticket opened, Customer is responsible for: (i) collecting error messages, logs and other information required by Company to work a ticket; (ii) determining procedure, data, and conditions necessary to reproduce a problem; (iii) determining if the issue has been documented and fixed in a newer version of the Company Software; (iv) apply Updates if Customer is self-hosted and the issue has been addressed in a more recent version of the Software; (v) unless installation of Updates is specifically included in the Company Services purchased by Customer, Customer is solely responsible for proper installation of all Updates, including any changes to operating systems, database software and other Third Party Materials required in connection with the Update; (vi) before installing any Update in Production, Customer must test the Update in a non-Production environment; and, if self-hosted, perform a backup of Customer’s Production configurations and data before applying any Update.
    • 6.5    Version Control Policy. Company may not make Updates available for all versions of Company Software and each Update will function with the most recent generally commercially released version of the applicable Company Software. Through each Company Software’s lifecycle, Company may choose to sunset Software product, feature, functionality or compatibility and cease to provide Updates to that product. For older versions of Company’s Software, Company will, through its Software Maintenance Services, assist with issues relating to the use and configuration of older versions of Company Software, including providing possible workarounds. However, Company is under no obligation to provide Updates to such older versions and Customer’s sole remedy for an issue associated with an older version may be to upgrade to a newer version of the Company Software. Sunset versions of older versions may no longer be eligible for any form of support.
  8. TERM AND TERMINATION

    • 7.1    Term. This Master Agreement applies to each Product and Service from the Effective Date until the expiration of the applicable License Term, Rental Term or the applicable Service Term, unless terminated earlier under this Master Agreement.
    • 7.2    Termination with Cause.

    • (A) Material Breach by Either Party. If either Party commits a material breach of this Master Agreement, the nonbreaching Party may give written notice describing, in reasonable detail, the nature and basis of the breach to the breaching Party. Except as otherwise allowed under this Master Agreement, if the breach is not cured within 30 days of the notice date, the non-breaching Party may immediately terminate this Master Agreement, in whole or in part.
      (B) Bankruptcy. Each Party may terminate this Master Agreement immediately upon written notice if the other Party ceases to conduct its business, makes a general assignment for the benefit of its creditors, admits publicly its inability to meet its obligations as they come due, voluntarily files for bankruptcy or insolvency, or is the subject of a filing by a Third Party for bankruptcy, insolvency, receivership or similar protection that is not dismissed within 45 days.
    • 7.3.    Survival. The termination or expiration of this Master Agreement will not affect any provisions of this Master Agreement which by their nature survive termination or expiration, including the provisions that deal with the following subject matters: Customer Responsibilities, Confidentiality, Privacy, Term and Termination, Proprietary Rights, Warranty Disclaimers, Limitation of Liability and General Provisions.
  9. PROPRIETARY RIGHTS

    • 8.1    Ownership. Company and its licensors own the Company Technology. To the extent Software and Content are obtained by Customer, the Software and Content are always licensed, not sold. Unless specifically stated, in writing, by Company to the contrary, Customer has no right to use Company’s or any Third Party’s name, trademarks or logo, or any goodwill now or hereafter associated therewith, all of which is the sole property of and will inure exclusively to the benefit of Company or such Third Party.
    • 8.2    No Modifications. Unless specifically stated, in writing, by Company to the contrary, Customer agrees not to modify, create derivative works of, adapt, translate, reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code in any Company Technology. Breach of this Section 8.2 will be deemed a material breach of the Master Agreement and entitle Company to immediately terminate the Master Agreement.
    • 8.3    Feedback. Company or any of its employees do not accept or consider unsolicited ideas, including ideas for new advertising campaigns, new promotions, new or improved products or technologies, product enhancements, processes, materials, marketing plans or new product names. The sole purpose of this section is to avoid potential misunderstandings or disputes when Company’s products and/or marketing strategies might seem similar to ideas submitted to Company. If despite Company’s request that Customer not send Company its ideas, Customer still submits them, then regardless of what is stated when Customer makes such a submission, the following terms shall apply to Customer’s submissions: A) Customer agrees that: (1) its submissions and their contents will automatically become the property of Company, without any compensation to Customer; (2) Company may use or redistribute the submissions and their contents for any purpose and in any way; (3) there is no obligation for Company to review the submission; and (4) there is no obligation to keep any submission confidential. Should Company seek out Customer’s, and/or any of its Personnel’s, feedback and/or Customer elects to submit feedback on Company’s existing products and/or marketing strategies, then do not include any ideas that Company policy will not permit it to accept or consider. Any feedback Customer provides shall be deemed to be nonconfidential. Company shall be free to use such information on an unrestricted basis and Customer will not assert, and Customer will not authorize, assist, or encourage any Third Party to assert, against Company or its customers, vendors, business partners, or licensors, any intellectual property infringement claim based upon any Products or Services provided hereunder, or any related feedback.
    • 8.4    License To Deliverables. Without limiting or modifying any license granted to Customer for the Company Software, Company grants Customer a non-exclusive, non-sublicensable and non-transferable license to use the Deliverables solely for Customer’s direct beneficial business purposes and solely with the applicable Products and Services unless specifically limited or modified, in writing, by Company in the applicable Statement of Work. Company retains all rights, title and interest (including intellectual property rights) in and to the Deliverables, unless such Deliverable are “Proprietary to Customer”. Except for any Deliverable that is “Proprietary to Customer”, to the extent that Customer participates in the creation or modification of any Company Technology or Deliverables, Customer waives and assigns to Company all rights, title and interest (including intellectual property rights) in the Company Technology or Deliverables.

  10. LIMITED WARRANTIES

    • 9.1    General. Each Party represents and warrants that:
      (A) it is duly organized and in good standing under the Laws of the state of its organization;
      (B) it has full authority to execute and perform under this Master Agreement, and such performance is not prohibited by any agreement to which the Party is bound or any applicable Law; and
      (C) it will comply with all Laws applicable to its business and operations.
    • 9.2    Compliance. Customer represents and warrants that to the best of its knowledge:
      (A) it, its affiliates and its Personnel are not under or subject to a “Corporate Integrity Agreement” or any other
      restriction or investigation by any payer, government agency or industry self-regulating organization; (B) neither it nor any of its affiliates, directors or Personnel are (a) listed on the General Services Administration’s
      Excluded Parties List System or (b) suspended or excluded from participation in any Government Payer Programs; and
      (C) there are no pending or threatened governmental investigations against Customer or any of its affiliates, directors or
      Personnel that may lead to suspension or exclusion from Government Payer Programs or may be cause for listing on the General Services Administration’s Excluded Parties List System.
      Breach of this Section 9.2 will be a material breach of the Master Agreement and entitle Company to immediately terminate the Master Agreement.
    • 9.3    Services. Company warrants for 90 days from performance of the Implementation Services and/or Consulting Services, as applicable, that each such Service is performed in a professional and workmanlike manner. Customer must notify Company during such 90 day period, in writing, and in reasonable detail of any breach of this warranty. To the extent permitted by law, Customer’s sole and exclusive remedy and Company’s sole liability under or in connection with this warranty will be re-performance of the relevant Service.
    • 9.4    Deliverables. Company warrants for 90 days from delivery that each Deliverable, in the form provided by Company and when used in accordance with the User Materials (if any) and Statement of Work, will perform substantially in accordance with the specifications and criteria set forth in the applicable Statement of Work. Customer must notify Company during such 90 day period, in writing, and in reasonable detail of any breach of this warranty. To the extent permitted by law, Customer’s sole and exclusive remedy and Company’s sole liability under or in connection with this warranty will be, at Company's option, to (A) correct the Deliverable or provide a reasonable workaround or (B) if after reasonable efforts the Company cannot provide a correction or workaround, then Company will refund the fees paid by Customer specifically for the non-conforming Deliverable. This warranty does not cover any failure that (A) cannot be reproduced by Company, (B) arises from a use of the Deliverable not set forth in the Statement of Work, (C) arises from any modification to the Deliverable except by Company, and/or (D) is caused by any aspect of the System not provided by Company. This warranty does not apply to any Third Party Materials included in or with a Deliverable.

