Clinigence Health End User License Agreement
Clinigence Health End User License Agreement
THIS MASTER SERVICES AGREEMENT (this “Agreement”) is made and entered into effective as of [Effective.Date] , by and between Clinigence Holdings d/b/a Clinigence Health, a Delaware Corporation whose principal address is 501 1st Avenue North, Suite 901, St. Petersburg, FL 33701 (“Clinigence”), and [Customer.Company], [Inc/LLC], a [Customer.State] [corporation/limited liability company] whose principal address is [Customer.Address] (“Customer”).
Customer desires to engage Clinigence to provide certain software-as-a-service products (the “SaaS Products”) and related services to Customer, on the terms and conditions hereinafter set forth (the “Terms”).
NOW THEREFORE, in consideration of the foregoing and the respective covenants, agreements and undertakings of the parties contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties hereto (the “Parties”), intending to be legally bound, hereby agree as follows:
- Services. Clinigence agrees to provide to Customer the SaaS Products and other services described in the Statement of Work (the “SOW”) attached hereto incorporated herein. Customer and Clinigence may mutually agree upon and execute one or more additional SOWs relating to (i) any alteration, amendment, enhancement, addition, deletion or other change to the SaaS Products and related services described in a prior SOW, and/or (ii) additional SaaS Products and related services to be provided by Clinigence to Customer. Such SOWs will automatically upon execution thereof by the Parties be incorporated by reference into this Agreement and made a part hereof. The services described in an SOW are hereinafter referred to as the “Services”. During the term of this Agreement, Clinigence will provide to Customer all updates, bug fixes, error corrections or other minor enhancements or improvements (collectively, the “Updates”) to the Services that Clinigence generally makes available to all customers. The Updates shall automatically become part of the Services.
- Acceptance Criteria. Clinigence will include in each SOW the applicable acceptance criteria (the “Acceptance Criteria”), including a description of the functionality of the SaaS Products and the Deliverables. ” Deliverables” means the milestones, materials and other deliverables that are to be provided with connection with the Services and that are expressly identified as deliverables in the applicable SOW.
- Acceptance Process. Upon delivery of all or any portion of the Services or the Deliverables, Customer shall acknowledge that such Services or Deliverables have been completed in accordance with the Acceptance Criteria, which acknowledgement shall not be unreasonably withheld or delayed, by written notice to Clinigence within five (5) business days following delivery of all or any portion of the Services or the Deliverables. Such Services and Deliverables shall be deemed completed and accepted upon such notice or else if Customer fails to deliver written notice, within such five (5) business day period, of its refusal to accept the Services or the Deliverables. Should Customer elect to deliver such written refusal, such refusal shall state specific reasons for Customer’s refusal to accept such Services or Deliverables. Clinigence shall then have ten (10) business days (or such other time period as the Parties may agree) to remedy the stated deficiencies. Upon completion of such remedial work, Clinigence shall notify Customer that the Services and/or the Deliverables have been completed and the process described in this Section 2.2 shall be repeated. Notwithstanding the foregoing, on the date that is thirty (30) business days following the initial delivery of the applicable Services or Deliverables, such Services or Deliverables shall either be accepted by Customer or Customer shall terminate the applicable SOW. If Customer experiences any problems with the Services after acceptance, Customer’s sole and exclusive remedies shall be as set forth in Section 10.
- License Grant and Third Party Software. Subject to Customer’s compliance with the Terms, Clinigence hereby grants to Customer a limited, non-exclusive, non-transferable license (without the right to sublicense) to access and use the functionality of the SaaS Products via the Internet solely for internal business purposes in accordance with any applicable documentation provided by Clinigence. For clarity, the foregoing license does not include the right to a copy of the source code or object code of the SaaS Products.
- Third Party Software. “Third Party Software” means certain software that is supplied by third parties that Clinigence provides access to as part of the Services. The Third Party Software is subject to terms and conditions imposed by the licensors of such Third Party Software. Customer’s use of the Third Party Software is subject to and governed by the respective Third Party Software licenses, except that Sections 16, 18.1 and 18.2 of this Agreement also govern Customer’s use of the Third Party Software. Customer agrees to comply with the terms and conditions contained in all Third Party Software.
- Access and Use Restrictions. The SaaS Products may only be accessed and used by the specific individuals authorized by Customer (“End Users”). Customer shall not, directly or indirectly, or permit any End User or any third party to, (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the SaaS Products; (ii) modify or create derivative works (as defined under U.S. Copyright laws) based on the SaaS Products or any related documentation; (iii) rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the SaaS Products; (iv) use the SaaS Products for timesharing or service bureau purposes or otherwise for the benefit of a third party unless expressly permitted in the SOW; (v) remove any proprietary notices from the SaaS Products or any other Clinigence materials furnished or made available hereunder; (vi) publish or disclose to third parties any evaluation of the SaaS Products or the Services without Clinigence’s prior written consent; (vii) use the Services to develop a database, online or similar database service, or other information resource of any kind (print, electronic or otherwise) for sale to, distribution to, display to or use by others; (viii) store in a retrieval system accessible to the public, transfer, publish, distribute, display to others, broadcast, sell or sublicense the SaaS Products, or any portion thereof; or (ix) pre-fetch, retrieve, cache, index, or store any portion of the SaaS Products; provided, however, Customer may store limited amounts of data provided by the Services for internal use so long as such storage is done temporarily, securely, and in a manner that does not permit use of the data outside of the SaaS Products.
