HomeMy Public PortalAbout155-2022 - ESO Solutions - Julota compatible interface program (2) T i R
PROFESSIONAL SERVICES AGREEMENT
THIS AGREEMENT made and entered into this / day of ,mee,r- , 2022, and
referred to as Contract No. 155-2022, by and between the City of Richmond, Indiana, a
municipal corporation acting by and through its Board of Public Works and Safety (hereinafter
referred to as the "City") and ESO Solutions, Inc., 11500 Alterra Parkway, Suite 100, Austin,
Texas, 78758 (hereinafter referred to as the"Contractor").
SECTION I. STATEMENT AND SUBJECT OF WORK
City hereby retains Contractor to provide professional and consulting services in connection with
furnishing, developing, and/or installing an interface and communication program to be
compatible with the Julota Platform. Software which has been or shall be installed for the
Richmond Fire Department for its Community Paramedicine program. [See also Contract No:
138-2022 with' TouchPhrase Development, LLC; d/b/a/Julota in connection with the Julota
Platform Software. The Parties also have a professional contract in place wherein Contractor is
currently assisting the Fire Department with NFIRS- and ISO compliant management software
packages, see REVISED Conti act No. 60-2021.] The Parties' obligations with respect to the use
and disclosure of PHI are outlined in the Business Associate documentation included with
Contractor's proposal and the Parties agree to abide by the same. Contractor shall provide all
services and support as described in Contractor's proposal marked as "Exhibit A"which Exhibit
is dated July 6, 2022, and consists of forty-one (41) pages. Contractor agrees to abide by the
same.
This purchase and/or project is undertaken in response to the public health emergency and/or
negative economic impacts resulting from the pandemic. Resources dedicated to this purchase
and/or project fight the pandemic, sustain and strengthen the economic recovery,maintain vital
public services and make investments that support long-term growth, opportunity, and equity.
Should any provisions,:terms, or conditions contained in any of the documents attached hereto as
Exhibits, or in any of the documents incorporated by reference herein,conflict with any of the
provisions,terms, or conditions of this Agreement,this Agreement shall be controlling.
Contractor shall perform all work herein in a timely manner, conforming to all applicable
professional standards.
The Contractor shall furnish all labor,material, equipment, and services necessary for the proper
completion of all work specified.
Contract No.155-2022
Page 1 of 8
No performance of services shall commence until the following has been met:
1. The,City is in receipt of any required certificates of insurance;
2. The City is in receipt of any required affidavit signed by. Contractor in
accordance with Indiana Code 22-5-1.7-11(a)(2); and
3. A purchase order has been issued by the Purchasing Department.
SECTION II. STATUS OF CONTRACTOR
Contractor shall be deemed to be an independent contractor and is not an employee or agent of
the City of Richmond. The Contractor shall provide, at its own expense, competent supervision
of the work.
SECTION III. COMPENSATION
City shall pay Contractor a total amount not to exceed Nine Hundred Ninety-five Dollars and
Zero Cents ($995.00)for complete and satisfactory performance of this Agreement and all work
described on Exhibit A for the 2022 calendar year, which is the agreed upon initial'term and
initial setup for starting implementation of use of the software and products to be implemented.
The Parties agree the compensation shall include a three percent (3%) increase for each year an
option to renew is exercised by the City as further described below.
SECTION IV.TERM OF AGREEMENT
This Agreement shall be in effect when signed by all parties and shall continue in effect until
December 31 2022. This Agreement shall not automatically renew. However, City shall retain
two (2) options to renew this Agreement for the 2023 and 2024 calendar years at the same rates,
terms, and conditions,which shall include the annual time percent (3%) increases for each year
the City opts to renew.
Notwithstanding the term of this Agreement, City may terminate this Agreement in whole or in
part, for cause, at any time by giving at least thirty (30) days written notice specifying the
effective date and the reasons for termination which shall include but not be limited to the
following:
a. failure,for any reason of the Contractor to fulfill in.a timely manner
its:obligations under this Agreement;
b. submission of a report,other work product,or advice,whether oral or written,by the
Contractor to the City that is incorrect,incomplete, or does not meet reasonable
professional standards in any material respect;
Page 2 of 8
T 1
c. ineffective or improper use of funds provided under this Agreement;
d. suspension or termination of the grant funding to the City under which this Agreement
is made;or
e. unavailability of sufficient funds to make payment on this Agreement..
In the event of such termination, the City shall be requited to make payment for all work
performed prior to the date this Agreement is terminated, but shall be relieved of any other
responsibility herein.
This Agreement may also be terminated, in whole or in part, by mutual Agreement of the parties _
by setting forth the reasons for such termination, the effective date, and in the case of partial
termination,the portion to be terminated.
This Agreement may also be terminated by the City if a force-majeure event occurs and the
results or aftereffects of said event causes the performance of this Agreement to become
impossible or highly impracticable. Said event or results or aftereffects of said event would
include events or effects which the parties to this Agreement could not have anticipated or
controlled. Examples of a force-maj eure event, or its results, would include, but would not be
limited to, events such as an Act of God, an_Act of Nature, an Act of Law, or an Emergency Act
of Executive Enforcement of the Federal government,the State of Indiana, or local government.
SECTION V. INDEMNIFICATION AND INSURANCE
Subject to Section 12 of Exhibit A (Limitation of Liability), Contractor agrees to obtain
insurance and to indemnify the City for any damage or injury to person or property or any other
claims which may arise from the Contractor's conduct or performance of this Agreement, either
willfully or negligently;provided, .however, that nothing contained in this Agreement shall be
construed as rendering the Contractor liable for acts of the City, its officers, agents, or
employees. Additionally, nothing contained in this Agreement shall be construed as rendering
the Contractor liable for acts of the City in connection with any content changes the City
implements nor any alterations to or replacement of any policies in connection with the Project.
Contractor shall as a prerequisite to this Agreement, purchase and thereafter maintain such
insurance as will protect it from the claims set forth below which may arise out of orr result from
the Contractor's operations under this Agreement, whether such operations by the Contractor or
by any sub-contractors or by anyone directly or indirectly employed by any of them, or by
anyone for whose acts the Contractor may be held responsible.
Page 3 of 8
t 1
Coverage Limits
A, Worker's Compensation& Statutory
Disability Requirements
B. Employer's Liability $100,000
C. Comprehensive General Liability
Section 1. Bodily Injury $1,000,000 each occurrence
$2,000,000 aggregate
Section 2. Property Damage $1,000,000 each occurrence
D. Comprehensive.Auto Liability
Section 1. Bodily Injury $1,000,000 each person
$1,000,000 each occurrence
Section 2. Property Damage $1,000,000 each occurrence
E. Comprehensive Umbrella Liability $1,000,000 each occurrence
$2,000,000 each aggregate
F. Malpractice/Errors&Omissions Insurance $1,000,000 each occurrence
$2,000,000 each aggregate
SECTION VI. COMPLIANCE WITH WORKER'S COMPENSATION LAW
Contractor shall comply with all provisions of the Indiana Worker's Compensation law, and
shall,before commencing work under this Agreement,provide the City a certificate of insurance,
or a certificate fiom the industrial board showing that the Contractor has complied with Indiana
Code Sections 22-3-2-5, 22-3-5-1 and 22-3-5-2: If Contractor is an out of state employer and
therefore subject to another state's worker's compensation law, Contractor may choose to
comply with all provisions:of its home state's worker's compensation law and provide the.City
proof of such compliance in lieu of complying with the provisions of the Indiana Worker's
Compensation Law,
SECTION VII. COMPLIANCE WITH INDIANA E-VERTFY PROGRAM REQUIREMENTS
Pursuant to Indiana Code 22-5-1,7, Contractor is required to enroll in and verify the work
eligibility status of all newly hired employees of the contractor through the Indiana E-Verify
Page 4 of 8
t 1
program. Contractor is not required to verify the work eligibility status of all newly hired
employees of the contractor through the Indiana E-Verify program if the Indiana E-Verify
program no longer exists. Prior to the performance of this Agreement, Contractor shall provide
to the City its signed Affidavit affirming that Contractor does not knowingly employ an
unauthorized alien in accordance with IC 22-5-1.7-11 (a) (2). In the event Contractor violates IC
22-5-1.7 the Contractor shall be required to remedy the violation not later than thirty (30) days
after the City notifies the Contractor of the violation. If Contractor fails to remedy the violation
within the thirty(30) day period provided above, the City shall consider the Contractor to be in
breach of this Agreement and this Agreement will be terminated. If the City determines that
terminating this Agreement would be detrimental to the public interest.or public property, the
City may allow this Agreement to remain in effect until the City procures a new contractor. If
this Agreement is terminated under this section, then pursuant to IC 22-5-1.7-13 (c) the
Contractor will remain liable to the City for actual damages.
SECTION VIII. IRAN INVESTMENT ACTIVITIES
Pursuant to Indiana Code (IC) 5-22-16.5, Contractor certifies that Contractor is not engaged in
investment activities in Iran. In the event City determines during the course of this Agreement
that this certification is no longer valid, City shall notify Contractor in writing of said
determination and shall give contractor ninety (90) days within which to respond to the written
notice. In the event Contractor fails to demonstrate to the City that the Contractor has ceased
_ investment activities in Iran within ninety (90) days after the written notice is given to the
Contractor, the City may proceed with any remedies it may have pursuant to IC 5-22-16.5. In
the event the City determines during the course of this Agreement that this certification is no
longer valid and said determination is not refuted by Contractor in the manner set forth in IC 5-
22-16,5, the City reserves the right to consider the Contractor to be in breach of this Agreement
and terminate the agreement upon the expiration of the ninety(90)day period set forth above.
SECTION IX. PROHIBITION AGAINST DISCRIMINATION
A. Pursuant to Indiana Code 22-9-1-10, Contractor, any sub-contractor, or any person acting
on behalf of Contractor or any sub-contractor shall not discriminate against any employee
or applicant for employment to be employed in the performance of this Agreement, with
respect to hire, tenure, terms, conditions or privileges of employment or any matter
directly or indirectly related to employment, because of race, religion, color, sex,
disability,national origin, or ancestry.
B. Pursuant to Indiana Code 5-16-6-1,the Contractor agrees:
1. That in the hiring of employees for the performance of work under this
Agreement of any subcontract hereunder, Contractor, any subcontractor, or any
person acting on behalf of Contractor or any sub-contractor,shall not discriminate
by reason of race, religion, color, sex, national origin or ancestry against any
Page 5 of 8
citizen of the State of Indiana who is qualified and available to perform the work
to which the employment relates;
2. That Contractor, any sub-contractor, or any person action on behalf of Contractor
or any sub-contractor shall in no manner discriminate against or intimidate any
employee hired for the performance of work under this.Agreement on account of
race,religion, color, sex,national origin or ancestry;
3. That there may be deducted from the amount payable to Contractor by the City
under this Agreement, a penalty of five dollars ($5.00) for each person for each
calendar day during which such person was discriminated against or intimidated
in violation of the provisions of the Agreement; and
4. That this Agreement may be canceled or terminated by the City and all money
due or to become due hereunder may be forfeited,for a second or any subsequent
violation of the terms or conditions of this section of the Agreement.
C. Violation of the terms or conditions of this Agreement relating to discrimination or
intimidation shall be considered a material breach of this Agreement
SECTION X.MISCELLANEOUS
This Agreement is personal to the parties hereto and neither party may assign or delegate any of
its rights or obligations hereunder without the prior written consent of the other party except that
the Contractor may, without the prior consent of the City, assign all of its rights under this
Agreement to (i) a purchaser of all or substantially all assets related to this Agreement, or (ii) a
thud party participating in a merger, acquisition, sale of assets or other corporate reorganization
in which either party is participating(collectively"a change in control");provided however,that
City is given notice of the change in control. Any such delegation or assignment, without the
prior written consent of the other party, shall be null and void. This Agreement shall be
controlled by and interpreted according to Indiana law and shall be binding upon the parties,
their successors and assigns. This document constitutes the entire Agreement between the
parties, although it may be altered or amended in whole or in part at any time by filing with the
Agreement a written instrument setting forth such changes signed by both parties. By executing
this Agreement the parties agree that this document supersedes any previous discussion,
negotiation, or conversation relating to the subject matter contained herein.
This Agreement may be simultaneously executed in several counterparts, each of which shall be
an original and all of which shall constitute but one and the same instrument.
The parties hereto submit to jurisdiction of the courts of Wayne County, Indiana, and any suit
arising out of this Contract must be filed in said courts. The parties specifically agree that no
arbitration or mediation shall be required prior to the commencement of legal proceedings in said
Page 6of8
5
Courts. By executing this Agreement, Contractor is estopped from bringing suit or any other
action in any alternative forum, venue, or in front of any other tribunal, court, or administrative
body other than the Circuit or Superior Courts of County, Indiana, regardless of any right
Contractor may have to bring such suit in front of other tribunals or in other venues.
Any person executing this Contract in a representative capacity hereby warrants that he/she has
been duly authorized by his or her principal to execute this Contract.
Subject to Section 12 of Exhibit.A (Limitation of'Liability), in the event of any breach of this
Agreement by Contractor, and in addition to any other damages or remedies, Contractor shall be
liable for all costs incurred by City in its efforts to enforce this Agreement, including but not
limited to, City's reasonable attorney's fees.
[Signature Page to Follow.]
Page 7 of 8
!, .,
In the event that an ambiguity, question of intent, or a need for interpretation of this Agreement
arises,this Agreement shall be construed as if drafted jointly by the parties, and no presumption
or burden of proof shall arise favoring or disfavoring any party by virtue of the authorship of any
of the provisions of this Agreement.
IN WITNESS WHEREOF,the parties have executed this Agreement at Richmond,Indiana, as of
the day and year first written above,although signatures may be affixed on different dates.
"CITY" "CONTRACTOR" .
THE.CITY OF RICHMOND, ESO SOLUTIONS, INC.
INDIANA by and through its 11500 Altura Parkway, Suite 100
Board of Public Works and Safety Austin,TX 78758
By: ��/�fia( /C.UK�� t iii'Gt. By: 01/'<-‘,2‘aiatug--__
-Yield Robinson,President
1-1A-P :Robert Munden
ilyalmer,Member
By: Title: Chief Legal & Compliance Officer
Matt Evans,Member
Date: 10'-M--2'2 Date: January 13, 2023
APPROVED:
L--H id M. ,Mayor
Date: !D /a 7oV1
Page 8 of 8
1eso Quote Date: 07/06/2022
Customer Name: Richmond Fire Department(IN)
Quote#: Q-75231
Quote Expiration date: 12/16/2022
ESO Account Manager: Cameron Jackson
CUSTOMER CONTACT BILLING CONTACT
Customer Richmond Fire Department(IN) Payor Richmond Fire Address 101 South Fifth
Department(IN)
Name Jamey Miller Name Jamey Miller Richmond IN,47374
Email jamilier@richmondindlana.gov Email jamiller@richmondindian Billing Frequency Annual
a.gov
Phone 765-983-7266 Phone 765-983-7266 Initial Term 12 months
EHR r�
I rQe w` r}x.a 4�',., .`.•� LI '*i. M' .ti •a_I s> 1 + ._. ... .b 1Qr_t S� r •
EHR-Julota interface 8000 Incidents $995.00 Recurring
Total Recurring Fees $ 995.00
Total One-Time Fees. $ 0.00
TOTAL FEES $ . 995.00
es o Quote Date: 07/06/2022
Customer Name: Richmond Fire Department(IN)
Quote 41: Q-75231
Quote Expiration date: 12/16/2022
ESO Account Manager: Cameron Jackson
EHR
a ry x+k t' 4 l'. w gar .3 1 +�S • Yr
1-ir,. _ 3rs., i'U_�C x� i. ' �. M Pt e.�, 0 ai x: Ate i1 +,fi` `t'r b .y :A;'F''rS:fie+ ! � C +.r.�t 3 • .1
1 > r r �r * a t
" :t% .w ":G &.1'9Y ..,t 4..Y'r +tT.' •..s' .i x- .+ ✓ : { - Y
EHR-Julota Interface EHR data extract in XML format exported to Julota.
•
•
Quote Date: 07/06/2022
OSO Customer Name: Richmond Fire Department(IN)
Quote#: Q-75231
Quote Expiration date: 12/16/2022
ESO Account Manager: Cameron Jackson
. TERMS AND CONDITIONS:
1. If the Customer indicated above has an ESO Master Subscription and License Agreement
(MSLA)dated on or after February 20,2017,then that MSLA will govern this Quote. Otherwise,
Customer intends and agrees that this Quote adopts and incorporates the terms and conditions of
the MSLA and associated I-iIPAA business associate agreement hosted at the following web •
address,and that the products and services ordered above are subject thereto:
pttos://Www.eso.com/legaRerms/
2. The Effective Date of this Quote shall be the final date of signature.
3. Customer shall be responsible for the payment Of all Fees listed herein. If Customer has
elected to use a Third Party Payor(as indicated above as Payor)and such party has executed an
appropriate agreement with ESO, ESO shall accept payment of Fees from
such Third Party Payor.
Richmond.Fire Department(IN)
Signature:
Print Name: •
Title:
Date:
For EHR,the following payment terms apply:
Fees are invoiced at the Billing Frequency 15 days after the Effective Date,with recurring fees due
on the anniversary.
XS�IIF iT 1i PAGE 5 O ( •I
, 1 t
MASTER SERVICES AGREEMENT
This Master.SubscriptionAgreeinent(this"Agreement")Is entered into as of the date Indicated on the duly executed Quote which adopts this
Agreement("Effective Date")by and between ESO Solutions,Inc.,a Texas corporation having Its principal place of business at 11.500 Aiterra Parkway,Suite
100 Austin,TX 78758,''including its controlled subsidiaries,(collectively,"ES01 and Customer(or the governing or controlling authoritythereof),as indicated on
the Quote or other ordering document.This Agreement consists Of the General Terms&Conditions which follow,the Quote adopting this Agreement,the
Business Associate Addendum,and any other Addenda(as defined below)executed by the parties,The parties agree hereby that ESO willprovide Customer
certain technology products and/or services and that Customer will pay ESO certain fees.Therefore,in consideration ofthe covenants,agreements and
promises below,and for other good and valuable consideration,tie receipt and sufficiency of which is hereby acknowledged,the parties,intending to be legally
bound,agree as follows.
The parties have agreed that 00 will provide Customer certain technology products and/or services and that Customer will pay ESO Certain fees.
Therefore,in-consideration of the covenants,agreements and promises set forth below,and for otter good and valuable consideration,the receipt and
sufficiency of which is hereby acknowledged,the parties,Intending-to be legally bound;hereby agree as follows.
GENERALTERMS AND CONDITIONS
•
1. DEFINITIONS.Capitalized terms.not otherwise defined In this Agreement . "Software'means any ESO computer program,programming or modules
have the meanings below:. specified in the Agreement or any Addendum.For the avoidance of doubt,Add-
on Software and SaaS ate collectively referred to as Software.
"Add-On Software"means any complementary software components or
reporting service(s).that ESO makes available to customer through Its 'Support Services"means those services described do Exhibit A.
Software.
