PHOENIX Rx scripClip
Group Purchasing Master Agreement
1. PURCHASE OR SUBSCRIPTION; DELIVERY; INSTALLATION; TRAINING.
1.1 Sale or Subscription. Phoenix Pharmatech, LLC (“Phoenix Rx”) agrees to sell the Hardware, in the case of a Purchase Option, or supply the Hardware, in the case of a Subscription, and Client agrees to purchase or subscribe, as applicable, the Hardware and license the Software comprising the Product(s) set forth in an Order, subject to the terms and conditions set forth in this Agreement.
1.2 Delivery and Installation. Phoenix Rx will cause the Product(s) to be delivered to Client’s Licensed Locations for installation on a date or dates mutually agreed to by Phoenix Rx and Client. If additional services or Client-specified customization are required for installation due to Client’s special site requirements, Client will pay those costs as mutually agreed. If there are multiple Licensed Locations and Installation Dates in an Order, the applicable Installation Date shall be the earliest Installation Date.
1.3 Training. Phoenix Rx will provide Documentation for the Product and Phoenix Rx’s standard operational training before production use of the Product commences. Charges for any additional training will be invoiced to Client at Phoenix Rx’s then-current hourly rates, plus travel, communication, and other expenses. Any additional training will be mutually agreed to by Phoenix Rx and Client and documented in an additional Statement of Work.
2. ORDERS; CHARGES; PAYMENTS.
2.1 Orders. Orders subject to this Agreement are made through the mutual execution of an order form (“Orders”) that references this Agreement. For additional Orders augmenting existing Licensed Locations with, for example, additional scripClipTM hanging bags, the term of the Order shall be deemed to have commenced on the initial Order for such additional Product.
2.2 Payments. Client shall pay Phoenix Rx all fees set forth in an Order upon receipt of the applicable invoice date(s). Unless otherwise stated in the accepted Order, all payments are to be in United States dollars. If payments are not received within 30 days, Phoenix Rx may charge Client interest on the unpaid balance until paid, at the greater of (a) 1% per month or (b) the maximum rate allowed by law. If Phoenix Rx is required to bring legal action to collect delinquent accounts, then Customer will pay reasonable attorneys’ fees and costs of suit. All Orders are non-cancelable and nonrefundable. Prices for products and services, including recurring fees, covered under this Agreement may be subject to annual adjustments not to exceed the greater of (a) three percent or (b) the Consumer Price Index (published by the Bureau of Labor Statistics, All Urban Consumers, Current Series, Index) for the previous twelve-month period, with not less the 30 days’ notice.
2.3 Additional Charges. Additional charges may apply to services rendered outside contracted hours or beyond normal coverage at Client’s request, e.g., travel expenses, and premium and minimum charges. There will be an additional charge at Phoenix Rx’s then-current technician’s rate per hour for any technical work required as a result of other than Phoenix Rx-recommended hardware purchased by Client for use with the Product. Any other additional charges must be mutually agreed to by Phoenix Rx and Client and documented in an additional Statement of Work.
In addition, any fee or assessment from a pharmacy management service provider in connection with providing services to Client under this Agreement will be separately charged to Client as an incremental fee for service.
2.4 Taxes. All prices are exclusive of sales, use, excise, withholding or any other taxes applicable to the sale, use or delivery of the Products. If Client is tax-exempt, Client will provide Phoenix Rx with proof of its tax-exempt status. If Client is not tax-exempt, (a) Client will pay any tax Phoenix Rx becomes obligated to pay in connection with this Agreement, exclusive of taxes based on the net income of Phoenix Rx and (b) Client will pay all personal property and similar taxes assessed after shipment. If Client challenges the applicability of any such tax, Client shall pay the tax and may thereafter seek a refund.
2.5 Suspension of Performance. If any payment due to Phoenix Rx under this Agreement is past due more than thirty (30) days, Phoenix Rx may suspend performance under this Agreement until all amounts due are current.
3. TITLE; RISK OF LOSS.
3.1 Hardware. Subject to Section 3.5 below, with respect to a Purchase Option Order, Hardware is purchased by Client, and title to Hardware will pass to Client after the full Hardware payment has been received by Phoenix Rx. In the case of a Monthly Subscription Order, Hardware is provided to Client and title remains with Phoenix Rx. In either case, risk of loss of, or damage to, Hardware will pass to Client upon delivery to Client.
3.2 Software. Title to Software, all copies thereof, and all associated intellectual proprietary rights therein will remain with Phoenix Rx including, but not limited to, all patents, copyrights, trade secrets, trademarks, and other proprietary rights.
3.3 Third Party Software. Title to Third Party Software, all copies thereof, and all associated intellectual proprietary rights therein will remain with the applicable third-party licensor including, but not limited to, all patents, copyrights, trade secrets, trademarks, and other proprietary rights.
3.4 Confidential and Proprietary Information. Title to Phoenix Rx’s Confidential and Proprietary Information will remain with Phoenix Rx. Title to Confidential and Proprietary Information of Phoenix Rx’s suppliers and licensors will remain with the relevant suppliers and licensors.
3.5 Proprietary Rights. Client acknowledges and agrees that the design of the Products, and any and all Product-related patents, copyrights, trademarks, service marks, trade names, documents, logos, software, microcode, information, and material are the property of Phoenix Rx or its third-party suppliers. and no interest therein is being vested in Client (except as set forth in Section 3.1 above) by the execution of this Agreement or the sale of the Product Hardware or license of the Software to Client. Client shall not, under any circumstances, cause or permit the adaptation, conversion, reverse engineering, disassembly, or decompilation of any Software or Phoenix Rx Hardware. Client will have no authority or right to copy, reproduce, modify, sell, license, or otherwise transfer any rights in any proprietary property of Phoenix Rx. The provisions of this Section 3.5 will survive the termination or cancellation of this Agreement.
4. WARRANTY TERMS.
4.1 Phoenix Rx Hardware Limited Warranty. Phoenix Rx warrants that during the Order Term applicable to the Product being warranted hereunder, the Phoenix Rx Hardware purchased by Client will be free from defects in materials and workmanship and will substantially conform to the performance specifications stated in the Product Documentation for the Phoenix Rx Hardware applicable at the time of the installation of the Hardware. Phoenix Rx will, at Phoenix Rx’s sole discretion, replace or repair any Phoenix Rx Hardware that does not comply with this warranty, at no additional charge to Client. To request warranty service, Client must contact Phoenix Rx within the applicable Order Term. Client agrees that any return of Phoenix Rx Hardware will be made in accordance with Phoenix Rx’s then current return material authorization (“RMA”) procedures. In any event, Client will have no right to return Products to Phoenix Rx without first obtaining from Phoenix Rx an RMA number authorizing such return. Phoenix Rx may elect to conduct any repairs at Client’s site, Phoenix Rx’s facility, or any other location specified by Phoenix Rx. Any replacement Phoenix Rx Hardware provided to Client under this warranty may be new or reconditioned. Phoenix Rx may use new and reconditioned parts in performing warranty repairs and building replacement products. If Phoenix Rx repairs or replaces Phoenix Rx Hardware, its Order Term is not extended and will terminate upon the end of the Warranty Period of the replaced or repaired Phoenix Rx Hardware. Phoenix Rx owns all replaced Phoenix Rx Hardware and all parts removed from repaired products. Client acknowledges and agrees that this warranty is contingent upon and subject to Client’s proper use of the Product and the exclusions from warranty and Support Services coverage set forth in Section 4.4. This warranty does not cover any Phoenix Rx Hardware that has had the original identification marks and/or numbers removed or altered in any manner. The remedies set forth in this Section 4.1 are the full extent of Client’s remedies and Phoenix Rx’s obligations regarding this warranty.
