TERMS OF AGREEMENT

Effective For All Service Agreements Entered After May 1, 2022.

These Terms of Agreement (the “Terms of Agreement” or “TOA”) establish the terms under which Health Magnet, LLC (“Magnet”) will provide Services to Customer as set forth on the Service Agreement between Customer and Magnet or under any additional Statement of Work (“SOW” — SOWs are included in the Definition of Service Agreement). All capitalized terms will have the meaning set forth in EXHIBIT B, Section 1 of these Terms of Agreement or, if not defined herein, in the Service Agreement. In the event of a conflict between the Service Agreement and these Terms of Agreement, the Service Agreement or the later executed SOW will govern. In the event of a conflict between these Terms of Agreement, and the Terms of Use or the Privacy Policy, these Terms of Agreement will control.

IMPORTANT NOTICE. Magnet is not itself a healthcare provider. Magnet is a business that facilitates health care services in the digital age. Magnet does not provide medical advice, and Magnet does not diagnose, treat, or prevent illness or ailments – only individual licensed health care providers do these things.

This Terms of Agreement includes the following:

• EXHIBIT A – SPECIFIC PRODUCTS & SERVICES. The Services Customer has agreed to receive are set forth on the Service Agreement. EXHIBIT A contains Additional specific information about each type of service, as applicable to Customer’s specific order. By entering the Service Agreement, Customer agrees to the terms of the Service Agreement, these Terms of Agreement, and all other terms and conditions incorporated by reference into the Service Agreement.
• EXHIBIT B – DEFINITIONS, AND GENERAL AGREEMENT TERMS. EXHIBIT B contains defined terms, and other agreed-upon contractual provisions.
• EXHIBIT C – BUSINESS ASSOCIATE AGREEMENT. EXHIBIT C contains the Business Associate Agreement between Magnet and Customer. [Remainder of Page Intentionally Blank – Exhibits Begin on Next Page]

1

Terms of Agreement

EXHIBIT A
Specific Types of Magnet Services

The following Services comprise all Services currently offered by Magnet under Service Agreements, as well as any specific Customer Responsibilities relating to each Service.

To determine which Services have been purchased by Customer, please refer to the Service Agreement and any Amendments thereto. The provisions below only apply to services that Customer has actually purchased under the Service Agreement (e.g., if Customer has not purchased RPM services, the RPM section below is inapplicable).

1. Staffing Services. Magnet will provide staffing services as agreed in the Service Agreement. Staff

will operate under their own supervision and control (within the scope of their license, if applicable). Customer will be entitled to bill and collect for, regardless of payor, all charges for staff services rendered. Staff will assign all rights to bill for such services. Staff will abide by Customer’s policies and procedures. If any staff are unacceptable to Customer, Customer and Magnet will meet in good-faith to discuss the issues making the staff unacceptable. If the issues are not resolved, Magnet will remove said staff from providing services to Customer.

a. Customer Responsibilities. Customer is responsible for:
i. Providing staff with all facilities, equipment, and support necessary to render services. ii. Providinganynecessarysupervisionofstaff.
iii. Providing feedback to Magnet regarding staff.
iv. Customer is reminded of its non-solicitation obligations set forth in EXHIBIT B.

2. Virtual Medical Clearance Services. Magnet will provide devices and telehealth

services to assist established patients with clearance to receive services. Magnet’s third-party providers will exercise their medical judgment and determine whether it is safe for the patient to receive Customer’s services. Magnet will not pressure or otherwise require physicians to issue medical clearances – physicians will utilize their own medical judgment. Medical Clearance is not guaranteed. Magnet will not pressure or otherwise require physicians to issue medical clearances – physicians will utilize their own medical judgment. Medical Clearance is not guaranteed. Likewise, Customer will not pressure or otherwise require medical clearances to be issued – medical clearances will only be issued when it is safe for the patient to receive Customer’s services. For example, if it is not medically safe/appropriate for a patient to be cleared to play in an athletic event, the 3rd party physicians will not clear the patient to do so, and neither Magnet nor Customer will pressure for a different result. Or, if it is not safe for a patient to enter into an inpatient rehabilitation facility, neither Magnet nor Customer will pressure for the same. Third party physicians are not making referrals for services, and are not determining that the patient needs the services offered by Customer.

a. Customer Responsibilities. Customer is responsible for:
i. Determining that the patient meets the criteria for receiving the types of services that Customer

offers.
ii. DeterminingwhetherMagnet’sservicesarebillable.
iii. Customer must bill and collect for services, from either the patient or the patient’s payor.

