top of page

 

 

MASTER Services Agreement

 

This Master Services Agreement (this “Agreement”) is between you (“Customer”) and IMPG 2.0, LLC d/b/a the Valor Solution (“Provider”).  If you are agreeing to this Agreement not as an individual but on behalf of your company, government, or other entity for which you are acting (for example, as an employee or governmental official), then “you” means your entity and you are binding your entity to this Agreement.  Provider and Customer are sometimes together referred to herein as the “Parties” and individually as a “Party.”

The “Effective Date” of this Agreement is the date which is the earlier of (a) your initial access to or use of the Services (defined in Section 1.1) or (b) the effective date on Statement of Services (defined in Section 1.3), which is incorporated herein by reference.  Provider may modify this Agreement from time-to-time subject to Section 8.8.

By signing the Statement of Services, or by using or accessing the Services, you indicate your assent to be bound by this Agreement.  If you do not agree to this Agreement, do not use or access the Services.

Capitalized terms shall have the meanings assigned to them in Article 9 (Definitions) or as set forth elsewhere in this Agreement.

ARTICLE 1
Services

  1. General.  Customer hereby retains Provider for the purpose of rendering certain practice management services and support, including the provision of goods in connection therewith, and all other management and support services and operational expertise as agreed by the Parties on the basis hereafter set forth, subject to applicable Law (defined in Article 9) (collectively, the “Services”).

 

  1. Access and Use. Subject to and conditioned on Customer’s and its Authorized Users’ (defined in Article 9) compliance with the terms and conditions of this Agreement, Provider hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 8.6) right to access and use the Services during the Term (defined in Section 2.1), solely for use by Authorized Users in accordance with the terms and conditions herein (the “License”).  Such License is limited to Customer’s internal use.  Provider shall provide to Customer the Access Credentials (defined in Article 9) for Authorized Users to obtain access to the Services within a reasonable time following the Effective Date.

 

  1. Statement of Services.  If and when Customer requests and Provider agrees to provide the Services hereunder, the Parties each, by an authorized officer, shall execute a statement of services furnished to Customer directly and incorporated herein by this reference (“Statement of Services”).  The Statement of Services shall describe the Services to be rendered, the time period or frequency for such Services, the pricing arrangement for such Services and other information specific to the Services. 

This Agreement and the Statement of Services shall be subject to the following limitations:

  1. the aggregate compensation paid to Provider over the Term (defined in Section 2.1) or the Statement of Services shall not be determined in a manner that takes into account the volume or value of any referrals or business otherwise generated between the Parties;

  2. the Services performed under this Agreement or the Statement of Services shall not involve the counseling or promotion of a business arrangement or other activity that violates any applicable Law; and

  3. the aggregate Services contracted under the Schedules of Services shall not exceed those which are reasonably necessary to accomplish the commercially reasonable business purpose of the arrangement.

  4. Change Process.  In the event Customer desires to modify the Services set forth in the Statement of Services and Provider agrees to make such modifications, the Parties agree, in accordance with Section 8.8, to execute an amendment or restatement of the Statement of Services to effect any such desired change.

  5. Change of Laws.  The Parties shall cooperate to adjust the scope, price, or other aspect of any Services if applicable Law is amended in a manner that materially affects the provision or cost of the Services and any such change shall be effective upon execution of an amendment or restatement by the Parties in accordance with Section 8.8.  If the Parties cannot agree on such changes, then the Statement of Services relating to those Services shall be terminated and Customer shall pay Provider as set forth in Section 2.3(c) and there shall be no Transition Period (defined in Section 2.3).

  6. Non-Exclusion or Suspension Representations, Warranties and Covenants.  Neither Party is or has been at any time excluded or suspended from participation in any government-funded health care program including, without limitation, Medicare, or Medicaid.  Each Party hereby agrees to immediately notify the other Party of any threatened, proposed, or actual exclusion or suspension from any government-funded health care program, including without limitation the Medicare or Medicaid reimbursement programs.  In the event that a Party is excluded or suspended from participation in any government-funded health care program during the Term, the Party shall immediately give notice of exclusion or suspension to the other Party.

  7. No Up-time Guarantee.  Provider makes no representation, warranty or condition regarding the availability or operability of the Services at any time.

  8. Suspension or Termination of Services.  Provider may, directly or indirectly, and by use of a Provider Disabling Device (defined in Article 9) or any other lawful means, suspend, terminate, or otherwise deny Customer’s, any Authorized User’s, or any other Person’s (defined in Article 9) access to or use of all or any part of the Services, without incurring any resulting obligation or liability, if: (a) Provider receives a judicial or other governmental demand or order, subpoena, or law enforcement request that expressly or by reasonable implication requires Provider to do so; or (b) Provider believes, in its sole discretion, that: (i) Customer or any Authorized User has failed to comply with any term of this Agreement, or accessed or used the Services beyond the scope of the rights granted in the License or for a purpose not authorized under this Agreement; (ii) Customer or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities; (iii) Customer fails to make timely payment as set forth in Section 4; or (iv) this Agreement expires or is terminated.  This Section 1.8 does not limit any of Provider’s other rights or remedies, whether at law, in equity, or under this Agreement

ARTICLE 2.
TERM AND TERMINATION

  1. Term.  The initial term of this Agreement shall be for a period of one (1) year commencing on the Effective Date and ending on the first anniversary of the Effective Date (the “Initial Term”).  Thereafter, this Agreement shall automatically renew for successive one (1)-year periods (each a “Renewal Term”) unless either Party shall deliver written notice of non-renewal to the other Party at least thirty (30) days in advance of the expiration of the Initial Term or any then-current Renewal Term.  The Initial Term and each Renewal Term are collectively referred to as the “Term”.

 

  1. Early Termination.  Notwithstanding Section 2.1, this Agreement shall may be terminated earlier as follows:

    1. Default.  If any Party materially defaults in the performance of any of its obligations under this Agreement, which default shall not be substantially cured within thirty (30) days after the other Party has given written notice to the defaulting Party specifying the default, then the other Party, by giving notice to the defaulting Party, may terminate this Agreement as of a date specified in such notice of termination.  Notwithstanding the foregoing, with respect to material defaults that cannot be reasonably cured within thirty (30) days but can be reasonably cured within sixty (60) days, it shall not be a default under this Section 2.2.1 if the defaulting Party in good faith proceeds within thirty (30) days to commence curing said default and thereafter prosecutes with due diligence the curing of such default to conclusion within such sixty (60) day period.