'Third-Party Data"means data not owned by ESO but which Is(or access to
"Addendum"means a document addressing the order of a specific set of Which Is)provided by ESO under a Software Schedule.
products or services Which is executed by authorized representatives of each "Third-Party Service"means a service not provided by ESO but which is made
party.An Addendum maybe(a)an ESO sales form Or"Quote",(b)a Statement available by ESO in connection with its$oftware'under a Software Schedule or
of Work;or(c)another writingthe parties Intend to be incorporated by
reference into this Agreement. Addendum.
Anonymfzed Data means Customer bath from which all personally "Third-Party Software"means software not owned by ESO but which Is(or
Identifiable information is removed,as well a§the names and addresses of access"to which is)provided by ESO undera Software Schedule or Addendum.
Customer and any of its Users and/or Customer's clients(and which,as a "Use Restrictions"means the restrictions imposed on Customer's use of
consequence,is neither PHi nor identifiable to or by Customer). Software as described in Section 3.3.
"Customer Data"means Information,data and-other content in electronic . "User"means any individual who uses the Software on Customer's behalf or
form thatis submitted,posted,or otherwise transmitted by or on behalf of through Customers account or passwords.
•
Customer through the Software.
2. SOFTWARE ORDERS;During the Term,Customer may order Software
"Deliverable"means•software,report,or.otherv/ark product created pursuant from ESO by signing an appropriate Addendum.Customer's subscription
to a Statement'of Work. to SaaS are set forth below.Each such Addendum is incorporated herein
"Documentation"means theSoft-ware's user-guides and operatingmanuais. by reference.
"Feedback"refers to any suggestion or idea for improving or otherwise 3. SUBSCRIPTION TO.SOFTWARE
modifying ESO's products or services. 34, Grant of Subscription: SaaS.For SaaS,during the Term Customer may
"Intellectual Property':means trade secrets,copyrightable subject matter, access:and use the SaaS and Reporting Services,with the'access and
patents and patent applications,and other proprietary Information,activities, volume limitations set forth on the applicable Addendum,subject to
and any ideas,concepts,innovations,inventions and designs. Customer's compliance with the Use Restrictions and other limitations
contained in this Agreement..
"Outage"means Customer is unable to access SaaS,or such access is 3.2: Use Restrictions.Except as provided in this Agreement or as otherwise
materially delayed,impaired or disrupted,in each case as caused of controlled
by ESO. authorized by ESO,Customer has no rightto,and shall not:(a)
decompile,reverse engineer,disassemble,print,copy or display the
"Professional Services"means professional services provided byESO.under a Software or otherwise reduce the Software to a human-perceivable form
Statement of Work. In whole or in part;(b)publish;release,rent,lease,loan,soil,distribute• _
"Protected Health information"or"PHI"has the nteariingset forth iri HIPAIt.All or transfer the Software to another person or entity;(c)reproduce the
references herein to PHI shall be construed to include electronic PHI,or ePHI, Sofd oerc r a e dere Or iVbe workfit of anyones Other t than fwareCustor ler;(d)alter,
modify or create derivative works based upon the Software either in.
as that term is defined byHIPAA. whole or in part or(e)use or permltthe Use of the Software for
"ReportingSeivices"means,collectively,the differenttools or features In the commercial time-sharing arrangements or providing service bureau,
Software allowing Customer to generate compilations of data;Including but data processing,rental,or other services'to any third party(including
not limited to ad=hoc reports,analytics,benchmarking or any other reporting any affiliate not specifically listed in the applicable.Addendum).
tool provided through the Software. 3.3, Ownership.The rights granted under the provisions ofthis Agreement
'SaaS"means:software-as-a-service that ESO hosts(directly or indirectly)for do not constitute a sale of the Software.ESO retains all right,title,and
Customer's use on a periodic subscription basis. Interest in and to the Software,including Without limitation all software
used to provide the Software and all graphics,user interfaces,logos
"Scheduled Downtime"means periods.when ESO intentionally interrupts SaaS and trademarks reproduced throughthe Software,except to the limited
to perform system maintenance or otherwise correctservice errors during extent set forth in this Agreement.This Agreement does not grant
non-peak hours(except for critical circumstances),typically between midnight Customer any intellectual property rights In the Software or any of its
and 6 a.m.Central Time on a fortnightly basis. components,.except to the limited extent that this Agreement
specifically sets forth Customer's rights to access,use,or copythe
MSA(H)200001 [.XHIf1T 1'1 PAGE'( OF`1'_1 1
•
Software during the Term.Customer acknowledges that the Software each applicable Addendum will identifysuch arrangement,(II)the Third •
-
and its components are'protected by copyright and other laws. Party Payer will enter into a written agreement with ESO regardingsuch
arrangement,(Ili)Customer may replace the Third-Party Payer by written
3:4. Third-PartySoftivare and Services.This Section 3,5 applies to Third= notice to ESO(provided that no such change shall be made until the
Party Software and Services offered by ESO.Refer to the product table then=currentTerm's renewal),((v)references within this Section 5 to
following the Agreement for applicability, •
Customer's responsibility for Fees shalibe understood to refer tothe
3.4.1. ESO neither accepts liability for,nor warrants the functionality, Third-PartyPayerwhen applicable,and(v)Customershall remain
utility,availability,reliability or accuracy of,Third-Patty Software or responsible for payment if the Third-Party Payer does not pay the Fees.
Third-Parry Services. 5.3. Urilifton Renewal.Fees forSoftware,which recurannuaiiy,-shall
3.4.2. Third-Party Data. if Customer(as Indicated on an Addendum)elects increase by3%each Year this Agreement is in effect.
to license Third-Party Data,then subject to the terms hereof,ESO 5.4. Taxes and Fees.The Fees are exclusive of all taxes a nd;cteditcard
hereby grants Customer a non-exclusive,non-sublicensabie,and
non transferable license duringtlie Term to use such Third Party processing fees,if applicable.Unless and until Customer provides ESO
a tax exemption certificate,Customer will be responsible for-and will
Data via the Software solely for Customer's internal purposes. remit(or will promptly reimburse ESO for)all_taxes of any kind,including
Customer Will not(I)allow greater access than Matta forth in the sales,use,duty,customs,withholding,property,value-added,-and Other
applicable Addendum,(il)disclose,release,distribute,or deliver similar federal,state or local taxes(other than taxes based on ESO's
Third-Party Data,or any portion thereof,to any third party(ill):copy, income)related tothls Agreement.
modify,•or create derivative works:of Third-Party Data,(iV)rent,
lease,lend,sell,-sublicense,assign,distribute,publish,transfer,or .5.5. Aonroariatton of Funds.if Customer is:a city,county or other
otherwise make availableThird-Party Data,(v)attempt to output in government entity,Customer may terminate the Agreement attheend
ariyfcrnn More then 10%of the Third-Party Data or otherwise' of the Customer's fiscal term if Customer provides evidence that its
circumvent the usage limitations included in the Software,,(vi) governing body did not appropriate suffloiei*funds for the next fiscal
-remove enyproprietary notices.included within Third-PartyData Or year.Notwithstanding the foregoing,this-provision shall not excuse
Software,or(vii)use Third-Party Data In any manner or for any Customer from past payment obligations or other Fees earned and
purpose that infringes or otherwise violates any proprietary right of unpaid,
a person;orthat violates applicable law.ESO does not tvarrantthe 5.6. Usage Monitoring.Customer is solely responsible forits own adherence
functionality,reliability,•accuracy,completeness or utility of,Third-
Party Data,or accept any.11abllitytherefor.Additional terms and to volume and use limitations indicated on the-applldable Addendum.
limitations applicable to Third Party Data may be provided on the .ESO may monitor Customer's use of the Software,and if Customer's
usage exceeds the level indicated in the applicable Addendum(an
appllcableAddendum. "Overage"),Customer shall owe ESO the Fee corresponding to such
4. HOSTING,SLA&SUPPORT-SERVICES usage level et a rate no higher than ESO's:then-standard pricing for new
customers at an equivalent usage level.ESO may invoice for averages
4.1. Hosting&Access Obligations.ESO shall host and manage the SaaS. immediately.
Customer Is solely responsible for obtaining;nnaintaining,and securing
• itsnetwork devices and'Genii ect onsfer its access of the SaaS,and 6. TERM AND TERMINATION
acknowledges such devices and connections are essential to the
effective Operation of the Software.Customer is solely responsible for 6.1. Term.The term of this Agreement(the".Term")commences onthe
the,performanceond security Of any network,service,or device not Effective Date and continues for a period of One.year er any longer
period provided in an Addendum).Thereafter,the Term will renew for
. providedor managed by ESO.Customer agrees to use currentoperating successive one-year periods unless written notice Is provided at least
systems and reasonabyandtinteiy cooperate with ESO,including 60 days prior to the anniversary of the Effective Date.
providing ESO reasonable access to its equipment,software and data
as necessary for the Implementation and operation of the Software. 6,2. Terminatlonfor Cause.Either party may terminate this Agreement or
4.2. service Level Agreement.if an0utage,exciudingScheduled Downtime any Individual Addendum for the other party's uncured material breach
(as defined below),results In the service level uptimefalling below 99°1 by providing written notice:The breaching party shall have 30 days from
receipt to c
for:anythree-month period(the"Uptime Coniinitment"),then Customer ewe such breach to the reasonable satisfaction of the non
may immediately terminate this Agreement,In whIcln case ESO will breaching party.
refund any prepaid,unearned Fees to Customer.This is Customer's 6.3. Effect of Termination.
sole remedy for ESO's breach of the Uptime Commitment.
6,3.1. If Customer terminates this Agreement or any Addendum as a result.
4.3.,Scheduled Downtime.ESO will endeavertoprevlde reasonable(72 of ESO's material breach,then to the extent Customer prepaid any
hour)notice-of Scheduled.Downtime to.Customer's Userswithin the Fees,ESO shall refund to Customer those prepaid Fees on apro-
Software or via email.Scheduled Downtime shell never constitute a • rata basis from the date:Customer actually ceases use of the
failure of performance or Outage by ESO.Notificatlontimeiines and the •Software.
frequericy-ofscheduled Downtiine:are subject to the'emergence of
security concerns outside of ESO's control. .6.3.2: Upon termination of this Agreement or anyAddendum,'Customer
shall cease all use ofthe Softwarearid delete,destroy nr.reture all
4.4. Support and Updates. DuringtheTerm,ESO shall provide to Customer• copies of the Documentation in its possession or panto!,except es
the Support Services,.in accordance with Exhibit A,which Is required by law. Customer shall remain obligated to pay
'incorporated herein by.reference. appropriate Fees et ESO's then-current rates if Customer continues
5. FEES to use or access Software after the termination or expiration Of this
Agreement. If Customer's Agreementincl.udes a multi-year discount
5.1. Fees.In consideration of the rights granted hereunder,Customer plan With diminishing discounts,aid Customer terminates the
agrees to pay 00 the fees for the Software and Professional Services Agreement prior to the completion of the discount plan,Customer
as set forth in the Addendum(s))(collectively,"Fees").The Fees are non- "shall promptly pay ESO's invoice recouping such discounts fore .
cancelable and Wort-refundable,eXceptatexpresslyprovided-herein. nmeximumoftwoyearspriortothedateoftermination.
Customer(or Third-Party Payer,-if applicable)shall pay all Invoices 6.3.3. Termination of this Agreement is without prejudice to anyotherright
within 30 days of receipt. or remedy and shall not release a party from any liability.
5.2. Third-Party Paver. If Customer desires:to use a third-party to pay some 64. Delivery of Data.ESO Willprovide Customer its Customer Data in a
or ail of the'Fees otrbehalf of Customer(a"Third Party Payer"),then'(i) searchable.pdf format upon request made within 60 days of the
MSA(H)200901 2
1 r•'Jf11L91'r A C�,1,�C_ re rit'a l'-"(
r r
expiration or termination of this Agreement.Customer acknowledges shall be given promptly and without unreasonable delay by the receiving
•
thatESO has no obligation to retain customer Data more than 60 days party In ordertc give the disclosing patty the opportunity to.objectto•the
after expiration or termination of this Agreement. disclosure and/or to seek a protective order.The receiving party shall
7. REPRESENTAT(ONSANDwARRANTIES reasonably Cooperate in this effort.hi addition,Customer may disclose
the contents of this Agreement solely for the purpose of completing its
7:1. Material Performance of Software.After it is fully implemented(and reviewand approval processes underits local rules,if applicable.
subjectto Customer's obligations under Sections 3.2 and 4.1,and any • 10. 'INSURANCE.Throughoutthe Term(and for a period of at leastthree.
applicable Software Schedule),ESO warrants that the Software Will years thereafter for any Insurance written on a claims-made form)ESO
reliably collect;transmit,store.and/or permit access to data in shall maintain in effectthe.lnsurance coverage described below:
compliance With applicable law and Industry standards.
10.1. Commercial general liability Insurance with a minwmum'of Si million per
• 7.2. Due Authority:Each parry's execution,delivery and performance of this . occurrence and Si million aggregate;
Agreement and each agreement or instrument contemplated hereby.is
duly authorized by all necessary corporate or government action. 10,2..Commercial automobile liability insurance covering use of all non-
owned and hired automobiles with a minimum limit of$1 million for
8. DiSCLAIMER•OF WARRANTIES.EXCEPT AS OTHERWISE.PROVIDED IN bodily injury and property damage iiebillty;
SECTION 7,ESO DISCLAIMS ALL WARRANTIES,EXPRESS OR IMPLIED,
• INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY,FITNESS 10.3. Worker's compensation Insurance and employer's liability Insurance or
FOR A PARTICULAR PURPOSE,PERFORMANCE,SUITABILITY,TITLE,NON- any alternative plan or.coverage as permitted or required by applicable
INFRINGEMENT,OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, law,with a minimum employer's liability limit of$1 million each •
COURSE OF DEALING,COURSE OF PERFORMANCE,OR USAGE OF TRADE. accident oi:dsease;and
EXCEPT.AS EXPRESSLY PROVIDED'IN SECTION 7,CUSTOMER ACCEPTS
THE SOFTWARE"AS-IS"AND AS AVAILABLE?'' 10.4. Computer processor/computer professional liability insurance(a/k/a
technology errors and omissions)coveringthe liability forfinancial loss
9. CONFIDENTIALITY due to error,omission or negligence Of ESO,and privacy and network
security insurance("cyber coverage")Covering losses arising from a
9.1. "Cenfidenifal information"refers to the following items!(a)any disclosure•of confidential information(including PHi)with a combined
• document marked"Confidential";(b)any information orally designated aggregate amount of$1 million.
as"Confidential".atthetime of disclosure,provided the disciosing party
confirms such designation In writingwithin five business days;(c)the 11. INDEMNIFICATION
Software and Documentation,whether or not designated confidential; •
11.1. IP Infr(nement.Subject to the limitations in Section 12,ESO shall
(d)ESO'ssecurity controls,policies,procedures,reports,or other
information concerning ESO'S security posture;(e)any other nonpublic, Indemnify and defend Customer from any damages,costs,liabilities,
sensitive information reasonablytreated as trade secret or otherwise expenses(including reasonable attorney's fees)_("Damages")actually
Confidential;and(f)Customer Data which does not comprise PHI. Incurred or finally adjudicated alto any third-party claim or action
• Notwithstanding the foregoing,Confidential information does not alleging that the Software delivered pursuantto this Agreement
lticlude iriformationthai:(i)is in the other patty's possession atthe time infringe.or misappropriate any third party's patent,copyright,trade
Of disclosure free of duty of non-disclosure;(ii)is independently secret;or other Intellectual property rights enforceable in the
developed without use Of or reference to Confidential Information;(ill) applicable jurisdiction(each,an"Indemnified claim").If Customer
becomes known publicly,before or after disclosure,other than as a makes en Indemnified Claim•under thisSection or if ESO determines
'result of the receiving party's improperaction or inaction;(iv)asto ESO, that an Indemnified Claim may occur,ESO shall atits option:(a)obtain
Customer's Feedback;or(v)is'PHI(which shall begoverned by the a right for Customer to continue usingsuch Software;(b)modify such
Business Associate Agreement ratherthan this Section). Software to,make ft a non-infringing equivalent or(c)replace such
Software with a non-infringing equivalent.if(a),(b),or(c)above are
9.2.Nondisclosure.Each party shall use Confidential Information of the not reasonably practicable,either party may;at its option,terminate
. other party soleiytofulfill the terms of this Agreement(the"Purpose"). the relevant Addendum,in which.case ESO Will refund any pre-paid
• Each party shall(a)ensure thatltsemployees or contractors,are bound Fees on a pro-rata basis for such Addendum,Notwithstanding the
by confidentiality obligations no less restrictivethan those contained foregoing,ESO shall have no.obligation hereunder for anyciaim
herein,and(b)not disclose Confidential information to any other third resulting or arising from(x)Customer's breach of this Agreement;(y)
party Without prior written consent from the disclosing party.Without. modifications made to the Software not performed or provided by or
limitingthe generality ofthe foregoing,the receiving party:shall protect on behalf of ESO or_(z)the combination,operation or use by'Custoriier
Confidential Information with the Same degree of.care it uses to protect (and/or anyone acting on Customer's behalf)of the Software In
its own confidential information:of similar nature and importance, connection but with,any other product or service(the combination or joint
with no less than reasonable care.A receiving party shall promptly use of which causesthealleged infringement).This Section 1istatee
notify the disclosing patty ofaany misuse or misappropriation of ESO'ssole obligation and liability,and Customer's sole remedy,for
Confidential Information of which iris aware. potential or actual intellectual property infringement by the Software,
.9.3. Termination:&Return.With respect to each item of Confidential 11.2, Indemnification Procedures.Upon becoming aware of any matter_
Information;the obiigations.of nondisclosure will terminate three.years Which is subjectto the provisions of Sections 11.1(a°claim"),
after the date.of disclosure;.:provided that,such obligations related to Customer must give prompt written notice of such Claim to ESO,
•Confdential fnformetipn constituting ESO's trade secrets shall continue accompanied by copies of anywritten documentatipn regarding the
so long as such Information remains subject to trade secret protection Claim received by the Customer. ESO shall compromise or defend,:at
pursuant to applicable law.Upon termination of this Agreement,.a party its own expense and with its own counsel,any such-Claim.Customer
shall return all copies of Confidential information to the other or certify will have The right,at its option,to participate in the settlement Or
the destruction thereof defense of any such Claim;with its own counsel and at its own
• expense;.provided,however,that ESO.will have the rightto control
9.4. Retention offilahts.This Agreement does not transfer ownership of such settlement er defense;ESO will not enter into any settlement
Confidential information or grant a.license thereto. thatimposes any liability or obligation on Customer without the
9.5. Open Records end Other Laws.NotWithstandinganything In this Section Customer's prior written consent.The parties will cooperate in any
to the contrary;the parties acknowledge that Confidential information such settlement or defense and give each other full access to all
•
may disclosed if such Confidential Information is required to be relevant information,at ESO's expense.
disclosed by law(Including a lawful public records request),provided
that priorto such disclosure,written notice of such required disclosure
rAsaiin'9nnen1 i r,ir MIrr -JI r,:t k^is ' / rtir•.i/ in I
12. LIMITATION OF LIABILITY 14. WORi<PRODUCT
12.1.•LIMITATION OF DAMAGES.NEITHER ESO NOR CUSTOMER SHALL BE 14.1. Work Product Ownership.In the.event Customer hires ESO to perform
LIABLE TO THE OTHER FOR ANY CONSEQUENTIAL INDIRECT,SPECIAL, • Professional Services,ESO alone shall hold all right,title,and Interest
PUNITIVE OR INCIDENTAL DAMAGES,INCLUDING CLAIMS.FOR to all proprietary and intellectual property rights of the Deliverables
DAMAGES FOR LOST PROFITS,GOODWILL,USE OF MONEY, (Including,Without lirnitatlon,patents,trade secrets,copyrights;and
INTERRUPTED OR IMPAIRED USE OF THE SOFTWARE,AVAILABILITY OF trademarks),as well as title to any copy ofsoftware.made by or for
DATA,STOPPAGE OF WORK.OR IMPAIRMENT OF OTHER ASSETS Customer(if applicable).Customer hereby explicitly acknowledges and.