Terms of Agreement

2

4. Customer represents and warrants that patients are not being induced with free medical clearances. Instead, medical clearances are being offered as a more convenient way for the patient to obtain a medical clearance, for which they are responsible. In the normal course, a patient seeks out their own medical clearance through a primary care physician, and pays for the same. However, this proves to be inefficient and cumbersome for the patient and Customer. Customer is not circumventing the normal course, and is ensuring that payment is made (either by the patient or their payor) for the medical clearance services, so that patient is not inappropriately given free services.
5. EnsuringthatthepatientknowsofthelimitednatureofMagnet’sservices.
6. Customer is reminded of its non-solicitation obligations set forth in EXHIBIT B.

3. Remote Patient Monitoring Services. The following Services collectively comprise Magnet remote patient monitoring (“RPM”) Services:

a. Practice RPM Implementation. Practice RPM Implementation is the initial startup Service that kicks off on the Service Start Date. Customer, however, is responsible for determining medical necessity of each individual patient receiving RPM Services. Upon approval and ordering of RPM Services for Participating Patients, Magnet will then conduct outreach to patients via phone, email, text message, and via the Sign-Up Portal (defined below). Upon Participating Patient sign-up, Magnet will implement Patient RPM Onboarding.

i. Customer Responsibilities. Customer is responsible for:

1. Providing Magnet with access to its EHR system within five (5) business days of the Service Start Date (if necessary for Magnet’s services).
2. Setting up and hosting, within fourteen (14) days of the Service Start Date, a web page through which Participating Patients may sign up for and consent to RPM Services, provided, however, that failure to do so will not be considered a breach of the Service Agreement but will instead result in the elimination of any discount provided to Customer for Practice RPM Implementation.
3. Reviewing Magnet recommended Participating Patients and ordering RPM Services for Participating Patients for whom Customer has determined it is medically necessary to do so.
4. Reviewing and either approving or recommending changes to RPM programs recommended by Magnet for each Participating Patient (“Patient-Specific RPM Program”), which programs may include recommended RPM Devices appropriate for each condition from which the Participating Patient suffers, testing frequency, Device rollout timelines and criteria, and recommended ranges for RPM results.
5. Customer is responsible for general supervision (a physician or other billing provider providing overall direction and control) of all Magnet clinical staff and all RPM Services. Under general supervision, Customer remains ultimately responsible for oversight of the monitoring services.
6. Periodically, but no less than monthly, reviewing with Magnet whether any RPM Orders need adjustment or discontinuation or whether additional patients not currently receiving RPM would benefit from doing so.

Terms of Agreement

3

b. Patient RPM Onboarding. Upon Patient sign-up for RPM, Magnet will undertake a two-month onboarding process in which Magnet will initiate Patient RPM Device Management, establish Patient Clinical Review Services if ordered by Customer, establish Billing Concierge, providing and monitoring the first two months of Monthly RPM Service and validating the success of the claims process for Customer (“Patient RPM Onboarding”). If Magnet fails to complete Patient RPM Onboarding, the Patient RPM Onboarding fee will not be charged to Customer, and no Monthly RPM Services will be billed until Patient RPM Onboarding is complete.

i. Customer Responsibilities. Customer:

1. Authorizes Magnet to contact on behalf of the Customer RPM patients for which a provider has ordered RPM, acknowledging and accepting that Magnet may be required to send multiple text messages, emails, letters, and/or calls in order to successfully connect with patients and successfully complete Patient RPM Onboarding.
2. Agrees to inform Magnet of any questions Participating Patients submit regarding Patient RPM Onboarding that Customer is unable to answer independently.
3. Agrees to collect all Participating Patient co-payments for the RPM Services (Magnet is not responsible for the billing or collection of the same).
4. Agrees to inform Magnet upon the completion or failure of claims processing.
5. Agrees to Provide a dedicated internal administrative contact for Magnet to contact regarding billing questions.