4.2 Mandated Product Changes. If a Product is required to be reconfigured, modified, or otherwise changed after its sale to and installation at the Client’s location due to the Client’s or a local, state, or federal government certification change(s) or due to any statutory changes or new requirements, Phoenix Rx will determine the feasibility and cost of the required changes and advise the Client of the total amount due for those Product changes. Upon written approval to move forward with the changes and receipt from the Client of the stated fees, Phoenix Rx will complete the required Product changes to the Client’s Products.
4.3 Software Limited Warranty. Phoenix Rx warrants that upon initial installation of the Software and for ninety days thereafter (“Software Warranty Period”), the Software will perform substantially according to the then-current functional specifications described in the Documentation accompanying such Software. To request warranty service, Client must contact Phoenix Rx within the Software Warranty Period accompanied with sufficient detail to enable Phoenix Rx to reproduce the error and provide a remedy or suitable workaround (a solution that will allow the Software to function appropriately as certified). Phoenix Rx will make commercially reasonable efforts to remedy or provide a suitable workaround for defects, errors, or malfunctions covered by this warranty at no additional charge to Client. Because not all errors or defects can or need to be corrected, Phoenix Rx does not warrant that all errors or defects will be corrected. Client acknowledges and agrees that this warranty is contingent upon and subject to Client’s proper use of the Product and the exclusions from warranty and Support Services coverage set forth in Section 4.4 below. The remedies set forth in this Section 4.3 are the full extent of Client’s remedies and Phoenix Rx’s obligations regarding this warranty.
4.4 Exclusions from Warranty and Support Services Coverage. The warranties under this Section 4 and the Support Services under Section 5 below do not cover defects, errors, or malfunctions that are caused by any external causes, including, but not limited to, any of the following: (a) Client’s failure to follow operational, support, or storage instructions as set forth in applicable Documentation; (b) the use of noncompatible media, supplies, parts, or components; (c) modification or alteration of the Product, or its components, by Client or third parties not authorized by Phoenix Rx; (d) use of hardware or software not supplied or authorized by Phoenix Rx or alterations or replacement by Client or its suppliers of any integrated third party systems such as a point of sale system which renders inoperable the Product (provided that Phoenix Rx shall use commercially reasonable efforts to modify the Software as soon as practicable to interoperate with such integrated third party system; (e) external factors (including, without limitation, power failure, surges or electrical damage, fire or water damage, air conditioning failure, humidity control failure, or corrosive atmosphere harmful to electronic circuitry); (f) failure to maintain proper site specifications and environmental conditions; (g) negligence, accidents, abuse, neglect, misuse, or tampering; (h) improper or abnormal use or use under abnormal conditions; (i) use in a manner not authorized by this Agreement or use inconsistent with Phoenix Rx’s specifications and instructions; (j) use of Software on Third Party Hardware that is not in good operating condition; (k) unauthorized acts of Client, its agents, servants, employees, or any third party; (l) servicing or support not authorized by Phoenix Rx; or (m) Force Majeure. Phoenix Rx reserves the right to charge for repairs on a time-and-materials basis at Phoenix Rx’s then-prevailing rates, plus expenses, and for replacements at Phoenix Rx’s list prices caused by these exclusions from warranty and Support Services coverage.
4.5 Third-Party Hardware and Third-Party Software Excluded. PHOENIX RX MAKES NO REPRESENTATIONS OR WARRANTIES AS TO THIRD PARTY HARDWARE AND THIRD-PARTY SOFTWARE, IF ANY, PROVIDED BY PHOENIX RX TO CLIENT, ALL OF WHICH IS SOLD, LICENSED, OR SUBLICENSED TO CLIENT “AS IS.” PHOENIX RX HAS NO RESPONSIBILITY OR LIABILITY FOR THIRD PARTY HARDWARE AND THIRD-PARTY SOFTWARE, IF ANY, PROVIDED BY PHOENIX RX’S DISTRIBUTORS OR OTHER THIRD PARTIES TO CLIENT. If Phoenix Rx sells any Third Party Hardware (with or without Third Party Software pre-installed thereon) to Client, Phoenix Rx will pass through to Client, on a nonexclusive basis and without recourse to Phoenix Rx, any third-party manufacturer’s warranties covering the Third-Party Hardware and any Third-Party Software installed thereon, but only to the extent, if any, permitted by the third-party manufacturer. Client agrees to look solely to the warranties and remedies, if any, provided by such third-party manufacturer or third-party licensor, and agrees to be subject to all end user license terms and conditions with respect to such Third-Party Software.
4.6 Disclaimer. THE WARRANTIES IN THIS SECTION 4 GIVE CLIENT SPECIFIC LEGAL RIGHTS, AND CLIENT MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE (OR JURISDICTION TO JURISDICTION). PHOENIX RX’S RESPONSIBILITY FOR MALFUNCTIONS AND DEFECTS IN PHOENIX RX HARDWARE AND PHOENIX RX SOFTWARE IS LIMITED TO REPAIR AND REPLACEMENT AS SET FORTH IN THIS WARRANTY TERMS SECTION. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR THE EXPRESS LIMITED WARRANTIES SET FORTH ABOVE (A) THERE ARE NO WARRANTIES, EXPRESS OR IMPLIED, BY OPERATION OF LAW OR OTHERWISE UNDER THIS AGREEMENT OR IN CONNECTION WITH THE SALE OF PHOENIX RX HARDWARE AND LICENSE OF SOFTWARE, AND (B) PHOENIX RX DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, TITLE, AND NONINFRINGEMENT FOR ALL HARDWARE, SOFTWARE, AND SERVICES. THE EXPRESS WARRANTIES EXTEND SOLELY TO CLIENT. SOME STATES (OR JURISDICTIONS) DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT APPLY TO CLIENT.
5. SUPPORT SERVICES.
5.1 Description of Software Support Services. Subject to the terms and conditions of this Agreement, Phoenix Rx will provide Client the Support Services described below. If Phoenix Rx, in its discretion, at Client’s request, provides Support Services in addition to the services described under this Section 5, Client will pay Phoenix Rx for such services on a time-and-materials basis at Phoenix Rx’s then-prevailing rates, plus expenses, and for replacements at Phoenix Rx’s list prices, unless otherwise agreed in writing by Phoenix Rx and Client.
5.2 Support Services. Support Services will consist of periodic updates and any software “bug” corrections to Software. A software “bug” is any malfunction that prevents the Software from performing substantially as described in the then-current Documentation for such software. Because not all errors or defects rise to the level where they need to be corrected, Phoenix Rx does not warrant that all errors or defects will be corrected. Phoenix Rx reserves the right to determine whether any reported, claimed Software malfunction is in fact a “bug.” Such “bugs” must be reported in writing and be accompanied with sufficient detail to enable Phoenix Rx staff to reproduce the error and provide a remedy or suitable workaround. The exclusions from warranty coverage under Section 4.3 also are exclusions from Support Services under this Section 5. Call-in Support Services are available during normal hours of operation (currently 8:00 a.m. to 5:00 p.m., Central Time). Client’s contact person, or persons, will submit service requests according to Phoenix Rx’s reasonable instructions.
