VOYCE INTERPRETATION SERVICES TERMS

AND CONDITIONS

These Voyce Interpretation Services Terms and Conditions (“Interpretation Terms” or “Agreement”) apply to

healthcare providers and govern their use of the remote interpretation services (“Services”) available to users

through the online interfaces and properties (e.g., websites and mobile applications) owned and controlled by

Voyce, Inc., a Delaware corporation with its headquarters located at 1580 Sawgrass Corporate Pkwy, Suite 110,

Sunrise, FL 33323, USA (“Voyce” or “Company”), including the https://voyceglobal.com website (the “Site”).

“Providers” “You” “your” “Customer” and similar terms refer to healthcare providers who use the Services. Your

compliance with these Interpretation Terms is a condition to your use of the Services. Company and Customer are

hereinafter referred to individually as “Party” and collectively as “Parties.”

1. SERVICES: The Services (“Services”) to be performed by Company shall consist of the provision of remote

language interpreting services by video or audio through the VOYCE Remote Interpretation Management

Platform (Voyce Platform) or by telephone, during the term hereof, as requested by Customer. The

interpretation services shall be performed by Company in a manner consistent with the degree of care and

skill standard in the language interpreting services industry.

1.1 Voyce Platform. Company will provide the VOYCE Remote Interpretation Management Platform

(Voyce Platform) to Customer to facilitate the service and delivery of Video Remote Interpretation

(VRI), Voice Only Interpretation (VOI).

1.2 Authorized Users; Authorized Uses. Company grants Customer a renewable, nonexclusive, royalty-free,

and worldwide right for any Customer employee, contractor, or agent, or any other individual or entity

authorized by Customer, (each, an “Authorized User”) to access and use the Services.

1.3 Proprietary Rights. Customer acknowledges that the Voyce Platform shall remain the sole and exclusive

property of Company. Further, Customer expressly acknowledges that Company’s intellectual property

rights for the Voyce Platform, including patent, copyright, trademark or proprietary rights, shall not be

altered, infringed upon, or diminished in any respect, by virtue of this Agreement.

2. TERM AND TERMINATION: This Agreement is legally binding as of the Customer agrees online the

Agreement and shall continue until terminated as provided for herein. A Party may terminate this Agreement

any time. Customer shall be liable for payment for all Services performed through the effective date of

termination.

3. FEES: Customer shall be responsible for and shall pay to Company the fees subject to the terms and

conditions contained in this Agreement. For purpose of billing, services begin when the interpreter or service

provider answers the service request and ends when that Customer terminates their involvement in the service.

Service time will round up to the nearest minutes when service minutes are used in the fee schedule. The fees

are composed of the following:

3.1 Subscription Fees

Subscription Fee

US$0.99 per user per month*

* Subscription Fee will be waived for the first month

Page 1 of 10

Service Agreement: C ONFIDENTIAL

3.2 On Demand Remote Interpretation Service Fees

On Demand Interpretation

English <-> Spoken Languages

US$0.99 per minute

On Demand Interpretation

English <-> American Sign Language

US$1.49 per minute

4. INVOICES AND PAYMENTS: Company will charge Customer monthly by credit card for Services

provided. When the amount due to Company by Customer exceeds US$100, Company may charge Customer

by credit card for Services already provided.

5. INDEPENDENT CONTRACTOR: The Parties agree that Company’s relationship to Customer is that of

an independent contractor and that nothing contained in the Agreement shall be construed as creating any

other type of relationship. Company may employ such arrangements as it deems appropriate with respect to

the performance of the Services. Interpreters utilized by Company are not employees or agents of Customer

in any respect. Customer acknowledges that Company may employ interpreters, contract interpreters as

independent contractors, or contract other qualified language service providers to provide Services to the

Customer.

6. USE OF SERVICE: Customer shall not, for any reason, use Company’s interpretation services for illegal or

improper purposes.