 

  1. Insolvency.  If either Party is declared insolvent or bankrupt in a legal proceeding, is the subject of any proceedings related to its liquidation, insolvency or for the appointment of a receiver, conservator or similar officer for it, makes an assignment for the benefit of all or substantially all of its creditors, or enters into an agreement for the composition, extension or readjustment of all or substantially all of its obligations, then this Agreement may be terminated immediately upon the delivery of written notice from the other Party, and all payment obligations under this Agreement shall be deemed to be administrative expenses of the bankrupt Party.

  2. Immediate Termination.  By a Party immediately upon delivery of written notice in the event of the other Party’s: (a) suspension from participation in any government-funded health care program as set forth in Section 1.6; (b) loss or suspension of any license or authorization, which is required by such Party to conduct business or perform its obligations under this Agreement; or (c) cancellation or termination of its insurance required under Section 8.1.

  3. Effect of Termination.  Upon the expiration or termination of this Agreement for any reason and conclusion, if applicable, of the Transition Period:

  1. all rights, licenses (including the License), consents, and authorizations granted by Provider to Customer hereunder immediately terminate and Provider shall have no further obligation to perform or make available the Services;

  2. Provider shall disable all Customer and Authorized User access to the Services;

  3. the Parties shall make a good faith effort to resolve any payment obligations hereunder within ten (10) days of termination by providing the other Party with an accounting setting forth the amount due to such requesting Party. 

Notwithstanding the foregoing, upon Customer’s request, Provider may continue to provide the Services, and, in such event, Customer shall continue to pay for the Services for a period not to exceed one hundred and twenty (120) days following termination or expiration of this Agreement (the “Transition Period”) and all of the terms and conditions of this Agreement shall apply for the Transition Period notwithstanding its termination or expiration.

Article 3.
Obligations of the Parties

  1. Customer Use Restrictions.  Customer shall not, and shall not permit any other Person to, access or use the Services except as expressly permitted by this Agreement and, in the case of Third-Party Materials (defined in Article 9), the applicable third-party license agreement.  For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:

    1. copy, modify, or create derivative works or improvements of the Services;

    2. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Services to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service;

    3. reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Services, in whole or in part;

    4. bypass or breach any security device or protection used by the Services or access or use the Services other than by an Authorized User through the use of his or her own then valid Access Credentials;

    5. input, upload, transmit, or otherwise provide to or through the Services or Provider Systems, whether directly or indirectly as a result of a third-party’s unauthorized use of Customer’s Access Credentials, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code;

    6. damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the Services or Provider’s provision of the Services to any third-party, in whole or in part;

    7. remove, delete, alter, or obscure any trademarks, documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other Intellectual Property (defined in Section 5.2) or proprietary rights notices from any Services, including any copy thereof;

    8. access or use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third-party (including by any unauthorized access to, misappropriation, use, alteration, destruction, or disclosure of the data of any other Provider customer), or that violates any applicable Law;

    9. access or use the Services for purposes of competitive analysis of the Services, the development, provision, or use of a competing software service or product or any other purpose that is to the Provider’s detriment or commercial disadvantage; or

    10. otherwise access or use the Services beyond the scope of the authorization granted under this Agreement.

  2. Final Authority; Customer Facilities.  The Parties acknowledge that Customer shall at all times retain the ultimate authority and responsibility regarding its operations.  Without limiting the generality of the foregoing, Customer has final administrative and management approval for Customer’s (i) policies and procedures, (ii) contracts with outside parties, and (iii) personnel actions and decisions.  In no event will the Services consist of the rendering of clinical care or the provision of medical advice.  The Services do not constitute and are not a substitute for professional medical advice, diagnosis, or treatment.  Provider does not recommend or endorse any specific tests, products, procedures, or other methods of treatment (collectively, “Healthcare Decisions”) that may be ordered or recommended by Customer or its Representatives (defined in Section 6.1.1) and recorded or ordered by the Customer or its Representatives in or through the Services. Customer shall be solely liable and responsible for any and all Healthcare Decisions it and its Representatives make.  Unless specifically agreed otherwise in a Statement of Services, for purposes of the Employee Retirement Income Security Act and regulations promulgated thereunder, any Services are non-discretionary and do not impose any fiduciary duties or liabilities upon Provider.  Customer shall, at the request of Provider, permit Provider to utilize Customer’s space, facilities, supplies and equipment, including software and IT systems, in order to perform the Services.

 

  1. Customer Compliance and Control.  Customer represents and warrants that it maintains, and during the Term of this Agreement will maintain, on a current basis and in good standing, all necessary licenses, certificates, registrations, or other permits required by applicable Law to its operations.  Customer has and will retain sole responsibility for: (a) all Customer Data (defined in Section 6.2.1), including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) Customer Systems (defined in Article 9); (d) the security and use of Customer’s and its Authorized Users’ Access Credentials; and (e) all access to and use of the Services directly or indirectly by or through the Customer Systems or its Authorized Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.

  2. Provider Performance.  With respect to performance under the Statement of Services, Provider shall use reasonable care and diligence in the performance under the Statement of Services and comply with all Laws applicable to the Services. 

  3. Reliance on Instructions.  Provider may rely upon and is under no obligation to investigate the accuracy or completeness of any written or verbal instructions or information given by Customer or its designated Representatives relating to Provider’s performance under the Statement of Services.

  4. Third-Party Vendors.  As agreed by the Parties in the Statement of Services, Provider may assist in the coordination of the Services by certain vendors to Customer at the request of Customer; provided, that Provider shall not be liable for the acts or omissions of such vendors or, unless explicitly set forth in a Statement of Services, any payment to such vendors.

  5. Use of Subcontractors.  Provider may utilize vendors, affiliates, or subcontractors to perform Services under the Statement of Services unless specified otherwise in the Statement of Services.  Unless otherwise specified in a Statement of Services or agreement between the Parties, Provider shall be solely responsible for the costs and performance of such external vendors or subcontractors.