5.3 Engineering Services. In any case where Software interfaces with a third-party software system (including, but not limited to, Client’s point of sale system), Phoenix Rx will not be responsible for proper operation of any Software that interfaces with such third-party software should such third-party software be upgraded, replaced, modified, or altered in any way (other than with Phoenix Rx’s prior authorization with respect to Third-Party Software). Phoenix Rx will also not be responsible for the proper operation of any Software running on Client’s computer hardware, should Client install a new computer operating system on such hardware without advising Phoenix Rx of such changes and receiving Phoenix Rx’s written approval. Engineering services and associated costs may be required in those situations where the Client requests Phoenix Rx’s review and approval of any system changes outside the original system specifications as of the Effective Date of this Agreement.
5.4 Support Services Contact Information. Each party will designate a Support Services contact and provide related contact information, which may be updated from time to time upon notice.
6. SOFTWARE LICENSE.
6.1 Licenses. Subject to the terms and conditions of this Agreement, Phoenix Rx grants to Client a personal, nonexclusive, nontransferable, and limited license to use the Software with the Hardware for the License Term (as defined in Section 10.2 below) applicable to the Order. Phoenix Rx will provide Client, and Client will be permitted to use, only the run-time executable code and associated support files of the Software for Client’s internal data processing requirements as part of the Phoenix Rx Solution. The Software may be used only at the Licensed Location(s) specified on the applicable Order on the hardware or other computer systems authorized by Phoenix Rx in writing. Client’s use of the Software will be limited to one production instance per Licensed Location and one archive copy for back up purposes, excluding Firmware, which may not be copied or backed up and will be limited to the Hardware on which it is embedded. Only Client and its authorized employees or consultants may use or access the Software. Client agrees that Phoenix Rx and its representatives may periodically inspect, conduct, and/or direct an independent accounting firm to conduct an audit, at mutually agreed-upon times during normal business hours, of the computer site, computer systems, Phoenix Rx Hardware, and appropriate records of Client to verify Client’s compliance with the terms of the licenses granted to Client.
6.2 Protection of Software.
(a) The Phoenix Rx Hardware and Software are designed to be used only with each other and the agreed-upon Third-Party Software and Third-Party Hardware, and the Client software (e.g. point of sale system) with which the Product is integrated. To protect the integrity and security of the Product, without the express written consent of Phoenix Rx, (i) Client shall use the Software and Hardware only in connection with the Phoenix Rx Solution; (ii) Client shall not install or use other software on or with the Hardware or Software or network the Hardware or Software with any other hardware, software, Hardware, or computer systems except as set forth in the Documentation; and (iii) Client shall not modify the Hardware or Software. If Client does not comply with any provisions of the preceding sentence, then (i) the warranties under Section 4 will automatically terminate; (ii) Phoenix Rx may terminate its obligation to provide Support Services under Section 5; (iii) Phoenix Rx will have no further installation obligations under Section 1.2 (Delivery and Installation), and (iv) Phoenix Rx will have no further obligations under Section 1.3 (Training and Documentation). Furthermore, if Client uses the Software and Hardware in combination with other software and hardware (other software or hardware being those not provided by Phoenix Rx or its designees), and the combination infringes Phoenix Rx proprietary patent claims outside the scope of the software license granted to Client under Section 6.1, Phoenix Rx reserves its rights to enforce its patents with respect to those claims.
(b) Client shall not, under any circumstances, cause or permit the adaptation, conversion, reverse engineering, disassembly, or decompilation of any Software. Client shall not use any Software for application development, modification, or customization purposes, except through Phoenix Rx.
(c) Client shall not assign, transfer, sublicense, time-share, or rent the Software or use it as a software as a service. Client shall not modify, copy, or duplicate the Software; provided, during the term of the Software licenses and sublicenses, Client may have in its possession one (1) copy of the Software for inactive archival or backup purposes (excluding Firmware. All copies of the Software, in whole or in part, must contain all of Phoenix Rx’s or the third-party licensor’s titles, trademarks, copyright notices, and other restrictive and proprietary notices and legends as they appear on the copies of the Software provided to Client. Client shall notify Phoenix Rx of any circumstances known to Client regarding any unauthorized possession or use of the Software.
(d) Upon termination of Client’s license of Software, Client shall immediately discontinue all use of the Software and return to Phoenix Rx or destroy, at Phoenix Rx’s option, the Software (and all related documentation (electronic and hard copy) and Confidential and Proprietary Information) and all archival, backup, and other copies thereof, and upon request provide certification to Phoenix Rx of such return or destruction. The foregoing excludes Firmware, which may be retained by Client with any Phoenix Rx Hardware subject to the terms of the license grant and all license restrictions hereunder.
(e) Client shall not publish any results of benchmark tests run on any Software.
(f) Although the Software is protected by copyright and/or patents, they may be unpublished, and constitute Confidential and Proprietary Information of Phoenix Rx and the third-party licensor, respectively. Client shall maintain the Software in confidence and comply with the terms of Section 6, Protection of Confidential and Proprietary Information, with respect to the Software.
(g) This Section 6.2 will survive the termination or cancellation of this Agreement.
(h) Aggregate Information. Phoenix Rx may collect information regarding Client’s use of the Products and may use and disclose such information in aggregate or other anonymized form in connection with Phoenix Rx support, development, marketing and other business activities, provided that Phoenix Rx will under no circumstances associate any of such information with Client, and will not use or disclose any “Protected Health Information” or other personally identifiable information in connection with this Section 6.2(h).
6.3 Inherently Dangerous Applications. The Software is not developed or licensed for use in any nuclear, aviation, mass transit, or any medical application not intended in the Documentation or in any other inherently dangerous applications. Client shall not use the Software in any such inherently dangerous application and agrees that Phoenix Rx and any third-party licensor will not be liable for any claims or damages arising from such use.
7. CLIENT RESPONSIBILITIES.
7.1 Independent Determination. Client acknowledges it has independently determined that the Product meets its requirements.
7.2 Cooperation. Client agrees to cooperate with Phoenix Rx and promptly perform Client’s responsibilities under this Agreement. During installation, Client will (a) provide adequate working and storage space for use by Phoenix Rx personnel near Hardware; (b) provide Phoenix Rx full access to the Hardware and Software, subject to Client’s security rules; (c) follow Phoenix Rx’s instructions for obtaining Hardware and Software Support and warranty services; (d) reproduce suspected errors or malfunctions in Software; (e) provide timely access to key Client personnel and timely respond to Phoenix Rx’s questions; and (h) otherwise reasonably cooperate with Phoenix Rx in its performance under this Agreement.
7.3 Site Preparation. Client shall prepare and maintain the Licensed Location(s) in accordance with instructions provided by Phoenix Rx. Client is responsible for environmental requirements, electrical interconnections, and modifications to facilities for proper installation, in accordance with Phoenix Rx’s specifications. Any delays in preparation of the Licensed Location(s) will correspondingly extend Phoenix Rx’s Installation Date(s).
7.4 Licensed Location Maintenance; Proper Storage. Client shall maintain the appropriate operating environment, in accordance with Phoenix Rx’s specifications, for the Hardware and Software and all communications equipment, telephone lines, electric lines, cabling, modems, air conditioning, and all other Hardware and utilities necessary for the Hardware and Software to operate properly. Client shall properly store the Hardware and Software when not in use.