  11. WARRANTY DISCLAIMERS

    • 10.1    Content; Third Party Materials. Company does not make, and hereby expressly disclaims, any warranties in connection with Content and Third Party Materials. All Content and Third Party Materials are provided “As-Is” without any warranty or indemnification from Company whatsoever.
    • 10.2    Limited General Release Testing. From time to time Customer may be offered the opportunity to participate in the LGR testing of Software or Services. All LGR versions of Software or Services are provided on an “As-Is” basis. Customer’s use of any LGR versions of Software or Services is at Customer’s own risk and expense, and without any change in the provisions of, or fees set forth in, this Master Agreement.
    • 10.3    Implied Warranties. To the maximum extent permitted by Law and except for the express warranties in this Master Agreement, Company and its licensors provide the Products and Services on an “As-Is” and “As Available” basis. Company and Third Party suppliers disclaim and make no other representations, warranties and conditions of any kind, express, implied or statutory, including representations, guarantees, conditions or warranties of merchantability, title, non-infringement, fitness for a particular purpose, accuracy, or implied by the provisions of any Laws that by their terms can be disclaimed (such as the Uniform Commercial Code or the Uniform Computer Information Transactions Act). If such provisions cannot be excluded and disclaimed, then the provisions of this Master Agreement will control to the maximum extent permitted. Without any limitation, neither Company nor its licensors (A) warrant that any Content, Product or Services will be complete, accurate, uninterrupted, free of Viruses, error free, or that any error can be corrected, or (B) guarantees or agrees to ensure that any Products or Services comply with applicable Laws.

  12. LIMITATION OF LIABILITY

    • (A) EXCEPT FOR EXCLUDED CLAIMS, NEITHER PARTY SHALL BE LIABLE, WHETHER IN CONTRACT OR TORT (INCLUDING NEGLIGENCE OR PRODUCT LIABILITY), FOR ANY OF THE FOLLOWING ARISING OUT OF OR CONCERNING THIS MASTER AGREEMENT, HOWEVER CAUSED: CONSEQUENTIAL, SPECIAL, MORAL, INCIDENTAL, INDIRECT, RELIANCE, PUNITIVE OR EXEMPLARY DAMAGES; LOSS OF GOODWILL, PROFITS, USE, OPPORTUNITIES, REVENUE OR SAVINGS; BUSINESS INTERRUPTION; OR LOSS ARISING FROM THEFT OR CORRUPTION OF DATA, VIRUSES, OR SPYWARE.
    • (B) IN NO EVENT ARE ANY OTHER THIRD PARTIES (INCLUDING COMPANY LICENSORS) LIABLE TO CUSTOMER UNDER THE TERMS OF THIS AGREEMENT ON ANY BASIS WHATSOEVER.
    • (C) EXCEPT FOR THE EXCLUDED CLAIMS, EACH PARTY’S MAXIMUM AGGREGATE LIABILITY FOR EACH AND ALL CLAIMS (INDIVIDUALLY AND TOGETHER) ARISING OUT OF OR CONCERNING THIS AGREEMENT, OR ITS SUBJECT MATTER, IS LIMITED TO AN AMOUNT EQUAL TO THE AGGREGATE OF FEES PAID OR OWED BY CUSTOMER WITHIN THE 12 MONTHS PRECEDING THE FILING OF ANY DEMAND FOR ARBITRATION UNDER THIS AGREEMENT.

  13. INDEMNIFICATION

    • 12.1    Duty to Indemnify. Company will defend any Third Party Claim against Customer during the License Term or Rental Term for any Infringement Claim. Company will pay Customer the Losses (including reasonable legal fees) that are directly attributable to an Infringement Claim and are either finally awarded by a court of competent jurisdiction against Customer or agreed to in a written settlement agreement signed by Company.
    • 12.2    Company’s Options. In the defense or settlement of any Infringement Claim, Company may, at its sole option and expense:
      (A) procure for Customer a license to continue using the Indemnified Technology under the terms of this Master Agreement;
      (B) replace or modify the allegedly infringing Indemnified Technology to avoid the infringement; or
      (C) terminate this Master Agreement with respect to the infringing part of the Indemnified Technology if neither of the foregoing is commercially reasonable and refund a pro rata portion of the applicable fees (based on the applicable License Term or Rental Term or in the case of a perpetual license, a useful life equal to five (5) years) paid by Customer for the infringing technology.
    • 12.3    Exclusions. Company will have no liability for any Infringement Claim that arises from:
      (A) use of the Indemnified Technology in violation of this Master Agreement;
      (B) modification of the Indemnified Technology by anyone other than Company or a party authorized in writing by Company to modify the Indemnified Technology;
      (C) failure by Customer to install the latest updated version of the Indemnified Technology as requested by Company to avoid infringement;
      (D) installation or use of Indemnified Technology contrary to the specifications and directions contained in the User Materials or other reasonable instructions of Company; General Terms and Conditions 01242018 8
      (E) Third Party products, services, hardware, software, or other materials, or combination of these with Indemnified Technology if the Indemnified Technology would not be infringing without this combination.
    • 12.4    Conditions to Indemnification. Company will have no liability for any Infringement Claim if Customer fails to:
      (A) notify Company in writing of the Infringement Claim promptly upon the earlier of learning of or receiving a notice of the infringement claim, to the extent that Company is prejudiced by this failure;
      (B) provide Company with reasonable assistance requested by Company for the defense or settlement (as applicable) of the Infringement Claim;
      (C) provide Company with the exclusive right to control and the authority to settle the Infringement Claim (Customer may participate in the matter at its own expense); or
      (D) refrain from making admissions about the Infringement Claim without Company’s prior written consent.
    • 12.5    Sole and Exclusive Remedy. The remedies in this Section 12 are Customer’s sole and exclusive remedies and Company’s sole liability regarding the subject matter giving rise to any Claim that the Products and Services infringe or misappropriate any Third Party’s intellectual property rights.
  14. GENERAL PROVISIONS