- Availability of the SaaS Products.
- Availability Times. Clinigence shall use commercially reasonable efforts to make the SaaS Products available to End Users 8 a.m. through 10 p.m. EST Monday through Saturday (“Availability Times”).
- System Maintenance. Clinigence reserves the right to deny access to the SaaS Products from time to time in order to permit Clinigence to perform routine or emergency maintenance, backup, bug fixes or upgrades. Clinigence shall use commercially reasonable efforts to schedule such activities outside the Availability Times. Clinigence shall notify Customer at least seven (7) days in advance of any scheduled system maintenance during Availability Times (“Scheduled Maintenance”).
- Circumstances beyond Clinigence’s Control. Clinigence is not responsible for outages or degradations to the SaaS Products where systems, programs, data, or processes that are controlled, supplied or operated by an End User are contributing factors to the outage or degradation to the SaaS Products. In addition, Customer acknowledges and agrees that Clinigence cannot control the flow of data between its servers, other portions of the Internet and an End-User’s connections and computers. Such flow depends in large part on the performance of Internet services provided or controlled by third parties. At times, actions or inactions caused by these third parties can impair an End-User’s connection to the Internet. Although Clinigence will use its commercially reasonable efforts to take actions it deems appropriate to remedy and avoid such events, it cannot guarantee that they will not occur.
- Customer Responsibilities and Obligations.
- Customer is responsible for obtaining and maintaining all computer hardware, software and communications equipment needed to access and use the SaaS Products, and for paying all third-party fees and access charges (e.g., ISP, telecommunications, etc.) incurred while using the SaaS Products.
- Regulatory Compliance. Customer represents and warrants that it is in compliance with and will comply with all applicable privacy and data protection laws and regulations with respect to any data uploaded or submitted to the SaaS Products and its performance of its obligations under this Agreement. Customer will indemnify, defend and hold Clinigence harmless from any claims losses and causes of action arising out of or related to Customer’s breach of this Section 7.2.
- Setup Data. In connection with setting up Customer’s and End Users’ access to the SaaS Products, Customer and End Users must provide certain data, including, but not limited to certain Fee Parameters (as defined in Section 12.3) and contact information (collectively, “Setup Data”). Customer agrees to: (a) ensure that the Setup Data is true, accurate, current and complete; and (b) maintain and promptly update the Setup Data to keep it true, accurate, current and complete. If Customer provides any information that is untrue, inaccurate, outdated or incomplete, or if Clinigence has reasonable grounds to suspect that such data is untrue, inaccurate, outdated or incomplete, Clinigence has the right to suspend or terminate Customer’s and/or any End User’s access to the SaaS Products and refuse to provide any or all of the Services.
- Conduct. Customer shall be solely responsible for its actions and the actions and omissions of the End Users while using the SaaS Products. Customer acknowledges and agrees (1) that Customer is responsible for selecting appropriate remediation for, and resolving, any issues found on Customer’s network or in Customer’s web traffic through the SaaS Products; and (2) that Clinigence is not liable for, or responsible to, remediate any issues found on Customer’s network or in Customer’s web traffic through the SaaS Products. Customer agrees: (a) to abide by all local, state, national, and international laws and regulations applicable to Customer’s use of the SaaS Products and the Services; (b) not to send or store data on or to the SaaS Products which violates the rights of any individual or entity established in any jurisdiction; (c) not to use the SaaS Products for illegal, fraudulent, unethical or inappropriate purposes; (d) not to interfere or disrupt networks connected to the SaaS Products or interfere with other ability to access or use the SaaS Products; and (e) not to transmit or post any material that encourages conduct that could constitute a criminal offense or give rise to civil liability. Customer acknowledges and agrees that Clinigence neither endorses the contents of any Customer communications or Customer Data or other Customer content nor assumes any responsibility for any infringement of third party intellectual property rights arising therefrom or any crime facilitated thereby.
- Additional Customer Acknowledgements and Responsibilities. Additional Customer acknowledgements and responsibilities may be listed on Exhibit B attached hereto.
- Unless otherwise requested by Customer within thirty (30) days of the Effective Date, Clinigence may use Customer’s name as part of a general list of customers and may refer to Customer as a user of the Services in its general advertising and marketing materials.
- Clinigence will issue or authorize a Customer administrator to issue to End Users individual passwords for use of the SaaS Products. Customer and the End Users are responsible for maintaining the confidentiality of all passwords and for ensuring that each password is used only by the authorized End User. Customer is entirely responsible for any and all activities that occur under Customer’s account and all charges incurred from use of the SaaS Products accessed with Customer’s passwords. Customer agrees to immediately notify Clinigence of any unauthorized use of Customer’s account (including the password of any End User) or any other breach of security known to Customer. Clinigence shall have no liability for any loss or damage arising from Customer’s failure to comply with these requirements.
- HIPAA. The Parties agree to abide by the terms of the Business Associate Agreement attached as Exhibit C(the “Business Associate Agreement”).