7.5 Use. Client is exclusively responsible for supervising, managing, and controlling its use of the Product, including, but not limited to, establishing operating procedures and audit controls, supervising its employees, making daily backups, inputting data, ensuring the accuracy and security of data input and data output, monitoring the accuracy of information obtained, and managing the use of information and data obtained. Client will ensure that its personnel are, at all times, educated and trained in the proper use and operation of the Product and that the Hardware and Software are used in accordance with applicable Documentation, instructions, and specifications. Client shall comply with all applicable laws, rules, and regulations with respect to its use of the Product.
7.6 Backups. Client will maintain backup data necessary to replace critical Client data in the event of loss or damage to data from any cause residing in the Product.
8. PROTECTION OF CONFIDENTIAL AND PROPRIETARY INFORMATION.
8.1 Confidential Information. Each party acknowledges on its own behalf and on behalf of its officers, directors, employees, agents and consultants, (“Personnel”) that during the term of this Agreement, it (“Receiving Party”) may receive from or on behalf of the other party (“Disclosing Party”) confidential and proprietary business, financial and technical information relating to Disclosing Party, and Personal Information and Protected Health Information (both as further defined below,) (collectively and individually, “Confidential Information”). “Personal Information” means any and all information, that identifies or is capable of identifying an individual, including (a) an individual’s name, social security number, date of birth, or driver’s license or other government-issued identification number; (b) an individual’s contact information, such as an email address, residential address or telephone number; (c) demographic information such as an individual’s gender, race and age; (d) financial and health information, including credit card information; (e) information about an individual whose disclosure is protected or otherwise regulated by law; and (f) any information regarding such person’s relationship to the Disclosing Party. “Protected Health Information”, or “PHI”, has the meaning set forth in the Health Insurance Portability and Accountability Act of 1996 as amended (collectively, “HIPAA”).
8.2 Use and Nondisclosure Obligations. The Receiving Party will: (a) hold the Disclosing Party’s Confidential Information in confidence and use the same degree of care to protect the Disclosing Party’s Confidential Information as it uses for its own Confidential Information of like importance but in no event using less than a reasonable standard of care, (b) not divulge any such Confidential Information or any information derived therefrom to any third person except as authorized hereunder, (c) not make any use of such Confidential Information except to carry out its rights and obligations under this Agreement, and (d) not copy such Confidential Information (except as necessary to carry out its rights and obligations under this Agreement). The Receiving Party will only permit access to Confidential Information to those of its Personnel: (i) who require access thereto for a purpose authorized by the Agreement, and (ii) who have signed confidentiality agreements or are otherwise bound by confidentiality obligations at least as restrictive as those contained herein. The Receiving Party will use and disclose Confidential Information only to the extent required to provide, perform or receive, as applicable, the Phoenix Rx Services hereunder.
8.3 Personal Information and PHI. As of the Effective Date of this Agreement, and pursuant to HIPAA, the parties entered into the Business Associate Agreement attached hereto. Phoenix Rx will keep appropriate, complete and accurate records of Client’s and Patients’ Personal Information and PHI and, if disclosed to third parties, records as to any disclosure. Any governmental entity with jurisdiction or oversight authority, may, upon prior notice to Phoenix Rx, audit Phoenix Rx’s records of Client’s and Patients’ Personal Information and PHI and, to the extent relevant to the security of Personal Information and PHI, Phoenix Rx’s security practices and data processing activities.
8.4 Agreement Terms and Conditions. Each party may disclose the terms and conditions of this Agreement: (a) on a confidential basis to legal or financial advisors, (b) pursuant to a registration report or exhibits thereto required to be filed with the Securities and Exchange Commission, listing agency or any state securities commission, or any other associated filings, or (iii) on a confidential basis in connection with any financing transaction or due diligence inquiry. During the term of this Agreement and for three years after its termination, neither party will disclose to any third party the specific terms of this Agreement without first obtaining the written consent of the other party.
8.5 Exceptions. Other than Personal Information and PHI, Confidential Information will not include information that: (a) becomes public without breach of this Agreement by the Receiving Party or its Personnel, (b) was previously in the Receiving Party’s possession (in written or other recorded form) with no obligation to maintain confidentiality, (c) was received from a third party not under any obligation of confidentiality with respect to such information, or (d) was developed by Receiving Party independently of, and without use of or reference to, the Disclosing Party’s Confidential Information; provided in each case that such forgoing information was not delivered to or obtained by the Receiving Party as a result of any breach of this Agreement, the law or any contractual, ethical or fiduciary obligation owed to the Disclosing Party. The Receiving Party may disclose Confidential Information pursuant to the order or requirement of a court, administrative agency, or other governmental body; to the extent allowed by law, Receiving Party will give reasonable notice to the Disclosing Party to allow the Disclosing Party the opportunity to contest such order or requirement or seek confidentiality treatment.
8.6 Return of Confidential Information. Upon the written request of the Disclosing Party, the Receiving Party will return or destroy (and certify such destruction in a signed writing) all Confidential Information of the Disclosing Party, including all copies thereof and materials incorporating such Confidential Information, whether in physical or electronic form. Each party may retain a copy of the other party’s Confidential Information solely for archival purposes; provided, however, that in no event will Phoenix Rx retain any Personal Information or PHI of Client or Patients unless otherwise required by law or industry compliance regulation. To the extent that it is impracticable to return or destroy any Confidential Information, and with respect to any copies retained for archival purposes, the Receiving Party will continue to maintain the Confidential Information in accordance with this Agreement. The confidentiality obligations set forth in this Agreement will survive the termination of this Agreement and remain in full force and effect until such Confidential Information, through no act or omission of the Receiving Party, ceases to be Confidential Information as defined hereunder.
9. INFRINGEMENT INDEMNITY.
9.1 Indemnity. Phoenix Rx, at its own expense, will defend and indemnify Client against claims that the Phoenix Rx Hardware or Software infringe a United States patent, copyright, or misappropriate trade secrets protected under United States law, provided Client (a) gives Phoenix Rx prompt written notice of such claims; (b) permits Phoenix Rx to control the defense and settlement of the claims; and (c) provides all reasonable assistance to Phoenix Rx in defending or settling the claims.
9.2 Remedies. As to Phoenix Rx Hardware or Software that is subject to a claim of infringement or misappropriation, Phoenix Rx may (a) obtain the right of continued use of the Phoenix Rx Hardware or Software for Client or (b) replace or modify the Phoenix Rx Hardware or Software to avoid the claim. If neither alternative is available on commercially reasonable terms, then, at the request of Phoenix Rx, any applicable Software license and its charges will end, Client will cease using the applicable Phoenix Rx Hardware and Software, Client will return to Phoenix Rx all applicable Phoenix Rx Hardware and return or destroy all copies of the applicable Software, and Client will certify in writing to Phoenix Rx that such return or destruction has been completed. Upon return or Phoenix Rx’s receipt of certification of destruction, Phoenix Rx will give Client a credit for the price paid to Phoenix Rx for the returned or destroyed Phoenix Rx Hardware and Software, less a reasonable offset for use and obsolescence.