  6. No Tax or Legal Advice.  Unless explicitly set forth in a Statement of Services, none of the Services shall involve or be deemed to involve the provision by Provider of tax or legal advice, and Customer agrees that it is solely responsible for obtaining or providing its own independent tax and legal advice.

  7. HIPAA Compliance.  The Parties have determined that Provider is or may be acting as a “business associate” with respect to Customer, as such is defined by Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”) under this Agreement.  Accordingly, Provider and Customer shall execute the business associate agreement incorporated herein by reference and available at www.thevalorsolution.com/business-associate-agreement (the “Business Associate Agreement”). 

  8. Information Sharing.  To the extent necessary to accomplish the purposes of this Agreement and in accordance with the Business Associate Agreement and the applicable Law regulating the confidentiality of patient information, Customer shall share patient information with Provider as necessary for Provider to provide the Services.

  9. Cooperative Efforts.  The Parties agree to devote their reasonable efforts to promote cooperation and effective communication between each other with respect to the performance of the Services hereunder.

  10. Billing Records and Other Documentation.  Customer shall own and maintain any and all billing records and other documentation, related to its operations (the “Records”).  Provider shall have reasonable access to the Records during the Term of this Agreement as may be necessary or appropriate in performing the Services pursuant to this Agreement, so long as Provider agrees to maintain the confidentiality of such Records as required by and applicable under Section 3.9 and as otherwise may be required by Law.

  11. No Referral or Admission Requirements.  The Parties agree that nothing contained in this Agreement shall require either Party to refer patients to or otherwise generate business for the other Party. 

  12. Federal Health Care Program Participation.  To the extent applicable, each Party hereby represents and warrants to the other Party that (a) it is not excluded from or otherwise ineligible for participation in any federal health care program, as defined under 42 U.S.C. Section 1320a-7b(f), for the provision of items or the Services for which payment may be made under a federal health care program, (b) it has not arranged or contracted (by employment or otherwise) with any employee, contractor, or agent that such Party knows or should know is excluded from or is otherwise ineligible for participation in any federal health care program, and (c) no final adverse action, as such term is defined under 42 U.S.C. Section 1320a-7e(g), has occurred or is pending or threatened against such Party or, to such Party’s knowledge, against any of its owners, employees, contractors, or agents. In the event that, during the Term of this Agreement, either Party or any of its agents are so excluded, suspended, debarred, or sanctioned, or are convicted or found to have violated any federal or state fraud and abuse or illegal remuneration law, the Party shall promptly notify the other Party of such event.

  13. Compliance with Laws; Nondiscrimination.  Each Party agrees to fully comply with all applicable Laws now in force, or which may hereafter be in force, affecting such Party’s performance under this Agreement. 

Article 4.
COMPENSATION

  1. Invoices.  Unless specified otherwise in the Statement of Services, fees for the Services and reimbursable expenses will be invoiced monthly.  Customer shall make payment to Provider no later than thirty (30) calendar days after the invoice date or as may be otherwise agreed in a Statement of Services (the “Payment Date”).  Failure by Customer to timely pay any invoiced amounts on the Payment Date or when otherwise due as set forth in the Statement of Services shall be grounds for Provider to elect to suspend performance hereunder, pursuant to Section 1.8, until all invoices are paid in full.  Any past due amounts shall bear interest at the rate of 1.5% per month (or the maximum permitted by law, if less) until paid in full.  If Customer disputes any amount invoiced by Provider hereunder, Customer shall promptly notify Provider of the nature and amount of such disputed amount.

 

  1. Credit Card Authorization.  If Customer has elected to make payment via credit card, Customer authorizes Provider to charge against the credit card Customer provides to Provider all amounts owed for the Services as set forth in the Statement of Services including, without limitation, a credit card processing fee or any other fees assessed to Provider by its credit card processor.  In the event Customer’s credit card will not process the fees due pursuant to this Agreement and the Statement of Services, whether due to expiry or otherwise, Customer shall promptly provide Provider with an alternative working credit card number or valid method of payment within three (3) days of Customer’s receipt of notice from Provider.  Customer indemnifies Provider against any costs or fees it may incur as a result of Customer’s unauthorized credit card use.

Article 5.
Intellectual Property; ASSIGNMENT OF RIGHTS.

  1. Intellectual Property.  Each Party represents and warrants that the Services do not and will not cause the other Party to infringe the Intellectual Property Rights of any third-party. All right, title, and interest to any and will remain the exclusive property of such Party. All Intellectual Property of a Party is and will remain the exclusive property of such Party. Neither Party will have rights or interests in the other’s Intellectual Property except as expressly provided for in this Agreement or the Statement of Services.

 

  1. Ownership. For the avoidance of doubt, the Parties agree that Provider shall be the sole and exclusive owner and holder of all right, title and interest in and to all patents, trademarks, copyrights, works of authorship, databases, methods, deliverables and any derivative works, trade secrets, know-how or any other information related thereto that is associated with such Party’s Intellectual Property Rights (collectively, “Intellectual Property”) related to or created by Provider in connection with the Services and/or this Agreement.

Article 6.
Confidentiality; Ownership and Use of Data; Records

  1. Confidentiality. The Parties acknowledge that (i) due to the nature of the relationship created by this Agreement, each Party shall have access to and acquire Confidential Information (defined in Section 6.1.2) related to the other Party’s business and operations, (ii) all Confidential Information is solely the property of the disclosing Party, and (iii) the disclosure of Confidential Information to competitors and other third parties would cause substantial loss to the disclosing Party. 

 

  1. Confidentiality Obligations. Each Party and, as applicable, its respective officers, directors, members, managers, shareholders, affiliates, subsidiaries, employees, agents, partners, successors and assigns (collectively, “Representatives”) shall hold any and all Confidential Information of the other Party in the strictest confidence, and except as reasonably necessary to accomplish the Services hereunder or as required by law, shall not, voluntarily or involuntarily, use, sell, transfer, publish, disclose, display or otherwise make available to others any portion of such Confidential Information without the prior express written consent of the other Party.  Nothing herein shall limit or restrict Provider’s use of de-identified information including Customer Data in a De-Identified Format (defined in Section 6.2.2). 