7. PAYMENT GUARANTEE: Customer agrees to the payment terms in this Agreement without regard to the

payments and terms negotiated between its customers.

8. CONFIDENTIAL INFORMATION AND HIPAA COMPLIANCE: For purposes of this Agreement, the

term " Confidential Information " means information received by a Party (“ Recipient ”) from the other Party

(“ Discloser ”) in written, graphic, tangible, electronic, or magnetic form, and oral information including, but

not limited to, that which constitutes, represents, evidences or records a scientific, technical, merchandising,

production, or management information design, process, procedure, formula, invention, or improvement, or

financial or other business aspect or activity of the Discloser, and specifically includes (1) the Parties’ client

lists and the identity of their clients; (2) any of Customer’s patients’ information, including any that

constitutes “Protected Health Information,” as such term is defined pursuant to the Health Insurance

Portability and Accountability Act of 1996, 42 U.S.C. § 1320d et seq. , and the regulations promulgated

thereunder (“HIPAA”); and (3) Customer’s physicians’ and other providers’ provider numbers, social security

numbers and license numbers. Confidential Information likewise means information from which the

Discloser derives economic value, actual or potential, from such information not being generally known to or

being readily ascertainable by other persons or entities who could obtain economic value from its disclosure.

Company and Customer each acknowledge that the other considers its own Confidential Information to

constitute a “trade secret” under applicable law. Company and Customer shall hold the other’s Confidential

Information in trust and confidence using the same level of care as they would to protect their own

Confidential Information from disclosure, and will not disclose the Confidential Information of the other to

any person except to comply with the terms of this Agreement. In connection therewith, all interpreters or

translators used by Company are required to keep confidential all records and notes pertaining to the Services

that they provide for Company hereunder. Upon termination or expiration of this Agreement, each Party shall

return to the other Party all of its Confidential Information. Each Party’s respective obligations under this

Section shall survive the expiration or termination of this Agreement.

The parties agree that, in carrying out its obligations hereunder, Company shall receive and gain access to

Protected Health Information, as defined above, and shall, contemporaneously with the execution of this

Agreement, execute the Business Associate Agreement (as defined pursuant to HIPAA) attached hereto as

Schedule A, which shall govern all uses and disclosures of Protected Health Information hereunder.

Page 2 of 10

Service Agreement: C ONFIDENTIAL

9. PERMITTED DISCLOSURE OF CONFIDENTIAL INFORMATION: Each Party’s obligation to hold

the other Party’s Confidential Information in confidence shall not apply to any information which is (a)

already known to or in the possession of the Recipient; (b) available to the general public at the time of

disclosure or becomes available to the general public through no fault of Recipient; (c) independently

developed by the Recipient without reference to or use of Discloser’s Confidential Information; and/or (d)

disclosed to the Recipient by a third party without restriction and without breaching this Agreement. If either

Party receives a court subpoena, request for production of documents, court order, or requirement of a

government agency to disclose any Confidential Information, the Recipient shall give prompt written notice

to the other Party so that the subpoena, request for production of documents, order, or requirement can be

challenged or limited in scope by Customer or Company, as appropriate.

10. NONSOLICITATION: Neither Party to this Agreement shall solicit the other Party’s employees or

contractors independently known or discovered through the course of business between the Parties while this

agreement is in effect and for a period of one year following termination, unless permission is given by either

party via email or certified mail. Neither Party to this Agreement shall encourage the other Party’s clients to

discontinue business with the other Party. Company’s interpreters or translators and language service

providers shall also be expressly subject to this non-solicitation prohibition. No Party shall, however, be

prohibited from responding to an inbound solicitation for, a general public solicitation for, or a publicly

advertised request for proposals for the provision of language services to a client of the other. Remedies for

breach of this section are available to the aggrieved Party without restriction by any other provisions of this

Agreement.