9.3 Exclusions. Phoenix Rx will not defend or indemnify Client if any claim of infringement or misappropriation (a) is asserted by an affiliate of Client; (b) results from Client’s design or alteration of any Phoenix Rx Hardware or Software; (c) results from use of any Phoenix Rx Hardware or Software in combination with any third party product, except to the extent, if any, that such use in combination is restricted to the Phoenix Rx Solution as designed by Phoenix Rx (including Third-Party Hardware and Third-Party Software); (d) relates to Third-Party Software or Third-Party Hardware alone; or (e) arises from Client-specified customization work undertaken by Phoenix Rx or its designees in response to changes in Software or Third-Party Software that are made in response to Client specifications.
10. TERM OF AGREEMENT; TERM OF ORDERS; TERMINATION.
10.1 Agreement Term. This Agreement shall remain in effect for so long as any Order is an effect.
10.2 Order Term and License Term. Unless otherwise set forth in an Order, and subject to Section 2.1 above with respect to certain additional Orders hereunder, and commencing on the Installation Date, (i) a “Purchase Option” or (ii) a “Subscription Option” either of which include a five (5) year maintenance and support term with consecutive one-year renewal periods unless either party gives ninety (90) days’ notice prior to the end of the then-current term, (each, the “Order Term”), provided that unless otherwise set forth in an Order, the license term for Software licensed hereunder under a Purchase Option shall be perpetual, and under a Subscription Option, shall terminate upon termination of the Subscription (each, a “License Term”). For purposes of clarification, Phoenix Rx may not terminate a Subscription without cause, so long as Phoenix Rx continues to make the Products commercially available through Subscriptions.
10.3 Defaults. The following events will be deemed to be defaults:
(a) A party committing a material breach of any term of this Agreement if such breach has not been cured within thirty (30) days after written notice of such breach has been given by the non-defaulting party to the defaulting party;
(b) A party filing bankruptcy, becoming insolvent, or having its business placed in the hands of a receiver, assignee, or trustee, whether by voluntary act or otherwise; or
(c) A party failing to comply in any material respect with any federal, state, or local laws applicable to a party’s performance under this Agreement.
10.4 Termination.
(a) Phoenix Rx may terminate Support Services under Section 5 on thirty (30) days prior written notice to Client if Phoenix Rx determines that any alterations, attachments, or modifications not made by Phoenix Rx or the failure to install a software or hardware release will interfere with the provision of support.
(b) Phoenix Rx may terminate a Monthly Subscription upon ninety (90) days written notice in the event Phoenix Rx ceases to make the Products commercially available on a Monthly Subscription basis. Client may terminate a Monthly Subscription upon thirty (30) days’ notice, effective at the end of the next full month.
(b) A party may terminate this Agreement before expiration of its term for default by the other party. If default occurs, the parties will have all remedies provided in this Agreement and otherwise available by statute, law, or equity.
(c) In event of any breach of this Agreement by Client not cured within the time period set forth in Section 10.2(a) above, whether or not resulting in termination of this Agreement by Phoenix Rx, Phoenix Rx may, without limiting Phoenix Rx’s other rights and remedies, accelerate Client’s unpaid fee obligations including but not limited to the Total Purchase Price set forth in all Orders so that all such obligations become immediately due and payable, and in the event Phoenix Rx does not terminate the Agreement, suspend Phoenix Rx’s services of any kind to Client until such amounts are paid in full.
10.5 Effect of Termination Under a Monthly Subscription. Upon termination of an Order under a Monthly Subscription, Client will, within fifteen (15) calendar days, return the Products including all user documentation, test documentation and evaluation test data to Phoenix Rx, in good repair, condition and working order, ordinary wear and tear excepted, at Client’s sole expense, F.O.B. Phoenix Rx’s designated shipping location or as mutually agreed, and immediately cease using all Software. In the event of loss or damage of any kind to any component of a Product, subject to ordinary wear and tear, Client will at the option of Phoenix Rx, pay Phoenix Rx’s usual charges for such repair or replacement or if Products are determined by Phoenix Rx to be lost, stolen, destroyed or damaged beyond repair, or Client fails to timely return any Products, Phoenix Rx may issue an invoice to Client for the applicable component(s), and payment therefor will be due upon receipt of such invoice. In the event Client fails to timely return the Products, in lieu of the foregoing, Phoenix Rx may, in its sole discretion, remove the Products from Client, at Client’s cost, and issue an invoice to Client for such costs with payment therefor due upon receipt of such invoice. Client will pay for replacement packing materials and shipping costs for such materials from Phoenix Rx to Client in the event the Products are to be returned under this Section 10.5 and Client has not retained the original packing materials.
10.6 Survival. Provisions which by their nature are intended to survive shall be deemed to survive the termination of this Agreement.
11. LIMITATION OF DAMAGES.
11.1 EXCLUSIVE REMEDY. PHOENIX RX DOES NOT ACCEPT ANY LIABILITY FOR WARRANTIES BEYOND THE REMEDIES SET FORTH IN SECTION 4 OF THE LICENSE AGREEMENT. PHOENIX RX’S ENTIRE LIABILITY AND CLIENT’S EXCLUSIVE REMEDY FOR ANY CLAIM CONCERNING THIS AGREEMENT AND THE HARDWARE, SOFTWARE, AND SERVICES PROVIDED UNDER THIS AGREEMENT ARE SET FORTH IN THIS SECTION.
11.2 DISCLAIMER. CLIENT IS RESPONSIBLE FOR ASSURING AND MAINTAINING THE BACKUP OF ALL CLIENT DATA. UNDER NO CIRCUMSTANCES WILL PHOENIX RX BE LIABLE TO CLIENT OR ANY THIRD PARTY FOR THE LOSS OF OR DAMAGE TO CLIENT DATA.
11.3 LIMITATION. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PHOENIX RX, PHOENIX RX’S LICENSORS, AND ANY PARTY INVOLVED IN THE CREATION, MANUFACTURE, OR DISTRIBUTION OF THE HARDWARE AND SOFTWARE AND THE PERFORMANCE OF SERVICES UNDER THIS AGREEMENT WILL NOT BE LIABLE TO CLIENT FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS) OR FOR LOST DATA SUSTAINED OR INCURRED IN CONNECTION WITH THE HARDWARE, SOFTWARE, SERVICES, OR THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, REGARDLESS OF THE FORM OF ACTION AND WHETHER OR NOT SUCH DAMAGES ARE FORESEEABLE. IN ADDITION, PHOENIX RX’S TOTAL LIABILITY TO CLIENT FOR DIRECT DAMAGES ARISING OUT OF OR RELATING TO THE HARDWARE, SOFTWARE, SERVICES, AND THIS AGREEMENT WILL IN NO EVENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CLIENT TO PHOENIX RX UNDER THIS AGREEMENT. PHOENIX RX IS NOT LIABLE FOR DAMAGES CAUSED IN ANY PART BY CLIENT’S NEGLIGENCE OR INTENTIONAL ACTS OR FOR ANY CLAIM AGAINST CLIENT OR ANYONE ELSE BY ANY THIRD PARTY. SOME STATES (OR JURISDICTIONS) DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO CLIENT.
CLIENT UNDERSTANDS AND AGREES THAT THE PHOENIX RX PRODUCT IS A TOOL AND NOT A REPLACEMENT FOR CLIENT’S OBLIGATIONS AND RESPONSIBILITIES UNDER THE LAW AND IN THE EVENT OF ANY DAMAGES INCURRED BY A CLIENT CUSTOMER, REGARDLESS OF THE NEGLIGENCE OR BREACH OF THIS AGREEMENT BY PHOENIX RX, TO THE EXTENT PERMITTED BY LAW, CLIENT WILL LOOK TO CLIENT’S INSURANCE TO MEET ANY RESULTING CUSTOMER CLAIM.