  2. Definition of Confidential Information. As used herein, “Confidential Information” means information of a Party that is subject to patent, copyright, trademark, trade name or service mark protection, or is described as confidential by a Party, or is not otherwise in the public domain and is related to the business and operations of a Party, including, without limitation, operations, pricing information, proprietary software, policies and procedures, manuals, eligibility data, client lists, reimbursement rates, methods, systems, practices or plans of a Party and all similar information that is known only to Persons having a confidential relationship with such Party; provided, however, that Confidential Information shall not include any information that (i) is or becomes available to the public other than as a result of the receiving Party’s breach of the terms of this Agreement, (ii) was in the receiving Party’s possession prior to any disclosure thereof by the disclosing Party pursuant to the terms of this Agreement, or (iii) is or becomes available to the receiving Party on a non-confidential basis from a source other than the disclosing Party or its Representatives.

  3. Equitable Relief.  In the event of an actual or threatened breach of the foregoing covenant in Section 6.1.1, the non-breaching Party shall be entitled to an injunction against said breach and the breaching Party hereby consents to such injunction; provided, however, that nothing herein shall be construed as prohibiting the non-breaching Party from pursuing any other available remedies for such breach or threatened breach, including, without limitation, recovery of damages from the breaching Party.

  4. Ownership and Use of Data. 

    1. Provider agrees that all books, records, lists of names, journals, ledgers, and other recorded information submitted to or developed specifically in connection with the Statement of Services are and shall remain the property of Customer (collectively, “Customer Data”).  Notwithstanding the foregoing, Customer grants Provider a non-exclusive, royalty-free, irrevocable right and license to utilize and disclose the Customer Data for the purpose of performing its duties, functions, and responsibilities hereunder.

    2. Upon termination of this Agreement and completion, if applicable, of the Transition Period, Provider shall, at its discretion, promptly destroy the records referenced in Section 6.2.1 or deliver such records in the format in which they are normally maintained by Provider, to Customer or Customer’s designee.  Any costs associated with the conversion of records to a format other than those in which they were maintained by Provider shall be the responsibility of Customer, but Provider shall provide reasonable assistance and cooperation in connection therewith. This Section 6.2 shall not apply to records that must be maintained by Provider as required by applicable Law. Customer acknowledges and agrees that Provider may retain copies of and continue to utilize for its own purposes or commercial purposes Customer Data in De-Identified Format after termination of this Agreement.  “De-Identified Format” means formatted and redacted in a manner such that the Customer Data does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual in compliance with 45 C.F.R. Sections 164.514 and 164.502(a), (b) and (d) together with any other applicable component of HIPAA.

  5. Access to Books and Records. 

    1. During the Term, and until the expiration of seven (7) years after the furnishing of Services pursuant to this Agreement, the Parties shall, to the extent required by statute or regulation, make available to the Secretary of the Department of Health and Human Services (“DHHS”), the Comptroller General, or any of their duly authorized Representatives, this Agreement, and any books, documents and records that are necessary to certify the nature and extent of the respective costs incurred by the Parties with respect to this Agreement. The availability of the Parties’ books, documents and records will at all times be subject to such criteria and procedures for seeking access as may be promulgated by the Secretary of DHHS in regulations and other applicable Law. Any Party’s disclosure under this provision will not be construed as a waiver of any legal rights to which any Party may be entitled under statute or regulation.

    2. Provider further agrees that in the event Provider carries out any duties under a Statement of Services through subcontract with a value or cost of Ten Thousand Dollars ($10,000.00) or more over a twelve (12)-month period, such subcontract shall contain a provision requiring the subcontractor to make available until the expiration of seven (7) years after the furnishing of such Services pursuant to such subcontract upon written request to the Secretary of DHHS, or upon request to the Comptroller General of the United States General Accounting Office, or any of their duly authorized Representatives, a copy of such subcontract and such books, documents and records of such organization as are necessary to verify the nature and extent of such costs.

Article 7.
Indemnities and Liabilities

  1. Provider’s Role.  In no event shall Provider in any way be deemed to be an insurer, underwriter, or guarantor with respect to any obligations of Customer. Provider provides only Services to Customer hereunder and does not assume any financial risk or obligation with respect to claims for benefits payable by any health plans (including without limitation federal health care programs) contracted with or operated by Customer.  Nothing herein shall be deemed to constitute Provider as a party to any health plans administered by or through Customer. Nothing in this Agreement shall be deemed to impose upon Provider any obligation to any person who is participating in a health plan under contract with or operated by Customer.  Customer shall indemnify and hold Provider (and its officers, directors, agents, corporate affiliates and permitted subcontractors) harmless from and against all suits, losses, fines, damages or other claims arising from or related to its performance under the Statement of Services that may be inconsistent with the terms and intent of this Section 7.1.

 

  1. Indemnification by Customer.  Customer agrees to indemnify and hold Provider and its Representatives harmless from and against all claims, losses, damages, judgments, liabilities, causes, expenses, or obligations (including but not limited to reasonable attorneys’ fees and expenses) arising out of or resulting from a breach of the terms hereof by Customer.

  2. Indemnification by Provider.  Provider agrees to indemnify and hold Customer and its Representatives harmless from and against all claims, losses, damages, judgments, liabilities, causes, expenses, or obligations (including but not limited to reasonable attorneys’ fees and expenses) arising out of or resulting from a breach of the terms hereof by Provider.