- Clinigence agrees to exercise reasonable efforts to remedy security breaches. Customer acknowledges that, notwithstanding such security precautions, use of, or connection to, the Internet provides the opportunity for unauthorized third parties to circumvent such precautions and illegally gain access to the SaaS Products and Customer Data. “Customer Data” means any data, information or material submitted by Customer during its usage of the SaaS Products. Accordingly, Clinigence cannot and does not guarantee the privacy, security, integrity or authenticity of any information so transmitted over or stored in any system connected to the Internet or that any such security precautions will be adequate or sufficient.
- Customer Support. Except as expressly stated in the SOW, the Fees include the provision to Customer of Clinigence’s standard software maintenance and customer support services as described in Exhibit A. Clinigence may amend its standard maintenance and customer support services by notifying customer at least thirty (30) days in advance of such change.
- Ownership. Customer acknowledges that, as between Clinigence and Customer, all right, title and interest in the SaaS Products and any other Clinigence materials furnished or made available hereunder, and all modifications and enhancements thereof, including all rights under copyright and patent and other intellectual property rights, belong to and are retained solely by Clinigence or Clinigence’s licensors and providers, as applicable. There are no rights granted by implication, and all rights not expressly granted herein are reserved by Clinigence.
- Fees and Taxes.
- Fees. Customer agrees to pay the subscription fee based on Customer’s usage of the SaaS Products (“Subscription Fee”) and any other fees for the Services (collectively, “Fees”) in accordance with the fees, charges, and billing terms set forth in this Agreement and any applicable SOW. All Fees are quoted and payable in United States currency. Except as otherwise explicitly provided in this Agreement or an SOW, Fees are non-refundable. In addition to such Fees, Customer shall pay all applicable sales, use and other taxes or duties (excluding taxes based on Clinigence’s net income).
- The Subscription Fee will be due and payable in advance on a periodical basis starting from the applicable Acceptance date. Unless otherwise stated in the applicable SOW, the Subscription Fee is due in advance of each usage period. Any payment not received from Customer within thirty (30) days of the due date shall accrue (except with respect to charges then under reasonable and good faith dispute), at the lower of one and a half percent (1.5%) of the outstanding balance per month (being 18% per annum), or the maximum rate permitted by law, from the date such payment is due until the date paid. Customer shall also pay all sums expended (including reasonable legal fees) in collecting overdue payments.
- Fee Parameters. The Subscription Fee may be calculated on the basis of one or more parameters of the Customer’s operations, including without limitation, the number of healthcare providers in Customer’s network, the number of patients under Customer’s care, Customer’s revenue under certain arrangements, etc. (collectively, “Fee Parameters”).
- Changes to Fee Parameters. During the term of this Agreement, Customer shall notify Clinigence of any change to the Fee Parameters that materially impacts the Fees and the effective date of such change. Clinigence shall adjust the Fees to fit the new Fee Parameters on a pro-rated basis as of the said effective date.
- Audit. Clinigence shall have the right to review the Customer Data at any time to verify the accuracy of the Fee Parameters. Clinigence shall also have the right to review the Customer’s premises to verify Customer’s compliance with the terms of this Agreement from time to time upon reasonable notice. Alternatively, Clinigence may request that Customer provide a written report as to the Fee Parameters (detailed on a monthly basis) in order to verify that the Fees have been correctly calculated. In the event that an audit reveals that Fees have been underestimated based on misrepresentation of the Fee Parameters, Clinigence shall issue an invoice for the difference and Customer shall either dispute or pay such invoice within thirty (30) days of date of invoice. Clinigence will pay the costs of the audit unless such audit reveals an underpayment of five percent (5%) or more for the audited period, in which event the costs of the audit shall be paid by Customer.
- This Agreement commences on the Effective Date and shall continue through the latest term specified in any SOW. Unless otherwise set forth in an SOW, thereafter, the parties may mutually agree in writing to extend this Agreement at mutually agreed upon pricing for additional periods. Customer shall be responsible for all Fees for the applicable term in which termination occurs, and Clinigence shall not issue any refunds for such term.
- Except as provided in Sections 14.3 below, either party may terminate this Agreement upon written notice if the other party has breached a material term of this Agreement and has not cured such breach within thirty (30) days of receipt of notice from the non-breaching party specifying the breach.
- Service Suspension/Termination. Clinigence may suspend or terminate access to the SaaS Products and/or the Services, at its sole option, with or without notice to Customer if: (i) any payment is delinquent by more than ten (10) days, or (ii) if Customer breaches Sections 5, 7, or 9 of this Agreement.
- Modification of Terms. Customer may terminate this Agreement as provided in Section 2.2.
- Effect of Termination. Clinigence shall not be liable to Customer or any third party for suspension or termination of Customer’s access to, or right to use, the SaaS Products under this Agreement. If Customer or Clinigence terminates this Agreement, Customer will be obligated to pay the balance due for access to the SaaS Products and the Services provided prior to termination. Upon the effective date of expiration or termination of this Agreement for any reason, whether by Customer or Clinigence, Customer’s right to use the SaaS Products and receive the Services shall immediately cease. Upon the expiration or termination of this Agreement, Customer and the End Users’ access to the SaaS Products will terminate and Customer shall cease accessing and using the SaaS Products immediately. Sections 3.2, 9.2, 11, 12.1, 14.5, 15, 16, 17, 18 and 19 of this Agreement shall survive its expiration or termination for any reason.