    • 13.1    Equitable Relief. Actual or threatened breach of certain sections of this Master Agreement (including, without limitation, provisions on intellectual property, license, privacy, data protection and confidentiality) may cause immediate, irreparable harm that is difficult to calculate and cannot be remedied by the payment of damages alone. Either Party will be entitled to seek preliminary and permanent injunctive relief and other equitable relief for any such breach.
    • 13.2    Notices. Any notice given under this Master Agreement must be in writing and, other than service of process, may be delivered by email (A) if to Company, to both billingquestions@qsii.com and legal@qsii.com and (B) if to Customer, to the: (i) “sold to” email address set forth on the Order Form, or (ii) such other address as identified by Customer from time to time. Notices delivered personally or via overnight mail will be effective upon delivery, and notices delivered by U.S. mail will be deemed effective five (5) Business Days after being deposited in an official U.S. Postal Service mailbox. A notice is deemed to be received by email the first Business Day after sending by email, unless the sender receives an automated message that the email has not been delivered, provided email shall not be sufficient for notices of termination, default or an indemnifiable claim.
    • 13.3    Viruses and Other Malware. Each Party will use and maintain updated commercial Virus scanning software and/or use reasonable efforts to ensure that its electronic communications (and, as it relates to Company, the Company Software) do not contain any Virus.
    • 13.4    Dispute Resolution and Arbitration. Any dispute, claim, or controversy arising out of or relating to this Master Agreement, including the determination of the scope or applicability of this clause, will be determined exclusively in Orange County, California by binding arbitration before a single arbitrator mutually agreed to by the parties. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. There shall be no right to arbitrate on a class action basis or on behalf of the general public or other group of persons similarly situated. Each party will be responsible for its own attorneys' fees and shall split the costs of arbitration. The arbitrator shall have authority to apportion costs (other than attorneys' fees) at the end of any such proceeding. Judgment on any award may be entered in any court having jurisdiction. Nothing in this clause shall preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.
    • 13.5    Waiver; Modification. Neither Party’s waiver of the breach of any provision constitutes a waiver of that provision in any other instance. This Master Agreement may not be modified nor any rights under it waived, in whole or in part, except in writing signed by the Parties.
    • 13.6    Relationship of Parties. Company is an independent contractor, and nothing in this Master Agreement is intended to constitute an employment, partnership, joint venture, fiduciary, trust or agency relationship between the Parties, or authorize Customer or Company to enter into any commitment or agreement with any Third Party that is binding on the other Party; provided that a Services Schedule may appoint Company to serve as Customer’s limited agent to perform the Services set forth therein. Subject to the other terms of this Master Agreement, each Party solely determines which of its Personnel will perform its obligations.
    • 13.7    Assignment; Binding Effect; Subcontractors. This Master Agreement is personal to Customer, and Customer may not delegate and/or assign this Master Agreement or any of Customer’s rights or duties hereunder without the advance written consent of Company, which shall not be unreasonably withheld. Any attempted assignment or transfer by Customer in violation of the provisions of this Section will be void and of no force and effect. Company may assign this Master Agreement or its rights and/or duties to its affiliates or to its successor in the event of a sale of all or substantially all of its assets, voting securities, or the assets or business related to the Products or Services provided under this Master Agreement. Subject to the foregoing, this Master Agreement will be binding upon and inure to the benefit of the Parties’ respective legal representatives, and permitted transferees, successors, and assigns. Company may subcontract the performance of its obligations to Third Parties as it determines appropriate, but in such cases Company shall remain responsible for the performance of its subcontractors.
    • 13.8    Force Majeure. A Party’s failure to perform its obligations under this Master Agreement, other than the payment of money, is excused to the extent that the failure is caused by an event outside its reasonable control, including an act of God, act or threat of terrorism, shortage of materials, strike or labor action, war or threat of military or significant police action, natural disaster, failure of Third Party suppliers, denial of service attacks and other malicious conduct, utility failures, power outages, governmental acts, orders, or restrictions, or other cause beyond its reasonable control.
    • 13.9    Severability. If any term of this Master Agreement is held invalid or unenforceable for any reason, the remainder of the term and this Master Agreement will continue in full force and effect.
    • 13.10    Customer Cooperation. Company may publicly identify Customer as Company’s customer.
    • 13.11.    Covenant not to Solicit or Hire. Each Party recognizes the expense and time associated with recruiting, hiring, training and maintaining employees. Each Party agrees that, except as consented to by the other Party in advance in writing, it will not during the term of this Master Agreement or a period of 2 years after any termination of this Master Agreement, directly or indirectly, solicit to reduce their relationship with the other Party, or hire for it or on behalf of any Third Party any of the other Party’s employees who are then engaged by the other Party as an employee or who within the prior 12 months was an employee of the other Party. This section does not prohibit general advertising and solicitations by a Party, but does not permit the hiring of the other Party’s employees who respond to such advertising or solicitations. For any violation of this section by a Party or its Personnel, such Party will pay to the other Party liquidated damages in the amount of the annual salary of the solicited employee, plus any costs to recruit a replacement for such employee. Each agrees that the damages to be incurred by the other Party for a violation of this section are difficult to estimate, and that the liquidated damages set forth in this section are reasonable estimates of those damages, and agrees that such damages are enforceable and will be paid upon any such violation.
    • 13.12.    Third Party Materials/Third Party Beneficiaries. Under the Master Agreement, Customer may obtain a license and/or right to access and use certain Third Party Materials as specifically identified in any Order Form. Certain Third Party Software may have terms and conditions that are separate from the terms and conditions set forth in the Master Agreement. By signing the Order Form and/or clicking “I ACCEPT” or equivalent language, Customer is agreeing to comply with those Third Party vendor’s separate terms and conditions, which may be found at www.nextgen.com/thirdpartyagreements, and are solely between the Third Party Vendor and Customer. Although Third Party Materials may be required to utilize the full features and functionality of the Company Software and/or Service, Customer is not required to obtain such Third Party Materials directly through Company. Customer further acknowledges and agrees that Company’s licensors are third party beneficiaries of this Master Agreement, with the right to enforce the obligations in this Master Agreement directly against Customer.
      Except as set forth above or in any Schedule, the Parties agree and acknowledge that this Master Agreement is not made for the benefit of any Third Party and nothing in this Master Agreement, whether expressed or implied, is intended to confer upon any Third Party any rights or remedies under or by reason of this Master Agreement, nor is anything in this Master Agreement intended to relieve or discharge the liability of either Party hereto, nor shall any provision hereof give any entity any right of subrogation against or action over or against either Party.
    • 13.13    U.S. Government Licensing. For US Government end users: Customer acknowledges that Products and Services are “Commercial Item(s),” as that term is defined at 48 C.F.R. section 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as the terms are used in 48 C.F.R. section 12.212 or 48 C.F.R. section 227.7202, as applicable and has been developed exclusively at private expense. Customer agrees, consistent with 48 C.F.R. section 12.212 or 48 C.F.R. sections 227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (A) only as Commercial Items; and (B) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished rights reserved under the copyright laws of the United States.
    • 13.14    Export Rules. Customer acknowledges that the Products and Services may be subject to the U.S. Export Administration Regulations and other export laws and regulations, and Customer will comply with them.
    • 13.15    License Compliance. During each License Term or Rental Term and for 3 years thereafter, Customer and its Affiliated Organizations shall keep complete and accurate books and records relating to use of Products and Services and any fees payable under this Master Agreement. Company may, at its expense and no more than once every quarter, appoint its own Personnel or an independent third party (or both) to inspect such records and access related computers and systems to verify that use, installation, and deployment of the Products and Services by Customer and its Affiliated Organizations comply with the terms of this Master Agreement. Any verification may include an onsite audit conducted at Customer’s or its Affiliated Organizations’ relevant places of business upon 15 days prior notice, during regular Business Hours, and will not unreasonably interfere with Customer’s business activities. If a verification shows that Customer, its Affiliated Organizations, End Users or Third Party contractors of Customer or its Affiliated Organizations are deploying, installing or using the Products and Services (A) beyond the quantity that was legitimately licensed; or (B) in any way not permitted under this Master Agreement, so that additional fees apply, Customer must pay the additional license fees and any applicable related maintenance and support fees based on Company’s then-current list price, within 30 days of invoice date.
  15. DEFINITIONS. Capitalized terms shall have the meaning set forth in the Order Form or as defined below.