  3. Limitation of Claims. NOTWITHSTANDING ANYTHING CONTAINED IN THIS AGREEMENT TO THE CONTRARY, PROVIDER SHALL NOT BE LIABLE TO CUSTOMER OR ANY THIRD PARTY UNDER ANY CIRCUMSTANCES (EVEN IF THIS AGREEMENT IS TERMINATED) FOR ANY CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE OR INDIRECT DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF PROFIT, REVENUE, BUSINESS OPPORTUNITY OR BUSINESS ADVANTAGE), WHETHER BASED UPON A CLAIM OR ACTION OF TORT, CONTRACT, WARRANTY, NEGLIGENCE, STRICT LIABILITY, BREACH OF STATUTORY DUTY, CONTRIBUTION, INDEMNITY OR ANY OTHER LEGAL THEORY OR CAUSE OF ACTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  4. Limitation of Damages. NOTWITHSTANDING ANYTHING CONTAINED IN THIS AGREEMENT TO THE CONTRARY, PROVIDER’S TOTAL LIABILITY UNDER OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE CAUSE OR FORM OF ACTION, AND WHETHER BEFORE OR AFTER ITS TERMINATION, SHALL NOT EXCEED THE TOTAL OF ALL AMOUNTS PAID TO PROVIDER UNDER THIS AGREEMENT DURING THE IMMEDIATELY PRECEDING TWELVE (12) MONTH PERIOD.

  5. Disclaimer of Warranties. ALL SERVICES ARE PROVIDED “AS IS”. PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.

  6. Survival.  Section 2.3, Article 4, Article 5, Article 6, and this Article 7 shall survive termination of this Agreement.

Article 8.
MISCELLANEOUS 

  1. Insurance.  During the Term, each Party shall cause to be placed and kept in force all forms of insurance needed to adequately protect itself, as reasonably in the case of the Services as determined by each Party.    

 

  1. Relationship of Parties.  In performing hereunder and under the Statement of Services, Provider is acting only as an independent contractor and not as an employee, corporate affiliate, or partner of Customer.  Nothing in this Agreement shall be deemed to constitute or create a joint venture, partnership, pooling arrangement, or other form of business entity between Provider or any of its affiliates and Customer or any of its affiliates.  It is acknowledged that Provider is performing ministerial functions on behalf of and under the control and general requirements of Customer. Provider does not undertake by this Agreement to perform any obligation of Customer whether regulatory or contractual, or to assume any responsibility for the business or operations of Customer.  Provider has the sole right and obligation to supervise, manage, contract, direct, procure, perform or cause to be performed, all work to be performed by Provider.  In the event of a conflict between the terms of this Section 8.2 and the Statement of Services, the terms of this Section 8.2 shall control.

  2. Notices.  Wherever under this Agreement either Party is required or permitted to give notices to the other, such notice shall be deemed given when in writing and personally delivered in hand by independent courier service, or when sent via certified mail, postage prepaid, to:

    1. in the case of Provider to IMPG 2.0, 385 W Pierson St, Unit B4, Phoenix AZ, 85013, Greg Ali; and

    2. in the case of Customer, to the billing address set forth on the Statement of Services.

Either Party may from time-to-time change its address for notification purpose by giving the other Party prior notice of the new address and the date upon which such new address shall become effective, which will be not less than ten (10) days from the date such notice is sent pursuant to this Section 8.3.

  1. No Requirement to Refer. Nothing in this Agreement, whether written or oral, nor any consideration in connection herewith, contemplates or requires the referral of any patient. This Agreement is not intended to influence the judgment of Provider or Customer or any of their employees, agents, beneficiaries, or members.

  2. Non-Assumption of Liabilities.  Neither Customer nor Provider will, by entering into and performing this Agreement, become liable for any of the existing or future obligations, liabilities, or debts of the other Party.

  3. Binding Nature and Assignment.  Customer may not assign or transfer this Agreement without Provider’s prior written consent. As an exception to the foregoing, Customer may assign this Agreement in its entirety (including the Statement of Services) to Customer’s successor resulting from Customer’s merger, acquisition, or sale of all or substantially all of its assets or voting securities, provided that you provide us with prompt written notice of the assignment and the assignee agrees in writing to assume all of its obligations under this Agreement. Any attempt by you to transfer or assign this Agreement except as expressly authorized above will be null and void. Provider may assign its rights and obligations under this Agreement (in whole or in part with respect to any individual Service) without Customer’s consent. This Agreement shall be binding upon, and shall inure to the benefit of, the Parties and their respective legal representatives, successors, and assigns.

  4. Entire Agreement.  This Agreement, including the Statement of Services, constitutes the entire agreement between the Parties with respect to the subject matter of this Agreement as of the date hereof and supersedes any prior agreements or arrangements between Provider and Customer regarding the subject matter of this Agreement. 

  5. Amendment. Provider may modify the terms and conditions of this Agreement from time-to-time with notice given to you by email, on the platform and/or software through which the Customer accesses or is provided the Services, or through our website.  Together with notice, Provider will specify the effective date of the modifications. The Statement of Services may be amended, modified, or changed only by a written instrument executed by both Provider and Customer.

  6. Severability.  If any provision of this Agreement is declared or found to be illegal, unenforceable or void, then both Parties shall be relieved of all obligations arising under such provision, but only to the extent that such provision is illegal, unenforceable or void, it being the intent and agreement of the Parties that this Agreement shall be deemed amended by modifying such provision to the extent necessary to make it legal and enforceable while preserving its intent or, if that is not possible, by substituting therefore another provision that is legal and enforceable and achieves the same objective.  In addition, if such illegal, unenforceable, or void provision does not relate to the payments to be made to Provider, and if the remainder of this Agreement shall not be affected by such declaration or finding and is capable of substantial performance, then each provision not so affected shall be enforced to the maximum extent permitted by law.

  7. Force Majeure.  Each Party shall be excused from performance under this Agreement (except with respect to the Customer’s payment obligations hereunder and as set forth in the Statement of Services) for any period and to the extent that it is prevented from performing any action, in whole or in part, as a result of causes beyond its reasonable control.  Such nonperformance shall not be a default or a ground for termination of this Agreement.  Each Party shall endeavor to promptly remedy the cause of any such nonperformance.

  8. Waiver.  No delay or omission by either Party to exercise any right or power under this Agreement shall impair such right or power or be construed to be a waiver thereof.  A waiver by either Party of any of the covenants to be performed by the other or any breach shall not be construed to be a waiver of any succeeding breach or of any other covenant.

  9. Governing Law and Performance of Contract.  The validity and interpretation of this Agreement, and the rights and obligations of the Parties hereunder, shall be governed exclusively by the internal Laws of the State of Arizona, without regard to conflict of law principles which might apply the Laws of another jurisdiction. If any provision of this Agreement is held to be invalid, void, or unenforceable, the remaining provisions shall nevertheless continue in full force and effect.