RELATING TO THIS AGREEMENT, agrees that nothing in this Agreement or a separate Addendum gives
12.2. .SPECIFiC LIABILITY.LIABILITY SHALL BE LIMITED AS FOLLOWS: the Customer any right,title;or interestto the intellectual property or
proprietary knovi-how of the.Dellv.erables.
. . (a) ESO'S OBLIGATIONS UNDER SECTION 11 SHALL BE LIMITED TO 15. GOVERNMENT PROVISIONS
.$500,000, -
15.1. Compliance with Laws.Both partleathall comply With and give all
(b) lOAMAQES ARISING FROM APARTY'S BREACH OF notices required by all applicable federal,state and local laws,
CONFIDENTIALITY OBLIGATIONS(INCLUDING A BREACH OF ordinances,rules,regulations and lawful orders of any public authority
OBLIGATIONS REGARDING PROTECTED HEALTH INFORMATION), bearing on use•of the Software and the performance of this
SHALL BE LIMITED TO$1,000,000. Agreement.
(c) DAMAGES ARISING FROM A PARTY'S WILLFUL MISCONDUCT OR 15.2. Business Associate Addendum.The parties agree to the terms of the
CRIMINALCONDUCTSHALL NOT BE LiMiTED. Business Associate Addendum attached es Exhibit B andincorporated
12.3. GENERAL LIABILITY.EXCEPT AS EXPRESSLY PROVIDED"SPECIFIC .herein by reference.
LIABILITY,"ESO'S MAXIMUM AGGREGATE LIABILITY FOR ALL CLAIMS 15.3. Equal Opportunity.The patties shall abide bythe requirements of 41
OF LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS OFR 60-1,4(a),60-300.5(a)and.60 741.5(a),and the posting
AGREEMENT SHALL NOT EXCEED THE FEES PAID BY(OR ON BEHALF requirements of 29 CFR Part 471,appendix A to subpart A,if
OF)CUSTOMER WITHIN THE PRECEDING 12-MONTH PERIOD UNDER .applicable(prohibiting discrimination on the basis of protected veteran
THE APPLICABLE ADDENDUM OR EXHIBIT GIVING RISE TO THE CLAIM. ,status,disability,race,color,religion,sex;sexual orientation,gender
12.4. THE FOREGOING LIMITATIONS,EXCLUSIONS,DISCLAIMERS-SHALL identityor national origin).
APPLY REGARDLESS OF WHETHER THE CLAIM FOR SUCH DAMAGES IS 15.4. Excluded Parties List ESO agrees to report fo Custorrmer'if an.employee
BASED IN CONTRACT,WARRANTY,STRICT LIABILITY,NEGLIGENCE, . or contractor is listed by a federal agency as debarred,excluded or
TORT OR:OTHERWiSE.INSOFAR AS APPLICABLE LAW PROHIBITS ANY otherwise.tnellgible for participation in federally funded health care
LIMITATION HEREIN,THE PARTIES AGREE THAT SUCH LIMITATION programs.
SHALL BE AUTOMATICALLY MODIFIED,BUT ONLY TO THE EXTENT SO
AS TO MAKE THE LIMITATION PERMITTED TO THE FULLEST EXTENT 16. PHI ACCURACY&COMPLETENESS
POSSIBLE UNDER SUCH LAW.THE PARTIES AGREE THAT THE 16.1. CustomerResponsibilities.TheSoftware alloWs Customer and its
LIMITATIONS SET FORTH HEREIN AREAGREED.ALLOCATIONS OF RISK Users to enter,document and disclose Customer Data,and as such,
CONSTITUTING IN PART-THE CONSIDERATION FOR ESO'S SOFTWARE ESO gives,no representations or guarantees about the accuracy or
-AND SERVICES TO CUSTOMER,ANDSUCH LIMITATIONS WILL APPLY completeness efOustomer Data(Including PHI)entered,uploaded or
• NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSES OF disclosed throughthe Software.Customer is solely responsible felt any
ANY LIMITED REMEDY AND EVEN lF A PARTY HAS BEEN ADVISED OF .decisions or actions taken involving
THE POSSIBILITY OF SUCH LIABILITIES. patient care or patient care
management,whether those decisions_or actions were made or taken
12.5. THIS SECTION 12 SHALL SURVIVEEXPIRATION OR TERMINATION OF using information received through the Software.
THE AGREEMENT.• 16.2. HDECustoOier CertiflcatlonC.in the Interest Of furthering community
1S. CUSTOMER DATA&PRIVACY health through the power of data,ESO encourages Customers
subscribing to ESO's Health•Data Exchange('HOE")Software to
13.1. Ownership of bats.As between ESO and Customer,all Customer Data empower joint healthcare providers by incorporating relevant,HIPAA-
shall be owned by Customer.. compliant data elements In Customer's outgoingpatientcare records
13.2. Use of Customer Data.Unless it receives Customer's prior written delivered through HDE.ESO may periodically accredit qualifying.
consent,ESO shall not grant anythird-party access to Customer Data, customers based on the quality and quantity of data delivered;
except(a)subcontractors that are subject to a reasonable Customer may reference such certification in marketing materials.
nondisclosure agreement or(b)authorized participants inthe case of 17. MISCELLANEOUS
Software designed to permit Customer to transmit Customer Data.
ESQ may only use,and disclose Customer Data to fulfill its oblIgations 17.1. .in den endent Contractors.The parties are independent contractors.
. under this Agreement or as required by applicable law or legal or Neither party is the agent of the other,and neither may make
governmental authority.ESO shall give Customer prompt notice early cotrtmitments-on the other's behalf.The parties agreethatno ESO
such legal or governmental demand and reasonably*cooperate with employee or contractor is or will be considered an employee of
. Customer in any effortto seek a protective order or otherwise contest . Customer.
such required disclosure,at Customer's expense. 17.2. Notices.Notices.provided under this Agreement must be in writing and
13.3. Anonvmized Data.CUSTOMER ACKNOWLEDGES AND AGREES THAT, delivered by(a)a recognized delivery servlce with signature-receipt
NOTWITHSTANDING ANY•OTHER PROVISION HEREIN,ESO MAY-USE proof of deliveryto a party's principal place of business designated on
ANONYMIZED:CUSTOMER DATA FOR INTERNAL AND EXTERNAL page 1 hereof,(b)hand delivered,or(c)a-mall to a person designated
PURPOSES(INCLUDING BENCHMARKING AND RESEARCH),PROVIDED in writing by the receiving party.in the case of delivery by.e-mall,the
THAT ESO WILL NOT SELL ANONYMIZED DATA TO THIRD PARTIES FOR notice must be followed by a copy of the nottce being delivered by a
COMMERCIAL USE.Without limiting the foregoing,ESO wiIlown all means provided in(a),Ili)or(e).The notice will be deemed given on
right,title and Interest in all Intellectual Property of any aggregated the day the notice Is received.
and de-Identified reports,summaries;compilations,analysis,statistics 17.3. Merger Clause, in entering into this Agreement,neither party is relying
or other information derived therefrom, upon any representations or statements of the other that are not fully
expressed in this Agreement;rather,each party is relying on its own
MSA(HI 200901 ;•ti-.ii .n- -.=— ,. -._-i -4
, ,
judgment.and due diligence and expressly disclaims reliance upon any Agreement,fully to be performed While this Agreement Is in effect shall •
representations or statement not expressly set forth in this Agreement. survive the termination of this Agreement.
In the event the Customer Issues a purchase order,letter or any other 17:11. Ambiguous Terms.This Agreement will not be construed against any
document addressing the Software or Services to be provided and
• performed pursuant to this Agreement,it is hereby specifically agreed Party by reason of Its preparation.
and understood that any such writing Isfor the Customer's Internal 17.12. Governing Law.This Agreement,any claim dispute orcontroversy
purposes only,and that any terms,provisions,and conditions hereunder(a"Dispute")will be governed by(I)the laws oftheState of
contained therein shall In no way modify this Agreement. Texas,or(ii)If Customer.is a city,county,municipality or other
17.4. Severability To the extent permitted by applicable law,the parties governmental entity or agency thereof,the law of state where
hereby waive any,provlslon of law that would render any clause of this Customer is located,in each case foregoing without regard to its
Agreement invalid or otherwise unenforceable Many respect.df a conflicts pf law.The UN Convention for the International Sala of Goods
Agreement this idA or of erwment s held to or invalid or otherwise and the Uniform Computer Information Transactions Act will not apply.
provisionaunenforceable,such provision will be interpreted tp fulfill Its intended In any Dispute,each party will bearits own attorneys'fees and costs
purpose to the maximum extent permitted by applicable lama ndthe and expressly waives-any statutory rlghtto.attorneys'fees.
remaining provisions of this Agreement will continue in fullforce and 17r13. No Class Actions.NEITHER PARTY SHALL BE ENTITLED TO JOIN OR •
effect, CONSOLIDATE CLAIMS BY OR AGAINST OTHER ESO CUSTOMERS,OR
17.6. Subcontracting.Except for training•and 1mplenientation services. PURSUE ANY CLAIM AS.A REPRESENTATIVE OR CLASS ACTION OR IN A.
related to the Software,neither party may subcontract or delegate its PRIVATE ATTORNEY GENERAL CAPACIiY;
obiigatlonsto each.other hereunder,nor may It contract with.third 17:14: Dispute•Resolution,Customer and ESO will attemptto resolve any
•parties to perform any of its obligations hereunder;except as Dispute through negotiation or by.utilizing a mediator.agreed to by the
contemplated In this Agreement,'without the other partys prior written .parties,rather thanthrough litigation.Negotiations-and mediations will
consent, be treated es confidential.If the parties are unable to reach a
•
•
17.6. Modifications and Amendments,This Agreement may not be amended
resolution within 30 days of notice of the Dispute to the other party,
except through a written agreement signed by authorized the.parties may pursue all other courses of action available at law or in
representatives of each party,provided that the Customer agrees that equity:
ESO may rely on Informal writings(Including emails)of Customers 17.15. Technology Export.Customer shall not(a)permit any third party to
authorized representatives to(i)terminate Software products and access or Lite the Software in violation ofany U.S:law or regulation;or
•servldes and(II)epp"rove or ratify rate Or tier increases for Software (b)export.any software provided by ESO or otherwise remove it from
• products and services then in use by Customer. the United States in compliance with all applicable U.S.laws
17.7. Force Majeure.No delay,failure,or default will constitute a breach of and regulations.Without limiting the generality ofthe foregoing,
this Agreement to the extent ea used,by acts of war,terrorism, Cuatorrier shall not permit any third party to access or use the
hurricanes,entty the
other opts of God or of nature,strikes or Software in,or export such software to,a countryaubjectto a United
• other labor disputes,riots or other acts of civil disorder,embargoes,or States embargo(es Of the Effective Date-Cuba,Iran,North`Korea,
othercausesbeyond the performing party's reasonable control Sudan,and Syria).
(collectively,"Force Majeure"),•In such event;however,the delayed 17.16. Order of Precedence.In the event of any conflict between this
party must.promptly.provide the Other party notice of the Force Agreement,Addenda or other attachments Incorporated herein,the
Majeure.The delayed party's time for performance will be'excused for following order of precedence will govern:(1)the General Terms and
• the duration of the Force Majeure,but if the event last ionger'than 30 Conditions;(2j any Business Associate Agreement;(3)the applicable
• days,the.other party mayimmedlately terminate the applicable Addendum,with most recent Addendum taking precedence over
Addendum. earlier ones;and(4)any ESO policy posted online,Including without .
1 request 7.8. Marketing.If requed by ESO,Customer agrees to reasonably limitation its privacy policy.No amendments incorporated into this
cooperate with ESO
est preparation and issuance of a public Agreement after execution of:the General Terms and Conditions will
announcement regarding the relationship of the parties. amend such General Terms and Conditions unless it specifically states
Its intentto do so and cites the section or sections amended.
17.9. Waiver&Breach.Neither patty will be deemed to vialve any right§
underthis Agreement except through an explicitviritten waiver made 17.17. Counterparts.This Agreement may be executed in one or more
by an authorized representative.No waiver of a breach of this counterparts.Each counterpart will be an original,and all such
• Agreement will constitute a waiver of any other breach hereof. counterparts will constitute a single instrument.
17.10. Survival of Terms.Unless othenvlse stated,all of ESO's and 17.18•Signatures.Electronic signatures on this Agreement or on'any
Customer's respective obligations,representations and warranties Addendum(or
coples'efsiggnatus sentvia electronic means)arethe
underthis Agreement which are not,by the expressed terms of this equivalent;ofhandwritterr signatures.
•
•
•
;.._....: _-= {—.y
MSA(H)200901 ;l~;}�,-'ri�; � FACE_ �' Q Or
r�� 5-�
, 1
EXHIBiTA
SUPPORT SERVICES ADDENDUM
1, DEFINITIONS.Capitalized terms not defined belotvshall have the same meaning as In the General Terms&Conditions.
1.1. .''Enhancement"means a modification,addition or new release of the Software that'1,lien added to the Software;Materially changes its utility,
efficiency,funotionaicapabliity or:application.
1.2. "E-mail Support"means ability to make requests for technical support assistance bye-mail at any timeconcerning.the use ofthethen-current release
of Software.
1.3. "Error"means an error in the Software,which significantly degrades performance of such Software as compared to:ESO's then-published
Documentation.
1.4. "Error Correction"means the use of reasonable commercial efforts to correct Errors.
1.5. "Fix"hteanethe repair or replacement of object code for the Software or Documentation to rein edy an Error.
1:5. "initial Response"means thefirstcontact by a'Support Representative after thelndident has been logged and a ticket generated.This may include
an automated email response depending on when the Incident Is first'communicated.
1.7. "Management Escalation"means,if the Initial Workaround or Fix does not resolve the Error,notification of managementthat such Errors)have been
reported and of steps being taken to correct such Error(s).
1.8. "Severity£Error"meats an Error which renders the Software completely Inoperative'(e.g.,a User cannot access the Software due to unscheduled
downtime or an Outage).
1:9. "Severity 2 Error"means an Error in which Software is still operable;however,one or more significentfeatures or functionality are unavailable(e.g.,a
User cannot access a core component of the Software).
1:1. "Severity 3 Error"means any other errorthat does not prevent a User.froni accessinga significant feature of the software(e.g,User Is experiencing
latency in reports).
1:2, ."Severity4 Error"means any error related to Documentation or a Customer Enhancement request.
1.3. "Status Update"means if the initial Workaround or FIX cannot resolve the Error,notification of the Customer regardingthe progress of the
Workaround or Fix..
1.4. "OniineSuppert"means information available through ESO's Website(www.eso.com),Including frequently asked questions'and bug reporting via Live
Chat.
1.5. 'Support Representative".shall be ESO.employee(s)or agent(s)designated to receive Error notifications from Customer,which Customer's
•Adminlstrator has been unable to resolve:
1.6. ".Update"means an update or revision to Software,typically for Error:Correction.
1.7: "Upgrade"means a new version or release of Software or a particular component of Software,which improves the functionality or which adds
functional'capabilitfes to the Software and IC not included in en Update.Upgrades may include Enhancements..
•CO. ''Workaround"means a change In the procedures followed or data supplied by Customer to avoid an Error withentsubstantlally impairing Customer's
use of the Software.
2. SUPPORT SERVICES.
2:1. .Customer Will provide atleast one administrative employee(the"Administrator"or"Administrators")who will handle all requests for first-level support
from.Customer's employees with respect tote.Software Such support is intended to be the"front line"for support and information aboutthe
Software to Customer's Users.ESO will provide training,docu[nentation,.and materials to the Administrator to enable the Administrator to provide
technical supportto Customer's Users:The Administrator will notify a Support Representative of any Errors thatthe Administrator cannot resolve and
assist ESO in information gathering.
2.2. ESO will provide Support Services consisting of(a)Error Correctlen(s);Enhancements,Updates and Upgrades that ESO,In its discretion,makes
generallyavailable to its_customers without additional charge;and(c)Email Support,telephone support,and Online Support.ESO may use multiple
forms of communication for purposes of submitting periodic status reports to Customer,Including but not limited to,messages in the Software,
11C Aim nnharvi - W . 8
messages appearing upon login to the Software or other means of broadcasting Status Update(s)to multiple customers affected by the same Error,
such es a customer portal.
2.3. ESO's support desk will be staffed with competent technical consultants who aretrained In and iherougblyfamiliar with the Software and with
Customer's applicable configuration.Telephone support and all communications will be delivered in Intelligible English.
2.4. Normal business hours for ESO's support desk are Monday.through Friday 7:00 am to 7:00 pm.CT.Customerwill receive a call back from a Support
Representative after-hours for a Severity 1 Error: •
2.5. ESO will provide responses to a technology and/orsecurity assessment of reasonable detail(a"Tech Assessment")upon request prior to(or In
connection with)implementation.ESO will provide responsesto any subsequent Tech Assessments provided that Customer compensates ESO at Its
then-current and standard consulting rates for all work performed in connection with such Tech Assessments.
3. ERROR PRIORITY LEVELS.Customer will report all Errors to ESO via e-mail(guoeort@eso.coml or by telephone(866-766-9 471,option.#3).ESQshall
exercise commercially reasonable efforts to correct any Error reported by Customer in accordance with the•priority level reasonably assigned to such Error by
. ESO, •
Severity lError.ESO shall(i)commence Error Correction promptly;(ii)provide an Initial Response within four hours;(Ili)initiate Management
Escalation promptly;and(Iv)provide Customer with a Status Update within four hours if ESO cannot resolve the Error Withiinfour hours. •
3.2. •Severity 2 Error:ESO shall(i)commence Error Correction promptly;(ii)provide.an Initial Response within eight hours;(III)initiate Management
Escalation within 48 hours if unresolved;and(iv)provide Customer with a Status Update within forty-eight hours If ESO cannot resolve the Error Within
forty-eight hours.
3.3. Severity 3 Error.ESO shall(i)commence Error Correction promptly;(ii)provide an initial Response within three business days;and(Iii)provide .
Customer with a Status Update within seven calendar days.If ESO cannot resolve the Error within seven calendar days.
3.4. Severity 4 Error.ESO shall(i)provide an Initial Response within seven calendar days.
4. CONSULTING SERVICES.If ESO reasonably believes that a problem reported by Customer is not due to en Error in the Software,ESO will so notify Customer.
At that time,Customer may request ESO to proceed with a root cause analysis at Customer's expense as setforth herein or in a separate SOW.If ESO
agreesto perform the investigation on behalf of Customer,then ESO's then-current and standard consulting rates will apply for all work performed In
connection with such analysis,plus reasonable related expenses incurred.For the avoidance of doubt,Consulting Services will include customized report
writing by ESO on behalf of Customer.