    • “Account Limit” means the Metric based on the maximum number of: (A) authorized End Users allowed under a Schedule to this Master Agreement or (B) configured accounts allowed under a Schedule to this Master Agreement excluding accounts created or required by the Company for purposes of Software maintenance and support.
    • “Affiliated Organization” means a company, practice, group and/or other legal entity (including those having separate tax identification numbers) located within the United States that is controlled by or otherwise affiliated with Customer. Each Affiliated Organization must enter into a binding agreement with Customer obligating it and its End Users to comply with this Master Agreement prior to access to or use of any Products or Services.
    • “Analytics Database” means Company’s collection of Customer Data from various customers of Company.
    • “Business Day/Business Hour” means time during which Company is actively staffed and most Company resources (including its Maintenance Services staff) are available, but excludes nights, weekends and holidays observed by Company.
    • “Certified Professional” means any Customer Personnel who: (A) is actively involved in the day-to-day operation and support of the Products and Services within Customer’s organization, (B) has suitable education and experience to understand the Products and Services, (C) has passed the applicable Company certification tests, and (D) if a contractor and not an employee of Customer, Company must pre-approve in writing such contractor or such contractor is certified by Company as a Third Party Certified Professional.
    • “Claim” means a claim, action, proceeding, or demand made against a person or entity, however arising and whether present or future, fixed or unascertained, actual, threatened or contingent.
    • “Company Appliance” means a platform required to run certain Company Software.
    • “Company Hardware” means equipment and other hardware distributed under Company’s brand that is purchased or leased by Customer from Company and identified as Company Hardware in an Order Form. Hardware that is not identified as Company Hardware in the Order Form is Third Party Hardware.
    • “Company Software” means software in object code form licensed under an Order Form or as may be made available for access and/or use under a SaaS offering and identified as Company Software, including any Interfaces, templates, and any and all updates, modifications, improvements, extensions, and derivative works made thereto by or for Company, Customer, or any Third Party. “Company Software” specifically excludes Content.
    • “Company Technology” means the Products, Services and User Materials, including all Interfaces, templates, forms, software tools, algorithms, software (in source code and object code forms), user interface designs, architecture, toolkits, plug-ins, objects, documentation, network designs, ideas, processes, know-how, methodologies, formulas, systems, data, heuristics, designs, inventions, techniques, trade secrets, and any related intellectual property rights throughout the world included therein, as well as any derivatives, modifications, improvements, enhancements, or extensions of the above, whenever developed.
    • “Confidential Information” means a Discloser’s non-public information (including copies, summaries, and extracts): (A) that is identified in writing as confidential at the time of disclosure, whether in printed, textual, graphic, or electronic form; or (B) that is disclosed in non-tangible form, identified as confidential at the time of disclosure, summarized in a writing labeled as “confidential”, and delivered to Recipient within 15 days after disclosure. Confidential Information of Company includes the terms of this Master Agreement, Company Technology, customer lists, and employee lists whether or not marked or identified as confidential. The Party disclosing Confidential Information is referred to as “Discloser” and the Party receiving Confidential Information is referred to as “Recipient”. Confidential Information does not include information that:
          11.1. is or becomes generally publicly available at or after the time of disclosure through no fault of either Recipient;
          11.2. was known to Recipient free of any confidentiality obligations, before its disclosure by Discloser;
          11.3. becomes known to Recipient free of any confidentiality obligations from a source other than Discloser; or
          11.4. is independently developed by either Recipient without use of Confidential Information.
    • “Consulting Services” means services provided or to be provided by Company under one or more Order Forms to create reports and forms, customize certain aspects of Customer’s system and provide other technical and provisional services, as more specifically set forth in Section 5 above.
    • “Content” means any clinical content, in any form, included within Company Software and/or Services, including but not limited to Company’s KBM.
    • “Customer Data” means the compilation of Customer’s, its Affiliated Organizations’, subsidiaries’, and/or parent entity’s data from all Data Sources.
    • “Data Source” means a single feed of aggregated personal, medical, financial and/or other data that is imported into any Company Technology.
    • "De-Identify” or “De-Identified” means to de-identify personal data in accordance with the “safe harbor” requirements of section 164.514(b)(2) of the HIPAA regulations, or in a manner that otherwise meets the requirements of section 164.514.
    • “De-Identified Data” means Customer Data that has been De-Identified.
    • “Deliverable(s)” means any document, information, functionality, data, content, channel, module, plug-in, connector, extension or other tangible or electronic item of any nature delivered by Company to Customer as result of the performance of Services. Company Software is not a Deliverable.
    • “Effective Date” means the date signed on the applicable Order Form by Customer (or if multiple parties will be signing, then the date last signed on the applicable Order Form by the authorized representative of all parties.)
    • “End User(s)” means each individual Provider, administrative staff, technical staff, operator, care manager, case manager or other Personnel of Customer or an Affiliated Organization who: (A) is based in the United States and (B) is authorized by Customer or an Affiliated Organization to use any portion of the Products or Services or (C) is an authorized member of a community using the Software for purposes of health information exchange or care coordination. Unless specifically stated otherwise in the applicable User Material, each End User will be assigned a unique ID and password.
    • “Excluded Claims” means Claims arising from Customer’s breach of Sections 1.1, 2.5, 3.1, 8.2 and 9.2.
    • “Excused Unavailability” means an occurrence when Company SaaS or Hosting Services are not available to the End User due to one or more of the following conditions: (A) overall Internet congestion, slowdown, or unavailability; (B) unavailability of generic Internet services (e.g. DNS servers) due to virus or hacker attacks; (C) force majeure events as described in the Master Agreement; (D) actions or inactions of Customer (unless undertaken at the express direction of Company) or third parties beyond the control of Company; (E) a result of Customer equipment or third-party computer hardware, software, or network infrastructure not within the sole control of Company and/or (F) scheduled infrastructure maintenance. Updates and patches that occur during the year may require downtime in additional to Scheduled Maintenance and collectively these items shall also be considered Excused Unavailability.
    • “Facilities & Equipment” means a data center with all infrastructures, security controls, connectivity, systems, including back-up and recovery capabilities to avoid loss of data in the event of any failure, as well as all computers, background technology and equipment (including appropriate chipsets, processing speeds, RAM, storage, operating systems, connectivity, services, data, subscriptions, software, configurations other components necessary to operate the Products and/or Services.
    • “Fulfillment Date” means the date set forth in the Order Form or the stated number of days after the Effective Date as specifically stated in the Order Form, which if no stated amount of days is specifically identified, than 60 days.
    • “Government Payer Programs” means, collectively, any federal health care or insurance program or any form of state Medicaid or other health care or insurance program.
    • “Group of Charts” means the aggregation of all patient charts within a practice or within separate disciplines within a practice.
    • “Hardware” means Company Hardware and Third Party Hardware.
    • “Help Desk Support” means the support services provided by Company help desk under its then current Software Maintenance Program.
    • “Implementation Services” means services provided or to be provided by Company under one or more Order Forms to configure, install and implement Software and Hardware for Customer’s use as more specifically set forth in section 5 above.
    • “Indemnified Technology” means Company Software and Services paid for by Customer, but excludes any Third Party Software, Content, Hardware, sample code, SDK, open source, trial or LGR versions of the Company Software and/or Services.
    • “Infringement Claim” means any Claim that alleges that the Indemnified Technology directly infringes a Third Party’s United States patent, copyright, or trademark.
    • “Instances” means a single installation of Company Software running on a Company Appliance or such other physical or virtual server Customer may provide.
    • “Interface” means the part of any Company Software designed to exchange data between or among Company Software components and other software or between Company Software and Hardware.
    • “Knowledge Based Module” or “KBM” mean the Company provided databases and similar or related content for patient diagnosis and treatment for use with Company’s Software and/or Services.
    • “Law” means those applicable federal and state statutes, regulations, codes, ordinances, agency directives, binding court orders and other binding government requirements.
    • “License Term” means the period set forth in an Order Form for which Customer has purchased the applicable Software license.
    • “Lives” means the net number of individuals whose data is stored in the database of Company Software, regardless of data source, as measured by the master patient index.
    • “LGR” or “Limited General Release” means versions of the Software and/or Services made available by Company on a limited general release basis.
    • “Loss” means any damage, loss, cost, expense, or liability incurred by a person or entity.
    • “Metric” means each standard specified by Company in the Order Form or applicable Schedule that describes either: (i) the scope of Customer’s rights to use the Software and/or Services, as applicable or (ii) the measure by which Customer's use of the applicable SaaS offering will be calculated and charged as reported to Customer in periodic reports.
    • “Non-Production Instance” means an additional installation of Company Software used to directly support one or more Production Instances. – Including but not limited to system used to test or stage software configurations or interfaces prior to deployment in a Production Instance, development environment or passive standby or failover system or a demo/training system.
    • “Order Form” means each sales order form that is executed between Customer and Company for Customer’s procurement of Products and Services.
    • “Party” means Company or Customer, as applicable.
    • “Personnel” means, with respect to each Party, such Party’s officers, employees and contractors.
    • “Plug-in Software” means certain, if any, locally installed software necessary for SaaS End Users to access and use the SaaS environment. “Plug-in Software” is Company Software.
    • “Population Limit” means the Metric based on the maximum number of Lives allowed under the Company Software.
    • “Practice License” means each distinct and separate server license required for the ambulatory Software for: (1) each tax identification number associated with Customer and its Affiliated Organizations and/or (2) each separate Group of Charts kept by Customer and its Affiliated Organizations within the Software.
    • “Products” means one or more of the following procured by Customer as set out in an Order Form: Company Software, Third Party Software, Content, Company Hardware, and Third Party Hardware.
    • “Production Instance” means is an Instance that is used to serve the primary purpose for which Customer has purchased a license to use Company Software - including but not limited to, primary system housing or handling live production data, secondary system used for reporting purposes, additional active system used to distribute or segregate load.
    • “Proprietary to Customer” means a Deliverable that is specifically identified as proprietary to Customer in a fully executed Statement of Work, including, without limitation: (1) elements that are unique to Customer’s application or data environment and/or specifically designed to function for Customer’s own data solely; and/or (2) elements that were developed using Customer’s proprietary and Confidential Information. Company Technology is never Proprietary to Customer.
    • “Provider” means any licensed provider of healthcare services, including physicians, osteopathic physicians, dentists, optometrists, physical therapists, nurse practitioners, physician assistants and all other licensed providers.
    • “Recovery Point Objective” means for certain Company provided Hosting and/or SaaS offering the maximum age of production files, databases or data backed up or replicated prior to the occurrence of a disaster or disruption as measured from the time of most recent recoverable backup to point of failure or disruption.
    • “Recovery Time Objective” means for certain Company provided Hosting and/or SaaS offering the targeted duration of time and a service level within which a production business process must be restored after a disaster or disruption as measured from the time a fail-over decision is made to point when End User access and services are restored, exclusive of data feeds and Interfaces.
    • “SaaS” means Company services that (A) make Software functionality accessible to Customer on a subscription basis via the Internet and a browser as more specifically set forth in the applicable User Materials and (B) are identified as “SaaS” on an Order Form.
    • “SaaS End User” means any End User that needs to have log-in authority to the SaaS environment.
    • “Schedule” means a written document executed by both Parties or incorporated by reference into an Order Form, which describes additional terms, related to Products and Services.
    • “Server Response Time” means for certain Company provided Hosting and/or SaaS offering the time to process an End User or web service request as measured from receipt of request at the server to time response is sent back to the requester, exclusive of transit time over networks and rendering time on End User workstations.
    • “Service(s)” means each service procured from Company under one or more Order Forms, including Implementation Services, Software Maintenance Services, Hardware Maintenance Services, Consulting Services, eLearning services, Hosting Services and SaaS as such terms are defined in the applicable Schedule.
    • “Service Level Credit” means a credit (not a cash refund) against a future Monthly Fee for the applicable Service fee due as a result of a failure by Company to meet the applicable Service level Agreement. Such credit shall be calculated based on: (A) the Monthly Fee in which the failure occurred and (B) after the application of any discount and before any other credits.
    • “Service Term” means the period set forth in an Order Form or applicable Schedule for which Customer has purchased the applicable Service.
    • “Software” means Company Software and Third Party Software.
    • “Special Program” means any governmental or non-governmental program, project, grant, incentive-based opportunity, plug-in, extension use case or other program relating to Customer’s business.
    • “Statement of Work” means a written document executed by the Parties or incorporated by reference into an Order Form that describes specific Implementation Services or Consulting Services to be provided by Company as well as all Deliverable(s) or milestone(s).
    • “System” means collectively, the Company Software, appropriate Third Party database software, operating system software, Third Party Materials and other hardware, software and items described in an applicable Statement of Work functioning together as a single system.
    • “Third Party” means any person or entity other than Company or Customer.
    • “Third Party Hardware” means equipment and other hardware distributed under a Third Party’s brand that is purchased or leased by Customer from Company under an Order Form.
    • “Third Party Materials” means Third Party Software, Third Party Services and Third Party Hardware.
    • “Third Party Services” means Third Party services identified in an Order Form that are offered and/or made available by and/or through Company, under a Third Party’s brand and are accessed and/or used by Customer.
    • “Third Party Software” means Third Party software and/or content (A) identified as Third Party Software in an Order Form or otherwise provided to Customer in connection with Customer’s permitted use of Company Software, including related data, graphics, subscriptions, libraries, diagnosis and procedure code sets, and patient education and drug interaction databases and (B) in the case of Hardware, Third Party software pre-installed on such Hardware including BIOS, firmware, operating systems and similar technology.
    • “Update(s)” means any patch, fix, improvement, enhancement or change to Company Software that Company makes generally commercially available at no additional charge to customers in connection with Software Maintenance. Updates do not include additional modules and/or capabilities for which Company or any Third Party provider charges a separate license fee. Updates are not Deliverables
    • “Uptime” means for any Company provided Hosting and/or SaaS offering, the percentage of time Customer’s production system was available for use, excluding any Excused Unavailability.
    • “User Materials” means generally available documentation provided by Company relating to the general released versions of Products and Services, including user guides, technical manuals, release notes, installation instructions, information pertaining to maintenance services and online help files regarding use of Software, and all updates thereto.
    • “Virus” means viruses, worms, and other malware or malicious code intended to cause or that cause computers or systems to fail to act properly or to function in an unintended manner or permit unintended access to such computers or systems by any Third Party. License keys and other functionality intentionally inserted in Software by the licensor are not Viruses.