  10. Dispute Resolution.  In the event that any dispute relating to this Agreement arises between Customer and Provider, either Party may, by written notice, call a meeting regarding the dispute to be attended by executive officers of each Party who shall attempt in good faith to resolve the dispute.  If the dispute cannot be resolved through executive negotiation as described in the preceding sentence within thirty (30) days from the date of the initial notice, and if any Party wishes to pursue the dispute, the dispute shall be submitted to confidential binding arbitration before a single arbitrator in accordance with the JAMS rules for commercial arbitration.  The arbitrator shall have no power to award any punitive damages or exemplary damages or to ignore or vary the terms of this Agreement and shall be bound by the laws of the State of Arizona, without regard to provisions relating to the conflict of laws. Arbitration shall be conducted in the location of the principal place of business of the original defending Party. Each Party acknowledges that it is knowingly and voluntarily waiving its right to judicial action (except to enforce the decision of the arbitrator) and to a trial by jury.

  11. No Third-Party Beneficiary. The provisions contained in this Agreement are not intended by the Parties, nor shall they be deemed, to confer any benefit on any person not a Party to this Agreement.  This Agreement is solely for the benefit of the Parties and their successors and permitted assigns. 

  12. Survival.  This Article 8 shall survive the termination or expiration of this Agreement.

Article 9.
DEFINITIONS 

“Access Credentials” means any username, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify an individual’s identity and authorization to access and use the Services.

“Authorized Users” means Customer’s employees, consultants, contractors, and agents (a) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased hereunder.

“Customer Systems” means the Customer’s information technology infrastructure, including computers, mobile devices, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.

“Harmful Code” means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed (defined below) thereby; or (b) prevent Customer or any Authorized User from accessing or using the Services or Provider Systems as intended by this Agreement. Harmful Code does not include any Provider Disabling Device.

“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights Laws, and all similar or equivalent rights or forms of protection, in any part of the world.

“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any federal, state, local, or foreign government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction.

“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.

“Process” or “Processed” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, process, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy.

“Provider Disabling Device” means any software, hardware, or other technology, device, or means (including any back door, time bomb, time out, drop dead device, software routine, or other disabling device) used by Provider or its designee to disable Customer’s or any Authorized User’s access to or use of the Services automatically with the passage of time or under the positive control of Provider or its designee.

“Provider Systems” means the information technology infrastructure used by or on behalf of Provider in performing the Services, including all computers, mobile devices, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Provider or through the use of third-party services.

“Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Provider.

Business Associate Agreement

RECITALS

WHEREAS, Covered Entity is a “Covered Entity” as that term is defined under the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-91), as amended, (“HIPAA”), and the regulations promulgated thereunder by the Secretary of the U.S. Department of Health and Human Services (“Secretary”), including, without limitation, the regulations codified at 45 C.F.R. Parts 160 and 164 (“HIPAA Regulations”);

WHEREAS, Business Associate seeks to perform Services for or on behalf of Covered Entity, and in performing said Services, Business Associate will create, receive, maintain, or transmit Protected Health Information (“PHI”) or Electronic Protected Health Information ("ePHI"); and

WHEREAS, the parties intend to protect the privacy and provide for the security of PHI and ePHI disclosed by Covered Entity to Business Associate, or received or created by Business Associate, when providing Services in compliance with the HIPAA Act, the HIPAA regulations, the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”), and all other applicable state and federal laws, all as amended from time to time.

WHEREAS, Covered Entity is required under HIPAA to enter into a Business Associate Agreement (BAA) with Business Associate that meets certain requirements with respect to the use and disclosure of PHI.

 

 

AGREEMENT

In consideration of the above Recitals and for other good and valuable consideration, the receipt and adequacy of which is hereby acknowledged, the Parties agree as follows:

 

ARTICLE I
DEFINITIONS

The following terms shall have the meanings set forth below. Capitalized terms used in this BAA and not otherwise defined shall have the meanings ascribed to them in HIPAA, the HIPAA Regulations, or the HITECH Act, as applicable.

 

1.1.       “Breach” shall have the meaning given under 42 U.S.C. § 17921(1) and 45 C.F.R. § 164.402.

1.2.       "Data Aggregation" shall have the meaning given under 45 C.F.R. § 164.501.

1.3.       “Designated Record Set” shall have the meaning given such term under 45 C.F.R. § 164.501.  

1.4.       “Disclose” and “Disclosure” mean, with respect to PHI, the release, transfer, provision of access to, or divulging in any other manner of PHI outside of Business Associate or to other than members of its Workforce, as set forth in 45 C.F.R. § 160.103.

1.5.       “Electronic PHI” or “ePHI” means PHI that is transmitted or maintained in electronic media, as set forth in 45 C.F.R. § 160.103.

1.6.       “Protected Health Information” and “PHI” mean any information, whether oral or recorded in any form or medium, that: (a) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that (b) identifies the individual, or for which there is a reasonable basis for believing that the information can be used to identify the individual. "Protected Health Information" shall have the meaning given to such term under 45 C.F.R. § 160.103. Under 45 C.F.R. § 160.103, Protected Health Information includes Electronic Protected Health Information (ePHI). 

1.7.       “Security Incident” shall have the meaning given to such term under 45 C.F.R. § 164.304. 

1.8.       “Services” shall mean the services for or functions performed by Business Associate on behalf of Covered Entity pursuant to any service agreement(s) between Covered Entity and Business Associates which may be in effect now or from time to time (“Underlying Agreement”), or, if no such agreement is in effect, the services or functions performed by Business Associate that constitute a Business Associate relationship, as set forth in 45 C.F.R. § 160.103, Definition of "Business Associate."

1.9.      “Subcontractor” A subcontractor means a person or entity to whom a Business Associate delegates a function, activity, or service, other than in the capacity of a member of the Workforce of such Business Associate.

1.10.    “Unsecured PHI” shall have the meaning given to such term under 42 U.S.C. § 17932(h), 45 C.F.R. § 164.402, and Federal Register documents, including, but not limited to, Federal Register document 74; Federal Register 19006 (April 27, 2009); and 78 Federal Register 5565 (January 25, 2013).