11. INDEMNIFICATION: Company and Customer shall indemnify, defend and hold harmless the other from

any claim, loss, damage, settlement, judgments, costs, penalties, fines, and expenses of every kind and nature

(including, without limitation, reasonable attorney’s fees) resulting from its (or its employees’, agents’, or

subcontractors’) breach of confidentiality, negligence or willful misconduct, intellectual property

infringement (as alleged by a third party), or any other act or omission in the course of providing the Services

hereunder. To obtain such indemnification, the indemnitee must promptly notify the indemnitor of the liability

claim, and give the indemnitor all necessary information, reasonable cooperation, and the exclusive authority

to evaluate, defend, and settle the claim. Notwithstanding the foregoing sentence, indemnitor will not enter

into any settlement without the indemnitee’s prior written consent unless all third-party claims against the

indemnitee are released without any further liability on the indemnitee’s part. The foregoing indemnification

obligations of the indemnitor relating to third party infringement shall not apply to the extent that: (a) the

Services are modified by Customer where such modification was not recommended, authorized in writing or

required by Company and where such modification is the basis of the third party claim; (b) the Services are

combined or bundled by Customer with any non-Company products, processes or materials not recommended,

authorized or provided by Company, if such liability would not have arisen but for such combination or

bundling.

12. FORCE MAJEURE: Company shall not be liable or responsible in any way for any loss, injury, and/or

damage arising out of or relating to any Company failure of performance and/or delay resulting directly or

indirectly from any cause which is beyond Company’s reasonable control, including but not limited to:

pandemic, endemic, fire, explosion, lightning, power surges or outages, strikes or labor disputes, acts of God,

civil disturbances, acts of civil or military authorities, acts of terrorism, fuel or energy shortages, acts and/or

omissions by third-party communications carriers, or any other cause beyond Company control.

13. REPRESENTATIONS AND WARRANTIES; DISCLIAMERS; LIMITATION OF LIABILITY:

Company represents and warrants that (a) Company will perform the Services using personnel of required

skill, experience and qualifications and in a professional and workmanlike manner in accordance with

generally recognized industry standards for similar services and will devote adequate resources to meet its

obligations under this Agreement; (b) Company will comply with all applicable state and federal laws, rules

and regulations in connection with Company’s performance hereunder; (c) Company will not introduce, or

permit any person under its direction or control to introduce , any Harmful Code into Customer’s systems and

(d) Company is not under, and shall not during the term hereof enter into or be under, any obligation, covenant

Page 3 of 10

Service Agreement: C ONFIDENTIAL

or restriction which would or might operate to prevent or restrict Company from performing Company’s

obligations under this Agreement, or which may give rise to any conflict of interest between Company and

Customer. Except as specified herein, Company makes no additional representation, warranty or guaranty,

express or implied, concerning the Services including, but not limited to, the availability or timeliness of the

performance of any Services. In no event shall Company be liable for loss of revenue or profits or for any

incidental, consequential, indirect, punitive or special damages, whether foreseeable or unforeseeable, claimed

by or on behalf of Customer or its officers, agents, employees, directors or representatives. Company’s

aggregate liability to Customer for any such claim shall be limited to the lesser of (a) the amount paid by

Customer within the previous 12 months for the Services, or (b) $5,000.00. The foregoing limitations of

liability shall not apply to the extent that any such limitation is void, prohibited or unenforceable by applicable

law, or in the case of (i) breach of confidentiality or of the Business Associate Agreement (Section 8); (ii)

either Party’s indemnification obligations (Section 11); or (iii) Company’s gross negligence, or willful or

intentional misconduct. No action may be brought by Customer more than one (1) year after the cause of

action has accrued.

14. FEEDBACK: Customer will use reasonable efforts to notify Company of any feedback or suggestions from

Customer relating to the Voyce Platform and Services including any suggestions for modifications or

enhancements to the foregoing (“ Feedback ”). Customer shall and hereby does grant Company a non-

exclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid-up license to

use and exploit the Feedback for any purpose.