c. Patient RPM Device Provision and Management. Magnet will send one or more RPM Devices to Participating Patients, as determined by the Patient-Specific RPM Program. Magnet will help Participating Patients complete any needed setup and onboarding of RPM Devices, will replace Devices that cease working through no fault of the Participating Patient, and will require return of, or, at Magnet’s sole discretion, instruct Participating Patients on the disposition of, Devices once Participating Patient is no longer actively participating in RPM Services (“Active Participating Patient”). Customer and Participating Patients are responsible for all loss and damage to devices. To be an Active Participating Patient, a Participating Patient must utilize their RPM Device no less than sixteen (16) times per month at the frequency established by their healthcare provider.

i. Customer Responsibilities:

1. Customer is responsible for determining a patient’s care plan, as well as determining and approving which device(s) to provide to each Participating Patient based on the care plan. Upon the approval of the Customer, Magnet will place the appropriate Device order.
2. If Customer makes a change to a Participating Patient’s care plan, Customer is responsible for notifying Magnet of such change within a reasonable amount of time and for determining and approving new devices to be ordered as needed.
3. Customer will request Participating Patients to return the device(s) if Participating Patient moves away, becomes too ill to use, or is otherwise unable to continue using the device(s).
4. Customer is responsible for approving each Magnet Order Form for each new Participating Patient indicating the appropriate device(s) to be provided. Customer may submit an order to Magnet via the Magnet enterprise platform (as available) or via Magnet support.

4

Terms of Agreement

ii. MagnetResponsibilities:

1. Magnet will be available to assist Customer in placing an order for the device(s) as necessary.
2. Magnet is responsible for shipping device(s) to Participating Patients according to each properly submitted and accepted Order Form.
3. Magnet is responsible for educating Participating Patients on the use of devices and services.
4. Magnet will replace defective Devices (“Device Replacements”) and ship such Device Replacements to Participating Patients at Customer’s request. Magnet is responsible for all costs, including the shipping costs, for Device Replacements.

d. Monthly RPM Monitoring Service. Magnet clinical staff will provide monthly RPM monitoring Service to each Participating Patient (reviewing vital sign data collected and transmitted via Magnet’s platform on a daily basis). Magnet will provide reminders, connect no less than daily with the RPM devices to measure adherence, collect Participating Patient measurements and related Device information, and display all results in the Provider-Facing Dashboard. Magnet will provide monthly reporting. Magnet clinical staff will review data to identify patients that may need intervention according to the careplan developed by Customer (and notify Customer of the same), and record time spent providing the services. Magnet is not responsible for the accuracy of any data transmitted or monitored. Further, data monitoring services are not intended to provide 24-hour monitoring or to identify medical emergencies and cannot be used or construed as such.

i. Customer Responsibilities. Customer agrees to:

1. Inform Magnet when Participating Patients request to discontinue RPM Service or Participating Patients’ provider determines that RPM is no longer appropriate.
2. Customer is responsible for establishing monitoring parameters foreach Participating Patient and must enter relevant parameters for each Participating Patient. Customer is solely responsible for the accuracy and appropriateness of these parameters. Magnet clinical staff will monitor patient-generated health data according to the parameters established by Customer.
3. Customer is responsible for identifying a point of contact (“Clinical Contact”) within Customer’s practice to remain available to communicate with Magnet as needed. There must be at least one Clinical Contact available at all times during business hours to be responsible for taking calls from Magnet clinical staff and escalating interventions to a physician, as necessary.
4. Unless Customer receives Magnet’s Clinical Review Service, to undertake no less than twenty minutes of RPM data review and patient interaction for each Participating Patient each month in which RPM Services are provided.
5. Customer is responsible for making all treatment decisions and providing medical care with respect to all Participating Patients, and any escalations forwarded to Customer by Magnet. Magnet and its clinical staff are not medical providers and are not intended to replace the relationship between Participating Patients and Customer/their healthcare provider(s). MAGNET CANNOT BE HELD RESPONSIBLEFOR SUB-STANDARD TREATMENT OR MEDICAL MALPRACTICE WITH RESPECT TO ANY PARTICIPATING PATIENT.