Software as a Service Schedule

  1.     MONTHLY FEES. During the Service Term, Customer will have the right to access and use each SaaS offering set forth in the applicable Order Form. Fees for each SaaS offering are: (i) calculated monthly, (ii) set forth in the Order Form and (iii) are payable as set forth in the Order Form. Unless otherwise stated in the Order Form, Company may increase fees upon 30 days written notice if Company’s costs to provide SaaS Services increase materially beyond its reasonable control. Company will monitor Customer’s Metrics and use of Third Party Materials. If additional Metrics and/or Third Party Materials are used in the prior month then, unless the applicable Order Form or Schedule specifies otherwise, Company will also invoice Customer for the additional, actual usage during the prior month.
  2.     PLUG-IN SOFTWARE LICENSE. Certain SaaS offerings may require Customer to install on its equipment Plug-In software to access and use the SaaS offering. Subject to Customer’s compliance with the terms of this Master Agreement and solely as it relates to such Plug-In Software, Company grants Customer, during the Service Term, a non-transferable and non-exclusive license to (A) permit SaaS End Users to access the SaaS through the applicable interfaces solely for their internal operations and (B) install, use and implement Plug-In Software solely for use by SaaS End Users to access and use the SaaS as permitted under this Schedule. Customer must take steps to prevent unauthorized access to its login IDs and passwords.
  3.     SERVICE TERM AND EFFECT OF TERMINATION.
    • 3.1 Service Term. The Service Term for each SaaS offering will commence upon the Fulfillment Date and continue for the Service Term. The Service Term will be set forth in the Order Form or applicable Schedule; and, if no Service Term is otherwise specified the initial Service Term will be for 4 years unless terminated earlier in accordance with the Master Agreement. Each Service Term automatically renews for successive 1 year terms unless a Party provides written notice of its intent not to renew at least 3 months prior to the end of the then-current Service Term. Notwithstanding the foregoing and only during the initial Service Term, starting the third year of the initial Service Term, Customer may terminate the SaaS Services, for any reason, by providing Company with sixty (60) days advanced, written notice of its desire to no longer use the SaaS Services (the “Cancellation Notice Period”). Following the Cancellation Notice Period, Customer is required to pay the lesser of the following: (i) Five (5) months of the then current SaaS Service fees; or (ii) the SaaS Service fees owed through the remainder of Customer’s then current Service Term.
    • 3.2 Effect of Termination; Transition. Upon termination of SaaS, (A) Customer’s right to access and use such SaaS and all related functionality immediately terminates and (B) Customer must, at its expense, remove and delete all copies of any Company Software. Customer will promptly identify in writing a named individual authorized to whom Company can provide a copy of any Customer data stored within the SaaS environment. Company will provide such identified representative with a copy of your Data. Upon confirmation of receipt of Customer’s data, Company will delete all of Customer’s data residing on hardware controlled by Company to the extent allowed by law. Customer may procure additional transition services at Company’s then current hourly rates and standard terms and conditions.
  4. LIMITED WARRANTY; REMEDIES.
    • 4.1 Warranty. During the Service Term, Company will maintain and update the applicable Software on Company’s servers. Company warrants during the Service Term that the Plug-In Software as delivered to Customer will substantially conform to the User Materials for the applicable version of the Software. Customer must notify Company of a claim under this warranty within 30 days of the date on which the condition that gives rise to the claim first appeared.
    • 4.2 Sole and Exclusive Remedies. To the extent permitted by law, Customer’s sole and exclusive remedy and Company’s sole liability arising out of or in connection with a breach of the warranty in Section 4.1 of this Schedule is limited to, at Company’s option: (A) Company correcting the nonconformity within a commercially reasonable period of time; or (B) if correction is not commercially reasonable, a termination of the applicable SaaS offering and a refund of any pre-paid unused fees for the remaining balance of the applicable Service Term.
  5. SERVICE LEVEL AGREEMENT. During the Service Term, Company will perform to the service level(s) set forth in the Order Form or applicable Schedule and, more generally, as set forth in Company’s then current SaaS Services program. Company’s failure to meet the service level(s) as measured over the prior month may be reflected in the issuance of a Service Level Credit against Monthly Fee(s) as more specifically set forth in the applicable Order Form or Schedule. If Customer determines, in its reasonable judgment, that the service level has not been met, it may request a Service Level Credit. All such requests must be made within 30 days of the end of the month in which such failure occurred. A Service Level Credit may be issued following Company’s receipt of the written request from Customer and its good faith determination that the reported service level was not met.
  6. DEFINITIONS. Capitalized terms shall have the meaning set forth in the Order Form or applicable Schedule, General Terms and Conditions or as defined below.
    • 6.1 “Data” means any data an End User may input into the SaaS System, directly or using an Interface, including but not limited to patient health information, patient lists and Individually Identifiable Health Information as defined under HIPAA.
    • 6.2 “Monthly Fee” means the amount calculated by Company for a given month for Software subscriptions and services, hosting, maintenance and recurring service fees only. Monthly Fees do not include one-time charges such as implementation, interface, consulting, and non-recurring software license fees. In the case of a monthly service being invoiced annually or quarterly, the Monthly Fee shall be deemed to be one-twelfth of the annual fee or one-third of the quarterly fee, respectively.