15. ASSIGNMENT: This Agreement, and the rights and obligations hereunder, may not be assigned or

transferred by either Party without the prior written consent of the other Party, except that either Party may

assign this Agreement to an affiliated company or in connection with the merger or consolidation of such

Party or a sale of all or substantially all of its assets.

16. SEVERABILITY: If any provision of this Agreement shall be construed to be illegal or invalid, the illegal

or invalid provision shall be reformed to the extent possible to give its intended effect and/or meaning and all

remaining provisions hereof shall continue in full force and effect so long as the economic or legal substance

of this Agreement is not affected in any manner materially adverse to any Party.

17. WAIVER: No waiver of any provisions of this Agreement shall be effective unless made in writing. No

waiver of any breach of any provision of the Agreement shall constitute a waiver of any subsequent breach of

the same or any other provision of this Agreement. Failure to enforce any term of the Agreement shall not be

deemed a waiver of future enforcement of that or any other term.

18. DISPUTE RESOLUTION: Any dispute, controversy, or claim relating to this Agreement (a “Dispute”) will

be resolved first through good faith negotiations between the parties. If the Dispute cannot be resolved

through good faith negotiation, the parties shall submit the Dispute to mediation under the commercial

mediation rules of the American Arbitration Association (“AAA”). The mediation shall be held in Miami-

Dade or Broward County, Florida within forty-five (45) days of filing the request with the AAA. If the Dispute

is not resolved through mediation, the matter will be submitted to binding arbitration with the AAA under its

commercial arbitration rules. Arbitration will be the sole and exclusive means for adjudication of a Dispute

and shall occur in Miami-Dade or Broward County, Florida. The cost of the arbitration (including the fees

and expenses of the arbitrator will be shared equally by the Parties; provided, however, that each will pay its

own attorney’s fees. The arbitrator will have the authority to apportion liability between the parties but will

not have the authority to award any damages or remedies not available under, or in excess of, the express

terms of this Agreement. There shall be one (1) arbitrator who will be jointly selected by the Parties. If the

Parties cannot agree on an arbitrator, one shall be chosen by the AAA. The arbitration award will be presented

to the Parties in writing, and upon the request of either, will include findings of fact and conclusions of law.

The award may be confirmed and enforced in any court of competent jurisdiction. With regards to any action

for breach of confidentiality or intellectual property obligations, nothing in this Section shall preclude either

Party from seeking interim equitable relief in the form of a temporary restraining order or preliminary

injunction. Any such request by a Party for interim equitable relief shall not be deemed a waiver of the

Page 4 of 10

Service Agreement: C ONFIDENTIAL

obligation to arbitrate hereunder. THE PARTIES EXPRESSLY WAIVE THEIR RESPECTIVE RIGHTS TO

A JURY TRIAL.

19. GOVERNING LAW: This Agreement shall in all respects be construed in accordance with and governed by

the laws of the State of Florida, without regard to its conflict of laws rules. The Parties agree that the

appropriate court in Florida, shall have exclusive jurisdiction with respect to any controversy or dispute arising

out of or relating to this Agreement not resolved by the Parties hereto.

20. ATTORNEY FEES: In any suit or dispute between the Parties over enforcement of this Agreement or any

portion thereof, the prevailing Party shall be entitled to an award against the other for the prevailing Party’s

attorney fees and other legal proceedings costs, whether incurred in consultation prior to suit, for trial, for

arbitration, or for appeal.

21. ENTIRE AGREEMENT: This Agreement and all schedules and attachments hereto constitute the entire

agreement between the Parties and supersede all prior oral or written statements related to the subject matter

of this Agreement. This Agreement may be modified, amended, or changed only by a written document signed

by both Parties hereto. This Agreement shall not create any benefits, rights, privileges, remedies, or claims

for, in, by, or on behalf of any Parties who are not signatories to this Agreement.