5

Terms of Agreement

ii. MagnetResponsibilities.Magnetagreesto:
1. During business hours, clinical staff will notify Customer if a Participating Patient’s data

reading(s) falls outside of the parameters established by Customer. Following such notification, Customer will be responsible for all further follow-up with the patient.

4. Clinical Review Service. Magnet’s clinical team will act under the general supervision of

Customer’s licensed healthcare providers to complete RPM clinical responsibilities (“Clinical Review Service”), including, but not limited to, review of patient monitoring results, interaction with patients, review of provider- approved recommendations for patient care, and implementation of provider healthcare recommendations.

a. Customer Responsibilities. Customer:

1. Authorizes Magnet clinical staff to undertake Clinical Review Service and to contact Participating Patients on behalf of the Customer.
2. AgreesonbehalfofeachbillingprovidertoprovidegeneralsupervisionofMagnetclinicalstaff providing Clinical Review Services.
3. Agrees to collaborate with Magnet staff to approve or offer amendment to any clinical protocols utilized by Magnet Clinical Staff for Clinical Review Service. Customer is ultimately responsible for all clinical protocols.
4. Agrees to provide one or more methods for Magnet clinical team to escalate to supervising providers of Customer in the event their clinical review results in questions or concerns.
5. Agreesthatfornon-urgentescalation,MagnetclinicalstaffmayutilizetheProvider-Facing Dashboard to communicate with Customer’s providers.

5. Billing. Magnet or one or more Magnet-contracted third-party service providers (collectively, the “Billers”)

will code and submit claims for reimbursement on behalf of Customer, for the following CPT codes only: 99453, 99454, 99457, and 99458 (the “RPM Codes”), as applicable, for Participating Patients. Magnet will not submit claims for other codes or services provided by Customer to Participating Patients or otherwise, and Magnet will not be responsible to Customer for Customer’s failure to receive reimbursement for any submitted claims. Customer authorizes Magnet to submit claims for any patient who received Monthly RPM Service without prior review from Customer. Magnet will reasonably correct any mistakes on an original claim submission that Magnet is responsible for and that result in denial of reimbursement, provided that such mistake is not due to an inaccuracy in the Documentation or otherwise made at the fault of Customer. Customer will pay Magnet the Medical Billing Service fees in accordance with the terms indicated on the Service Agreement. Magnet does not guarantee reimbursement, and Magnet must be paid for all of its services regardless of whether reimbursement is received.

a. Customer Responsibilities. Customer:

1. Agrees to provide Magnet with independent, admin-level logins for all insurance portals (e.g., Availity, Payspan, LinkBlue, etc…), Medicare Login, and primary biller/ billing clearinghouse within ten (10) business days of the Service Start Date.
2. AgreestopromptlysignandreturnanyElectronicDataInterchange“EDI,”Electronic Remittance Advice (ERA), or related forms (“Billing Permission Forms”) required for Magnet to provide Billing Concierge Service, authorizes Magnet to sign Billing Permission Forms on its behalf, and irrevocably makes, constitutes, and appoints Magnet (and any of Magnet’s Billers,

Terms of Agreement

6

officers, subcontractors, or employees designated by Magnet) as Customer’s, and, to the extent legally permissible, Customer’s providers’, true and lawful attorney-in-fact for the sole purpose of and with the power to sign their name on Billing Permission Forms for expediency.

3. Agrees to provide Magnet with all necessary and reasonably requested documentation to allow for Magnet to submit claims on Customer’s behalf (“Documentation”). Such Documentation may include, without limitation, Customer’s National Provider Identifier (“NPI”) and/or Customer’s Tax Identification Number (“TIN”). Customer is responsible for confirming the accuracy and completeness of all Documentation.
4. Agrees to review claims and notify Biller of any issues with that may require correction or reversal of claims.
5. Thoughnotanticipated,ifnecessary,CustomeragreestoprovideaccesstoitsElectronicHealth Record (“EHR”) to Magnet and/or its subcontractor(s),to allow Magnet to provide the Billing Services. If Customer’s EHR is not compatible with Magnet’s billing practices or processes, Customer will work with Magnet and its subcontractor(s) to integrate its billing system with Magnet’s billing practices and processes as necessary to allow Magnet to provide the Billing Services.
6. Acknowledges and agrees that Magnet may utilize third-party billing vendors to provide the Services comprising the Billing Concierge Service and may authorize the third-party billing vendors on behalf of Customer to provide Billing Services for Customer and Participating Patients.

vii.Agrees to make best efforts to assist Magnet in providing Billing Concierge Service, including timely responding to requests for information from Magnet staff.

viii. Agrees to provide information to Magnet upon request regarding claims success for individual Participating Patients.