12. DISPUTE RESOLUTION.
12.1 Disputes and Demands. The parties will attempt to resolve any claim or controversy related to or arising out of this Agreement, whether in contract or in tort (“Dispute”), on a confidential basis according to the following process, which either party may start by delivering to the other party a written notice describing the dispute and the amount involved (“Demand”).
12.2 Negotiation and Meditation. After receipt of a Demand, authorized representatives of the parties will meet at a mutually agreed upon time and place to try to resolve the Dispute by negotiation. If the Dispute remains unresolved after this meeting, either party may start mandatory nonbinding mediation under the commercial mediation rules of the LOOK American Arbitration Association (“AAA”) or such other mediation process as is mutually acceptable to the parties.
12.3 Injunctive Relief. Notwithstanding the other provisions of this Section 12, if either party seeks injunctive relief, such relief may be sought in a court of competent jurisdiction without complying with the negotiation and mediation provisions of this Section 12.
12.4 Time Limit. Neither mediation under this section nor any legal action, regardless of its form, related to or arising out of this Agreement may be brought more than two (2) years after the cause of action first accrued.
13. GENERAL PROVISIONS.
13.1 Entire Agreement. This Agreement, the Orders, and the attachments, schedules, and exhibits hereto are the entire agreement and supersede all prior negotiations and oral agreements. Phoenix Rx has made no representations or warranties with respect to this Agreement or the Product(s) and its components that are not included herein. This Agreement may not be amended or waived except in writing signed by an officer of the party to be bound thereby.
13.2 Preprinted Forms. The use of preprinted forms, such as purchase orders or acknowledgments, in connection with this Agreement is for convenience only and all preprinted terms and conditions stated thereon, other than initial cost and down payment dollar figures, are void and of no effect. If any conflict exists between this Agreement and any terms and conditions on a purchase order, acknowledgment, or other preprinted form, the terms and conditions of this Agreement will govern and the conflicting terms and conditions in the preprinted form will be void and of no effect.
13.3 Interpretation. This Agreement will be construed according to its fair meaning and not for or against either party. Headings are for reference purposes only and are not to be used in construing the Agreement. All words and phrases in this Agreement are to be construed to include the singular or plural number and the masculine, feminine, or neuter gender as the context requires.
13.4 Governing Law. THIS AGREEMENT WILL BE GOVERNED BY THE LAWS OF THE STATE OF NEBRASKA, WITHOUT REGARD TO ITS CONFLICT OF LAW PROVISIONS.
13.5 Severability. Whenever possible, each provision of this Agreement will be interpreted to be effective and valid under applicable law; but if any provision is found to be invalid, illegal, or unenforceable, then such provision or portion thereof will be modified to the extent necessary to render it legal, valid, and enforceable and have the intent and economic effect as close as possible to the invalid, illegal, or unenforceable provision. If it is not possible to modify the provision to render it legal, valid, and enforceable, then the provision will be severed from the rest of the Agreement and ignored. The invalidity, illegality, or unenforceability of any provision will not affect the validity, legality, or enforceability of any other provision of this Agreement, which will remain valid and binding.
13.6 Delays. Phoenix Rx is not responsible for failure to fulfill its obligations when due to causes beyond its reasonable control, including the failure of third parties to timely provide Software, Hardware, materials, or labor contemplated herein. Phoenix Rx will notify Client in writing of any such delay, and the time for Phoenix Rx’s performance will be extended for a period corresponding to the delay. Phoenix Rx and Client will determine alternative procedures to minimize delays.
13.7 Force Majeure. “Force Majeure” means a delay encountered by a party in the performance of its obligations under this Agreement that is caused by an event beyond the reasonable control of the party, but does not include any delays in the payment of monies due by either party. Without limiting the generality of the foregoing, Force Majeure will include, but is not restricted to, the following types of events: acts of God or public enemy; acts of governmental or regulatory authorities; fires, floods, epidemics, or serious accidents; unusually severe weather conditions; and strikes, lockouts, or other labor disputes. If any event constituting Force Majeure occurs, the affected party shall notify the other party in writing, disclosing the estimated length of the delay and the cause of the delay. If a Force Majeure occurs, the affected party will not be deemed to have violated its obligations under this Agreement, and time for performance of any obligations of that party will be extended by a period of time necessary to overcome the effects of the Force Majeure.
13.8 Compliance with Laws. Client and Phoenix Rx shall comply with all federal, state, and local laws in the performance of this Agreement, including those governing use of the Hardware and Software. Hardware and Software provided under this Agreement may be subject to U.S. and other government export control regulations. Client shall not export or re-export any Hardware or Software.
13.9 Assignment. Phoenix Rx may assign this Agreement or its interest in any Hardware or Software, or may assign the right to receive payments, without Client’s consent. Any such assignment, however, will not change the obligations of Phoenix Rx to Client that are outstanding at the time of assignment. Client will be notified in writing if Phoenix Rx makes an assignment of this Agreement. Client shall not assign this Agreement without the express written consent of Phoenix Rx, such consent not to be unreasonably withheld. In the event of any permitted assignment of this Agreement, the assignee shall assume the liabilities and responsibilities of the assignor, in writing.
13.10 Independent Contractors. Client and Phoenix Rx are independent contractors and are not agents or partners of each other. Phoenix Rx’s employees, agents, and subcontractors will not be entitled to any privileges or benefits of Client employment. Client’s employees, agents, and contractors will not be entitled to any privileges or benefits of Phoenix Rx employment.
13.11 Notices. Any notice required or permitted to be given under this Agreement by one party to the other must be in writing and shall be given and deemed to have been given immediately if delivered in person to the address set forth on the Signature Page for the party to whom the notice is given, or on the fifth (5th) business day following mailing if placed in the United States Mail, postage prepaid, by registered or certified mail with return receipt requested, addressed to the party at the party’s address set forth on the Signature Page. Each party may change its address for notice by giving written notice of the change to the other party.
14. DEFINITIONS.
“Annual Fee” means annual fees payable by Client to Phoenix Rx for Hardware, Support, and the Product after the payment of the Initial Annual Fee, in accordance with the payment schedule set forth in an Order.
“Confidential and Proprietary Information” means Software, firmware, diagnostics, Documentation, designs and configurations of Hardware, Software and firmware, trade secrets and related documentation, and any other information confidential to Phoenix Rx or its suppliers or licensors.
“Documentation” means end user documentation made available to Client in connection with the Product(s), as may be updated by Phoenix Rx from time to time.
“Firmware” means the Phoenix Rx Software embedded in the Phoenix Rx Hardware that allows execution of the software functions, but does not allow access to or modification of the software by an end user.
“Hardware” means the Phoenix Rx Hardware and Third-Party Hardware.
“Initial Annual Fee” means the first Annual Fee, in the amount specified as the “Initial Annual Fee” on an Order, which is payable in accordance with the payment schedule set forth on such Order.
“Installation Date” means the date Phoenix Rx completes delivery and installation of the Product at a Licensed Location.
“Licensed Locations” means the specific pharmacy branches or other locations at which a Product is installed.