Page 5 of 10

Service Agreement: C ONFIDENTIAL

Schedule A

BUSINESS ASSOCIATE AGREEMENT

_________________________________ (“ Covered Entity ”), and Voyce, Inc. (“ Business Associate ”) enter into

this Business Associate Agreement (“ BAA ”) as of the date the Covered Entity signs this BAA (“ Effective Date ”).

Covered Entity and Business Associate agree that under the BUSINESS ASSOCIATE AGREEMENT entered

into by Covered Entity and Business Associate (the “ Agreement ”), Business Associate provides services for or

on behalf of Covered Entity that may involve access to PHI (as defined below) and that, as such, the parties agree

as follows:

I. DEFINITIONS

Unless otherwise specified in this BAA, all capitalized terms used in this BAA not otherwise defined have the

meanings ascribed by HIPAA and ARRA, as each may be amended from time to time.

A. “ ARRA ” means the Health Information Technology for Economic and Clinical Health Act provisions

of the American Recovery and Reinvestment Act of 2009, Pub. Law No.111-5 and its implementing

regulations.

B. “ Breach ” means the actual or reasonably suspected acquisition, access, Use or Disclosure of PHI in

a manner not permitted by the Privacy Rule that compromises the security or privacy of the PHI.

C. “ Breach Notice Rule ” means the federal breach notification regulations issued pursuant to ARRA,

as amended from time to time, 45 C.F.R. Parts 160 and 164.

D. “ Compliance Date ” means, in each case, the date by which compliance is required under the

referenced provision of ARRA’s or HIPAA’s implementing regulations, as applicable.

E. “ Discovery ” means the first day on which Business Associate, or any workforce member, agent, or

Subcontractor of Business Associate, knows, or, by exercising reasonable diligence would have

known, of a Breach.

F. “ Encrypt ” means to use an algorithmic process to transform data into a form in which there is a low

probability of assigning meaning without use of a confidential process or key, which process

conforms to NIST Special Publications 800–111, 800–52, 800–77, or 800–113, as appropriate, or that

is otherwise validated against the Federal Information Processing Standards (FIPS) 140–2.

G. “ ePHI ” means PHI as defined below, which is transmitted or maintained in electronic media.

H. “ HIPAA ” means the Health Insurance Portability and Accountability Act of 1996 and its implementing

regulations.

I. “ PHI ” means Protected Health Information, as defined in 45 C.F.R. § 160.103, limited to the Protected

Health Information received from, or received, created, or accessed on behalf of, Covered Entity.

J. “ Privacy Rule ” means the federal privacy regulations issued pursuant to HIPAA, as amended from time

to time, 45 C.F.R. Parts 160 and 164.

K. “ Security Incident ” means the successful unauthorized access, Use, Disclosure, modification or

destruction of ePHI or interference with system operations in an information system. Unsuccessful

attempts to breach security, including pings and other broadcast attacks on Business Associate’s

firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the

above, so long as such incidents do not result in unauthorized access, use or disclosure of PHI, shall

not be deemed Security Incidents.

L. “ Security Rule ” means the federal security regulations issued pursuant to HIPAA, as amended from

time to time, 45 C.F.R. Parts 160 and 164.

M. “ Subcontractor ” means Business Associate’s subcontractors and agents that create, receive, maintain

or transmit PHI for the purpose of performing any of Business Associate’s obligations under the

Agreement.

Page 6 of 10

Service Agreement: C ONFIDENTIAL

II. RESPONSIBILITIES OF BUSINESS ASSOCIATE.

A. Business Associate shall provide relevant training on HIPAA and the requirements of this agreement

to all persons accessing PHI or ePHI. The training materials and records shall be provided to the

covered entity upon request.

B. Business Associate shall implement and use appropriate Technical, Physical and Administrative

Safeguards to reasonably and appropriately protect the Confidentiality, Integrity and Availability of

PHI and to prevent Use or Disclosure of PHI, other than as permitted by this BAA.