Terms Applicable to Multiple Services Above

Devices (Lost, Stolen, Unreturned, or Damaged) – Unless otherwise specifically agreed in a Services Agreement, Magnet owns all device(s) utilized in rendering the services above. Magnet will make it convenient for Customer/Customer’s patients to return said device(s) by utilizing pre-paid return packaging, and various reminders when it is time for the device(s) to be returned. In the event that Magnet’s devices are not returned within thirty (30) days of the end of services for any particular patient, are lost, are stolen, or are damaged, Customer will pay Magnet for its replacement cost for said devices.

Pricing – Customer agrees that Magnet may discontinue or change the pricing of individual Services upon thirty (30) days written notice to Customer prior to the start of any renewal Term, to the extent permitted by Applicable Law. Magnet may also add new Services, provided, however, that Magnet will not charge Customer for new Services without providing thirty (30) days written notice to Customer.

Included Services – The following Services are included with any contract for Magnet Services (as applicable to the Service set forth above):

a. Implementation & Training Services. Magnet will provide implementation and training services for Customer and Customer’s Authorized Users. Implementation services include integrating Participating Patients’ information into the Software and developing a dedicated tracking system to allow Customer and its Authorized Users to monitor Participating Patients. Training Services will include virtual

Terms of Agreement

7

communication with Customer and its Authorized Users to educate them on use of the Software and related obligations and Services.

2. Support Services. Magnet will provide technical support Services to Customer (including Participating Patients, physicians, and staff ) during business hours between 9 am and 5 pm Eastern Time (ET), excluding Federal holidays (“Support Hours”). Customer may initiate a Helpdesk ticket during Support Hours by emailing support@MagnetHealth.life. Magnet will use commercially reasonable efforts to respond to all Helpdesk tickets within two (2) business days, but Magnet does not represent, warrant, or guarantee that all tickets will be responded to within such time frame.
3. Software. The Software provides a virtual care management platform that may include remote patient monitoring, as well as and integrated communications features. The Software provides a full featured remote patient monitoring system consisting of the Participating Patient-Facing Interface, the Provider- Facing Dashboard, the Devices used by a patient to monitor their health status, and a cloud-based repository of information gathered from patients to enable healthcare organizations to monitor, document and manage patient Services.
4. Software License. Subject to Customer’s compliance with these Terms of Agreement as well as the Business Associate Agreement (EXHIBIT C to this TOA), Magnet Terms of Use (www.HealthMagnet.life/terms-of-use) and Privacy Policy (www.HealthMagnet.life/privacy-policy), Magnet will provide a revocable, nonexclusive, non-transferrable, non- sublicensable, license to access the Software to Customer and its Authorized Users. Customer and its Authorized Users may use the Software: (a) to upload and/or transmit Customer Data by and through the Software; and (b) to access and use reports generated from time to time by Magnet.

8

Terms of Agreement

EXHIBIT B
Definitions, And General Agreement Terms

1. DEFINITIONS. The following definitions will apply to capitalized terms used throughout these Terms of Agreement and the Service Agreement.