“Phoenix Rx Hardware” means Phoenix Rx’s proprietary hardware which is sold to Client as part of a Product.
“Phoenix Rx Solution” means the prescription verification solution offered by Phoenix Rx comprised of one or more Products.
“Product” means a Phoenix Rx product in the family of products comprising the Phoenix Rx Solution, generally consisting of Phoenix Rx Hardware, Phoenix Rx Software, Third-Party Hardware and Third-Party Software.
“Software” means the Firmware, and other run-time executable code and associated support files of the software developed by or for Phoenix Rx that are licensed to Client pursuant to this Agreement as part of a Product, and all Documentation, updates, upgrades, versions, new releases, derivatives, revisions, corrections, improvements, rewrites, bug fixes, enhancements, and other modifications, including any custom modifications, thereto. Software also includes all Documentation provided by Phoenix Rx to Client with respect to such and all copies of the foregoing, but excludes the Third-Party Software.
“Support Services” means technical support and updates provided by Phoenix Rx for the Product.
“Third Party Hardware” means the third-party hardware provided as part of the particular Phoenix Rx Solution s (e.g., personal computers and backup power supplies).
“Third-Party Software” means the software owned by third parties that is pre-installed on Third-Party Hardware and deemed to be licensed directly by the third-party licensor to Client pursuant to terms and conditions included with such Third-Party Hardware. Third-Party Software is provided pre-installed on the Third-Party Hardware and will not be separately listed in an Order unless separately charged for.
By signing this Agreement, each party is agreeing to be legally bound by its terms.
AGREED: ACCEPTED: Phoenix Pharmatech, LLC
Signed By: _____________________________ Signed By: _____________________________
Print Name: ____________________________ Print Name: ____________________________
Title: __________________________________ Title: _________________________________
Date: __________________________________ Date: _________________________________Business Associate Agreement
This Business Associate Agreement (“BAA”) supplements and is made a part of the Phoenix Rx ScripClip Master Agreement (“Agreement” or “Master Terms”) by and between Client and Phoenix Pharmatech, LLC (“Business Associate”). This BAA is effective as of the same date as the Agreement or Master Terms to which it is attached.
Client wishes to disclose certain protected health information (“PHI”) to Business Associate pursuant to the terms of the Agreement. Such PHI is made available to Client by various customers and medical practices for which Client provides prescriptions and other medical services as a Covered Entity to such customers as that term is defined by the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its promulgating regulations (collectively, “HIPAA”). In connection with Business Associate’s services, Business Associate creates or receives Protected Health Information from or on behalf of Client, which information is subject to protection under HIPAA and its promulgating regulations (collectively “the HIPAA Rules”). “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164. The HIPAA Privacy Rule is the Standards for Privacy of Individually Identifiable Health Information at 45 CFR, part 160 and part 164, subparts A and E. The HIPAA Security Rule is the HIPAA Security Standards (45 C.F.R. Parts 160, 162, and 164). The HIPAA Breach Notification Rule is the Notification in the Case of Breach of Unsecured Protected Health Information, as set forth at 45 CFR Part 164 Subpart D.
Further, the parties now desire through this BAA to supplement the Agreement consistent with the HIPAA Rules. All such obligations specified below shall be effective as of the appropriate compliance date for any such obligations. In the event of conflicting terms or conditions, this BAA shall supersede the Agreement with respect to the subject matter hereof.
In light of the foregoing and the requirements of the HIPAA Rules, Business Associate and Client agree to be bound by the following terms and conditions:
1. DEFINITIONS.
The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident, Business Associate, Unsecured Protected Health Information, and Use.
Terms used but not otherwise defined, in this BAA shall have the same meaning as those terms in the HIPAA Rules.
1.1 Business Associate and Individual shall have the meanings provided under HIPAA, including but not limited to, 45 CFR Section 160.103.
1.2 Electronic Protected Health Information shall have the same meaning as the term “electronic protected health information” in 45 CFR 160.103, limited to the information that Business Associate Creates, receives, maintains or transmits from or on behalf of Client.
1.3 Privacy Rule shall mean the Standards of Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164.
1.4 Protected Health Information or PHI means any information, whether oral or recorded in any form or medium: (i) that relates to the past, present or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual, and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and shall have the meaning given to such term under HIPAA, including but not limited to, 45 CFR Section 160.103.
1.5 Secretary shall mean the Secretary of the Department of Health and Human Services or his designee.
1.6 Security Rule shall mean the Security Standards at 45 CFR part 160 and part 164, as it relates to Client.
1.7 Agreement shall mean any present or future agreements, either written or oral, between Client and Business Associate under which Business Associate provides services to Client.
2. SUBCONTRACTOR OBLIGATIONS & ACTIVITIES.
Business Associate recognizes and agrees that it is obligated by law to meet the applicable provisions of the HIPPA Rules. Business Associate will use commercially reasonable efforts to:
2.1 Use and Disclosure. Not use or further disclose PHI other than as permitted or required by the Agreement or this BAA or as required by law.
2.2 Appropriate Safeguards. Use appropriate safeguards to prevent the use or disclosure of the PHI other than as provided for by the Agreement. In addition, Business Associate will comply with the Security Rule as of the compliance date (September 23, 2013) for such obligations. and without limiting the generality of the foregoing sentence, Business Associate will:
2.2.1 Implement administrative, technical and physical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information as required by the Security Rule and the HITECH Act;
2.2.2 Report promptly to Client: (i) any security incident affecting the Electronic Protected Health Information of Client of which Business Associate becomes aware in which there is a successful unauthorized access, use, disclosure, modification, or destruction of PHI or interference with system operations in an information system in a manner that risks the confidentiality, integrity, or availability of PHI (“Security Incident”); (ii) (2) any breach of Unsecured Protected Health Information as required at 45 CFR 164.410; (iii) any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware. Any such report shall include the identification (if known) of each Individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such incident or Breach; and (iv) any use or disclosure of PHI not provided for by this Agreement of which it becomes aware. In addition, Business Associate will report, within seven (7) days following discovery, any acquisition, access, use, or disclosure of unsecured protected health information in a manner not permitted under this Agreement, unless excluded from the definition of breach in 45 C.F.R. §164. 402(1). If Business Associate believes that any such acquisition, access, use, or disclosure results in a low probability that the unsecured PHI has been compromised, it shall provide to Client all information supporting such conclusion from its risk assessment. . Notwithstanding the foregoing, notice is hereby deemed provided, and no further notice will be provided, for unsuccessful attempts at such unauthorized access, use, disclosure, modification or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above.
2.3 Mitigation. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI of Client by Business Associate in violation of the requirements of this BAA.
2.4 Business Associate’s Agents. Business Associate will ensure that any agent of Business Associate, including a subcontractor of Business Associate, to whom it discloses PHI of Client received from, or created or received by Business Associate on behalf of Client, agrees to the same restrictions and conditions set forth in the HIPAA Rules that apply through this BAA to Business Associate with respect to such information.
2.5 Access to Designated Record Sets. To the extent (if any) that Business Associate possesses or maintains PHI of Client in a Designated Record Set, provide access, at the written request of Client upon proper notice, to PHI in a Designated Record Set, to Client or to an Individual in order to meet the requirements under 45 CFR 164.524
2.6 Amendments to Designated Record Sets. To the extent (if any) that Business Associate possesses or maintains PHI in a Designated Record Set, Business Associate agrees to make any amendment(s) to PHI of Client in a Designated Record Set that Client directs or agrees to pursuant to 45 CFR 164.526 or take other measures as necessary to satisfy Client’s obligations under 45 CFR 164.526.