5. EXCLUSIONS.
5.1. ESO shall have no obligation to perform Error Corrections or otherwise provide support for:(i)Customer's repairs,maintenance or modifications to
the Software(If permitted);(ii)Customer's misapplication or unauthorized use of the Software;(ill)altered or damaged Software not caused by ESO;
(iv)any third-party software;(v)hardware issues;(vi)Customer's breach of the Agreement;and(vii)any other causes beyond the ESO's reasonable
control.
5.2.. ESO shall have no liability for any changes in Customer's hardware or software systems that may be necessaryto use the Software due to a
Workaround or Flx.
5.3. ESO Is not required to perform any Error Correction unless ESO can repllcate,such Error on Its Own software and hardware or through remote access •
to Customer's software and hardware.
5.4. Customer is solely responsible for Its selection of hardware,and ESO shall not be responsible the performance of such hardware even if ESO makes •
recommendations regarding the same.
6. • MISCELLANEOUS.The parties acknowledge that from time-totlme ESO may update Its support processes specifically addressed in this Exhibit and may do
• so by posting such updates to ESO's website or otherwise notifying Customer of such updates.Customerwill accept updates to ESO's support_procedures
and any otherterms In this Exhibit;provided however,that they do not materially decrease the level of Support Services that Customer will receive from
ESO.THESE TERMS AND CONDITIONS DO NOT CONSTITUtE A PRODUCT WARRANTY.THIS EXHIBIT IS AN ADDITIONAL PART OF THE AGREEMENT AND DOES
NOT CHANGE OR SUPERSEDE ANY TERMOF THE AGREEMENT EXCEPT TO THE EXTENT UNAMBIGUOUSLY CONTRARY THERETO.
•
•
M1ecniu1 9nnon9 t"'XH11 IT_A_PA-or- Ib tOF (j-- l 7
•
•
EXHIBIT B
HIPAA BUSINESS ASSOCIATE ADDENDUM •
Customerand ESO Solutions,Inc.("Business Associate")agree thetthis HIPAA Business Associate Addendum is entered into for the benefit of Customer,
which is a covered entity under the Privacy Standards('Covered Entity").
Pursuant to the Matter Subscription and License Agreement(the"Agreement")Into which this HIPAA Business Associate Addendum(this"Addendum")has
been incorporated,Business Associate may perform,functions or activities involving the use and/or disclosure of PHI on behalf of the Covered Entity,.and
. therefore,Business Associate may function as a business associate.Business Associate,therefore,agrees to the followingterms and conditions.
1. Scope.This Addendum applies to and is hereby.automattcallyincorporated into all present and future agreements and relationships,Whether written,
oral or implied,between Covered Entity and Business Associate;pursuantto which PHI is created,maintained,received ortransmitted by Business
Assoclatefrom or on behalf Of Covered Entity in any form or medium whatsoever.
2. -Definitions.For purposes of this Addendum,the terms used herein,unless otherwise defined,shall have the same meanings as used in the Health
Insurance Portability and Accountability Act of.1996("HIPAA"),or the Health Information Technology for Economic and Clinical Health Act("HITECH'),
and any amendments or Implementing regulations,(collectively'HIPAARuies").
3. Compliance with Applicable Law.The parties acknowledge and agree that,ueginning with tile relevant effective date,Business Associate shall comply
with its obligations under this Addendum and with all obligations of a business associate.under HIPAA,HITECH,the HIPAA Rules,and other applicable
laws and regulations,as they exist at the time this Addendum is executed and as they are amended,for so.long.as this Addendum is in place.
4. Permissible Use and Disclosure of PHI.Business Assoelate may use and disclose PHI as riecessaryto carry Out Its duties to a Covered Entitypursuant
to theeterms of the Agreement and as required by law.Business Associate may also use and disclose.PHI(i)for its own proper management and
administration,and(il)to carry out its legal responsibilities.If Business Associate discloses Protected Health Information to a third partyfor either
above reason,prior to making any such disclosure;Business Associate must obtain:(I)reasonable assurances from the receiving party that such PHI
will be held confidential and be disclosed only as required by iavror for the purposes fer whieh it Was disclosed to such receiving party;and(II)an
agreementfroin such receiving party.to immediately notifyBusiness Associate of any known breaches of.the confidentiality of the PHI.
5. Limitations on Use•and Disclosure of PHI.Business Associate shall not,and shall ensure that its directors,officers,employees,subcontractors,and
agents do not,.use.or disclose PHI In any manner that is not permitted by the Agreement or that would violate Subpart E of 45;C.F.R.164('Privacy
Rule")If done by a Covered Entity.All uses and disclosures of;and requests by,Business Associate for PHI are stibiectto the minimum necessary rule
of the Privacy Rule.
6. Required Safeguards to Protect PHL Business Associate shall use appropriate safeguards,and comply with Subpart C:of45 C,F:R.Part 164("Security
Rule")with respectto electronic PHI,to prevent the use or disclosure of PHI other than pursuant to theterrns and conditions ofthis Addendum.
7. Repottingto Covered Entity.Business Associate shall report to the affected Covered Entity without unreasonable delay:(a)any use or disclosure of.PHI
riot-provided for bythe Agreement.of which it becomes aware;(b)any breach of unsecured PHI in accordance with 45.C:F.R.Subpart D of 45 C.F.R.
164("Breech Notification Rule");and(c)any security incident of which it becomes aware:With regard to Security Incidents caused by or occurringto
Business Associate,Business Associate shall cooperate vdth the Covered Entity's investigation,analysis;notification and mitigation activities,and
except for Security Incidents caused by Covered Entity,shall be responsible for reasonable.costs incurred by the Covered Entity for,those activities.
Notwithstanding the foregoing,Covered Entity acknowledges and shall be deemed to have received advanced notice from Business Associate that
there are routine occurrences of:(i)unsuccessful attempts to penetrate computer networks or services maintained by Business Associate;and(ii)
immaterial Incidents such as"pinging"or"dental of services"attacks.
8. Mitigation of Harmful Effects;.Business Associate agrees to mitigate,'to extent practicable,any harmful effect of a use or disclosure.of PHI by
Business Associate in violation of the requirements of the Agreement,including,but not limited to,compliance With anystate law or contractual data
. breach requirements.
9. Agreements bvThird Parties.Business Associate shall enter into an.agreement with any subcontractor of Business Associate that creates,receives,
maintains ortransmits PHI on behalf'of Business Associate.Pursuant to such agreement,the subcontractor shall agree to be bound by the same or
greater restrictions,conditions,and requirements that apply to Business Associate under tills Addendum with respect to such PHI.
10. Access to PHI.Within flue business days of a request by a Covered Entity for access to PHI about an individual contained ih a Designated Record Set;
Business Associate shall make available to the.Covered Entity such PHI for so.tong assuch information is maintained by Business Associate in the
-Designated Record Set,as required by 45;C.F R.154.524.In the event any individual delivers directly to Business Associate a request for access to
PHI,Business Assoolate shall within five(5)business days forward such request to the Covered Entity.
11. Amendment Of PHi.Within five husines§.days of receipt of a request from a Covered Entity for the amendment of an individual's.PHI or a record
regardingan individual contained in a Designated Record Set(for so iongas the PHI is Maintained in the Designated Record Set);Business Associate
shall provide such information to the Covered Entity for amendment and incorporate any such amendments in the PHI as required by 45
C.F:R.164 52B.In the event-any individual delivers directly to Business Assoelate_a requestfor amendment to PHI,Business Associate shall within five
business days forward such request to the Covered Entity.
•
MSA(H)200901 �3�} HIBITj.,_PAOE�_II__0r=i 8
1
•
12. Documentation of Disclosures.Business Associate agrees to document disclosures of PHI and Information related to.such disclosures as would be
required for a Covered Entity to respond to a request by an Individual for an accounting of disclosures.of PHI in accordance with 45 C.F.R.164.528
and HITECH.
1B. Accounting of Disclosures.Within five business days Of notice by a Covered Entityto Business Associate that it has received a request for.an
accounting of disclosures of PHI,Business Associate shall make available to a Covered Entity information to permitthe Covered Entityto respond to
the request for an accounting of disclosures of PHI,asrequired by 45 C.F.R.164.528 and HITECH.
14: Other Obllgations.To the extentthat Business Associate is to carry out one or more of a Covered Entity's obligations under the Privacy Rule,Buainess-
Assodiate shall comply with such requirements that apply to the Covered Entity in the performance of such obligations.
15. Judicial and Administrative Proceedings.In the event Business Associate receives a•subpoena,court or administrative order or other discovery request
or mandate for release of PHI,the affected Covered Entity shall have the right to control Business Associate's response to such request,provided that,
such control does not have an adverse impact on Business Associate's compliance with existing laws.Business Associate shall notify the Covered
• Entity of the request as soon as reasonably practicable,but in any event within seven business days of receipt of such request.
16. Availability of Books and Records.Business Associate hereby agrees to make its internal practices,books,and records aveilabie.to the Secretary of the
• Department of Health and Human Services for purposes of determining compliance with the HIPAA Rules.
17. Breach of Contract by Business Associate.In addition to any other rights a party may have in the Agreement,this Addendum er by operation of law or in
•equity,.either party may i)immediately terminate the Agreement If the other party has violated a material term of this:Addendum;or ii)at the non-
breaching party's option,permitthe breaching party to cure or.end any such violation Within the time specified bythe non-breaching party.The non-
• breaching party's option to have cured a breach of this Addendum shall not be construed as a waiver of any other rights the nen•breeching party has in
the Agreement,this Addendum or by operation of law or inequity.
18. Effectcf Termination of Agreement.Upon the termination of the Agreement.orthis Addendum for any reason,Business Associate shall return to a
Covered Entity or,.atthe Covered Entity's direction,destroy all PHi received from the Covered Entity that Business Associate maintains in any form,
recorded on any medium,orstored In any storage system.This provision shall apply.to PHI that Is'in the possession of Business Associate,
•
subcontractors,and agents of Business Associate.Business Associate shall retain no copies of the PHI.Business Associate shall remain bound by the
provisions of this Addendum,even after termination of the Agreement orAddendum,until such time as all PHI has been returned or otherwise
destroyed as provided in this Section.For the avoidance of doubt,de-Identified Customer Data shall not be subject to this provision.
19. •injunctive Relief.Business Associate stipulates that its unauthorized use or disclosure of PHI'While performing services pursuant to this.Addendum
Would cause irreparable harm to a Coveted Entity,and in such event,the Covered Entity shall be entitled to institute proceedings in any court of •
competent jurisdiction to obtain damages and injunctive relief.
•
20. Owner of PHI:Under no circumstances shall Business Associate be deemed in.any respect to•be the owner of any PHI created or received by Business
.. Associate on behalf of a Covered Entity.
21. Safeguards and Appropriate Use of Protected Health information.Covered Entity is responsible for implementing appropriate privacy and security
safeguards to protect Its PHI In with HIPAA.Without limitation,it is.Covered Entity's obligation to;
214. Not include PHI In information Covered Entitysubmits to technical support personnel through a technical support request or to community
support forums.In addition,Business Associate does not act as,or have the obligations of a Business Associate under the HIPAA Rules with
respect to-Customer Data once it Is sent to'or from Covered Entity outside ESO's Software over the public Internet;and
21.2. Implement privacy and security safeguards in the systeins,applications,and'softwareCovered Entity controls,configures and connects to ESO's •
Software. -
22. Third Party Rights.The terms of this Addendum do not grant any rights to any parties other than Business Associate and the Covered Entity. .
23. Signatures.The signatures to the Agreement(or the document evidencing the parties'.adoption thereof)indicate agreement hereto and shall be
deemed signatures hereof,whether manual,electronic or facsimile.
MSA(H)200901 _iit i� A _ All 12.•_• �` '� 9
Y
SOFTWARE LICENSE&MAINTENANCEAGREEMENT
This Agreement(this "Agreement') is entered into as of the date indicated on the duly.executed
Quote which adopts-this Agreement("Effective Date") by and between Customer, (including
controlled affiliates who are designated on a Quote (each an "Afliate"), "Licensed'), and ESO
Solutions, Inc.,a Texas corporation (including its controlled affiliates,the "Company'). This
Agreement supersedes and replaces any other Registry agreement between the parties,or their
respective predecessors in interest, concerning the some subject matter.
BACKGROUND
Company has a background in developing and maintaining registry software products and modules
for use connection with hospital and regulatory operations. The Company is willing to license
products and provide services to the Licensee based on this background, and Licensee desires that
the Company provide such products and services.
In consideration of the covenants, agreements and promises set forth below, and for other good and
valuable consideration,the receipt and sufficiency of which is hereby acknowledged,the parties,
intending to be legally bound, hereby agree as follows.
TERMS
1. SERVICES/DELIVERABLES.
a. Software Products. The Company agrees to deliver the software (or access thereto)and
related materials in the quantities indicated(collectively,the"Software Products").to the
Licensee as set forth in the Quote(s) (as defined below). In connection with delivery of the
Software Products,the Company shalt provide Licensee with the license and/or subscription
rights further described in Section.6 herein.
b. Maintenance and Support Services. If and to the extent indicated on a;Quote,the Company
agrees to provide Licensee the maintenance and support services described on Appendix A
("Maintenance Service').
c. Hosting and Other Services. If and to the extent indicated.on a Quote,the Company agrees
to provide Licensee hosting or other services ("Other Services')described in such Quote.
2. FEES&COSTS. The specific Software Products, Maintenance Services, and other products/
services to be provided by Company to Licensee, and the fees (and any specific terms)for the
same,shall be setforth in one or more quotes or sales orders, signed by the parties and listing
applicable Affiliate(s) (each a "Quote"). Each Quote is deemed to be incorporated fully by
reference herein. Licensee agrees to pay the Company the fees and costs for the Software
Products, Maintenance Services,and other items as set forth in each Quote(the"Feed").The
Fees are non-cancelable and non-refundable, except in the event of termination for cause by
Licensee as'setforth in Section 3.b herein.Company shall invoice Licensee on an annual basis,
Page lofl.4 _
irxtaranrr in Rant= 1I r' N I 1
and Licensee shall pay,all invoices within 30 days of receipt of Company's invoice. Fees for
Maintenance Services and other annually recurring items shall increase by 3%each year this
Agreement is in effect. The Fees are exclusive of all taxes and credit card processing fees, if
applicable. Unless and until Licensee provides the Company a tax exemption certificate,
Licensee will be responsible for and will remit(or will promptly reimburse the Company for) all
taxes of any kind, including sales, use,duty, customs,withholding,property, value-added, and
'other similar federal,state or local taxes(other than taxes based on the Company's income)
related to this Agreement.
3. TERM/TERMINATION.
a. Term. The term of this Agreement(the Term')commences on the Effective Date and
continues fora period of one year(or any longer period provided in an Addendum).
Thereafter,the Term will renew for successive one-year periods(each, a "Renewal Term')
unless written notice is provided at least 60 days prior to the anniversary of the Effective
Date. Any such termination may be effective as to the entire Agreement, or as to any Affiliate
or entire facility using Software Products under this Agreement.
b. Termination for Cause. This Agreement May be terminated at any time upon the breach by
the other party, if such breach continues for a period of 30 days after written notice to the
breaching party or immediately if such breach is not subject to cure.
C. Effect of Termination. Upon termination,the Company shall have no obligation to provide the
Software Products or Maintenance Services or any other services under this Agreement to
the Licensee,and Licensee shall have no obligation to pay for the same. If this Agreement is
terminated for cause by: (a) Licensee,then Company shall refund to Licensee within 45 days
any prepayment made by Licensee under this Agreement and the applicable Quote for
licenses,services or products not yet provided by Company, or(b) Company,then Company
may retain any amounts prepaid by Licensee through the effective date of the termination.
4. RELATIONSHIP OF PARTIES. It is understood by the parties that the Company is an independent
contractor with respectto the Licensee,and not an employee of the Licensee. The Licensee will
not provide fringe benefits, including health insurance benefits, paid vacation, or any other
employee benefit,for the benefit of the Company.
5: LICENSING;SUBSCRIPTIONS. The Software Products are property of Company and/or its
suppliers and licensors.
a. License. If a Software Product is designated as "licensed" on the applicable Quote
("Licensed Software Products%,then Company grants to Licensee a perpetual but limited,
non-exclusive,non transferable, non-assignable, non sublicensable, revocable, royalty-free
license and rightto use the Software Products,subject to Licensee's compliance with the Use
Restrictions and other limitations_contained in this Agreement.
Page 2of14 -
r�fv_l:01T n' DAs'?F 141 (IC41
, r
b. Subscription. If a Software Product or Other Service is designated as"subscription"or
"recurring"or otherwise periodic on the applicable Quote,then Licensee may access and use
such Software Products and Other Services, in accordance with the access and volume
limitations set forth thereon,subject to Licensee's compliance with the Use Restrictions and
other limitations contained in this Agreement.
c. Use Restrictions: Licensee shall not make any reproductions, copies, or electronic -
transmittals of any portion of the Software Products, including but not limited to any program
files, configuration files,system files, instruction manuals,screen captures, user's manuals,
on-line help files, or any other materials,withoutthe prior written consent of the Company;
except that for Licensed Software Products, Licensee may make network system backups of
the installed system and a single backup copy of the installation media or file provided by the
Company, in each case solely for its internal archival or backup purposes. Licensee shall
install Licensed Software.Products only on as many networks,workstations.or computers as
is indicated on applicable Quotes: Except as provided in this Agreement or as otherwise
authorized by ESO, Licensee has no right to, and shall not:(a)decompile, reverse engineer,
disassemble, print;copy or display the Software Products or otherwise reduce the Software
Products to a human-perceivable form in whole or in part; (b)publish, release, rent, lease,
loan,sell, distribute or transfer the Software Products to another person Or entity; (c)
reproduce the Software Products for the use or benefit of anyone other than Licensee; (d)
alter; modify or create derivative works based upon the Software Products either in whole or
in part;or(e) use or permit the use of the Software Products for commercial time-sharing
arrangements or providing service bureau, data processing,rental,or other services to any
third party(other than an applicable Affiliate).The provisions of this section shall survive the
termination of this Agreement.
6. WARRANTY. During the Term Of the Maintenance Services under this Agreement,the Company
Warrants to the Licensee that all Software Products and maintenance updates provided by the
Company to the Licensee under this Agreement will perform substantially in accordance with
their written materials and Other documentation provided by the Co►npanytothe Licensee, in
each case provided the Licensee has complied with the system resource and configuration
requirements. EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 6, ESO DISCLAIMS ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE,SUITABILITY,TITLE,
NON-INFRINGEMENT, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF
DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. EXCEPT AS EXPRESSLY PROVIDED
IN THIS SECTION 6,CUSTOMER ACCEPTS THE SOFTWARE PRODUCTS AND SERVICES "AS-IS"
AND"AS AVAILABLE".
7. INSURANCE. ESO agrees to maintain commercial general liability,errors and omission and cyber-
liability/data breach Insurance in amounts determined by ESO, but in no event less than
$1,000,000 per claim/$2,000,000 aggregate.