1. “Applicable Law” means any and all laws, ordinances, rules, regulations, statutes, restrictions, restrictive covenants, judgments, orders or decrees, requirements, and standards of any governmental authority, as adopted, amended, issued, or decreed from time to time including, without limitation, the Medicare and Medicaid Patient and Program Protection Act of 1987, as amended, the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended by the federal Health Information Technology for Economic and Clinical Health (“HITECH”) Act and its implementing regulations, as each may be modified or amended (collectively “HIPAA”), and any applicable state patient privacy and security laws, the Omnibus Budget Reconciliation Act of 1990, as amended, the Drug Price Competition and Patent Term Restoration Act of 1984, as amended, the Food, Drug and Cosmetic Act (“FDCA”), as amended, all rules and regulations of the Department of Health and Human Services Office of the Inspector General, and federal and state consumer protection and fraud statutes.
2. “Authorized User” means the employees, consultants, agents, subcontractors, and other person/entities that Customer authorizes to access the Software or Services on its behalf.
3. “Billing Concierge” means Service provided by Magnet to submit claims for reimbursement to public and private insurers on behalf of Customer.
4. “Clinical Review Service” means the review of Participating Patient RPM data, and interaction with Participating Patients, by Magnet clinical staff under the general supervision (or such level of supervision required by Medicare or other payors) of Customer’s providers.
5. “Customer” means the organization indicated on the Service Agreement.
6. “Customer Data” means (a) all data and information Customer submits or transmits to Magnet, excluding any PHI (as defined below) and/or Patient-Generated Health Data necessary for the Services; and (b) data, records and information Magnet generates that relates directly to the Services for Customer under the Service Agreement, exclusive of information or documentation that Magnet generates for use in Magnet’s business generally or for use with multiple customers, and exclusive of De-Identified Data as defined below.
7. “De-identified Data” means personally identifiable information (“PII”) and PHI (defined below) that has been stripped of certain identifiable elements in accordance with applicable law so as to render the individual’s data de-identified.
8. “Devices” means the peripheral devices and any other equipment provided by Magnet to Customer under the Service Agreement.

9

Terms of Agreement

9. “Intellectual Property Rights” means any patent, invention, discovery, know-how, moral, technology, software, copyright, authorship, trade secret, trademark, trade dress, service mark, confidentiality, proprietary, privacy, intellectual property or similar rights (including rights in remote patient monitoring applications, registrations, filings and renewals) that are now or hereafter protected or legally enforceable under state and/or Federal common laws or statutory laws or laws of foreign jurisdictions.
10. “Magnet Data” means: (a) all data, software (in any form) and information Magnet submits or transmits to Customer regarding Magnet; (b) all data, records, and information generated in Magnet’s business or operations, including any information relating to Magnet’s subcontractors and/or affiliates; (c) all Magnet Intellectual Property, together with all derivative works of the Magnet Intellectual Property; and (d) data, records or information occurring in any form, including written, graphic, electronic, visual, or fixed in any tangible medium of expression and whether developed, generated, stored, possessed, or used by Magnet, Customer, or a third party if related to the items described in (a) through (c) above. Magnet Data does not include any data or information that relates exclusively to Customer or Customer’s business, operations, or activities. Magnet Data includes, without limitation, information or documentation that Magnet generates for use in Magnet’s business generally or for use with multiple customers including aggregated Customer Data, and De-Identified Data as defined below.
11. “Participating Patients” means those patients of Customer’s practice for whom Customer has determined medical necessity and ordered the Services, who are enrolled in the Software, and who have consented to receive Services.
12. “Patient Clinical Review” means Service provided by Magnet clinical staff under the general supervision of Customer’s licensed healthcare providers.
13. “Patient-GeneratedHealthData”meanshealth-relateddatacreated,recorded,orgatheredbyorfrom patients (or family members or other caregivers) to help address a health concern.
14. “Protected Health Information” or “PHI” will have the meaning ascribed to such term in 45 C.F.R. 160.103.
15. “Participating Patient-Facing Interface” means a text-message, phone-call, web-or-app based software platform, or other modality that allows Participating Patients to view and track their health data.
16. “Provider-Facing Dashboard” means a web-or-app based software platform that allows healthcare providers to view, track, and analyze their Participating Patients’ health data.
17. “Service Agreement” means the Magnet Service Agreement provided to Customer for purposes of ordering Magnet technology/services/software, or any later executed SOW, inclusive of this TOA and any other documents incorporated by reference.
18. “Services” means the products and service offering(s) Customer selects for purchase from Magnet.
19. “Software” means the Participating Patient-Facing Interface, the Provider-Facing Dashboard, all of the capabilities and functionalities associated with the Participating Patient-Facing Interface and Provider- Facing Dashboard, and user support services provided by Magnet.

10

Terms of Agreement

t. “Terms of Use” means the agreement between each of Customer’s individual users of the Software and Magnet.