- Data Ownership and Confidentiality.
- Customer Data. All Customer Data remains the sole property of Customer. Unless specifically permitted by Customer, use of the SaaS Products does not grant Clinigence the license to use, reproduce, adapt, modify, publish or distribute the Customer Data for Clinigence’s commercial, marketing or any similar purpose. Customer expressly grants Clinigence the right to use, analyze and disclose information, including, but not limited to, aggregate information and summary statistics, which has been de-identified in accordance with 45 C.F.R. § 164.514 such that it does not identify an individual and cannot be used to identify an individual (collectively, “De-identified Data“), for the purposes of optimizing, improving or enhancing the way the SaaS Products operate, and to create new features, functionality and service lines in connection with the SaaS Products in the sole discretion of Clinigence.
- Confidentiality. “Confidential Information” means, other than De-identified Data, any information one Party discloses to the other under this Agreement which is identified as confidential or proprietary. Clinigence’s Confidential Information includes the SaaS Products. Confidential Information does not include information which: is rightfully obtained by the recipient without breaching any confidentiality obligations; is or becomes known to the public through no act or omission of the recipient; the recipient develops independently without using Confidential Information; or is disclosed in response to a valid court or governmental order if the recipient notifies the disclosing party and assists in any objections. The recipient may use Confidential Information only for the purposes for which it was provided under this Agreement, and shall treat it with the same degree of care as it does its own similar information, but with no less than reasonable care. This section shall not affect any other confidential disclosure agreement between the Parties.
- DISCLAIMER OF WARRANTIES. CUSTOMER EXPRESSLY ACKNOWLEDGES AND AGREES THAT THE USE OF THE SAAS PRODUCTS AND THE SERVICES IS AT CUSTOMER’S SOLE RISK AND LIABILITY. THE SAAS PRODUCTS AND THE SERVICES ARE PROVIDED ON AN AS-IS-AND-AS-AVAILABLE BASIS. CLINIGENCE EXPRESSLY DISCLAIMS AND ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, STATUTORY OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, MERCHANTABLE QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. CLINIGENCE MAKES NO WARRANTY THAT THE SAAS PRODUCTS OR THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR VIRUS-FREE. USE OF ANY MATERIALS DOWNLOADED OR INFORMATION OBTAINED THROUGH THE USE OF THE SAAS PRODUCTS AND THE SERVICES SHALL BE AT CUSTOMER’S OWN DISCRETION AND RISK. BOTH PARTIES UNDERSTAND THAT SOFTWARE HAS INHERENT LIMITATIONS AND CLINIGENCE DOES NOT WARRANT THAT THE SAAS PRODUCTS OR THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS. CUSTOMER AGREES IT HAS THE SOLE RESPONSIBILITY FOR THE ADEQUATE PROTECTION AND BACKUP OF CUSTOMER’S DATA, EQUIPMENT, OPERATIONS AND BUSINESS AS RELATED TO THE USE OF THE SAAS PRODUCTS AND THE SERVICES.
- Customer Obligations. Customer shall indemnify, defend, or at its option settle, any third party claim or suit against Clinigence to the extent based on a claim: (i) of any breach of this Agreement by Customer, its affiliates, employees, agents, successors and assigns; and (ii) relating to or based on the unauthorized activities conducted by Customer, its employees, contractors and agents, using or that used the SaaS Products and/or the Services; and Customer shall pay any final judgment entered against Clinigence in any such proceeding or agreed to in settlement. Clinigence will notify Customer in writing of such claim or suit and give all information and assistance reasonably requested by Customer or such designee.
- Clinigence Obligations. Clinigence shall defend, and at its option settle, any third party claim or suit against Customer to the extent based on a claim that the SaaS Products (excluding any Third Party Software) infringes any United States patent, copyright, trademark or trade secret, and Clinigence shall indemnify Customer against any final judgment entered against Customer in any such proceeding or agreed to in settlement; provided (a) Clinigence is promptly notified in writing of such claim or suit, (b) Clinigence or its designee has sole control of such defense and/or settlement, and (c) Customer gives all information and assistance requested by Clinigence or such designee. To the extent that use of the SaaS Products is enjoined, Clinigence may at its option either (i) procure for Customer the right to use the SaaS Products, (ii) replace the SaaS Products with other suitable products, or (iii) refund the prepaid portion of the Fee(s) paid by Customer for the SaaS Products or the affected part thereof. Clinigence shall have no liability under this Section 17.2 or otherwise to the extent a claim or suit is based upon (a) use of the SaaS Products in combination with software or hardware not provided by Clinigence if infringement would have been avoided in the absence of such combination, (b) modifications to the SaaS Products not made by Clinigence, if infringement would have been avoided by the absence of such modifications, (c) use of any version other than a current release of the SaaS Products, if infringement would have been avoided by use of a current release, or (d) any action or omission of Customer for which Customer is obligated to indemnify Clinigence under Section 17.1 above. THIS SECTION 17.2 STATES CLINIGENCE’S ENTIRE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY INTELLECTUAL PROPERTY RELATED CLAIMS, INCLUDING, WITHOUT LIMITATION, THOSE RELATED TO INFRINGEMENT AND MISAPPROPRIATION OF THE SAAS PRODUCTS.