C. Business Associate shall, within the earlier of the Compliance Date or 90-days from the Effective

Date, comply with all applicable provisions of the Security Rule. The Business Associate shall

conduct a risk assessment to evaluate compliance with the Security Rule and shall, at the request of

the Covered Entity, provide a written attestation acknowledging completion and communicating the

results of the risk assessment.

D. Business Associate shall Encrypt all transmissions of ePHI and all portable media or storage devices

on which ePHI may be stored, including laptops, back-up media, CDs, or USB drives.

E. Within 30-days after receiving a written request from Covered Entity, make available information

necessary for Covered Entity to make an accounting of disclosures of PHI about an Individual, as

provided in 45 C.F.R. § 164.528; and in accordance with 42 U.S.C. § 17935(c) and its implementing

regulations as of the Compliance Date, make that accounting directly to the Individual if directed to do

so by Covered Entity.

F. At the request of Covered Entity and in the time, manner, and form designated by Covered Entity, not

to exceed 15-days, provide access to PHI in a Designated Record Set to Covered Entity or, if directed

by Covered Entity, to an Individual or to a recipient designated by the Individual, in accordance with

the requirements of 45 C.F.R. § 164.524. Business Associate shall not charge Covered Entity or any

Individual any fee associated with the production of PHI in accordance with this section that exceeds

fees described at 45 C.F.R. § 164.524.

G. Make available PHI in a Designated Record Set, no more than 30-days following receipt of a written

request by Covered Entity, PHI for amendment and incorporate any amendments to the PHI as

directed by Covered Entity, all in accordance with 45 C.F.R. § 164.526.

H. Business Associate shall notify Covered Entity, in writing, no more than 3-days following Business

Associate’s receipt directly from an Individual of any request for an accounting of disclosures or access

to or amendment of PHI as contemplated in Sections II (D) (E) or (F), above.

I. Business Associate shall require each Subcontractor to agree, in writing, to the same restrictions and

conditions that apply to Business Associate. Furthermore, to the extent that Business Associate

provides ePHI to Subcontractor, Business Associate shall require Subcontractor to comply with all

applicable provisions of the Security Rule upon the earlier of the Compliance Date or 90-days from

the Effective Date. If Subcontractor is not subject to the jurisdiction or laws of the United States, or

if any use or disclosure of PHI in performing the obligations under this BAA or the Agreement will

be outside of the jurisdiction of the United States, Business Associate must require Subcontractor to

agree by written contract with Business Associate to be subject to the jurisdiction of the Secretary,

the laws, and the courts of the United States, and waive any available jurisdictional defenses that

pertain to the parties’ obligations under this BAA, HIPAA, or ARRA.

J. Business Associate shall not Use or Disclose PHI except as necessary to perform its obligations under

the Agreement or as otherwise required by this BAA, provided that such Use or Disclosure is permitted

by applicable law and complies with each applicable requirement of 45 C.F.R. § 164.504(e).

1. In compliance with 45 C.F.R. § 164.502(b)(1), as of its Compliance Date or no more than 90-

days following the Effective Date, whichever is earlier, Business Associate shall request, Use,

and Disclose only the minimum amount of PHI necessary to accomplish the purpose of the

request, Use, or Disclosure.

2. Business Associate shall not use PHI to make or cause to be made any communication that would

constitute Marketing.

K. Without unreasonable delay, and in any event, no more than 48-hours after Discovery, Business

Associate shall notify Covered Entity of any Breach, Use or Disclosure of PHI not permitted under

this BAA, or any Security Incident. Business Associate shall deliver the initial notification of such

Page 7 of 10

Service Agreement: C ONFIDENTIAL

Breach, in writing, which must include a reasonably detailed description of the Breach and the steps

Business Associate is taking and would propose to mitigate or terminate the Breach. Furthermore,

Business Associate shall supplement the initial notification, no more than 10-days following

Discovery, with information including the identification of each individual whose PHI was or is

believed to have been involved; a reasonably detailed description of the types of PHI involved; all

other information reasonably requested by Covered Entity, including all information necessary to

enable Covered Entity to perform and document a risk assessment in accordance with 45 C.F.R. Part

164 subpart D; and all other information necessary for Covered Entity to provide notice to individuals,

the U.S. Department of Health & Human Services (“ HHS ”), or the media, if required. Despite

anything to the contrary in the preceding provisions, in Covered Entity’s sole and absolute discretion

and in accordance with its directions, Business Associate shall conduct, or pay the costs of conducting,

an investigation of any Breach and shall provide or pay the costs of providing any notices required by

the Breach Notice Rule or other applicable law.

L. Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to

Business Associate of a Use or Disclosure of PHI by Business Associate that is not permitted by this

BAA.

M. Business Associate shall make available to HHS its internal practices, books, and records, relating to

the Use and Disclosure of PHI pursuant to the Agreement for purposes of determining Business

Associate’s and Covered Entity’s compliance with the Privacy Rule.

N. Business Associate shall not directly or indirectly receive remuneration in exchange for any PHI.

O. To the extent Business Associate is to carry out one or more of Covered Entity’s obligations under

the Privacy Rule, the Business Associate shall comply with the requirements of the Privacy Rule that

apply to Covered Entity in the performance of such obligations.

P. Business Associate shall provide contact information for one primary person and one secondary

person in Appendix A. Any changes in the contact information shall be forwarded to the Covered

Entity.

Q. The Business Associate shall respond in writing within 10 business days to the Covered Entity’s

request(s) to attest to the Business Associate’s compliance with the Privacy Rule, the Security Rule,

and the Responsibilities of the Business Associate as specified in this BAA. The Business Associate

shall make available to the Covered Entity its internal practices, books, and records, relating to the

Use and Disclosure of PHI as necessary to substantiate the attestation of compliance.

III.

RESPONSIBILITIES OF COVERED ENTITY

Covered Entity shall notify Business Associate, in writing, of an Individual’s request to restrict the Use

or Disclosure of such Individual’s PHI, any limitations in Covered Entity’s Privacy Notice relevant to

Business Associate’s performance of its obligations under this BAA or the Agreement, or any revocation

by an Individual of authorization to Use or Disclose PHI.

IV.

TERM, TERMINATION AND DAMAGES

A. This BAA is effective as of the Effective Date and terminates when Business Associate and its

Subcontractors no longer have access to PHI, and when all of the PHI in Business Associate’s

possession, inclusive of PHI in the possession of Business Associate’s Subcontractors, has been

returned or destroyed, unless earlier terminated in accordance with Sections IV(B) through (C) of this

BAA.

B. Upon Covered Entity’s determination of a breach of a material term of this BAA by Business

Associate, Covered Entity may terminate this BAA. As of the Compliance Date of 45 C.F.R. §

164.504(e)(1)(iii), if either party knows of a pattern of activity or practice of the other party that

constitutes a material breach or violation of this BAA, the non-breaching party will provide notice

thereof to the other party. Such notice must clearly specify the nature of the breach or violation. Each

party must take reasonable steps to cure the breach or end the violation. If after 30-days or such

longer time specified in writing by the non-breaching party, the non-breaching party reasonably

determines that such steps are unsuccessful in curing the breach or ending the violation, the non-

Page 8 of 10

Service Agreement: C ONFIDENTIAL

breaching party may terminate this BAA and the Agreement, if feasible. In the event that termination

is not feasible, the non-breaching party shall report the problem to HHS.

C. Except as provided below, Business Associate shall return or destroy all PHI, including all PHI in

possession of its Subcontractors, immediately following the termination or expiration of this BAA.

However, in the event that Business Associate is legally obligated to retain such PHI, Business

Associate may do so provided that:

1. Business Associate notifies Covered Entity of such legal obligation, in writing, immediately upon

Business Associate’s notice of such legal obligation, which such writing must describe in detail

the legal obligation;

2. Business Associate extends all protections, limitations, and restrictions contained in this BAA to

Business Associate’s Use or Disclosures of any PHI retained after termination or expiration of

this BAA;

3. Business Associate limits any further Use or Disclosures solely to satisfying such legal obligation

for which it has provided Covered Entity with written notice in accordance with Section IV(C)(1),

above.