8. INDEMNIFICATION.Subject to the Limitation of Liability below,the Company shall defend and
indemnify Licensee from any damages, costs, liabilities, expenses(including reasonable
attorney's fees) ("Damages")actually incurred or finally adjudicated as to any third-party claim or
Page 3 of 14
action alleging that the Software Products delivered pursuant to this Agreement(on a stand-
alone basis,and not in combination with any other software,system, information or process)
infringe or misappropriate any third party's patent, copyright,trade secret, or other intellectual
property rights enforceable in the applicable jurisdiction (each, an "!hdemnified Claim").If
Licensee makes an Indemnified Claim under this Section or if the Company determines that an
Indemnified Claim may occur,the Company shall at its option: (a)obtain a right for Licensee to
continue using such Software Product(s);(b)modify such Software Products)to make ita non-
infringing equivalent or(c) replace such Software Product(s)with a non-infringing equivalent. If
(a), (b),Or(c)above are not reasonably practicable, either party may, at its option,terminate the
relevant Quote. Notwithstanding the foregoing,the Company shall have no obligation hereunder
for any claim resulting;or arising from (x)Licensee's breach of this Agreement; (y) modifications
made to the Software Product(s)that were not performed or provided by or on behalf of the
Company or(z)the combination, operation or use by Licensee(and/or anyone acting on
Licensee's behalf)of the Software Product(s)in connection with any other product or service(the
combination or joint use of which causes the alleged infringement).This section states the
Company's sole obligation and liability,and Licensee's sole remedy,for potential or actual
intellectual property infringement by the Software Product(s).
9. LIMITATION ON LIABILITY. NEITHER THE COMPANY NOR LICENSEE SHALL BE LIABLE TO THE
OTHER FOR ANY CONSEQUENTIAL, INDIRECT,SPECIAL, PUNITIVE OR INCIDENTAL DAMAGES,
INCLUDING CLAIMS FOR DAMAGES FOR LOST PROFITS,GOODWILL,USE OF MONEY,
INTERRUPTED,OR IMPAIRED USE OF THE SOFTWARE,AVAILABILITY OF DATA,STOPPAGE OF
WORK OR IMPAIRMENT OF OTHER ASSETS RELATING TO THIS AGREEMENT. THE COMPANY'S
MAXIMUM AGGREGATE LIABILITY FOR ALL CLAIMS OF LIABILITYARISING OUT OF OR IN
CONNECTION WITH THIS AGREEMENT(INCLUDING ANY BUSINESS ASSOCIATE AGREEMENT
RELATING HERETO, NOTWITHSTANDING ANY LIMITING OR CONTRARY PROVISION THEREIN),
SHALL NOT EXCEED THE FEES PAID BY(OR ON BEHALF OF) LICENSEE WITHIN THE PRECEDING
1.2-MONTH PERIOD UNDER THE APPLICABLE SALES ORDER OR SERVICE GIVING RISE TO THE
CLAIM.THE FOREGOING LIMITATIONS, EXCLUSIONS, DISCLAIMERS SHALL APPLY REGARDLESS
OF WHETHER THE CLAIM FOR SUCH DAMAGES IS BASED IN CONTRACT,WARRANTY,STRICT
LIABILITY, NEGLIGENCE,TORT OR OTHERWISE. INSOFAR AS APPLICABLE LAW PROHIBITS ANY
LIMITATION HEREIN,THE PARTIES AGREE THAT SUCH LIMITATION SHALL BE AUTOMATICALLY
MODIFIED, BUT ONLY TO THE EXTENT SO AS TO MAKE THE LIMITATION PERMITTED TO THE
FULLEST EXTENT POSSIBLE UNDER SUCH LAW.THE PARTIES AGREE THAT THE LIMITATIONS SET
FORTH HEREIN ARE AGREED ALLOCATIONS OF RISK CONSTITUTING IN PART THE
CONSIDERATION FOR THE COMPANY'S SOFTWARE PRODUCTS AND SERVICES TO LICENSEE,
AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL
PURPOSES OF ANY LIMITED REMEDY AND EVEN IF A PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF.SUCH LIABILITIES,THIS SECTION SHALL SURVIVE EXPIRATION OR TERMINATION
OF THE AGREEMENT.
lb.CONFIDENTIALITY. "Con!dentiallnformatfon" refers to the following items: (a) any document
marked "Confidential";(b)any information orally designated as"Confidential"at the time of
disclosure, provided the disclosing party confirms such designation in writing within five business
days;(c)the Software Product(s)and documentation,whether or not designated confidential; (d)
the;Company's security controls, policies, procedures, audits,or other information concerning
the Company's internal security posture; (e)any other nonpublic,sensitive information
reasonably treated as trade secret or otherwise confidential; and (f) Data which does not
comprise Protected Health Information ("PHI'),as defined in 45 C.F.R. §160.103.
Notwithstanding the foregoing, Confidential Information does not include information that: (i) is
Page 4 of 14
in the other party's possession at the time of disclosure free of duty of non-disclosure;(ii) is
independently developed without use of or reference to:Confidential Information; (iii) becomes
known publicly, before or after disclosure, other than as a result of the receiving party's improper
action or inaction; (iv) is approved for release in writing by the disclosing party;or(v) PHI(which
is exclusively governed by the Business Associate Agreement attached hereto as Appendix C).
Each party shall use Confidential Information of the other party solely to fulfill the terms of this
Agreement(the"Purpose"). Each party shall(a)ensure that its employees or contractors are
bound by confidentiality obligations no less restrictive than those contained herein,and (b) not
disclose Confidential Information to any other third party without prior written consent from the
disclosing party.Without limiting the generality of the foregoing,the receiving party shall protect
Confidential Information with the same degree of care it uses to protect its own confidential
information of similar nature and importance, but with no less than reasonable care.A receiving
party shall promptly notify the disclosing party of any misuse or misappropriation of Confidential
information of which it is aware.With respect to each item of Confidential Information,the
obligations of nondisclosure will terminate three years after the date of disclosure; provided that,
such obligations related to Confidential Information constituting the Company's trade secrets
shall continue so long as such information remains subject to trade secret protection pursuant to
applicable law.Upon termination of this Agreement,a party shall return all copies of Confidential
Information to the other or certify the destruction thereof.This Agreement does not transfer
ownership of Confidential Information.or grant a license thereto. Notwithstanding_anything in this
-Section to the contrary,the parties expressly acknowledge that Confidential Information may be
disclosed if such Confidential Information is required to be disclosed by law, a lawful public
records request,.or judicial order, provided that prior to such disclosure,written notice of such
required disclosure shall be given promptly and without unreasonable delay by the receiving
partyin order to give the disclosing parry the opportunity to object to the disclosure and/or to
seek.a protective order.The receiving party shall reasonably cooperate in this effort.In addition,
Licensee may disclose the contents of this Agreement solely for the purpose of completing its
review and approval processes under its local rules, if applicable.
Id, NOTICES. Notices hereunder must be in writing and delivered by(a) a recognized delivery service
with signature-receipt proof of delivery to a party's principal place of business designated on
page 1 hereof or the applicable Quote, (b) hand.delivered, or(c)e-mail to a person designated in
writing by the receiving party. In the case of delivery by e-mail,the notice trust be followed by a
copy of the notice being delivered by a means provided in (a),(b) or(c).
12:SEVERABILITY. If any provisions of this Agreement shall be held to be invalid, or unenforceable
for any reason,the remaining:provisions shall continue to be valid and enforceable. If a court
finds that any provision of this Agreement is invalid or unenforceable, but that by limiting such
- provision it Would become valid or enforceable,then such provision shall be deemed to be
written, construed, and enforced as so limited.
13. FORCE MAJEURE. If a Party is delayed in performance for any reason beyond its reasonable
Control,:including:but.not limited to, riots,wars,terrorist acts, executive order,fires,accidents,
explosions,natural disasters, or epidemics,then the time allowed for performance shall be
extended on a day-for-day basis.The delayed Party promptly will provide written notice of any
Page Of 14
`V InI t IA PA(;lr- 1 l ()F a 1
[
•
such event causing a delay in performance,which notice will describe the basis for the delay,the
estimated duration,and the steps being taken to mitigate the delay.
14.WAIVER,AMENDMENT,ASSIGNMENT. No amendment, assignment or waiver of this Agreement
or its term and conditions is valid unless it is in writing,specifically refers to this Agreement,and
is signed by authorized representatives of both parties. Any amendment or waiver will be limited
to the specific situation'for which it is given. No other action or failure to act(including
inspection,failure to inspect, acceptance of late deliveries,or acceptance of or payment for any
Products)will constitute a waiver of any rights.This Section shall survive any termination or
expiration of this Agreement and will continue to bind the parties and their successors and
assigns.
15.ENTIRE AGREEMENT. This Agreement contains the entire agreement of the parties as subjecttO
matter herein and may not be amended,waived,or modified in any way, except if the
amendment is made in writing and is signed by both parties.
16.COMPLIANCE WITH LAWS.Company end.Licensee shall comply with all laws, ordinances,codes,
rules, regulations; and licensing requirements that are applicable to the conduct of its operations
and the performance of this Agreement, including those of federal,state, and local agencies
having jurisdiction and/or authority: Company represents and warrants that(a) it has not been
convicted of a criminal offense related to healthcare, (b) it is not currently under sanction,
exclusion,or investigation (civil or criminal by a federal or state enforcement, regulatory,
administrative, or licensing agency or otherwise ineligible for federal or state program
participation),and (c)it is not currently listed on the General Service Administration List of
Parties Excluded from the Federal Procurement and Non-Procurement Programs.
17.GOVERNING LAW.This Agreement, any claim dispute or controversy hereunder(a "Dispute)will
be governed by(i)the laws of the State of Texas, or(ii)if:Customer is a city, county, municipality
or other governmental entity,the law of state where Customer is located, in each case foregoing
without regard to its conflicts of law.The UN Convention forthe International Sale of Goods and
the Uniform Computer Information Transactions Act will not apply. In any Dispute, each party will
bear its own attorneys'fees and costs and expressly waives any statutory right to attorneys'fees.
The parties agree to waive,to the maximum extent permitted by law, any right to a jury trial with
respect to any Dispute.
18.ORDER OF PRECEDENCE: In the event of any conflict between this Agreement, Quotes,Addenda
or other attachments incorporated herein,the following order of precedence will govern: (1)
terms above;(2)the applicable Addendum,with most recent Addendum taking precedence over
earlier ones;(3)a Quote, and (4)any ESO policy posted online, including without limitation its
privacy policy..No amendments incorporated into this Agreement after execution hereof will
amend such General Terms and Conditions unless it specifically states its intent to do so and
cites the section or sections amended. -
19.SIGNATURES. This.Agreernent may be executed in one or more counterparts.-Each counterpart
will be an original,and all such counterparts will constitute a single instrument. Electronic
Page 6 of 14
t'Y:t�E�-1 1
1
' signatures on this Agreement or on any Addendum (or copies of signatures sent via electronic
means)are the equivalent of handwritten signatures.
Page 7 of 1. 4 _ q
1 :,oral-r N imiiiE i`i !I :if I
II ',
APPENDIX A.
Maintenance and Support Plan
ESO's software is backed by our commitment to providing exceptional customer support and timely techn!Cal
support services. ESO has full-time customer support staff members that are solelydedicated to providing_
medical registry,database and system support. Our staff of developers, medical registry product managers,
software trainers,and support services coordinators combine to provide high level support to our client base.
ESO may amend this Appendix A upon notice to the Customer in Writing(including by email)to reflect changed
procedures or contact information,provided that ESO shall notify Customer at least 90 days in advance of any
material adverse amendment.
Support services can be used to assist in a variety of support situations including installation,troubleshooting,
assistance with the use.of the product,distribution,central site process,and many other services. Technical
support questions are typically handled in the order ESO receives them.
Support Process
ESO directs technical inquiries to the appropriate team members. ESO's support staff is equipped to handle a
wide variety of support requests and follow Standard Operating Procedures(SOPs)for escalating support
incidents to appropriate technical staff,including development staff. ESO's Product and Support Services
Coordinator conducts meetings with technical support staff to review open issues for timely resolution.
ESO maintains several support channels for out customers Including email via suppOrt.dl@eso.com for lower
priority cases with a minimum of3 business day response., For Critical or higher priorities,please call the.866-
766-9471 option 3,option 3,option to be connected with an agent. Ifbusy,you can leave a voicemail and we
will cal/you back within one hour, Support Can be reached through these channels during normal business
hours of 8:30am—8:00pm FST
Escalation&Priority Levels
Customer will report all Errors to ESO via e-mail(support.di@eso.com)or by telephone(866-766-9471,option
#3). ESO shall exercise commercially reasonable efforts to correct any Error reported by Customer in
accordance with the priority level reasonably assigned to such Error by ESO.
Severity 1 Error: ESO shall(i)commence Error Correction promptly;(ii)provide an Initial Response within
four hours;(iii)initiate Management Escalation promptly; and(iv)provide Customer with a Status Update
within four hours if ESO cannot resolve the Error within four hours.
Severity 2 Error: ESO shall(i)commence Error Correction promptly;(II)provide an Initial Response within
eight hours;(iii)initiate Management Escalation within 48 hours if unresolved;and(iv)provide Customer
With a Status Update within forty-eight hours if ESO cannot resolve the Error within forty-eight hours.
Severity 3 Error: ESO shall(i)commence Error Correction promptly;(ii)provide an Initial Response within
three business days;and(iii)provide Customer with a Status Update within seven calendar days if ESO
cannot resolve the Error within seven calendar days.
Severity 4 Error: ESO shall(I)provide an Initial Response within seven calendar days.
•
Page 8 of 14
1r.mca 1'9T e.“1 .`ls fiF^ /J� I
C
1 1
pefinitions
"Enhancement"means a modification,addition or new release of the Software that when added to the
Software,materially changes its utility,efficiency,functional capability or application.
"E-mail Support"means ability to make requests for technical support assistance by e-mail at anytime
concerning the use of the then-current release of Software.
"Error"means an error in the Software,which significantly degrades performarice'of such Software as
compared to ESO's then-published Documentation.
"Error Correction"means the use of reasonable commercial efforts to correct Errors.
"Fix"means the repair or replacement of object code for the Software or Documentation to remedy an Error.
"Initial Response"means the first contact by a Support Representative after the Incident is logged and a ticket
generated.This may include an automated e-mail response depending on when the incident is first
communicated.
"Management Escalation"means the notification of ESO rnanagement"followingthe incomplete resolution of
an Error to which an initial Workaround or Fix has been applied,
"Severity d.Error"moans an Error which renders the Software completely inoperative(e.g., a User cannot
access the Software due to unscheduled downtime.or an Outage).
"Severity 2 Error"means an Error in which Software is still operable;however,one or more significant features
or functionality are unavailable(e.g,a User cannot access a core component of the Software).
"Severity 3 Error"means any other error that does not prevent a User from accessing a significant feature of
the Software(e.g.,User is experiencing latency in reports).
"Severity 4 Error"means any error related to Documentation or a Customer Enhancement request.
"Status Update"means if the initial Workaround or Fix cannot resolve the Error,notification of the Customer
regarding the progress of the Workaround or Fix.
"Online Support"means information available through ESO's website(www.eso.com),including frequently
asked questions and bug reporting via Live Chat.
"Support Representative"shall be ESO employee(s)or agent(s)designated to receive Error notifications from
Customer.
"Update"means an update or revision to Software,typically for Error Correction.
"Upgrade"means a new version or release of Software or a particular component of Software,which improves
the functionality,or which adds functional capabilities to the Software and is not included in an Update.
Upgrades may include Enhancements.
"Workaround" means a change in the procedures followed or data supplied by customer to avoid an Error
without substantially impairing Customer's use of the Software.
Software Subscription Services
. As part of ESO's Software Subscription Services,clients are provided with:
• Software Enhancements.
o Semi-:annual capability or feature upgrades to the hospital.and CentralSite software.
Page 9 of 14
I r v��scz=i h Y3?;rat:'4'.I
•
o Support of ail non fee based national trauma initiatives and annual coding updates(as
required).
o Upgrades,as required,for►maintaining compatibility with Microsoft applications(Windows,
web and server related software)and compatibility with applicable database software.
e Custom software maintenance services for existing software(if applicable). This does not include
change or feature requests for customer elements.
Software enhancements/upgrades are provided with installation instructions such that clients can perform and
manage the installations in accordance with their own needs and priorities.
Notes/exceptions:
o Data migration services,if required;are handled separately and not covered by software subscription
services.
• States-specific modifications orrequlrenients are not covered kJ,SoftWare Subscription unless ESO is
the State software supplier,
Technical and Registry Application Support
ESO support personnel will provide first-line technical and Registry application supportte our user base.
Support services for these users Will include:
1: Support via telephone or e-mail.
2, Technical and application support staff assists With application trouble shooting,guidance related to
the software application,and answering questions related to program capabilities.
.3. Initial installation is fully supported in accordance with the license quote. installation of
enhancements/upgrades to previously/currently-installed software is performed by the client,but ESO
will provided support to the extent the installation instructions require explanation or adaptation.
•
4. Semi-annual capability updates.
5. Maintenance of documentation as well as training and support materials as prepared by ESO resulting
from system modifications covered by maintenance services.
6. Bug fixes of ESO-developed application code,and integration of minor software patches.
Technical and Report Writer Application Support
Report Writer support services additionally include:
1. Updates to the Report Writer for the inclusion of newly defined industry-specific data points.
2. Complimentary Report Writing Services.during ACS Site Visits for trauma clients.
3. Free.Report Writer training classes(Module J.&2)That are available several times each year.
Documentation:
ESO's software comes with application and technical documentation. Technical documentation also includes
appendices describing data formats,screen layouts,menu choices,field names,widths,exportformats,and
Page 10 of 14
l T^1i11lR 1'Y' � I^Il 11M•q ..ew --•1
, I,
1
other technical capabilities. In addition, ESO has additional documentation to assist with the Installation and
configuration of the system.
Software Support Services:
ESO provides a full range of software support services. Our direct.softWare support services entail a high level
of service and are sufficient for.ensuring the ongoing operations of a central site;however, ESO is also able to
help in a number of value-added projects.ESO's experience in custom systems makes us efficient in such
projects because we can share our experiences and insights gained from working on dozens of other
successful registry systems. In addition, ESO also can provide direct one-on-one services and customized
application development maintenance on an individual basis and has done so for hundreds Of hospitals
throughout the country. ESO will, when unavoidable or expedient for it,provide support services via remote
access of client systems,'ESO conducts remote access•solelythrough GOToAssist attended sessions.
Support Services not covered by Standard Support;
1, Training—the ESO help desk is notte be used asa replacement for training for thetrauina registry
application Or for any of its features and functions.
2. 3rd Party Product Support—ESO is not responsible for trouble shooting Microsoft products or any other
product not provided directed by ESO; ESO will provide client with compatibility requirements and
necessary system settings.
3. Remote access,Wide Area Network or CITRIX support—the software license provided and supported
is based pn local area network use.
4. Data loss or corruption as a result of client error(inadvertently deleting files)or as a result of hospital
IT'system deficiency(like insufficient anti-virus protection).
5. Application Server Migrations—ESO is not responsible to move existing installed softwareto new
servers unless the move was requested/required by ESO.
6. NTDB data mapping,validation,data analysis and data processing. Note: ESO offers enhanced
services to cover these aforementioned items as an additional and upgraded service offering.
7. Report Development—ESO is not responsible for writing and/or developing ad hoc reports(queries,
gathers or coded variables)for Users.