- Limitation of Liability.
- Limitation on Direct Damages. IN NO EVENT SHALL CLINIGENCE’S AGGREGATE LIABILITY, IF ANY, ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT EXCEED THE FEES PAID BY CUSTOMER FOR THE SAAS PRODUCTS OR THE SERVICES (AS APPLICABLE) THAT DIRECTLY GAVE RISE TO THE DAMAGES CLAIMED, WITHOUT REGARD TO WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE. ADDITIONALLY, IN NO EVENT SHALL CLINIGENCE’S AFFILIATES, LICENSORS OR PROVIDERS BE LIABLE FOR ANY DIRECT DAMAGES OF ANY KIND.
- Waiver of Consequential Damages. IN NO EVENT SHALL CLINIGENCE OR ITS AFFILIATES, LICENSORS OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOSS OF DATA OR LOSS OF PROFITS, WITHOUT REGARD TO WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF CLINIGENCE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- Essential Purpose. The essential purpose of this Section 18 is to limit the potential liability of the parties arising under this Agreement. The parties acknowledge that the limitations set forth in this Section 18 are integral to the amount of consideration levied in connection with the license of the SaaS Products or provision of the Services and that, were Clinigence to assume any further liability, such consideration would out of necessity, been set much higher.
- All notices to a party shall be in writing and sent to the addresses specified above or such other address as a party notifies the other party, and shall be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or email; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement may not be assigned or transferred by Customer, by merger, operation of law or otherwise, without Clinigence’s prior written consent. Any assignment in derogation of the foregoing is null and void. Clinigence may freely assign or transfer this Agreement. This Agreement shall inure to the benefit of each party’s successors and permitted assigns. This Agreement, together with all addenda, schedules, and exhibits, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements and understandings between the parties relating to the subject matter hereof. Customer acknowledges and agrees that the SaaS Products and technology subject to this Agreement are subject to the export and reexport control laws and regulations of the United States and any applicable jurisdiction, including but not limited to the Export Administration Regulations (“EAR”), and sanctions regimes of the U.S. Department of Treasury, Office of Foreign Asset Controls. Customer will comply with these laws and regulations. Customer shall not without prior U.S. government authorization, export, re-export, or transfer any goods, software, or technology subject to this Agreement, either directly or indirectly, to any country subject to a U.S. trade embargo (currently Cuba, Iran, North Korea, Sudan, and Syria) or to any resident or national of any such country, or to any person or entity listed on the “Entity List” or “Denied Persons List” maintained by the U.S. Department of Commerce or the list of “Specifically Designated Nationals and Blocked Persons” maintained by the U.S. Department of Treasury. This Agreement may be amended or superseded only by a written instrument signed by both parties. This Agreement shall be governed by the laws of the state of Georgia, excluding its conflict of laws rules. The parties agree that the United Nations Convention for the International Sale of Goods is excluded in its entirety from this Agreement. Any provision of this Agreement held to be unenforceable shall not affect the enforceability of any other provisions of this Agreement. In the event of any conflict between the terms of this Agreement and the terms of any agreement, the terms of this Agreement shall control. Neither party shall be in default if its failure to perform any obligation under this Agreement is caused solely by supervening conditions beyond that party’s reasonable control, including acts of God, civil commotion, war, strikes, labor disputes, third party Internet service interruptions or slowdowns, vandalism or “hacker” attacks, acts of terrorism or governmental demands or requirements. Pre-printed terms and conditions on or attached to any Customer purchase order shall be of no force or effect.
Software Maintenance and Customer Support Services
- Support Services. Subject to Customer paying the Subscription Fees and complying with the Terms, Clinigence will provide the support services set forth below (the “Support Services”). For purposes of the Support Services, “Error” means the failure of the SaaS Products to operate in material respects in conformity with the then current documentation.
- Scope of Services. During the Term of this Agreement, Clinigence will provide to Customer the following standard maintenance services related to the SaaS Products:
- Corrections of substantial defects in the SaaS Products so that the SaaS Products will operate as described in the current Documentation in all material respects.
- At the sole discretion of Clinigence, periodic updates to the SaaS Product that may incorporate (a) corrections of any substantial Errors; (b) fixes of any minor bugs; and (c) enhancements to the SaaS Products.
- Off-site (remote) support to Authorized Customer Personnel as defined in paragraph 3 below during regular business hours (Monday through Friday, 9:00 am to 5 pm EST excluding national holidays) on the use of the Clinigence Product and the Clinigence Platform. Such support may be provided via electronic mail, telephone service and/or other similar methods deemed appropriate by Clinigence.
- Clinigence shall have no liability for any Error resulting in whole or in part from circumstances outside the control of Clinigence as listed in the Master Services Agreement. In addition, Clinigence shall have no obligation to handle any Errors caused by Customer’s or any End-User’s negligence, abuse, misapplication or use of the SaaS Products other than as specified by Clinigence.
- Authorized Customer Personnel. Customer shall designate a limited number of trained personnel (the “Authorized Customer Personnel”) for access to the Support Services. Customer shall notify Clinigence in writing of the names and contact information of said personnel. Clinigence shall be under no obligation to provide any Support Services to any person other than the Authorized Customer Personnel.