MediTouch® Schedule

The following terms and conditions are applicable solely for the MediTouch® offering accessed and used through the SaaS Service. To the extent there is a conflict between other sections of the Master Agreement and this Schedule, then, solely as it relates to MediTouch® offerings, this Schedule shall prevail:

  1. Access. Customer is responsible for providing End User IDs and passwords for the number of End Users stated in the Order Form(s). Upon Company’s request Customer will provide Company with accurate and complete registration information of End Users associated with Customer who have access to the SaaS Service.
  2. Customer as a Service Bureau. If Company has approved, in writing, Customer’s right to allow access and use those Products and Services associated with the MediTouch® offering as set forth in the Order for its End Users, then Customer may do so, notwithstanding anything in section 2.5 of the General Terms and Conditions stating otherwise, provided all access and use is done in accordance with the terms of the Master Agreement and as follows:
    • All access and use of the Product and Service by any End Users shall be solely for Customer’s own internal business operations;
    • Customer does not grant any access and/or use of such Product or Services to any other party.
    • Should Customer offer any warranties to its End Users about the Products and Services or otherwise about any agreement with Company, Customer shall be solely responsible for those warranties. Customer shall not make any representations or warranties regarding the Product or Services or with respect in any way to any agreement between Company and Customer, without Company’s prior written authorization by a Company SVP or higher. Customer does indemnify, defend, and hold Company, its officers, shareholder, employees and agents harmless from and against any claims, damages, demands, costs, and expenses arising from a breach of the foregoing obligation. Customer shall include express language in each of its agreements with the End Users advising each End User that use of the Products and Services shall be subject to Company’s online, click-through End User license agreement.
    • Any termination of this Agreement, regardless of cause, will halt Customer’s End Users’ access and use of the Products and Services (including any data that may be accessible only through Product and Services) and Company shall not be liable for any damages to Customer, the End Users and/or any patient caused by the inaccessibility.
  3. Data Migration/Accounts Receivable Import. For any data migration and/or A/R Import from its current system into the MediTouch® offering purchased by Customer under an Offer Form, Customer will appoint at least one technical contact who must be available for communication and have technical expertise to meet the responsibilities set forth below:
    • Work with the prior software vendor to obtain a usable data export; while Company’s analysts may be able to assist, it is ultimately the Customer’s responsibility to provide Company with a viable dataset from the previous software.
    • Review all the data that is provided by your previous vendor, or extracted by Company, to ensure that it is complete.
    • Customer and its End Users may begin using MediTouch® service; however, it is critical that if Customer or its End Users manually adds patient charts prior to the roster import, the source system unique identifier (MRN, patient ID, chart number, etc.) must be preserved. Failure to do so will impede the import of data for the affected patients and may require additional work at cost.
    • Ensure that multimedia files (scans, images, documents, etc.) provided to Company for import are organized in a file structure that includes the patient’s unique identifier; multimedia not uniquely identifiable cannot be imported.
    • Do not begin using (adding/deleting/modifying) the converted data in new system until all data has been verified to be accurate. It may be impossible to correct discrepancies once the system is in use, or may require additional work at cost.
    • Ensure that Customer or End User obtains and locally retains a complete copy of the data export from the previous vendor. Company may will retain the export data for 60 days after the completion of the project, and cannot be held responsible for being the custodian of the exported data beyond what is imported into MediTouch in the course of the project.
    • Ensure that the practice maintains access to the prior system for the duration of the project. Company cannot accommodate one-off records requests while we are processing the practice’s data.
     

    Customer further acknowledges that with regard to any Data Migration or A/R Import that the following Disclaimers, Notes, & Limitation shall apply, where applicable:

    • Data import is dependent on the quality of the data that is extracted from the prior source vendor.
    • For any A/R Import: Source data must comply with Company’s Payment File Format and being provided in a useable CSV format and the source PM must be capable of a HIPAA compliant extraction of 837 files for import to be completed.
    • Company analysts can participate in a conference call, but will not contact the previous source vendor directly.
    • Billing/claims data cannot be migrated
    • When data is extracted from your previous source vendor, the system may not provide the data in a properly codified fashion; or, if the clinical data is codified, it may not match the codification used by MediTouch. Therefore, clinical or some data modules (e.g. Problem List, Allergies, balances, etc) may require manual entry or mapping by Customer or the End User.
    • The data will be manipulated by a Company technician in order to meet the MediTouch® import requirements. This is to ensure the data is in the right sequence and meets the validation specifications. This may include scrubbing data to remove inactive patients, special characters, and duplicates. Placeholder data may be used for incomplete records.
    • For any data migration: Chart Notes will be converted to a read-only format where necessary and made available in the Administrative tab of the respective patient chart. Other multimedia (scans, attachments, etc) will be imported in the format provided.
    • During the discovery phase a Company technician will access Customer’s system in order to identify data structures and formats. In the process of interacting with data, there is the potential for data loss. It is Curtomer’s responsibility to make the necessary backups so that, in the unlikely event of such loss, the data can be restored. Company will not be responsible for data loss or restoration.
    • Understand that despite Company's best efforts, Company cannot guarantee a flawless conversion due to differences that exist between computer systems in terms of data entry methods, data storage and indexing methods, missing, incomplete, or bad data in the files sent to Company, and other factors. Despite this, Customer agrees to pay the set fee for the conversion performed by Company. If incomplete data is sent to Company, or other factors occur which require Company to perform additional work or redo the conversion, Company will provide a cost estimate to perform the additional work and obtain approval from the client prior to performing the additional work.
  4. Clearinghouse Services. In connection with the use of the SaaS Service, Company may provide certain Clearinghouse Services to End User, as set forth in the applicable Order Form(s), in conjunction with one or more Company Clearinghouse Partners, and Customer waives all liability and claims that Customer may have against Company or the Company Clearinghouse Partner in connection with the provisions of the SaaS Services, Clearinghouse Services, Practice Management Services or other services specifically identified in an Order Form, except to the extent directly caused by the willful misconduct or gross negligence of Company or Company’s Clearinghouse Partner. Clearinghouse Services are subject to availability via Company’s Clearinghouse Partners. Independentlylevied submission charges from payors are not included in the pricing and will be separately charged. Approval for electronic submission to and remittance from most non-commercial payors can take 4-8 weeks from the date Customer returns completed forms to Company. If elected by Customer, Company will provide electronic clearinghouse services through Company’s Clearinghouse Partners subject to the applicable terms and fees as set forth herein.
    • Electronic Claims Submission. Electronic claims submission service includes sending electronic claims in the ANSI 837 format to Company’s Clearinghouse Partners. Company shall charge Customer a fee for each electronic claim transaction by all End Users based upon the subscription plan to which Customer is subscribed.
      • Subject to the Transaction Allowance set forth in the applicable Order Form(s), Customer’s End Users may submit electronic claims to any payor listed on the Company’s Platinum Plan list of payors. If there is not a rate specified in the applicable Order Form, Company shall charge a transaction fee, at Company’s then current, published rate, per transaction that exceeds the Transaction Allowance in each month or for any transaction that is not included as part of plan or listed as “Non-Par”. Customer shall also be liable for any additional fees charged by payor for transactions not part of a plan.
    • Electronic Remittance Advice. Electronic remittance advice service includes receiving electronic remittance advice messages from Company’s Clearinghouse Partners in the ANSI 835 format. Company shall charge a fee for each electronic remittance transaction based for all End Users based upon the subscription plan to which Customer is subscribed
      • Subject to the Transaction Allowance set forth in the applicable Order Form(s), Customer’s End Users may submit electronic remittance transactions to any payor listed on the Company’s Platinum Plan list of payors. If there is not a rate specified in the applicable Order Form, Company shall charge a transaction fee, at Company’s then current, published rate, per transaction that exceeds the Transaction Allowance in each month or for any transaction that is not included as part of plan or listed as “Non-Par”. Customer shall also be liable for any additional fees charged by payor for transactions not part of a plan.
      • If an End User of Customer or Customer itself desires to discontinue electronic remittance services, then Customer or the applicable End User must contact insurance companies directly to request termination.
    • Electronic Real-Time Insurance Eligibility Services. Electronic real-time insurance eligibility services include performing electronic verification of insurance benefits from Company’s Clearinghouse Partners in the ANSI 270/271 format. Company offers these services under the following terms and conditions:
      • Subject to the Transaction Allowance as set forth in the applicable Order Form(s), Customer’s End Users may submit electronic insurance eligibility check transactions to any payor listed on Company’s Platinum Plan list of payors. If there is not a rate specified in the applicable Order Form, Company shall charge a transaction fee, at Company’s then current, published rate, per transaction that exceeds the Transaction Allowance in each month or for any transaction that is not included as part of plan or listed as “Non-Par”. Customer shall also be liable for any additional fees charged by payor for transactions not part of a plan.
  5. User Account. To use the SaaS Services and any Clearinghouse Services, Practice Management Services or other services specifically identified in an Order Form, and for each such Service to operate properly, Customer must supply Company with certain “Registration Data”, all of which must be accurate and updated as appropriate. Failure to properly maintain the Registration Data shall be a breach of the Agreement. Customer and each End User should ensure that it can receive e-mail from Company, which may require Customer and each End User to add Company to a “trusted” sender list to avoid delays or having Company’s correspondences blocked from Customer or End User’s inbox.
  6. Evaluation and Management Coding Tool. The MediTouch® EHR provides a suggestive Evaluation and Management Procedure Coding Tool. Company assumes no liability regarding the selection and billing of provider procedure codes.
  7. Suspension of MediTouch® Services/Denied Access. In addition to any other rights granted to Company herein, Company reserves the right to suspend or terminate this Agreement and Customer and each End User’s access to all SaaS Services and any Clearinghouse Services, Practice Management Services or other services specifically identified in an Order Form if Company does not receive full payment by Customer and/or the End User within ten (10) days of the invoice date. Delinquent accounts are subject to an administrative late charge of $35.00 per invoice per month for any invoice not paid by the due date and which remains unpaid each 30 day period thereafter, including any electronic transaction that is declined and any returned checks. Additionally, any amounts payable by Customer and/or an End User hereunder which remain unpaid after the due date shall be subject to a finance charge equal to 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is less, and such interest shall begin to accrue after fifteen (15) days from the invoice date. Customer will be charged for any Subscription Fees during any period of suspension. If Company does not receive full payment by Customer or its End User(s) within thirty (30) days of the date a payment is due, such nonpayment shall constitute a material breach of this Agreement. If either party initiates termination of this Agreement, Customer will be obligated to pay, on behalf of itself and its End Users, the balance due on its account computed in accordance with the terms of this Agreement.
  8. Billing Information. Customer agrees to provide, on behalf of itself and its End Users, Company with complete and accurate billing and contact information. This information includes Customer’s legal company name, street address, e-mail address, and name and telephone number of an authorized billing contact. Customer agrees to promptly update this information but, in no event, later than five (5) days, of any change to it. If Customer has a good faith belief that any charges are in error, then Customer must contact Company in writing within thirty (30) days of the disputed invoice’ date to be eligible to receive an adjustment or credit. Customer agrees not to withhold payment on any invoice while Company reviews Customer’s request for an adjustment or credit. If Company issues an adjustment or credit that exceeds the current balance on Customer’s account, then Company agrees to refund the difference to Customer within thirty (30) days.
  9. Electronic Payments. Customer agrees to provide Company with updated credit card information and expressly authorizes Company to charge Customer’s credit card information each month for an amount equal to Customer’s current balance. If either (1) Customer’s credit card information changes, (2) Customer’s credit card information becomes expired, or (3) Customer is notified by Company of an unsuccessful attempt by Company to charge Customer’s credit card information for Customer’s invoice total, then Customer agrees to update its account with valid credit card information as soon as possible but, in no event, later than five (5) days. If, any time, Customer revokes its credit card authorization, then such revocation shall be considered a material breach of this Agreement
  10. PQRS and Meaningful Use End Users. Customer, on behalf of itself and each End User, authorizes Company to send and or generate a quality file to CMS should Company offer this service. Customer agree to associate all of its and its End Users’ Medicare Fee For Service patients with the Medicare FFS payer class on the administrative screen dedicated to insurance plan detail. Customer, on behalf of itself and the End Users, agree to associate all Medicare patients with an accurate Medicare ID / HIC ID. The rendering NPI associated with each End User Provider in the provider maintenance table is the same NPI that is registered with your Medicare payer.
  11. Definitions:
    • “Transaction Allowance” is the number of monthly transactions that a Customer and/or End User can perform for no charge and subject to the other limitations for the applicable subscription plan as set forth in the Order Form(s). Additional transactions beyond the Transaction Allowance or for transactions not included in the Customer’s subscription shall be invoiced at the rates set forth in the Order Form or, if not set forth in the Order Form then at Company’s then current, published rate.