8. Client's infrastructure or Network issue_ESO is a software vendor and therefore,we don't have the
obligation as a software vendor to troubleshoot and evaluate client networks. We provide the
specifications needed for proper hardware and software installation and continued configuration,.but
don't provide"free" network analysis and troubleshooting as part of standard maintenance.
9: State Specific customization and data submission requirements—Unless ESO is the State's Central
Site Registry Vendor,ESO has no way of accurately estimating the effort to make annual software
updates for State requirements and therefore,ESO cannot provide a"fixed fee"estimate related to
any potential changes designed or mandated by the State.
10.Security and technology assessments—ESO Will complete a reasonably security/technology
questionnaire or assessment in connection with the implementation of a new product,but any
subsequent assessments or questionnaires that require more Than one hour to complete Will incur
charges at ESO's themcurrent.consulting services rate.
Page 11 of 111-
APPENDIX
HIPAA BUSINESS ASSOCIATE ADDENDUM
Licensee and ESO Solutions,Inc.("Business Associate")agree that this.HIPAA Business Associate Addendum is
entered into for the benefit of Licensee,which is a covered entity under the Privacy Standards("Covered
Entity").
Pursuant to the Master Subscription and License Agreement(the"Agreement")into which this HIPAA Business
Associate Addendum(this"Addendum")has been incorporated,Business Associate may perform functions or
activities,involving the use and/or disclosure of PHI on behalf of the Covered Entity,and therefore,Business
Associate may function as a business associate.Business Associate,therefore, agrees to the following terms
and conditions.
1. Scope. This Addendum applies to and is hereby automatically incorporated into all present and future
agreements and relationships,whether written,Oral or implied,between Covered Entity and Business
Associate, pursuant to which PHI is created,maintained, received or transmitted by Business Associate
from or on behalf of Covered Entity in any form or medium whatsoever.
2. Definitions.For purposes of this Addendum,the terms used herein, unless otherwise defined,shall have
the same meanings as used in the Health Insurance Portability and Accountability Act of 1996("HIPAA"),or •
the Health Information Technology for Economic and Clinical Health Act("HITECH"),and any amendments
or implementing regulations,(collectively"HIPAA Rules").
3. Compliance with Applicable Law.The parties acknowledge and agree that,beginning with the relevant
effective date,Business Associate shall comply with its obligations under this Addendum and with all
obligations of a business associate under HIPAA,HITECH,the HIPAA Rules,and-other applicable laws and
regulations,as they exist at the time this Addendum is executed and as they are amended,for so long as
this Addendum is in place.
4. Permissible Use and Disclosure of PHI.Business Associate may use and disclose PHI as necessaryto carry
put its:duties to a Covered Entity pursuant;to the terms of the Agreement and as required by law.Business
Associate may also Use and disclose PHI (i)for its own proper management and administration,and(ii)to
carryout its legal responsibilities.If Business Associate discloses Protected Health information to a third
party for either above reason, prior to making any such disclosure,Business Associate must obtain: (i)
reasonable assurances from the receiving partythat such PHi will be held confidential and be disclosed
only as required bylaw or for the purposes for which it was disclosed to such receiving party;and(ii)an
agreement from such receiving party to immediately.notify Business Associate of any known breaches of
the confidentiality of the PHI.
5. Limitations on Use and Disclosure-of PHI. Business Associate shall hot,and shall ensure that its directors,
officers,employees,subcontractors,and agents do not, use or disclose PHI in any manner that is not
permitted by the Agreement or that would violate Subpart E of 45,C.F.R.164("Privacy Rule")if done by a
Covered Entity.All uses and disclosures of,and requests by,Business Associate for PHi are subject to the
minimum necessary rule of the Privacy Rule.
6: Required Safeguards to Protect PHI.Business Associate shall use appropriate safeguards,and comply with
Subpart 0 of 45 C.F.R. Part 164("Security Rule")with respect to electronic PHI,to prevent the use or
disclosure-of PHI other than pursuant to the terms and conditions of this Addendum.
7: Reporting to Covered Entity.Business Associate shall report to the affected Covered Entity without
unreasonable delay:(a)any use or disclosure of PHI not provided for by the Agreement of which it
becomes.aware;(b)any breach of unsecured PHI in accordance with 45 C.F:R,Subpart D of45 C.F.R.164
("Breach Notification Rule"),and(c)any security incident of which it becomes aware. With regard to
Security Incidents caused by or occurring to Business Associate, Business Associate shall cooperate with
the Covered Entity's investigation,analysis,notification and mitigation activities,and except for Security
Page 12 of 14
tI
incidents caused by Covered Entity,shall be responsible for reasonable costs incurred by the Covered
Entity for those activities.Notwithstanding the foregoing,Covered Entity acknowledges and shall be
deemed to have received advanced notice from Business Associate that there are routine occurrences of:
(i)unsuccessful attempts to penetrate computer networks orservices maintained by Business Associate;
and(ii)immaterial incidents such as"pinging"or"denial of services"attacks.
8. Mitigation of Harmful Effects.Business Associate agrees to mitigate,to the extent practicable,any harmful
effect of a use or disclosure of PHI by Business Associate In violation of the requirements of the
Agreement,including,but not limited to,compliance with any state law or contractual data breach
requirements.
9. Agreements by Third Parties.Business Associate shall enter into an agreement with any subcontractor of
Business Associate that creates,receives,maintains or transmits PHI on behalf of Business Associate.
Pursuant to such agreement,the subcontractor shall agree to be bound by thesame.or greater
restrictions,conditions,and requirements that applyto Business Associate Under this Addendum with
respect to such PHI.
10. Access to PHI.Within five business days of a request by a Covered Entity for access to PHI about an
individual contained in a Designated.Record Set,Business Associate shall make available to the Covered
Entity such PHI for.so long as such information is maintained by Business Associate in the Designated
Record Set,as required by 45 C.F.R.164.524.In the event any individual delivers directlyto Business
Associate a requestfor access to PHI,Business Associate shall within five(5).business days forward such
request to the Covered Entity.
11. Amendment of PHI.Within five business days of receipt of a request from a Covered Entity for the
amendment of an indiv idual's PHI or a record regarding an individual contained in a Designated Record
Set(for so long as the PHI is maintained in the Designated Record Set), Business Associate shall provide
such information to the Covered Entity for amendment and incorporate any such amendments in the PHI
as required by 45 C.F.R.164.52p. In the event any individual delivers directly to Business Associate a
request for amendnientto PHI,Business Associate shall within five business days forward such request to
the Covered Entity.
12. Documentation of Disclosures.Business Associate agrees to document disclosures of PHI and information
related to such disclosures as would be required for a Covered Entity to respond to a request by an
individual for an accounting of disclosures of PHI In accordance with 45 C.F.R.164.528 and HITECH.
13. Accounting of Disclosures.Within five business clays of notice by a Covered Entity to Business Associate
that it has received a request for an accounting of disclosures of PHI, Business Associate shall make
available to a Covered Entity information to permit the.Covered Entity to respond to the request for an
accounting of disclosures of PHI,as required by 45 C.F.R.164.528 and HITECH.
14. Other Obligations.To the extent that Business Associate is to carryout one or more of a Covered.Entity's
obligations under the Privacy Rule,Business Associate shall comply with such requirements that apply to
the Covered Entity in the performance of such obligations.
15. Judicial and Administrative Proceedings.In the event Business Associate receives a subpoena,court or
administrative order or other discovery request or mandate for release of PHI,the affected Covered Entity
shall have the right to control Business Associate's response to such request, provided that,such control
does not have an adverse impact on Business Associate's compliance with existing laws.Business
Associate shall notify the Covered Entity of the request as soon as reasonably practicable, but in any event
within seven business days of receipt of such request.
16. Availability of Books and Records. Business Associate hereby agrees to make its internal.practices, books,
and records available•to the Secretary of,the Department of Health and Human Services for purposes of
determining compliance with the HIPAA Rules.
age 13 of 14
1[t r;l l T n PAC-IF ? ( 411
17. Breach of Contract by Business Associate.In addition to any other rights a party may have in the
Agreement,this Addendum or by operation of law or in equity,either party may:i)immediately terminate
the Agreement If the other party has violated a material term of this Addendum;or ii)at the non-breaching
party's option, permit the breaching party to cure or end any such violation within the time specified byte
non-breaching party.The non-breaching party's option to have cured a breach of this Addendum shall not
be construed as a waiver of any other rights the non-breaching party has in the Agreement,this Addendum
or by operation of law or in equity.
18. Effect of Termination of Agreement. Upon the termination of the Agreement or this Addendum for any
reason, Business Associate shall return to a Covered Entity or,at the Covered Entity's direction,destroy all
PHI received from the Covered Entity that Business Associate maintains in any form,recorded on any
medium,or stored in any storage system.This provision shall apply to PHI that is in the possession of
Business Associate,subcontractors,and agents of Business Associate.Business Associate shall retain no
copies of the PHI:Business Associate shall remain bound by the provisions of this Addendum, even after
termination of the Agreement or Addendum, until such time as all PHI has been returned or otherwise
destroyed as provided in this Section. For the avoidance of doubt,de-identified Licensee Data shall not be
subjectto this provision.
19. Iniunctive Relief.Business Associate stipulates that its unauthorized use or disclosure of PHI while
performing services pursuant to this Addendum would cause irreparable harm to a Covered Entity,and in
such event,the Covered Entity shall be entitled to institute proceedings in any court of competent
jurisdiction to Obtain damages and injunctive relief.
20. Owner of PHI. Under no circumstances shall Business Associate be deemed in any respect to be the owner
of any PHI created or received by Business Associate on behalf of a Covered Entity.
21.:Safeduards and Appropriate Use of Protected Health Information.:Covered Entityy is responsible for
implementing appropriate privacy and security safeguards to protect its PHI in compliance with HIPAA.
Without limitation,it is Covered Entity's obligation to: (i)not include PHI in information Covered Entity
submits to technical support personnel through a technical support request or to community support
forums.In addition,Business Associate does not act as,or have the obligations of a Business Associate
under the HIPAA Rules with respect to Licensee Data once it issentto or from Covered Entity outside.
Business Associate's.Software overthe public Internet;and(ii)implement privacy and security safeguards
in the systems,applications,and software Covered Entity controls,configures and connects to Business
Associate's Software.
22. Third Party Rights.The terms of this Addendum do not grant any rights to any parties other than Business
Associate and the Covered Entity.
23. Signatures.The signatures to the Agreement(or the document evidencing the parties'adoption thereof)
indicate agreement hereto and shall be deemed signatures hereof,whether manual,electronic or
facsimile.
Page 14 of 14
r
Terms of Service
Updated 1 Novernber,2021
Welcome! Backdraft OpCo, LLC, DBA Emergency Reporting ("ER," "us," "we," or "Our"),
' provides comprehensive cloud-based reporting and records management solutions for agencies
worldwide(the"Hosted Service")through www.EmergencyReporting.corn(together with any successor
website, the "ER website") and our mobile applications (the "ER Apps"). The Hosted Service, ER
website, ER Apps, and any other software,:products, or services provided by us to You (as defined
below), now or at a later time, are collectively referred to as the"Services."
These Terms of Service(the"Terms")constitute a legal agreement between You and ER: By accessing
or using the Services,You(i) represent and warrant that You are at least eighteen (18)years old and
You have the right, authority, and capacity to enter into these Terms; and (ii) agree to be bound by
these Terms (including our Privacy Policy). If You do not agree to, or are unable to agree to be bound
by,these Terms,You may not use ourServices.
DEFINITIONS:
(a) "Account" means any Demo Account, Purchased Account, accountfor any ER
App, or any other account that ER allows You to establish with ER.
(b) "Authorized Users" means any user whom a Customer authorizes.and allows to.
use the Hosted Service.
(c) "Customer" means any person,agency, business entity, or any representative of
any agency or business entity accessing and using the Hosted Service.
(d) "Order Form" means an order form referencing these Terms that a Customer enters into with
ER to govern Customer's use of the Hosted Service.
(e) "Purchased Account"means any account that.a Customer establishes with ER to
use the Hosted Service in accordance with Customer's Order Form.
(f) "You"or"Your" means all users of the Services, including,without limitation,
visitors to the ER website and Customers.
(gj "Your Data", means ahy electronic data, messages, files, images or other content or
information submitted by You to the Services.
1. SERVICES:
1.1 PROVISION OF SERVICES. .Subject to these Terms and Your Order Form (if any), and
conditioned on Your and Authorized Users' compliance with these Terms and Your Order Form, (a)we
grant You a non-exclusive, non transferable,and limited right to access and use the Services; and (b)
r
to the extent that any of the Services You access to or use contains any software, we grant You a non-
exclusive, revocable, non-sublicensable, non-transferrable, and limited license to use such software
solely in conjunction with the Hosted Service and for Your internal purposes only.
1.2 THE HOSTED SERVICE. The Hosted Service consists in whole or in part of software running
remotely on servers controlled by us.You have no rightto receive either an object code or source code
version of the software operating on the remote servers.Your usage rights are subject to these Terms
and Your Order Form (if any).You further acknowledge and agree that Your purchase of the Hosted
Service,if any,is neither contingent on the delivery of any future functionality or features not described
in these Terms or Your Order Farm,nor dependent on any oral or written public comments made by us
regarding future functionality or features.
1.3 SYSTEM PERFORMANCE.The Hosted Service system performance is continuously-monitored
with service level and support information as detailed in the Service Level Agreement ("SLA") dated
October 7, 2020 located at https://info.emergencyreporting.com/servicelevelagreement
1.4 SECURITY FRAMEWORK. ER's provision of the Services is subject to all applicable laws and
regulations. ER maintains a comprehensive disaster recovery plan and utilizes the National Institute
of Standards and Technology's Risk Management Framework (RMF or NIST Risk Management
Framework)for ER's approach to implementation of cybersecurity controls.
2. PRIVACY POLICY: Before You continue using our Services, we advise You to read our privacy
policy(available at https://emergencyreporting.com/privacy-policy/)which describes and controls our
practices regarding personal information collected as part of the Services.
•
3. OWNERSHIP OF INTELLECTUAL PROPERTY AND DATA:
3.1 COPYRIGHT. Content published on any URL or mobile application under the direct control of
ER, including, but not limited to, digital downloads, images,texts, graphics, and logos,is the property
of ER and/or its content creators and protected by applicable copyright laws.The entire compilation.
of the content found on the ER website and ER APPs is the exclusive property of ER, with copyright
authorship for this compilation by ER.
3.2 TRADEMARKS. Emergency Reporting, ER and the ER logo, and other names, logos, icons, and
marks identifying ER's products and services are trademarks of ER and may not be used without the
prior written permission of ER. ER will not use Your name, logo, seal, and marks without Your prior
written permission.All other product names mentioried are used for identification purposes only and
may be trademarks of their respective holders.
3.3 RETENTION OF RIGHTS. You acknowledge and agree that ER, its suppliers, partners, and
licensors (if any), own and shall retain all right,title and interest in and to (a) all Intellectual property
rights embodied in the Services, including,without limitation, the manufacture and/or production of
the foregoing(and all copies and derivative works thereof, by whomever produced), and associated
documentation;and (b)all of the service.marks,trademarks,trade names,or any other designations.
i 'Ydt-1W1411"
1 ,
3.4 NO RIGHTS GRANTED. Subject to the limited rights expressly granted hereunder; we reserve
all rights,title,and interest in and to the Services, including all related intellectual property rights. No
rights,either express or implied,are granted to You hereunder other than as expressly specified herein.
3.5 OWNERSHIP OF YOUR DATA. Ownership of Data.As between ER and Customer, all Customer
Data shall be owned by Customer.
3.6 ` Use of.Customer Data.Unless it receives Customer's prior written consent, ER shall not grant
any third-party access to Customer Data, except (a) subcontractors that are subject to a reasonable
nondisclosure agreement or (b) authorized participants in the case of Software designed to permit
Customer to transmit Customer Data. ER may only use and disclose Customer Data to fulfill its
obligations under this Agreement or as required by applicable law or legal or governmental authority.
ER shall give Customer prompt notice of any such legal or governmental demand and reasonably
cooperate with Customer in any effort to seek a protective order or otherwise contest such required
disclosure,at Customer's expense.
3.7 Anonymized Data.CUSTOMER ACKNOWLEDGES AND AGREES.THAT, NOTWITHSTANDING ANY
OTHER PROVISION HEREIN, ER MAY USE ANONYMIZED CUSTOMER DATA FOR INTERNAL AND
EXTERNAL PURPOSES (INCLUDING BENCHMARKING AND RESEARCH), PROVIDED THAT ER WILL NOT
SELL ANONYMIZED DATA TO THIRD PARTIES. FOR COMMERCIAL USE. WITHOUT LIMITING THE
FOREGOING, ER WILL OWN ALL RIGHT,TITLE AND INTEREST IN ALL INTELLECTUAL PROPERTY OF ANY
AGGREGATED AND DE-IDENTIFIED REPORTS,SUMMARIES,COMPILATIONS,ANALYSIS,STATISTICS OR
OTHER INFORMATION DERIVED THEREFROM.
3.8 SUGGESTIONS.If You send ideas orfeedbackto us`about the Services,then regardless ef what
Your submission states, the following terms shall apply to Your submission: (a)You agree that Your
ideas will automatically become our property, without compensation to You, and You hereby assign
and agree to assign all right,title, and interest in them to us; and (b)You agree that we can use the
ideas for any purpose and in any way—even give them to others—without future liability to You.
4. YOUR CONDUCT:
4.1 NO RESALE OR COMMERCIAL USE OF THE SERVICES.You agree to use the Services solely in
accordance with these Terms and Your Order Form(if any).You may not resell the use of Your Account,
any downloadable plug-in, or other materials or any information obtained by You from the Services
without the express
written consent of ER, nor may You use the Services for purposes not allowed in these Terms or Your
Order Form (if any).
4.2 CONDUCT. You are solely responsible fee Your Data You transmit through or submit to the
Services and for any use of Your Account. ER reserves the right to take any action With respect to the
Services that ER deems necessary or appropriate in ER's sole discretion if ER believes Your Data or
use of the Services may create liability for ER.Your use of the Services is subject to all applicable local,
state, national, and international laws and regulations (including, without limitation,those governing
account collections, export control, consumer protection, data protection, unfair competition, anti-
discrimination,or false advertising).You agree to (a)comply with all laws, rules and Other regulations
applicable in connection with the Services, these Terms and Your Order Form (if any); (b) be
;;Helm— eal6f_"' 1 P!L i1%-1
1 t
responsible for the compliance of these Terms and Your Order Form (if any) by any Authorized Users;
(c)be solely responsible for the accuracy, quality, integrity,and legality of Your Data and of the means
by which You acquired Your Data; and (d) prevent unauthorized access to or use of the Services and
notify us promptly of any such unauthorized access or use.