4. Business Associate returns or destroys all PHI when such legal obligation has been fulfilled or

has concluded.

D. In addition to any damages recoverable under this BAA, the parties acknowledge that certain breaches

or violations of this BAA may result in litigation or investigations pursued by federal or state

governmental authorities of the United States resulting in civil liability or criminal penalties. Each

party shall cooperate in good faith in all respects with the other party in connection with any request

by a federal or state governmental authority for additional information and documents or any

governmental investigation, complaint, action, or other inquiry.

V.

INDEMNIFICATION

A. Each party shall indemnify the other party against all liabilities and losses (including attorneys’ fees)

reasonably and properly incurred by the indemnified party (“ Losses ”) in connection with any actual,

threatened, or pending, civil, criminal, or administrative cause of action, claim, inquiry, investigation,

lawsuit, or proceeding (each, a “ Claim ”) in connection with the performance or failure to perform by

the indemnifying party of its obligations under this BAA; provided, however, that neither party is

obligated to indemnify the other party where such Losses have been suffered or incurred by such other

party as a result of its or its agent’s willful misconduct or fraudulent or criminal acts or

omissions. Each party shall provide the other with prompt notice of any Claim that may trigger the

foregoing indemnification requirements and take all necessary and appropriate actions to protect the

interest of the other party with regard to the Claim. Upon demand by the indemnified party, the

indemnifying party shall defend any investigation, claim, litigation or other proceeding brought or

threatened against the indemnified party, at the indemnifying party’s expense, by counsel acceptable

to the indemnified party. Neither party shall enter into any settlement without the written consent of

the other party.

B. Neither party shall consent to any judgment or settlement of a Claim without the prior, written consent

of the other party.

VI.

GENERAL TERMS

A. This BAA amends and is made a part of the Agreement. Any changes or modification to this BAA

must be in writing and signed by both parties.

B. To the extent not clear, the terms of this BAA are to be construed to allow for compliance by the

parties with HIPAA or ARRA. If any provision of the BAA is in conflict with any provision of the

Agreement, the conflicting provision of this BAA prevails to the extent necessary for the parties to

comply with HIPAA and ARRA.

C. Nothing in this BAA confers upon any person other than the parties and their respective successors

or assigns, any rights, remedies, obligations, or liabilities, whatsoever.

Page 9 of 10

Service Agreement: C ONFIDENTIAL

D. Sections II(G)(H)(J)(M) and Sections IV, V, VI(E)(F) survive the termination for any reason or

expiration of this BAA.

E. In the event Business Associate receives a notification from or on behalf of HHS regarding a

compliance review, an audit, or an investigation or inquiry of any kind pertaining to the services

provided under the Agreement or Covered Entity, it will notify Covered Entity no more than 3-days

following its receipt of that notice.

F. The law of the State of Delaware, without regard to its internal law on the conflict of laws, controls

this BAA. Each party consents and submits to the jurisdiction of the federal and/or state courts of

New Castle County, Delaware, and hereby waives any defense based upon venue, inconvenience of

forum, or lack of personal jurisdiction in any action or suit brought in connection with or relating to

this BAA or related matters. Each Party will bring any action or suit concerning this Agreement or

related matters in federal or state court with appropriate subject matter jurisdiction in New Castle

County, Delaware. Each Party acknowledges that it has read and understands this clause and

agrees willingly to these terms.

G. The parties may execute this BAA in a number of counterparts and each counterpart signature, when

taken with the other counterpart signatures, is treated as if executed upon one original of this BAA.

A facsimile or pdf signature, or a scanned image of an original signature, of any party to this BAA is

binding upon that party as if it were an original.

Page 10 of 10

Service Agreement: C ONFIDENTIAL