Business Associate Schedule

Recitals

  • Company is providing services to Customer under a written agreement (the “Master Agreement”), and Customer wishes to disclose certain information to Company pursuant to the terms of such Master Agreement, some of which may constitute Protected Health Information (“PHI”) (defined below).
  • Customer and Company intend to protect the privacy and provide for the security of PHI disclosed to Company pursuant to the Master Agreement in compliance with (i) the Health Insurance Portability and Accountability Act of 1996, Public Law No. 104-191 (“HIPAA”); (ii) Subtitle D of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), also known as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, Public Law No. 111-005 (“ARRA”); and (iii) regulations promulgated thereunder by the U.S. Department of Health and Human Services, including the HIPAA Omnibus Final Rule, which amended the HIPAA Privacy and Security Rules (as those terms are defined below) and implemented a number of provisions of the HITECH Act (the “HIPAA Final Rule”) and caused business associates and their subcontractors to be directly regulated under HIPAA.
  • The purpose of this BAA is to satisfy certain standards and requirements of HIPAA, the Privacy Rule and the Security Rule (as those terms are defined below), and the HITECH Act, including, but not limited to, Title 45, §§ 164.314(a)(2)(i), 164.502(e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”).

In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

  1. DEFINITIONS. Capitalized terms used in this BAA and not otherwise defined herein shall have the meanings set forth in the Privacy Rule, the Security Rule, and the HITECH Act, which definitions are incorporated in this BAA by reference.
    1. 1.1 “Breach” shall have the same meaning given to such term in 45 C.F.R. § 164.402.
    2. 1.2. “Designated Record Set” shall have the same meaning given to such term in 45 C.F.R. § 164.501.
    3. 1.3. "Electronic Protected Health Information" or "Electronic PHI" shall have the same meaning given to such term under the Privacy Rule and the Security Rule, including, but not limited to, 45 C.F.R. § 160.103, as applied to the information that Company creates, receives, maintains or transmits from or on behalf of Customer.
    4. 1.4. “Individual” shall have the same meaning given to such term in 45 C.F.R. § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
    5. 1.5. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Part 160 and Part 164, Subparts A and E.
    6. 1.6. “Protected Health Information” or “PHI” shall have the same meaning given to such term in 45 C.F.R. § 160.103, as applied to the information created or received by Company from or on behalf of Customer.
    7. 1.7. “Required by Law” shall have the same meaning given to such term in 45 C.F.R. § 164.103.
    8. 1.8. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee.
    9. 1.9. "Security Incident" shall have the same meaning given to such term in 45 C.F.R. § 164.304, but shall not include (i) unsuccessful attempts to penetrate computer networks or servers maintained by Company; and (ii) immaterial incidents that occur on a routine basis, such as general “pinging” or “denial of service” attacks.
    10. 1.10. "Security Rule" shall mean the Security Standards at 45 C.F.R. Part 160 and Part 164, Subparts A and C.
    11. 1.11. “Unsecured PHI” shall have the same meaning given to such term in 45 C.F.R. § 164.402, and guidance promulgated thereunder.
     
  2. PERMITTED USES AND DISCLOSURES OF PHI.
  3.  
    1. 2.1. Uses and Disclosures of PHI Pursuant to Master Agreement. Except as otherwise limited in this BAA, Company may use or disclose PHI to perform functions, activities or services for, or on behalf of, Customer as specified in the Master Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by Customer. To the extent Company is carrying out one or more of Customer’s obligations under the Privacy Rule pursuant to the terms of the Master Agreement or this BAA, Company shall comply with the requirements of the Privacy Rule that apply to Customer in the performance of such obligation(s).
    2. 2.2. Permitted Uses of PHI by Company. Except as otherwise limited in this BAA, Company may use PHI for the proper management and administration of Company or to carry out the legal responsibilities of Company.
    3. 2.3. Permitted Disclosures of PHI by Company. Except as otherwise limited in this BAA, Company may disclose PHI for the proper management and administration of Company, provided that the disclosures are Required by Law, or Company obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person (which purpose must be consistent with the limitations imposed upon Company pursuant to this BAA), and that the person agrees to notify Company of any instances of which it is aware in which the confidentiality of the information has been breached. Company may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1).
    4. 2.4. Data Aggregation. Except as otherwise limited in this BAA, Company may use PHI to provide Data Aggregation services as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B), including use of PHI for statistical compilations, reports and all other purposes allowed under applicable law.
    5. 2.5. De-identified Data. Company may create de-identified PHI in accordance with the standards set forth in 45 C.F.R. § 164.514(b) and may use or disclose such de-identified data for any purpose.
     