You agree not to, and not to permit or encourage others to, do any of the following:
(a)use the Services for illegal purposes; (b)attempt to gain unauthorized access to the Services,their
related systems or networks,or other users'Accounts;(c) restrict or inhibit any other users from using
and enjoying the Services; (d) attempt to modify, decompile, or reverse engineer the Services or any
software contained in the Services; (e) interfere with or disrupt networks connected to the Services,
the integrity or performance of the Services or third-party data contained therein,or violate or attempt
to violate any security features of the Services; (f) Use the Services to Upload, store, transmit, of
distribute viruses, worms, time bombs, Trojan horses, and other harmful or malicious code, files,
'scripts, agents,or programs
("Malicious Code"); (g) use data mining, robots, or similar data gathering and extraction tools; (h)
reproduce,duplicate, copy,frame, mirror, publicly perform,create derivative works based upon, make
or have made any feature or functionality of,sell,resell,rent, lease, or otherwise exploit the Services,
any components thereof, or any information, materials, or content obtained from the Services for any
purpose; (i) use the Services to infringe any third party's copyright, patent,trademark,trade-Secret or
other proprietary rights, or rights of publicity or privacy;
(j) use the Services to store or transmit any unlawful, harassing, libelous, abusive, threatening,
harmful, vulgar, obscene or otherwise objectionable (as determined by ER) material of any kind or
nature; (k) permit any third party to access Your Account or the Hosted Service except as permitted
herein or as otherwise agreed byes in writing;(I)load test the Hosted Service in ordertotestscalability
(m)access the Hosted Service for purposes of monitoring its availability,performance or functionality,
or for any other benchmerking or competitive purposes;provided, however,thatYou are authorized to
monitor availability of the Services to determine whether of not the Services uptime service levels are
in compliance with the SLA; (n) build a competitive product or service; or(o) otherwise violate these
Terms or Your Order Form (if any).
5. MODIFICATIONS: ER may amend these Terms at any time by (a) posting a revised Terms of
Service document on the ER website and/or(b)sending iinformation regarding the Terms amendment
to the email address You provide to ER,;provided that any such change shall only come into force and
effect upon renewal and will not replace the existing terms during Your then current subscription
period.You acceptthe amended terms When You renew Your Account or any of the Services after such
amended terms have been posted or information regarding such amendment has been•sent to You.
Further, ER reserves the rightto modify,suspend,or discontinue any or all of the Services with no less
than 30 days' notice to You. ER shall not be liable to You or any third party should ER exercise its right
to modify,suspend, or discontinue'any or all Of the:'Services.
G: PASSWORDS AND SECURITY:As part of the registration and/or implementation process, You
will be issued a unique username and password to access Your Account. You agree to carefully
safeguard all Your passwords:You are solely responsible if You do not maintain the confidentiality of
passwords and account information. Furthermore,You are solely responsible for any and all activities
that occur under Your Account.You agree to immediately notify ER of any unauthorized use of Your
Account or any other breach of security known to You, including if You believe that Your password or
account information has been stolen or otherwise compromised.
. fl^It f^ilr�ll• i�l' V"S-1 Zy l='� ' P)r �l•
i • .1
7. TERMINATION OF YOUR ACCOUNT:
7.1 TERMINATION OF YOUR ACCOUNT:ER reserves the right to terminate Your Account at anytime,
effective immediately upon notice to You, except as otherwise set forth in Your Order Form (if any).
7.2 EFFECT OF TERMINATION:ER shall not be liable to You or any third party for terniination of any
of the Services or Your Account. Upon termination of Your Account,You shall remain liable for all fees
incurred or accrued by You. Upon expiration or termination of these Terms and/or Your Account for
any reason,(a)You are no longer authorized to use the Services,and(b)You will no longer have access
to data and other material You have stored on the ER website or with the Hosted Service. ER will make
Your Data available for download by You one time at no cost within thirty (30) days following
termination. Following termination, unless mutually agreed otherwise, ER will retain Your Data only as
long as required to meet any applicable legal record retention requirements.
8. DISCLAIMER OF WARRANTIES:YOU EXPRESSLY AGREE THAT YOUR'USE OF THE SERVICES IS
AT YOUR SOLE AND EXCLUSIVE RISK. THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS
AVAILABLE" BASIS. ER, ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS, (COLLECTIVELY THE
"ER PARTIES") MAKE NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR
OTHERWISE,AND EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSE,AND NON-
INFRINGEMENT. FURTHER,THE ER PARTIES MAKE NO WARRANTY THAT THE SERVICES WILL MEET
YOUR REQUIREMENTS OR THAT THE SERVICES WILL BE UNINTERRUPTED,TIMELY, OR ERROR FREE,
NOR DO THE ER PARTIES MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM
THE USE OF THE SERVICES OR THE ACCURACY OF ANY OTHER INFORMATION OBTAINED THROUGH
THE SERVICES OR THAT DEFECTS IN THE SERVICES WILL BE CORRECTED.YOU UNDERSTAND AND
AGREE THAT ANY.MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED (INCLUDING
ANY SOFTWARE) USING THE SERVICES IS DONE AT YOUR OWN RISK AND THAT YOU WILL BE SOLELY
RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS
FROM THE DOWNLOAD OF SUCH MATERIAL AND/OR DATA. NO INFORMATION OR ADVICE,WHETHER
ORAL OR WRITTEN, OBTAINED BY YOU FROM ANY ER PARTIES OR THROUGH THE SERVICES SHALL
CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OF CERTAIN WARRANTIES,SO SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.
9. LIMITATION OF LIABILITY: IN NO EVENT SHALL THE ER PARTIES BE LIABLE FOR ANY INDIRECT,
INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, RESULTING FROM OR RELATED TO YOUR USE
OF OR THE INABILITY TO USE THE SERVICES, INCLUDING, BUT NOT LIMITED TO,DAMAGES FOR LOSS
OF PROFITS, REVENUES, OPPORTUNITIES, GOODWILL, USE, OR DATA, WHETHER BASED ON
CONTRACT,TORT(INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHER THEORY, EVEN IF THE ER
PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ER PARTIES'
AGGREGATED LIABILITY TO YOU OR ANY THIRD PARTY IS LIMITED TO THE FEES PAID BY YOU TO ER
WITHIN THE PRECEDING 6-MONTH PERIOD UNDER THE APPLICABLE ADDENDUM,EXHIBIT.OR ORDER
FORM GIVING RISE TO THE CLAIM. THE ABOVE LIMITATIONS SHALL NOT APPLY TO THE EXTENT
PROHIBITED BY APPLICABLE LAW.
7CSii�ilT �t PAGE 51 OSs= L(I
10. INDEMNIFY:
10.1. ER will not be responsible for Your misuse of the Services, or fraud, manipulation, or willful
misconduct by You.To the extent not prohibited by law,You shall,at Your expense, indemnify, defend,
and hold the ER Parties harmless from and against any actual or alleged claims, losses, costs,
• damages, liabilities,or expenses(including reasonable attorneys'fees)made byanythird party arising
Cut of or relating to(a)Your misuse of the Services; (b) any fraud, manipulation, or other negligent or
willful misconduct by You;(c)Your breach of any of these Terms or Your Order Form (if any);or(d)Your
violation of any law.
10.2. ER shall, at its expense, indemnify, defend, and hold You, Your elected officials (if a public
entity), officers, employees, and agents, harmless from and against any actual or alleged claims,
losses,costs,damages,liabilities,or expenses(including reasonable attorneys'fees)claimed or made
by any third party arising out of or relating to ER's infringement or misappropriation of the intellectual
property rights of any third party in connection with its provision Or Your use of the Services.
11. COMMUNICATIONS: Every time You use the Services,send us an email, visit the ER website,
or send other communications to us,You may be communicating with us electronically.You hereby
consent to receive communications from us(electronically or otherwise). If You subscribe to the news
on the ER website,You are going to receive regular emails from us. We will continue to communicate
with You by posting news and notices on the ER website and by sending You emails. You also agree
that all notices, disclosures, Terms of Service, and other communications we provide to You
electronically meet the legal requirements that such communications be in writing.
12. BREACH NOTIFICATION AND CYBER LIABILITY INSURANCE:
12.1 BREACH NOTIFICATION. In the event of any act that permits any unauthorized access to,
acquisition, disclosure, loss or,destruction of Your Data ("Data Breach"), ER shall, as applicable: (a)
notify You as soon as practicable but no later than twenty-four(24)hours of becoming aware of such
occurrence; (b) cooperate with You in investigating the occurrence, including making available all
relevant records,logs,files,data reporting,and other materials required to comply with applicable law;:
(c)take measures,where-appropriate,to mitigate adverse effects;d)perform or take any other actions
required to comply with applicable law as a result of the occurrence; and (e) to the extent that the
breach is not caused by You, bear all costs associated with rERlvingthe Data Breach, up to the limits
of the cyber liability insurance policy carried by ER.
12.2 CYBER LIABILITY INSURANCE. ER carries cyber liability insurance with a minimum of up.to
$2,000,000 per occurrence providing protection against claims and liabilities arising from: (i)errors
and omissions in connection with maintaining security of Your Data; (ii) data breach including theft,.
destruction,and/or unauthorized use of Your Data; (iii)identity theft;and (iv)violation of privacy rights
due_to a breach of Your Data.
13. THIRD PARTIES:
13.1 THIRD-PARTY SITES. For informational purposes only,we may provide links to third-party sites
on the landing web page(Account sign-in web page).ER is not responsible for the content of or services
provided by any such linked sites. The inclusion of any link does not imply endorsement by ER, and
Your use of any linked site is solely at Your own risk.
13,2 ACQUISITION OF THIRD-PARTY PRODUCTS AND SERVICES.We may offer
third-party products and services as part of the Services. Use of third-party software is subject to
additional terms and conditions-which You agree to be bound by before using third-party products and
services that:are part of the Services.Any other acquisition by You of third-party products or services,
including, but not limited to, third-party applications and implementation, customization and other
consulting services, and any exchange of data between You and any third-party provider, is solely
between You and the applicable third-party provider.We do not warrant or support third-party products
or services.
13.3 THIRD-PARTY PRODUCTS, OR SERVICES AND YOUR DATA. By using the Services, You.
acknowledge that we may allow providers of those third-party products to transport Your Data solely
as required forthe operation of the Services or the third-party products you acquire: ER shall not be
responsible for any disclosure, modification,or deletion of Your Data resulting from any such access
by third-party product providers.
14. FEES AND PAYMENT:
14.1 USER FEES. You shall pay all fees for any paid Service(s) You purchase from us. Fees are
quoted and payable in United States dollars, are based on services purchased and not actual usage.
Payment obligations are non-cancelable. You are responsible for maintaining complete and accurate
billing and contact information with us.
14.2 OVERDUE CHARGES. If any charges are not received from You by the due date, then at our
discretion: (a)such charges may accrue late interest at the rate of 1.5% of the outstanding balance
per month, or the maximum rate permitted by law, whichever is lower, from the date such payment
was due until the date paid; and/or(b)we may condition future renewals on payment terms shorter
than those specified in Your Order Form (if any).
14.3 SUSPENSION OF SERVICES AND ACCELERATION, If any amountowing by You is 30 or more
days overdue, we may, without limiting our other rights and remedies, accelerate Your unpaid fee
obligations so that all such obligations become immediately due and payable, and suspend our
Services(including the Hosted Service)to You until such amounts are paid in full.
14.4 TAXES. Unless otherwise stated, our fees do not include any taxes, levies, duties, or similar
governmental assessments of any nature, including, but not limited to, value-added, sales; use, or
withholding taxes,assessable by any local,state,provincial,federal,or foreign jurisdiction(collectively,
`Taxes")�You are responsible for paying all Taxes associated with Your purchases. If we have the legal
obligation to pay or collect Taxes for which You are responsible, the appropriate amount shall be
invoiced to and paid by You, unless You provide us with a valid tax exemption certificate authorized by
lr-xr=1inLT UI PM S'3 IC,- .�
r 1 '
the appropriate taxing authority. For clarity,We are solely responsible for taxes assessable against us
based on our income, property,and employees.
15. CONFIDENTIALITY:
15:1 DEFINITION OF CONFIDENTIAL INFORMATION. As used herein, "Confidential Information"
means all confidential information disclosed by a party ("Disclosing Party") to the other party
("Receiving Parry"), whether orally or in writing,that is designated as confidential or that reasonably
should be understood to be confidential given the nature of the information and the circumstances of
disclosure, All Your Data is Confidential Information. Our Confidential Information shall include the
Services; and Confidential Information of each party shall include the business terms of any Order
Form, as well as business and marketing plans,technology and technical information, product plans
and designs,and business processes disclosed by such party.However,Confidential Information shall
not include any information that(a)is or becomes generally known to the public without breach of any
obligation owed to the Disclosing Party; (b)was known to the Receiving Party prior to its disclosure by
the Disclosing Party without breach of any obligation owed to the Disclosing Party;(c)is received from
a third party without breach of any obligation owed to the Disclosing Party; or(d) was independently
developed by the Receiving Party without use ofthe Disclosing Party's Confidential Information.
15.2 PROTECTION OF CONFIDENTIAL INFORMATION.Except as otherwise permitted in writing by the
Disclosing Party: (a)the.Receiving Party shall use the same degree of care that it uses to protect the
confidentiality of its own confidential information of like kind (but in no event less than reasonable
care)motto disclose or use any Confidential Information of the Disclosing Patty for any purpose outside
the scope of these Terms and any Order Form; and (b) the Receiving Party shall limit access to
Confidential Information of the Disclosing Party to those of its employees,contractors,and agents who
need such access for purposes consistent with these Terms and the applicable Order Form and who
have sighed confidentiality agreements with the Receiving Party containing protections no less
stringent than those herein.
15.3 COMPELLED DISCLOSURE. The Receiving Patty may disclose Confidential Information of the
Disclosing Party if it is compelled by law, subpoena, or court order, to do so, provided the Receiving
Party gives the Disclosing Patty prior notice of such compelled disclosure (to the extent legally
permitted)and reasonable assistance, at the Disclosing Party's cost,if the Disclosing Party wishes to
contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing.Party',s
Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the
Disclosing Party is not contesting the disclosure,the Disclosing Party will reimburse the Receiving Party
for its reasonable cost of compiling and providing secure access to such Confidential Information.
16. GENERAL PROVISIONS:
16.1- NOTICE.Any notices, permissions,and approvals required or permitted shall be given(a)to ER
at the address specified above or at such Other address as ER shall specify in writing and (b)to You at
the email address provided by You in Your Account and shall be deemed to have been given upon:(i)
, f . -1;
A 1 , 1
personal delivery; (ii) the second business day after mailing; or (iii) the second business day after
sending by confirmed'facsimile or email.
16.2 ASSIGNMENT. Neither party shall have the right to assign or otherwise transfer the Terms or
any rights or obligations hereunder without the express written consent of the other party provided,
however, that a successor in interest ("Acquiring Entity") by merger, consolidation, operation of law,
assignment,purchase of stock,purchase of assets,or otherwise,of the entire business orsubstantially
all of the business of either party,shall acquire all interests of such party hereunder withoutthe written
consent of the other, subject to the acquired party providing notice thereof and the Acquiring Entity
expressly assuming the obligations hereof in writing. Subject to the foregoing,these Terms and Your
Order Form (if any)shall bind and inure to the benefit of the parties,their respective successors and
permitted assigns.
16.3 SEVERABILITY.The invalidity or unenforceability of any provisions of these Terms.or any Order
Form shall not affect the validity or enforceability of any other provisions of these Terms or the'Order
Form, which shall remain in full force and effect.
16.4 HEADINGS. The section headings contained in these Terms and the Order Forms are for
reference purposes only and shall not affect in any way the meaning or interpretation of these Terms
and the Order Form.
16.5 INTERPRETATION. In .construing.or interpreting these Terms and the Order Forms, the word
"or shall not be construed as exclusive, and the word "including" shall not be'limiting. The parties
agree that these Terms and all Order Forms shall be fairly interpreted in accordance with their terms
without any strict construction in favor of or against either party and that ambiguities shall not be
interpreted against the drafting party.
16.6 NO WAIVER. A party's failure to exercise or delay in exercising any right, power, or privilege
under these Terms and any Order Form shall not operate as a waiver of such right, power,or privilege;
nor shall any single or partial exercise of any right, power, or privilege preclude any other or further
exercise thereof.Any waivers are effective only if recorded in a writing signed by the party granting the
waiver.Otherthan as expressly stated herein,the remedies provided herein are in addition to,and not
exclusive of, any other remedies of a.party at law or in equity.
16.7 GOVERNING LAW. These Terms and all Order Forms shall be governed, construed, and
enforced in accordance with the laws of the State of Texas, United States,without regard to its conflict
of law rules.You further agree that the state or federal courts located in Travis County,Texas; United
States, as applicable shall have exclusive jurisdiction of,and shall be the exclusive and correct venue
for, the rERlution of any dispute arising out of or related to these Terms and any.Order Form.
Notwithstanding the foregoing, it you are.a U.S. public entity,these Terms and all Order Forms will be
governed by the laws of the State or commonwealth in which You'are located and the state or federal
courts located`in"Your state shall have exclusive jurisdiction.and venue for any dispute arising out of
or related to these Terns and any Order Form.
16.8 FORCE MAJEURE._A party shall not be liable for any failure of or delay in the performance of its
obligations under:these Terms or any Order Form for the period that such failure or delay is due to
causes beyond its reasonable control, including, but not limited to, acts of God, war, strikes or labor
disputes, embargoes, passage of law or any action taken by a governmental or public authority, or any
other force majeure event.
r.-YM,Rfn- VI Prig=R .c rv-c11 I
.
16.9 RELATIONSHIP OF THE PARTIES.The parties are independent contractors.These Terms or any
Order Form do not create a partnership, franchise,joint venture, agency, fiduciary, or employment
relationship between the parties. There are no third-party beneficiaries to these Terms or.any Order
Form.
16.10 ENTIRE AGREEMENT. These Terms and Your Order _Form (if any) constitute the entire
agreement between the parties with respect to its subject matter and supersede all prior and
contemporaneous agreements, proposals, representations,and understandings of the parties,written
or oral.
17. DIGITAL MILLENNIUM COPYRIGHT ACT:
If You are a copyright owner or an agent of a copyright owner and believe that any content on the ER
website.infringes upon Your copyrights, You may submit a notification pursuant to the Digital
Millennium Copyright Act("DMCA") by providing our Copyright Agent with the following information in
writing(see 17 U.S.0 512(c)(3)for further detail):
(a) a.physical signature of the person authorized to act on behalf of the owner of the copyright
interest;
(b) a description of the copyrighted work that You claim has been infringed upon;
(c) a description of where the material that You claim is infringing is located on the PSI website;
(d) Your address,telephone number, and e-mail address;
(e) a statement by You that You have a good faith belief that the disputed use is not authorized
by the copyright owner,its agent, or the law;and
(f) a statement by You, made under penalty of perjury,that the above information.in Your notice
is accurate and that You are the copyright owner or authorized to act on the copyright owner's behalf.
You may direct copyright infringement notifications to our Copyright Agent at:
Backdraft OpCo,LLC,Attn: Copyright Agent
2200 Rimland Dr.Suite 305
Bellingham,WA.98226
or by email to copyright@emergencyreporting.corn.You acknowledge that if You fail to comply with all
of the requirements of this Section 18,Your DMCA notice may not be valid.
/ ! I
BUSINESS ASSOCIATE AGREEMENT
:Customer'(or the.governing or controlling authority thereof),as indicated on Quote or other ordering document("Customer")and ESO Solutions,
Inc.('Business As'soclate)agree that this HIPAA Business Associate Addendum Is entered into as of the date indicated on the duly executed
Quote'brother ordering document("Effective Date")for the benefit of Customer,vihich is a covered entity under the Privacy Standards('Covered
Entity`).