- Customer Requirements. Customer shall provide to Clinigence access to its system(s) used to connect to the Services or to access the SaaS Products via the Internet or other mutually agreeable means for purposes of providing Support Services.
- Maintenance. Clinigence shall use reasonable commercial efforts to cure, as described below, reported and verifiable problems due to Errors in the SaaS Products. Clinigence prioritizes reported problem as follows:
- “Priority 1” is a critical problem where Customer’s use of the Clinigence Product is inhibited or severely impeded during Availability Times. Clinigence attempts to respond to all Priority 1 problems within two (2) hours during Availability Times. Clinigence shall promptly initiate work to provide Customer relief.
- “Priority 2” includes production problems where (a) specific functions do not conform to the Documentation; or (b) specific transaction scenarios give invalid or inconsistent results. Clinigence shall use commercially reasonable efforts to include a fix for the problem in the next regular software release.
- “Priority 3” means cosmetic or minor problems where a workaround is available or there is no business impact to Customer. Priority 3 Errors will be reviewed and considered for inclusion in a later software release.
Additional Customer Acknowledgements and Responsibilities
- For EHR integration using a Clinigence extractor, it is the Customer’s responsibility to provide an onsite PC server as per Clinigence’s recommended specifications. Note that this does not need to be a dedicated server (i.e. it can be used to host other applications, such as the EHR). It is also the Customer’s responsibility to provide Clinigence with remote access (admin privileges) to this PC for installing the necessary Clinigence software.
- For EHR integration using a data feed, it is the Customer’s responsibility to establish a feed either from the EHR vendor, hosting provider or the Customer’s data center as per Clinigence’s specifications. Customer will bear any costs associated with establishing and maintaining such feed, including any 3rd party fees.
- Customer is responsible for providing an Internet connection with sufficient bandwidth from the EHR site and to any End-User location as needed to support the Services and/or as may be recommended by Clinigence. Customer acknowledges that the performance of the Service may be degraded due to insufficient Internet bandwidth and that Clinigence cannot be held responsible for such degradation.
- Customer acknowledges that the Services are limited to the Customer Data and Clinigence cannot guarantee the completeness or accuracy of the Services beyond the Customer Data.
- Clinigence will work with Customer to validate the completeness and accuracy of the Services. Customer is responsible for identifying any discrepancies or inaccuracies in the Services and reporting such discrepancies or inaccuracies to Clinigence.
- Customer acknowledges that those Services that involve mapping of Customer Data cannot be guaranteed for 100% completeness or accuracy. Unless otherwise explicitly specified in the SOW, Clinigence reserves the right to limit the time dedicated to manual mapping of Customer Data to 10 hours per practice. If additional hours are required, Clinigence will offer to provide such Services based on its applicable hourly rate. Customer acknowledges and agrees that the completeness and accuracy of said Services may be limited as described above.
This BUSINESS ASSOCIATE AGREEMENT (this “BAA”) is made and entered into as of the Effective Date by and between Customer (the “Covered Entity”), and Clinigence, LLC.
WHEREAS, the parties have entered into that certain Master Services Agreement dated as of the Effective Date, including all exhibits, schedules and attachments thereto, and all documents incorporated therein by reference, between Covered Entity and Clinigence (the “Agreement”) pursuant to which Clinigence will deliver Services to Covered Entity which may involve the Use and/or Disclosure of Protected Health Information (“PHI”);
WHEREAS, the Covered Entity and Clinigence mutually desire to outline their individual responsibilities with respect to the Use and/or Disclosure of PHI as mandated by the Privacy Standards (45 C.F.R. Parts 160 and 164) and the Security Standards (45 C.F.R. Parts 160, 162 and 164) promulgated under the Administrative Simplifications subtitle of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”);
WHEREAS, the Covered Entity and Clinigence understand and agree that the Privacy Standards and the Security Standards require that the Covered Entity and Clinigence enter into a Business Associate Agreement governing the Use and/or Disclosure of PHI; and
WHEREAS, the parties hereto mutually agree that this BAA is intended to satisfy the requirements of the Privacy Standards and Security Standards.
NOW, THEREFORE, in consideration of the foregoing and of the mutual covenants and agreements herein contained, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties hereto agree to the foregoing and as follows:
All capitalized terms used herein that are not otherwise defined shall have the same meaning as those terms are defined in the Privacy Standards and the Security Standards, as applicable. To the extent that after the Effective Date of this BAA, any definition is amended, the amended definition shall apply to this BAA.
- OBLIGATIONS OF CLINIGENCE.
- Privacy Regulations.
- General. Clinigence acknowledges and agrees that it is a “Business Associate” of the Covered Entity as that term is defined in 45 C.F.R. § 160.103. The parties understand and agree that this information does not apply to any de-identified health information. Accordingly, from and after the Effective Date, Clinigence shall comply with the following provisions with respect to an Individual’s PHI:
(a) Safeguards Against Misuse of Information. Clinigence shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of PHI held by Clinigence on behalf of the Covered Entity, and to prevent Use and/or Disclosure of PHI other than as provided for in this BAA.
(b) Use and Disclosure of PHI. Business Associate shall not Use or Disclose PHI other than as permitted or required by this BAA or as Required by Law.