1.11.    “Use” or “Uses” mean, with respect to PHI, the sharing, employment, application, utilization, examination, or analysis of such PHI within Business Associate’s internal operations, as set forth in 45 C.F.R. § 160.103.

1.12.    “Workforce” shall have the meaning given to such term under 45 C.F.R. § 160.103.

 

ARTICLE II          
OBLIGATIONS OF BUSINESS ASSOCIATE

 


2.1.       Permitted Uses and Disclosures of Protected Health Information: Business Associate shall not use or disclose PHI other than for the purposes of performing the Services, as permitted or required by this BAA, or as required by law. Business Associate shall not use or disclose PHI in any manner that would constitute a violation of Subpart E of 45 C.F.R. Part 164 if so used or disclosed by Covered Entity. However, Business Associate may use or disclose PHI (i) for the proper management and administration of Business Associate; (ii) to carry out the legal responsibilities of Business Associate, provided that with respect to any such disclosure either: (a) the disclosure is required by law; or (b) Business Associate obtains a written agreement from the person to whom the PHI is to be disclosed that such person will hold the PHI in confidence and will not use or further disclose such PHI except as required by law and for the purpose(s) for which it was disclosed by Business Associate to such person, and that such person will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; and (iii) pursuant to 45 C.F.R. § 164.501, for Data Aggregation purposes for the healthcare operations of Covered Entity. To the extent that Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate must comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligations.

 

2.2.       Prohibited Marketing and Sale of PHI:  Notwithstanding any other provision in this BAA, Business Associate shall comply with the following requirements: (i) Business Associate shall not use or disclose PHI for fundraising or marketing purposes, except to the extent expressly authorized or permitted by this BAA and consistent with the requirements of 42 U.S.C. § 17936, 45 C.F.R. § 164.514(f), and 45 C.F.R. § 164.508(a)(3)(ii); and (ii) Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by the HITECH Act, 42 U.S.C. § 17935(d)(2), and 45 C.F.R. § 164.502(a)(5)(ii). 

2.3.       Adequate Safeguards of PHI: Business Associate shall implement and maintain appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this BAA. Such safeguards shall include administrative, technical, and physical safeguards, per the HIPAA Security Rule. Such safeguards shall consist of workforce training on period security updates, and workforce training on those provisions of the HIPAA Privacy Rule with which Business Associate must comply in its performance of this agreement with covered entity. Business Associate shall reasonably and appropriately protect the confidentiality, integrity, and availability of ePHI that it creates, receives, maintains, or transmits on behalf of Covered Entity in compliance with Subpart C of 45 C.F.R. Part 164 to prevent use or disclosure of PHI other than as provided for by this BAA.

2.4        Mitigation: Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.

2.5.       Reporting Non-Permitted Use or Disclosure:

              2.5.1   Reporting Security Incidents and Non-Permitted Use or Disclosure:  Business Associate shall report to Covered Entity in writing each security incident or use or disclosure that is made by Business Associate, members of its workforce, or subcontractors that is not specifically permitted by this BAA, no later than three (3) business days after becoming aware of such security incident or non-permitted use or disclosure, in accordance with the notice provisions set forth herein. Business Associate shall investigate each security incident or non-permitted use or disclosure of Covered Entity’s PHI that it discovers, to determine whether such security incident or non-permitted use or disclosure constitutes a reportable breach of unsecured PHI. Business Associate shall document and retain records of its investigation of any breach, including its reports to Covered Entity under this Section 2.5.1. Upon request of Covered Entity, Business Associate shall furnish to Covered Entity the documentation of its investigation and an assessment of whether such security incident or non-permitted use or disclosure constitutes a reportable breach. If such security incident or non-permitted use or disclosure constitutes a reportable breach of unsecured PHI, then Business Associate shall comply with the additional requirements of Section 2.5.2 below.

               2.5.2 Breach of Unsecured PHI: If Business Associate determines that a reportable breach of unsecured PHI has occurred, Business Associate shall provide a written report to Covered Entity without unreasonable delay, but no later than thirty (30) calendar days after discovery of the breach. To the extent that information is available to Business Associate, Business Associate’s written report to Covered Entity shall be in accordance with 45 C.F.R. §164.410(c). Business Associate shall cooperate with Covered Entity in meeting Covered Entity’s obligations under HIPAA and the HITECH Act with respect to such breach. Covered Entity shall have sole control over the timing and method of providing notification of such breach to the affected individual(s), the HHS Secretary and, if applicable, the media, as required by HIPAA and the HITECH Act. Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification, including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance) for affected individuals whose PHI has or may have been compromised as a result of the breach.

 

2.6.       Availability of Internal Practices, Books, and Records to Government:  Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of PHI received from, created, or received by the Business Associate on behalf of Covered Entity available to the Secretary for purposes of determining Covered Entity’s compliance with HIPAA, the HIPAA Regulations, and the HITECH Act. Except to the extent prohibited by law, Business Associate shall notify Covered Entity of all requests served upon Business Associate for information or documentation by or on behalf of the Secretary.  Business Associate agrees to provide to Covered Entity proof of its compliance with the HIPAA Security Standards. 

2.7.       Access to and Amendment of Protected Health Information:  To the extent that Business Associate maintains a Designated Record Set on behalf of Covered Entity and within fifteen (15) days of a request by Covered Entity, Business Associate shall (a) make the PHI it maintains (or which is maintained by its Subcontractors) in Designated Record Sets available to Covered Entity for inspection and copying, or to an individual to enable Covered Entity to fulfill its obligations under 45 C.F.R. § 164.524, or (b) amend the PHI it maintains (or which is maintained by its Subcontractors) in Designated Record Sets to enable the Covered Entity to fulfill its obligations under 45 C.F.R. § 164.526. Business Associate shall not Disclose PHI to a health plan for payment or Health Care Operations purposes if and to the extent that Covered Entity has informed Business Associate that the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates, consistent with 42 U.S.C. § 17935(a) and 42 C.F.R. § 164.522(a)(1)(vi). If Business Associate maintains PHI in a Designated Record Set electronically, Business Associate shall provide such information in the electronic form and format requested by the Covered Entity if it is readily reproducible in such form and format, and, if not, in such other form and format agreed to by Covered Entity to enable Covered Entity to fulfill its obligations under 42 U.S.C. § 17935(e) and 45 C.F.R. § 164.524(c)(2). Business Associate shall notify Covered Entity within fifteen (15) days of receipt of a request for access to PHI.