Pursuant to the underlying business arrangements between the parties(the'Agreement")and effective as of the effective date of the Agreement
("Effective Date),Business Associate may perform functions or activities involving the use and/or disclosure of PHI on behalf of the Covered
'Entity,•and therefore,Business Associate may function as a business associate.Business Associate,therefore,agrees to the foliowingterms and
conditions set forth in this HIPAA Business Associate.Addendum("Addendum").
1. Scooe. This Addendum applies to.and is hereby automatically incorporated into all present-and future agreements and relationships,whether
written,oral or implied,between Covered Entity and Business Associate,pursuantto which PHI is created,maintained,received ortransmitted by
Business Associate from or on behalf of Covered Entity in any form or medium whatsoever.
2. Definitions.For purposes of this Addendum,the terms used,herein,unless otherwise defined,shall have the same meanings as used in the
Health'Insurance Portability and Accountability Act of 1996("H 1PAA`),orthe Health information Technology for Economic and Clinical Health Act
("HITECH'),and any amendments or implementing regulations,'(coliectiveiy"HIPAA.Rules").
.3. Compliance with Applicable Law.The parties acknowledge and agree that,beginning with the relevant effective date,Business Associate shall
comply With Its obligations underthis Addendum and with ail obligations of a business associate under HiPAA,HITECH,the HiPAA Rules,and
other applicable laws and regulations,as they exist at the time this Addendum Is.executed and as they are amended,for se long as this
Addendum is In place.
4. Permissible Use and Disclosure Of PHI.BUSInesS Associate may use and disclose PHI as necessary to carry out its duties toe Covered Entity
pursuant to the terms of the Agreement and as required by law.Business Associate may use and disclose PHI(I)for its own proper
management and administration,and(ii)to carryout its legal responsibilities:If Business Associate.discloses Protected Health Information to a
third party:for either above reason,priorto making any such disclosure,Business Associate must obtain:(I)reasonable assurances from the
receiving party that such PHI will be held confidential and be disclosed only as required by law or for thepurposes for which it was disclosed to
such receiving party;and(II)an agreementfrom such receiving party to immediately notify Business Associate of any known breaches of the
confidentiality of the PHI.
5. Limitations on Use and Disclosure of PHI.Business Associate shall not,and shall ensurethat its directors,officers,employees,subcontractors,
•.andagents.,do not,,use'or disclose PHI in any manner that Is not permitted by the Agreement or that would violate Subpart E of 45:C.F R.164
('Privacy Rule")if done by a Covered Entity.All uses and disclosures Of,and requests by,Business Associate for PHI are subject to the minimum
necessary rule of the Privacy Rule.
6. Required Safeguards to Protect PHI.Business Associate shall use appropriate safeguards,and comply with Subpart C of 45 C.F.R,Part 164
('Security Ruie")with respect to electronic PHI,to prevent the use or disclosure of PHI other than pursuant tothe terms and'conditions of this
Addendum.
.Reoortiii to Covered Entity.Business Associate shall reportto the affected Covered Entity without unreasonable delay:(a)any use or disclosure
of PHi not provided for by.the Agreement of which it becomes aware;(b)any breach of unsecured PHI in accordance with 45 C.F.R.Subpart D of
45 C.F.R.164("Breach Notification Rule');and(c)any security incident of Which.it becomes aware. With regard to Security incidents caused by
or occurringto Business Associate,Business Associate shall cooperate with the Covered Entity's investigation,analysis,notification and
mitigation activities,and except for Security Incidents caused by Covered Entity,shall be responsible for reasonable costs incurred.by the
Covered Entity for those activities.Notwithstandingthe foregoing,Covered Entity acknowledges and shall be deemed to have received advanced
notice from Business Assoclate that there are routine occurrences of:(I)unsuccessful attempfsto penetrate computer networks or services
maintained by Business Associate;and(ii)immaterial incidents such as"pinging"or"denial ofservices"attacks:
8. Mitigation of Harmful Effects.Business Assoclate agrees to mitigate,to the extent-practicable,any harmful effect of a use or disclosure of.PHl by
Business Associate in violation of the requirements of the Agreement,Including,but net limited to,compliance With anystate.law or contractual
data breach requirements.
.9. Agreements IT/Third Parties.Business Associate shall enter into an agreement with anysubcontractor of Business Assoclate that creates,
receives,maintains or transmits PHI on behalf of Business Associate.Pursuant to such agreement,the subcontractor shall agree to be bound by
the same orgreater restrictions,conditions,and requirementsthatapply to Business Associate under this Addendum with respect to such PHI.
10. Access taPHI.Within five business days Oa request by a•Covered Entity for access to PHI about ah indivldual:contained in a Designated Record
Set,Business.-Associate shall make available to the Covered Entity such PHI for so long as such information is maintained by Business Associate
in the Designated Record Set,as required by 45-C.F.R.164.524.In the event any individual delivers directly to Business Associate a request for
access to PHI,Business Associate shall within five(5)bUSIness days forward such requesttothe Covered Entity.
11. Amendment of PHI.Within five business days Of receipt of a request from a Covered Entity fertile amendment of an individual's PHI or a record
regarding an individual contained in a Designated Record Set(for so long as the PHI is maintained in the Designated Record Set),Business
Associate shall provide such Information to the Covered Entity for amendment and.iriporporate any such amendments in the PHI as required by
1
•
1 Y f_
45 C.F.R.164.525.in tite event any Individual delivers directly to Business Associate a request for amendment to PHI,Business Associate sha li
within five business days forward such request to the Covered Entity.
12.. iJOcumentation of Disclosures.Business Associate agrees to document disclosures of PHI and information related to such disclosures as would
be required for a Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI In accordance with 45
C.F.R.164.528 and HITECH.
13. Accounting'Of Disclosures.Within five business days of notice by a Covered Entity to Business Associate that it has received a request.rat an •
accounting of disclosures of PHI,Business Associate shall make available to a Covered Entity information to permit the Covered Entity to respond
to the request for an accounting'of disclosures of PHI,as.required by45 C.F.R.154.528 and HITECH.
14. Other Obligations.To the extent that Business Associate is to carry out one or more of a Covered Entity's obligations under the Privacy Rule,
Business Associate shall comply with such requirements that apply to the Covered Entity in the performance of such obligations.
15. Judicial and AdniinistrativeProceedings.In the event Business Associate receives a subpoena,court Or administrative order or other discovery
request or mandate for release of PHI,the affected Covered Entity shall have the right to control Business Associate's response to such request,
provided that,such control does not have an adverse Impact on Business Associate's compliance with existing laws.Business Associate shall
notifythe Covered Entity of the request as soon as reasonably practicable,but in any event within seven business days of receipt of such request.
16. Availability of Books'and Records.Business Associate hereby agrees to make its internal practices,books,and records available to the Secretary
of the Department Of Health and Human Services for purposes of determining compliance with the HIPAA Rules.
17. Breach of Contract by Business Associate.In addition to any other rights a party may havein the Agreement,this Addendum or by operation of
laW or in equity,eitherparty,rnay:I)immediatelyterminate the Agreement if the other party has violated a material term of this Addendum;orii)
atthe:non-breaching party's option,permit the breaching parry to cure or end any such violation within thetime specified by the non-breaching •
party.The non-breaching party's option to have cured a breach of this Addendum shall not be construed as a waiver Of any other rights the non-
breaching party has in the Agreement,this Addendum or by operation of law or in equity.
18. Effect cif Termination of Agreement.,Upon the termination of the Agreement or this Addendum forany reason,Business Associate Shell return to a
Covered Entity or,•atthe Covered Entity's direction,destroy all PHI received from the Covered Entity that Business Associate maintainsinany
- form,recorded on any medium,or stored in any storage system.This provision shall apply to PHI that is in the possession of BustnessAssociate,
subcontractors,and agents of Business Associate.Business Associate shall retain no copies of the PHI.Business Associate shall remain bound
bythe provisions of this Addendum,even after termination of the Agreement or Addendum,until such time as all PHI has been returned or
otherwise destroyed as provided in this Section.For the avoidance of doubt,de-identified•Custorrier Data shall hot,be subject to this provision.
19. Iniunctive Relief.Business Associate stipulates that its unauthorized use or disclosure'of PHI while performing services pursuahtto this
Addendum Would cause irreparable_harrri to a Covered Entity,and in such event,the Covered Entity shall be entitled to Institute proceedings.in
any court of competentjurisdictionto obtain damages and injunctive relief.
20. Owner of PHI.Underno circumstances shall Buslness,Associate be deemed In any respectto be the owner of any PHi created or received by
Business Associate on behalf of a Covered Entity.
21. Safeguards and Appropriate Use of Protected Health information.Covered Entity is responsibiefor implementing appropriate privacy and security
safeguards to protect Its PHI in compliance with HIPAA.Withoutlirnitation,it is Covered Entity's obligation to:
21:1. Not include-PHI in'information Covered Entity submitstotechnical support personnel through a technical support regtiestorter community
support forums.In addition,Business Associate does not act as,•or have the obligations of a Business Associate under the HIPAA Rules
with respectto Customer Data once it is sentto or from Covered Entity Outside ESO's Software over the.public Internet;and
21:2. Implement privacy and security safeguards In the systems,applications,and software Covered Entity controls,configures and connects to
ESO's Software.
22. Third Party Rights.The terms of this Addendum do not grant any rights to any parties Other-then Business Associate and the Covered Entity..
•
23. Signatures.The signatures to the Agreement(or the document evidencing the parties'adoption thereof)indicate agreement hereto and shall be
deemed signatures hereof,whethermanual,electronic or facsimile. •
• 1
2
.i..'c
Tr�a.-a:rr�ry rf r,n...n�•-4'c�—.•..�:i i`�.a
t:
a
BUSINESS ASSOCIATE AGREEMENT
Licensee and ESO Solutions,Inc.('Business Associate")agree that this HIPAA Business Associate Addendum is
entered into for the benefit of Licensee,which is a covered entity under the Privacy Standards("Covered
Entity").
Pursuant to the duly executed Quote or underlying business arrangements between the parties(the
"Agreement")and effective as of the effective date of the Agreement("Effective Date"),.Business Associate
may perform functions or activities involving the use and/or disclosure of PHI on behalf of the Covered Entity,
and therefore, Business Associate may function as a business associate.Business Associate,therefore,agrees
to the following terms and conditions set forth in this HIPAA Business Associate Addendum("Addendum").
1. -Scope. This Addendum applies to and is hereby automatically incorporated into all present and future
agreements and relationships;whether written;oral or implied;between Covered Entity and Business
Associate, pursuantto which PHI is created,maintained,received or transmitted by Business Associate
from or on behalf of Covered Entity in any form or medium whatsoever.
2. Definitions.For purposes of this Addendum,the terms Used herein, unless otherwise defined,shall have
the same meanings_as used in the Health Insurance Portability and Accountability Act of 1996("HIPAA"),or
the Health Information Technology for Economic and Clinical Health Act("HITECH"),and any amendments
or implementing regulations,(collectively"HIPAA Rules").
3. .Compliance with Applicable Law.The parties acknowledge and agree that,beginning with the relevant
effective date,Business Associate shall comply with'its obligations under this Addendum and with all
obligations of a business associate under HIPAA, HITECH,the HIPAA Rules,and other applicable laws and
regulations,as they exist at the time this Addendum is executed and as they are amended,for so long as
this Addendum is in place.
4. :Permissible Use and Disclosure of PHI.Business Associate may use and disclose PHI as necessary to carry
out its duties to a Covered Entity pursuantto the terms of the Agreement and as required by law.Business.
Associate may also use_and disclose PHI (i)for its own proper management and administration,and (ii)to
carry out its legal responsibilities. If Business Associate discloses Protected Health Information to a third
party for either above reason, prior to making anysuch disclosure, Business Associate must obtain:(i)
reasonable assurances from the receiving party that such PHi will be held confidential and be disclosed
only as required by law or for the purposes for which it was disclosed to such receiving party;and(ii)an.
agreement from such receiving party to immediately notify Business Associate of any known breaches of
the confidentiality of the PHI.
5. Limitations on Use and Disclosure of PHI. Business Associate shall not,and shall ensure that its directors,
officers,employees,subcontractors,and agents do not,use or disclose PHI in any manner that is not
permitted by the Agreement or that would violate Subpart E of 45 C.F.R.164("Privacy Rule")if done by a
Covered Entity.All uses and disclosures Of,and requests by, Business Associate for PHI are subject to the
minimum necessary rule of the Privacy Rule.
6. Reduired Safeguards to Protect PHI.Business Associate shall use appropriate safeguards,and comply with
Subpart C of 45.C.F.R.Part 164("Security Rule")with respect to electronic PHi,to prevent the use or
disclosure of PHI other than pursuantto the terms and conditions.of this Addendum.
7. Reporting to Covered Entity.Business Associate shall report to the.affected Covered Entity without
unreasonable delay:(a)any use or disclosure of PHI not provided for by the Agreement of which it
becomes aware;(b)any breach of unsecured PHi in accordance with 45 C.F.R.Subpart D of 45 C.F.R.164
("Breach Notification Rule");and(c)any security incident of which it becomes aware. With regard to
Security.Incidents caused by or occurring to Business Associate, Business Associate shall cooperate with
the Covered Entity's investigation,analysis,notification and mitigation activities,and except for Security
incidents caused by Covered Entity,shall be responsible for reasonable costs incurred by the Covered
Entity for those activities. Notwithstanding the foregoing, Covered Entity acknowledges and shall be
w
deemed to have received advanced notice from Business Associate that there are routine occurrences of:
(i)unsuccessful attempts to penetrate computer networks or services maintained by Business Associate;
and(ii)immaterial incidents such as"pinging"or"denial of services"attacks.
8. Mitigation Of Harmful Effects.Business Associate agrees to mitigate,to the extent practicable,any harmful
effect of a use.Of disclosure of PHI by Business Associate in violation of the requirements of the
Agreement,including, but not limited to,compliance with any state law or contractual data breach
requirements. .
9. Agreements by Third Parties.Business Associate shall enter into an agreement with any subcontractor of
Business Associate that creates, receives,maintains ortransmits PHI on behalf of Business Associate.
Pursuant to such agreement,the subcontractor shall agree to be bound by the same or greater
restrictions,conditions;and requirements that apply to Business Associate under this Addendum with
respect to such PHI.
10. Access to PHI.Within five business days of request by a Covered Entity for access to PHI about
individual contained in a Designated Record Set,Business Associate shall make available to the Covered
Entity such PHI for so long as such information is maintained by Business Associate in the Designated
Record Set,as required by 45 C.F.R.164.524.in the event any individual delivers directly to Business
Associate a request for access to PHI, Business Associate shall within five(5)business days forward such
request to the Covered Entity.
11. Amendment of PHI.Within five business days of receipt of a request from a Covered Entityforthe
amendment of an individual's PHI or a record regarding an individual contained in a Designated Record
Set(for so long as the PHI is maintained in the Designated Record Set),Business Associate shall provide
such information to the Covered Entity for amendment and incorporate anysuch amendments In the PHI
as required by 45 C.F.R.164.526. In the event any individual delivers directly to Business Associate a
request for amendmentto PHI,Business Associate shall within five business days forward such request to
the Covered Entity.
12. Documentation of Disclosures.Business Associate agrees to document disclosures of PHI and information
related to such disclosures as would be required for a Covered Entity to respond to a request by an
individual for an accounting of disclosures of PHI in accordance with 45 C.F.R.164.528 and HITECH.
13. Accounting of Disclosures.Within five business days of notice by a Covered Entity to Business Associate
that.it has received a request for an accounting of disclosures of PHI,Business Associate shall make
available to a Covered Entity information to permit the Covered Entityto respond to the request for an
accounting of disclosures of PHI,as required by 45 C.F.R. 164.528 and HITECH.
14. Other Obligations.To the extent that Business Associate is to carry out one or more of a Covered Entity's
obligations under the Privacy Rule,Business Associate shall comply with such requirements that apply to
the covered Entity in the performance of such obligations.
15. Judicial and Administrative Proceedings. In the event Business Associate receives a subpoena,court:or
administrative'order or other discovery request or mandate for release of PHI,the affected Covered Entity
shall have the rightto control Business Associate's response to such request,provided that,such control
does not have an adverse impact.on Business Associate's compliance with existing laws.Business
Associate shall notify the Covered Entity of the request as soon as reasonablypracticable, but in any event
within seven business days of receipt of such request.
16. Availability of Books and Records. Business Associate hereby agrees to make its internal practices,'books,
and records available tb the Secretary of the Department of Health and Human Services for purposes of
determining compliance with the HIPAA Rules.
17. Breach of Contract by Business Associate..In addition to any other rights a party may have in the
Agreement,this Addendum or by operation of law or in equity,either party may:i) immediately terminate
1:::- P7 i IT VC bh.'3f= Lail"i r! /- r
F
t '. I.
r
the Agreement if the other party has violated a material term of this Addendum;or ii)at the non-breaching
party's option,permit the breaching party to cure or end anysuch violation within the time specified by the
non-breaching party.The non-breaching patty's option to have cured a breach of this Addendum shall not
be construed as a waiver of any other rights the non-breaching party has in the Agreement,this Addendum
or by operation of law or in equity.
18. Effect of Termination of Agreement. Upon the termination of the Agreement or this Addendum for any
reason,Business Associate shall return to a Covered Entity or,at the Covered Entity's direction,destroy all
PHI received from the Covered Entity that Business Associate maintains in any form,recorded on any
medium,or stored in any storage system.This provision shall apply to PHI that is in the possession of
Business Associate,subcontractors,and agents of Business Associate.Business Associate shall retain no
copies of the PHI. Business Associate shall remain bound by the provisions of this Addendum,even after
termination of the Agreement or Addendum,until such time as all PHI has been returned or otherwise
destroyed as provided in this Section.For the avoidance of doubt, de-identified Licensee Data shall not be
subject to this provision.
19. Injunctive Relief. Business Associate stipulates that its unauthorized use or disclosure of PHI while
performing services pursuant to this Addendum would cause irreparable harm to a Covered Entity, and in
such event,the Covered Entity.shall be entitled to institute proceedings In any court of competent
Jurisdiction to obtain damages and injunctive relief.
20. Owner of PHI.Under no circumstances shall Business Associate be deemed in any respect to be the owner
of any PHI created or received by Business Associate on behalf of a Covered Entity.
2i..Safeguards and Appropriate Use of Protected Health Information.Covered Entity is responsible for
implementing appropriate privacy and security safeguards to protect its PHI In compliance with HIPAA.
Without limitation, it is Covered Entity's obligation to: (i)not include PHI in information Covered Entity
submits to technicalsupport personnel through a technical support request or to community support
forums.In addition, Business Associate does not act as,or have the obligations of a Business Associate
under the HIPM Rules with respectto Licensee Data once it is sent to or from Covered Entity.outside
Business Associate's Software over the public Internet;arid(ii)implement privacy and security safeguards
In the systems,applications,and software Covered Entity controls,configures and connects to Business
Associate's Software.
22. Third Party Rights.The terms of this Addendum do not grant any rights to any parties other than Business
Associate and the Covered Entity,
23. Signatures.The signatures to the Agreement(or the document evidencing the parties'adoption thereof)
indicate agreement hereto and shall be deemed signatures hereof,whether manual,electronic or
facsimile.