  4. OBLIGATIONS OF COMPANY.
  5.  
    1. 3.1. Appropriate Safeguards.
      • Privacy of PHI. Company will continue to develop, implement, maintain, and use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by the Master Agreement and this BAA. The safeguards will reasonably protect PHI from any intentional or unintentional use or disclosure in violation of the Privacy Rule and this BAA, and limit incidental uses or disclosures made pursuant to a use or disclosure otherwise permitted by this BAA.
      • Security of PHI. Company shall use appropriate safeguards and shall, after the compliance date of the HIPAA Final Rule, comply with the Security Rule with respect to Electronic PHI, to prevent use or disclosure of such information other than as provided for by the Master Agreement and this BAA.
    2. 3.2. Reporting of Improper Use or Disclosure, Security Incident or Breach. Company shall report to Customer any use or disclosure of PHI not permitted under this BAA or any Security Incident, without unreasonable delay, and in any event no more than thirty (30) days following discovery; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Company to Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which notice to Customer by Company shall be required only upon request. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Company’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Company’s notification to Customer of a Breach shall include: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Company to have been, accessed, acquired or disclosed during the Breach; and (ii) any particulars regarding the Breach that Customer would need to include in its notification, as such particulars are identified in 45 C.F.R. § 164.404.
    3. 3.3. Company’s Agents. In accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 45 C.F.R. § 164.308(b)(2), as applicable, Company shall enter into a written agreement with any agent or subcontractor that creates, receives, maintains or transmits PHI on behalf of Company for services provided to Customer, providing that the agent agrees to restrictions and conditions that are substantially similar to those that apply through this BAA to Company with respect to such PHI.
    4. 3.4. Access to PHI. To the extent Company has PHI contained in a Designated Record Set, it agrees to make such information available to Customer pursuant to 45 C.F.R. § 164.524, as applicable, within ten (10) business days of Company’s receipt of a written request from Customer; provided, however, that Company is not required to provide such access where the PHI contained in a Designated Record Set is duplicative of the PHI contained in a Designated Record Set possessed by Customer. If an Individual makes a request for access pursuant to 45 C.F.R. § 164.524 directly to Company, or inquires about his or her right to access, Company shall direct the Individual to Customer.
    5. 3.5. Amendment of PHI. To the extent Company has PHI contained in a Designated Record Set, it agrees to make such information available to Customer for amendment pursuant to 45 C.F.R. § 164.526 within twenty (20) business days of Company’s receipt of a written request from Customer. If an Individual submits a written request for amendment pursuant to 45 C.F.R. § 164.526 directly to Company, or inquires about his or her right to amendment, Company shall direct the Individual to Customer.
    6. 3.6. Documentation of Disclosures. Company agrees to document such disclosures of PHI and information related to such disclosures as would be required for Customer to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528, as applicable. Company shall document, at a minimum, the following information (“Disclosure Information”): (i) the date of the disclosure, (ii) the name and, if known, the address of the recipient of the PHI, (iii) a brief description of the PHI disclosed, (iv) the purpose of the disclosure that includes an explanation of the basis for such disclosure, and (v) any additional information required under the HITECH Act and any implementing regulations.
    7. 3.7. Accounting of Disclosures. Company agrees to provide to Customer, within twenty (20) business days of Company’s receipt of a written request from Customer, information collected in accordance with Section 3(f) of this BAA, to permit Customer to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528, as applicable. If an Individual submits a written request for an accounting of disclosures of PHI pursuant to 45 C.F.R. § 164.528 directly to Company, or inquires about his or her right to an accounting of disclosures of PHI, Company shall direct the Individual to Customer.
    8. 3.8. Governmental Access to Records. Company shall make its internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by Company on behalf of, Customer available to the Secretary for purposes of the Secretary determining compliance with the Privacy Rule and the Security Rule.
    9. 3.9. Mitigation. To the extent practicable, Company will cooperate with Customer’s efforts to mitigate a harmful effect that is known to Company of a use or disclosure of PHI not provided for in this BAA.
    10. 3.10. Minimum Necessary. Company shall request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure, in accordance with 45 C.F.R. § 164.514(d), and any amendments thereto.
    11. HITECH Act Applicability. Company acknowledges that enactment of the HITECH Act, as implemented by the HIPAA Final Rule, amended certain provisions of HIPAA in ways that now directly regulate, or will on future dates directly regulate, Company under the HIPAA Privacy and Security Rules. Company agrees to comply with applicable requirements imposed under the HITECH Act, as of the effective date of each such requirement.
     
  6. OBLIGATIONS OF CUSTOMER.
  7.  
    1. 4.1 Notice of Privacy Practices. Customer shall notify Company of any limitation(s) in its notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect Company’s use or disclosure of PHI. Customer shall provide such notice no later than fifteen (15) days prior to the effective date of the limitation.
    2. 4.2 Notification of Changes Regarding Individual Permission. Customer shall notify Company of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Company’s use or disclosure of PHI. Customer shall provide such notice no later than fifteen (15) days prior to the effective date of the change. Customer shall obtain any consent or authorization that may be required by the HIPAA Privacy Rule, or applicable state law, prior to furnishing Company with PHI.
    3. 4.3 Notification of Restrictions to Use or Disclosure of PHI. Customer shall notify Company of any restriction to the use or disclosure of PHI that Customer has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Company’s use or disclosure of PHI. Customer shall provide such notice no later than fifteen (15) days prior to the effective date of the restriction. If Company reasonably believes that any restriction agreed to by Customer pursuant to this Section may materially impair Company’s ability to perform its obligations under the Master Agreement or this BAA, the Parties shall mutually agree upon any necessary modification of Company’s obligations under such agreements.
    4. 4.4 Permissible Requests by Customer. Customer shall not request Company to use or disclose PHI in any manner that would not be permissible under the Privacy Rule, the Security Rule or the HITECH Act if done by Customer, except as permitted pursuant to the provisions of Section 2 of this BAA.
     
  8. TERM AND TERMINATION.
  9.  
    1. 5.1 Term. The term of this BAA shall commence as of the Effective Date, and shall terminate when all of the PHI provided by Customer to Company, or created or received by Company on behalf of Customer, is destroyed or returned to Customer or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with Section 5(c).
    2. 5.2 Termination for Cause. Upon either Party’s knowledge of a material breach by the other Party of this BAA, such Party shall provide written notice to the breaching Party stating the nature of the breach and providing an opportunity to cure the breach within thirty (30) business days. Upon the expiration of such 30-day cure period, the non-breaching Party may terminate this BAA and, at its election, the Master Agreement, if cure is not possible.
    3. 5.3 Effect of Termination.
      • Except as provided in paragraph (ii) of this Section 5(c), upon termination of the Master Agreement or this BAA for any reason, Company shall return or destroy all PHI received from Customer, or created or received by Company on behalf of Customer, and shall retain no copies of the PHI.
      • If it is infeasible for Company to return or destroy the PHI upon termination of the Master Agreement or this BAA, Company shall: (i) extend the protections of this BAA to such PHI; (ii) limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Company maintains such PHI; and (iii) never disclose such PHI to another Company client or third party.
     
  10. Cooperation in Investigations. The Parties acknowledge that certain breaches or violations of this BAA may result in litigation or investigations pursued by federal or state governmental authorities of the United States resulting in civil liability or criminal penalties. Each Party shall cooperate in good faith in all respects with the other Party in connection with any request by a federal or state governmental authority for additional information and documents or any governmental investigation, complaint, action or other inquiry.
  11.  
  12. Survival. The respective rights and obligations of Company under Section 5(c) of this BAA shall survive the termination of this BAA and the Master Agreement.
  13.  
  14. Effect of BAA. In the event of any inconsistency between the provisions of this BAA and the Master Agreement, the provisions of this BAA shall control. In the event of inconsistency between the provisions of this BAA and mandatory provisions of the Privacy Rule, the Security Rule or the HITECH Act, as amended, or their interpretation by any court or regulatory agency with authority over Company or Customer, such interpretation shall control; provided, however, that if any relevant provision of the Privacy Rule, the Security Rule or the HITECH Act is amended in a manner that changes the obligations of Company or Customer that are embodied in terms of this BAA, then the Parties agree to negotiate in good faith appropriate non-financial terms or amendments to this BAA to give effect to such revised obligations. Where provisions of this BAA are different from those mandated in the Privacy Rule, the Security Rule, or the HITECH Act, but are nonetheless permitted by such rules as interpreted by courts or agencies, the provisions of this BAA shall control.
  15.  
  16. General. This BAA is governed by, and shall be construed in accordance with, the laws of the State that govern the Master Agreement. Any action relating to this BAA must be commenced within (1) one year after the date upon which the cause of action accrued. Customer shall not assign this BAA without the prior written consent of Company, which shall not be unreasonably withheld. If any part of a provision of this BAA is found illegal or unenforceable, it shall be enforced to the maximum extent permissible, and the legality and enforceability of the remainder of that provision and all other provisions of this BAA shall not be affected. All notices relating to the Parties’ legal rights and remedies under this BAA shall be provided in writing to a Party, shall be sent to its address set forth in the signature block below, or to such other address as may be designated by that Party by notice to the sending Party, and shall reference this BAA. This BAA may be modified, or any rights under it waived, only by a written document executed by the authorized representatives of both Parties. Nothing in this BAA shall confer any right, remedy, or obligation upon anyone other than Customer and Company. This BAA is the complete and exclusive agreement between the Parties with respect to the subject matter hereof, superseding and replacing all prior agreements, communications, and understandings (written and oral) regarding its subject matter.