(c) Reporting of Violations. After becoming aware of a Use or Disclosure of Protected Health Information in violation of this BAA or the Agreement by Clinigence, its officers, directors, employees, representatives, subcontractors, or agents, or by a third party to whom Clinigence disclosed PHI, Clinigence shall within ten (10) business days thereafter, report any such Use or Disclosure to the Covered Entity.
(d) Disclosures to Third Parties. Clinigence shall ensure that any representatives or agents, including subcontractors, to whom Clinigence provides PHI received from, or created or received by Clinigence on behalf of the Covered Entity, agree to the same restrictions and conditions that apply to Clinigence with respect to such PHI.
(e) Access to PHI. If an Individual requests access to PHI contained in a Designated Record Set that is in Clinigence’s possession, Clinigence shall forward any such request to the Covered Entity within ten (10) business days from the date Clinigence receives any such request. At the request of the Covered Entity, Clinigence shall provide within ten (10) business days any PHI relevant to a request for access from an Individual that is in Clinigence’s possession, which is not also in the Covered Entity’s possession, to the Covered Entity so that the Covered Entity can respond to a request from an Individual to access PHI in accordance with 45 C.F.R. § 164.524.
(f) Amendment of PHI. If an Individual requests an amendment to PHI contained in a Designated Record Set that is in Clinigence’s possession, Clinigence shall forward any such request to the Covered Entity within ten (10) business days from the date Clinigence receives any such request. At the request of the Covered Entity, Clinigence shall provide within ten (10) business days any PHI relevant to a request for amendment from an Individual that is in Clinigence’s possession, which is not also in the Covered Entity’s possession, to the Covered Entity so that the Covered Entity can respond to a request from an Individual to amend PHI in accordance with 45 C.F.R. § 164.526. Additionally, upon notice from the Covered Entity, Clinigence will make any necessary amendments to PHI in its possession.
(g) Accounting of Disclosures. If an Individual requests an accounting of disclosures of PHI, other than disclosures excepted under 45 C.F.R. § 164.528(a)(1), Clinigence shall forward any such request to the Covered Entity within ten (10) business days from the date Clinigence receives any such request, along with any information in Clinigence’s possession relevant to such request. Clinigence shall document any Disclosure of PHI and information related to such Disclosure as required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.
(h) Availability of Books and Records. Clinigence shall make available its internal practices, books, and records relating to the Use and Disclosure of PHI received from, or created or received by Clinigence on behalf of the Covered Entity, available to the Secretary, in a time and manner designated by the Secretary, for purposes of determining the Covered Entity’s compliance with the Privacy Standards.
(i) Minimum Necessary Use and Disclosure. In conducting functions and/or activities under this BAA or the Agreement that involve the Use and/or Disclosure of PHI, Clinigence shall make reasonable efforts to limit the Use and/or Disclosure of PHI to the minimum necessary in accordance with 45 C.F.R. § 164.514(d) to accomplish the intended purpose of the Use or Disclosure.
- Permitted Uses and Disclosures of PHI. Except as otherwise limited in this BAA, Clinigence may:
(a) Use or Disclose PHI to perform the Services in accordance with this BAA. Notwithstanding the foregoing, Clinigence shall not, and shall ensure that its directors, officers, representatives, subcontractors, agents and employees do not, disclose PHI if such Use or Disclosure would violate the Privacy Standards if done by the Covered Entity or the minimum necessary policies and procedures of the Covered Entity;
(b) Use PHI for its proper management and administration, or to carry out its legal responsibilities; and
(c) Disclose PHI to third parties: (i) for its proper management and administration; or (ii) to carry out its legal responsibilities, provided that: (A) the disclosures are Required by Law; or (B) Clinigence obtains reasonable assurances from the person or entity to whom the information is disclosed that such information will remain confidential and will be Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and that such person or entity will promptly notify Clinigence of any instances of which it is aware in which the confidentiality of the information has been breached.
- HITECH Act. Pursuant to the HITECH Act, Business Associate acknowledges that a Business Associate that obtains or creates PHI pursuant to a Business Associate Agreement (as described in 45 C.F.R. § 164.502(e)(2)) with a Covered Entity may use and disclose such PHI only if such use or disclosure, respectively, is in compliance with each applicable requirement of 45 C.F.R. § 164.504(e).
(a) Business Associate acknowledges pursuant to the HITECH Act that a Business Associate must also comply with any additional requirements contained in the HITECH Act that relate to privacy and that are made applicable with respect to Covered Entities.
(b) Business Associate acknowledges that civil and criminal penalties shall apply for any Business Associate who violates any these provisions.
- Security Regulations. Clinigence agrees that it will comply, and cause all of its employees, agents, representatives, and subcontractors to comply, with any applicable requirements of the Security Standards, including, but not limited to the following:
- Security Safeguards. Clinigence shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic PHI that it creates, receives, maintains or transmits on behalf of the Covered Entity as required by the Security Regulations.
- Disclosure to Third Parties. Clinigence shall ensure that any representatives or agents, including subcontractors, to whom it provides electronic PHI agree to implement reasonable and appropriate safeguards to protect such PHI.
- Reporting of Violations. Clinigence shall report to the Covered Entity any Security Incident of which it becomes aware.
III. OBLIGATIONS OF THE COVERED ENTITY.
- Notification of Limitations/Restrictions. The Covered Entity shall notify Clinigence of any limitations or restrictions that the Covered Entity has agreed to in accordance with 45 C.F.R. §§ 164.520 or 164.522, to the extent that such limitation or restriction may affect Clinigence’s Use or Disclosure of PHI.