2.7 Access to Books and Records. Make internal practices, books and records including policies and procedures and PHI of Client, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Client available to the Secretary, along with any policies and procedures required by the HIPAA Security Rule, in a time and manner designated by the Secretary, for purposes of the Secretary determining Client’s compliance with the HIPAA Rules.
2.8 Accounting of Disclosures. Document, maintain and make available upon written request by Client in relation to a request from an individual the information required to provide an accounting of disclosures to Client or Individual as necessary to satisfy Client’s obligations under 45 CFR 164.528.
3. PERMITTED USES AND DISCLOSURES BY SUBCONTRACTOR.
3.1 Agreement. Except as otherwise limited in this BAA, Business Associate may use or disclose PHI as necessary to perform the services set forth in the Agreement and as permitted by law, provided that any such use or disclosure would not reasonably violate the HIPAA Rules if done by Client. Such use, disclosure or request of PHI shall utilize a limited data set if practicable or otherwise the minimum necessary PHI to accomplish the intended result of the use, disclosure or request. Business Associate also agrees to implement and follow appropriate minimum necessary policies in the performance of its obligations under this addendum.
3.2 Use and Disclosure for Administration of Business Associate. Except or the specific uses and disclosures set forth below, Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Client:
3.2.1 Business Associate may disclose PHI for its internal functions including without limitation the management and administration of the Business Associate and/or its agents or subcontractors or to carry out the legal responsibilities of the Business Associate and/or its agents or subcontractors.
3.2.2 Business Associate and/or its agents or subcontractors may disclose PHI for its internal function including without limitation the management and administration of the Business Associate and/or its agents or subcontractors provided that disclosures are required by law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
3.3 Data Aggregation Services. Except as otherwise limited in this BAA, Business Associate may use PHI to provide data aggregation services to Client as permitted by 45 CFR 165.504(e)(2)(i)(B) of the Privacy Rule and relating to the Health Care Operations of Client. Business Associate shall not sell Client’s PHI.
3.4 Reporting Violations of Law. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(i), as well as other disclosures permitted by law under 45 C.F.R. 512.
4. OBLIGATIONS OF CLIENT.
4.1 Privacy Notice. Client agrees that Client will not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by PHI. Client shall notify Business Associate of any limitation(s) in the notice of privacy practices (“NPP”) of Client which Client supplies to its patients under the Privacy Rule, to the extent that such limitation may affect Business Associates use or disclosure of PHI.
4.2 Permissions; Changes of Permission of Individual. Client warrants that Client has obtained any necessary authorizations, consents, and other permissions that may be required under applicable law prior to Client, Client Clients, or their patients, placing any information, including without limitation PHI. Client shall promptly notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose his/her PHI, to the extent that such changes may affect Business Associate’s use or disclosure of such PHI.
4.3 Restrictions on Use or Disclosure. Client shall promptly notify Business Associate of any restriction to the use or disclosure of PHI that Client has agreed to in accordance with 45 CFR 164.522 to the extent that such restriction may affect Business Associate’s use or disclosure of PHI; provided, however, that Client shall not agree to any such restrictions which would adversely affect Business Associate functions, except where such agreement is required by law.
5. PERMISSIBLE REQUESTS BY CLIENT.
Except as set forth in Section 3 of this BAA, Client shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by Client.
6. TERM AND TERMINATION.
6.1 Term. This BAA shall be effective as of the date of this BAA, and shall continue for the term of the Agreement, or on the date Client terminates for cause as authorized in paragraph 6.2 herein, whichever is sooner.
6.2 Termination For Cause. Upon Client’s knowledge of a material breach by Business Associate, Client shall provide an opportunity for Business Associate to cure the breach. If Business Associate does not cure the breach within not more than thirty (30) days following Business Associate’s receipt of a written notice from Client setting forth the details of such material breach, then Client shall have the right to terminate this Business Associate Agreement and the Agreement identified. Alternatively, if such failure cannot reasonably be cured, Client may report Business Associate to the HHS Secretary.
6.3 Effect of Termination. Upon termination of the Agreement pursuant to the terms thereof:
6.3.1 Except as provided in paragraph 6.3.2, Business Associate shall return and/or destroy all PHI received from, or created and/or maintained on behalf of Client. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the PHI.
6.3.2 In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The parties agree herein that the return or destruction of billing information necessary for Business Associate to collect information due it under the Agreement shall be infeasible. Notwithstanding, the parties agree that the return of Business Associate’s Proprietary Information as required in the Agreement shall not be affected by the terms of this BAA.
7. ELECTRONIC TRANSACTION STANDARDS.
When providing its services and/or products, Business Associate shall comply with all applicable HIPAA standards and requirements with respect to the transmission of health information in electronic form in connection with any transaction for which the Secretary has adopted a standard under HIPAA (“Covered Transactions”) and which Covered Transaction Business Associate elects to perform on behalf of Client. Business Associate will use commercially reasonable efforts to make its services and/or products or those of any of its vendors compliant with HIPAA’s standards and requirements. Client agrees that, in the Business Associate’s reasonable judgment, the cost of such compliance may be passed on to Client in any form, including, but not limited to, increased fees. Business Associate shall require all of its agents and subcontractors (if any) who assist Business Associate in providing its services and/or products to comply with HIPAA standards and requirements.
8. INDEMNIFICATION
Business Associate will indemnify Client, the Client Clients and their respective employees, officers, and related entities (the “indemnified parties”), for any costs incurred by Client or any of the other indemnified parties, including legal fees and costs related to breach notification, associated with or arising out of Business Associate’s grossly negligent or willful failure to carry out its duties under this BAA.
9. MISCELLANEOUS.
9.1 Regulatory References. A reference in this BAA to a section in HIPAA or the HIPAA Rules means the section as in effect or as amended. If the requirement of the referenced section, whether expressly referenced or referenced in substance, ceases to exist, the corresponding obligation hereunder shall likewise cease to exist (a “Rescinded Requirement”).
9.2 Amendment. The parties specifically agree to take such action as is reasonably necessary as mutually determined to amend this BAA from time to time as is necessary for Client to comply with the requirements of the HIPAA Rules. Parties further agree that this Agreement shall be deemed to have been automatically amended to remove any Rescinded Requirement with effective date of such rescission.
9.3 Third-Party Rights. This BAA is entered into by and between the parties hereto and for their benefit. There is no intent by either party to create or establish a third party beneficiary status or rights in any other party, including, but not limited to, Individuals, subcontractor, agents or other third party to this BAA, and no such third party shall have any right to enforce or any right to enjoy any benefit created or established under this BAA.
9.4 Interpretation. Any ambiguity in this BAA shall be resolved to reasonably permit Client to comply with the HIPAA Rules.
9.5 Miscellaneous. The terms of this BAA are hereby incorporated into the Agreement. In the event of a conflict between the terms of this BAA and the terms of the Agreement, the terms of the Agreement shall prevail. The terms of the Agreement which are not modified by this BAA shall remain in full force and effect in accordance with the terms thereof. The Agreement together with this BAA constitutes the entire agreement between the parties with respect to the subject matter contained herein. This BAA may be executed in counterparts, each of which when taken together shall constitute one original.