2.8.       Accounting:  To the extent that Business Associate maintains a Designated Record Set on behalf of Covered Entity, within thirty (30) days of receipt of a request from Covered Entity or an individual for an accounting of disclosures of PHI, Business Associate and its Subcontractors shall make available to Covered Entity the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under 45 C.F.R. § 164.528 and its obligations under 42 U.S.C. § 17935(c). Business Associate shall notify Covered Entity within fifteen (15) days of receipt of a request by an individual or other requesting party for an accounting of disclosures of PHI.

2.9.       Use of Subcontractors: Business Associate shall require each of its Subcontractors that creates, maintains, receives, or transmits PHI on behalf of Business Associate, to execute a Business Associate Agreement that imposes on such Subcontractors the same restrictions, conditions, and requirements that apply to Business Associate under this BAA with respect to PHI.

2.10.    Minimum Necessary:  Business Associate (and its Subcontractors) shall, to the extent practicable, limit its request, use, or disclosure of PHI to the minimum amount of PHI necessary to accomplish the purpose of the request, use, or disclosure, in accordance with 42 U.S.C. § 17935(b) and 45 C.F.R. § 164.502(b)(1) or any other guidance issued thereunder.

ARTICLE III
TERM AND TERMINATION

3.1.       Term:  The term of this Agreement shall be effective as of the Effective Date and shall terminate as of the date that all of the PHI provided by Covered Entity to Business Associate, created, or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy the PHI, protections are extended to such information, in accordance with Section 3.3, or on the date that Covered Entity terminates for cause as authorized in Section 3.2, whichever is sooner.  

 

3.2.       Termination for Cause:  Upon Covered Entity’s knowledge of a material breach or violation of this BAA by Business Associate, Covered Entity shall either: 

1.      Notify Business Associate of the breach in writing, and provide an opportunity for Business Associate to cure the breach or end the violation within ten (10) business days of such notification; provided that if Business Associate fails to cure the breach or end the violation within such time period to the satisfaction of Covered Entity, Covered Entity may immediately terminate this BAA upon written notice to Business Associate; or

2.      Upon written notice to Business Associate, immediately terminate this BAA if Covered Entity determines that such breach cannot be cured.

3.3.       Disposition of Protected Health Information Upon Termination or Expiration:  

              3.3.1.  Upon termination or expiration of this BAA, Business Associate shall either return or destroy all PHI received from, created, or received by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form and retain no copies of such PHI. If Covered Entity requests that Business Associate return PHI, PHI shall be returned in a mutually agreed upon format and timeframe, at no additional charge to Covered Entity.


              3.3.2.   If return or destruction is not feasible, Business Associate shall (a) retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities; (b) return to Covered Entity the remaining PHI that Business Associate still maintains in any form; (c) continue to extend the protections of this BAA to the PHI for as long as Business Associate retains the PHI; (d) limit further Uses and Disclosures of such PHI to those purposes that make the return or destruction of the PHI infeasible and subject to the same conditions set out in Section 2.1 and 2.2 above, which applied prior to termination; and (e) return to Covered Entity the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

ARTICLE IV
MISCELLANEOUS

4.1.       Amendment to Comply with Law: This BAA shall be deemed amended to incorporate any mandatory obligations of Covered Entity or Business Associate under the HITECH Act and its implementing HIPAA Regulations. Additionally, the Parties agree to take such action as is necessary to amend this BAA from time to time as necessary for Covered Entity to implement its obligations pursuant to HIPAA, the HIPAA Regulations, or the HITECH Act.

 

4.2.       Indemnification:  Both companies/organizations (Covered Entity and/or Business Associate(s)) hereby agree to indemnify and hold harmless the other, its affiliates, and their respective officers, directors, managers, members, shareholders, employees, and agents from and against any and all fines, penalties, damage, claims, or causes of action and expenses (including, without limitation, court costs, and attorney’s fees) the companies/organizations incur, arising from violations of the HIPAA Act, the HIPAA Regulations, the HITECH Act, or from any negligence or wrongful acts or omissions, including, but not limited to, failure to perform its obligations that results in a violation of the HIPAA Act , the HIPAA Regulations, or the HITECH Act, by either company/organization or its employees, directors, officers, subcontractors, agents, or members of its Workforce.  

4.3.       Notices:  Any notices required or permitted to be given hereunder by either Party to the other shall be given in writing:  (1) by personal delivery; (2) by electronic mail or facsimile with confirmation sent by United States first class registered or certified mail, postage prepaid, return receipt requested; (3) by bonded courier or by a nationally recognized overnight delivery service; or (4) by United States first class registered or certified mail, postage prepaid, return receipt, in each case, addressed to a Party on the signature page(s) to this Agreement or to such other addresses as the Parties may request in writing by notice given pursuant to this Section 4.3.  Notices shall be deemed received on the earliest of personal delivery; upon delivery by electronic facsimile with confirmation from the transmitting machine that the transmission was completed; twenty-four (24) hours following deposit with a bonded courier or overnight delivery service; or seventy-two (72) hours following deposit in the U.S. mail as required herein.

4.4.       Relationship of Parties: Business Associate is an independent contractor and not an agent of Covered Entity under this BAA.  Business Associate has the sole right and obligation to supervise, manage, contract, direct, procure, perform, or cause to be performed, all Business Associate obligations under this BAA. 

4.5.       Survival: The respective rights and obligations of the Parties under Sections 3.3 and 4.2 of this BAA shall survive the termination of this BAA.

4.6      Applicable Law and Venue: This Agreement shall be governed by and construed in accordance with the laws of the state of Arizona (without regards to conflict of laws principles).  The Parties agree that all actions or proceedings arising in connection with this BAA shall be tried and litigated exclusively in the state or federal (if permitted by law and if a Party elects to file an action in federal court) courts located in the county of Maricopa. 

bottom of page