- Notification of Changes. The Covered Entity shall notify the Clinigence of any changes in, or revocation of, permission by an Individual to Use or Disclose PHI, to the extent that such changes may affect Clinigence’s Use or Disclosure of PHI.
- Prohibited Uses and Disclosures. The Covered Entity shall not request Clinigence to Use or Disclose PHI in any manner that would not be permissible under the Privacy Standards if done by the Covered Entity.
- TERM AND TERMINATION.
- Term.The term of this BAA shall be effective as of the Effective Date, and shall terminate upon termination of the Agreement, provided however, that notwithstanding the termination of the Agreement; Clinigence shall be required to comply with Section IV.C. below.
- Failure to Comply with HIPAA Obligations.
- Mitigation Obligation. If, following the Effective Date, Clinigence violates any of its obligations under Section II, Clinigence shall promptly take all steps necessary to mitigate the harmful effects of such violation, if any.
- Termination. If, following the Effective Date, Clinigence notifies the Covered Entity, or the Covered Entity otherwise has reason to believe, that Clinigence has violated a material term of any of the requirements set forth in this BAA, the Covered Entity shall provide Clinigence with a period of thirty (30) days to cure the breach or end the violation and if Clinigence does not cure the breach or end the violation within thirty (30) days after receiving notice of breach from the Covered Entity, the Covered Entity shall have the right to terminate this BAA. Notwithstanding the foregoing, if Clinigence breaches a material term of this BAA and the Covered Entity reasonably determines that cure is not possible, the Covered Entity shall have the right to immediately terminate this BAA upon written notice to Clinigence. This BAA and the Agreement may be terminated by Clinigence upon thirty (30 ) days written notice to the Covered Entity if Clinigence believes that the requirements of any law, legislation, consent decree, judicial action, governmental regulation or agency opinion, enacted, issued, or otherwise effective after the date of this BAA and applicable to the PHI or to this BAA, cannot be met by Clinigence in a commercially reasonable manner and without significant additional expense.
- Effect of Termination.Except as set forth in this Section IV.C., upon termination of this BAA or the Agreement for any reason, at the request of the Covered Entity, Clinigence shall return or destroy all PHI received from the Covered Entity, or created or received by Clinigence on behalf of the Covered Entity. This provision shall also apply to PHI that is in the possession of employees, representatives, subcontractors or agents of Clinigence. Clinigence and its employees, agents, representatives, and subcontractors shall not retain any copies of the PHI. In the event that Clinigence determines that returning or destroying the PHI is infeasible, Clinigence shall provide to the Covered Entity written notification of the conditions that make return or destruction infeasible. If the Covered Entity agrees that return or destruction of PHI is infeasible, Clinigence shall extend the protections of this BAA to such PHI for so long as Clinigence maintains such PHI. Notwithstanding the foregoing, if the parties determine that return or destruction of PHI is infeasible, Clinigence shall continue to make PHI available to the Covered Entity, to the extent necessary to allow the Covered Entity to comply with Sections II.A.1(d)-(g) of this BAA.
- State Law Requirements. To the extent the applicable laws and regulations of any state that applies to this BAA are More Stringent than those set forth in the Privacy Standards, any Use or Disclosure of PHI by Clinigence shall be made in accordance with such laws and regulations.
- Interpretation. Any ambiguity in any term or condition of this BAA shall be resolved in favor of a meaning that permits the Covered Entity to comply with the Privacy Standards and/or the Security Standards, as applicable.
- Changes or Modifications to HIPAA and/or HIPAA Regulations. If, following the Effective Date, HIPAA and/or the Privacy Standards, or the Security Standards are modified, and/or additional regulations are issued pursuant to HIPAA, the parties agree to work together in good faith to amend this BAA and the Agreement to allow so that the parties hereto remain in compliance with such regulations.
- Effect of Agreement. If there are any conflicts between the terms of this BAA and the terms of the Agreement, the terms of this BAA shall control. All non-conflicting terms of the Agreement shall survive and continue in full force and effect.
- Counterparts; Attachments. This BAA may be executed in counterparts, by manual or facsimile signature, each of which will be deemed an original and all of which together will constitute one and the same instrument.
- Survival. The obligations of Clinigence under Sections IV.C of this BAA shall survive the termination of this BAA and the Agreement.
- Entire Agreement. This BAA and the Agreement constitute the entire agreement between the parties and supersedes all prior negotiations, discussions, representations, or proposals, whether oral or written, unless expressly incorporated herein, related to the subject matter of this BAA. Unless otherwise expressly provided herein, this BAA may not be modified unless in writing signed by the duly authorized representatives of the parties. If any provision or part thereof is found to be invalid, the remaining provisions shall remain in full force and effect.
- No Third Party Beneficiaries. Except as otherwise provided for in the Privacy Standards or this BAA, there are no third party beneficiaries to this BAA. Clinigence’s obligations are to the Covered Entity only.
- Successors and Assigns. This BAA will inure to the benefit of and be binding upon the successors and assigns of the parties. This BAA is not assignable by any party without the prior written consent of the other parties, which consent shall not be unreasonably withheld.