2. TERM. The Service Term indicated on the Service Agreement, inclusive of the Initial Term and any renewal Term, constitutes the term of the Service Agreement (the “Term”). Customer agrees that for the length of the Initial Term and any renewal Term, Magnet will be the exclusive provider of the Services set forth in the Service Agreement (“Exclusivity”).
3. CUSTOMER RESPONSIBILITIES.
   1. Service-Specific Responsibilities. For each Service provided to Customer under the Service Agreement, Customer is responsible for the responsibilities set forth in EXHIBIT A.
   2. General Responsibilities. For all Services provided under the Service Agreement, Customer is responsible for the following:

i. Operations & Enrollment. Customer is responsible for providing Magnet with information necessary to identify and enroll Participating Patients, for determining/documenting individualized medical necessity for Participating Patients, for ordering the Services for Participating Patients if appropriate, and to furnish Services to Participating Patients. Additional responsibilities are set forth in EXHIBIT A.

ii. PatientConsents.Unlessotherwiseagreedinwriting,Customerisresponsibleformaintainingall necessary consents and authorizations to enable Magnet to use, upload, process, and store Customer Data and to provide the Services to Participating Patients. Customer will not furnish any Customer Data that includes an individual’s PHI to Magnet in the event such individual objects. Customer acknowledges and accepts full responsibility and liability for all Customer Data.

iii. Patient Communication. Customer authorizes Magnet to communicate with Customer’s patients on behalf of Customer to the extent necessary to provide the Services. Communication will be via phone, video chat, or electronic means such as text messages, online chats, and emails. If Magnet provides Customer portals for patient review of results, communication may take place via the portal.

iv. TOU; Privacy Policy. Customer will be solely responsible for its actions and the actions of its Authorized Users while using the Software. As a condition to Customer’s and its Authorized Users’ use of the Software, Customer will require its Authorized Users to review and accept the Magnet Terms of Use (www.HealthMagnet.life/terms-of-use) and Privacy Policy (www.HealthMagnet.life/privacy-policy), as updated by Magnet from time to time, prior to accessing the Software. Customer will abide by, and Customer will ensure that its Authorized Users abide by, the Terms of Use and Privacy Policy when using or accessing the Software.

v. BAA.CustomeragreestothetermsoftheBusinessAssociateAddendum(“BAA”) incorporated as EXHIBIT B.

11

Terms of Agreement

vi. Continued Determination of Medical Necessity, and Unenrollment of Patients. Customer is responsible for determining when a Participating Patient is no longer eligible for or in need of the Services. Customer must unenroll the patient via the Software or by other method approved by their assigned customer success manager (“CSM”). If Customer fails to unenroll a Participating Patient after they are no longer medically necessary, Magnet may continue to provide Services to that Participating Patient, and Customer will continue to be obligated to pay Magnet for the Services. Customer understands that if Services are billed to payors when they are no longer medically necessary, that such Services may constitute a False Claim, and that Customer may be responsible for damages, penalties, and return of funds related to the same. Customer agrees that Magnet is not/does not/cannot assess medical necessity, and that medical necessity is Customer’s sole and absolute responsibility. Customer agrees to indemnify, defend, and hold harmless Magnet from the foregoing.

4. PAYMENT TERMS.

1. Fees. As compensation for the Services, Customer will pay Magnet the Fees indicated on the Service Agreement. All amounts set forth in the Service Agreement are denominated and will be paid in U.S. dollars. If Customer pays by credit card, Magnet will charge a processing fee equal to the processing fee it is charged for that particular card type.
2. Invoicing & Payment Method. Magnet will invoice Customer for fees owed to Magnet on a monthly basis. Magnet will charge the customer via the payment method selected by Customer after entry into the Service Agreement. Customer agrees to provide updated or different payment information in the event that their payment information changes or a charge is declined.
3. Due Date. Unless otherwise indicated on the Service Agreement and/or properly disputed according to Section 4(c)(i) below, Customer will be provided with the invoice on the last day of the month, and Customer’s invoiced amounts will be automatically charged via the payment method selected by Customer during online signup by Magnet within five (5) business days of Customer’s receipt of an invoice. Magnet is explicitly authorized to charge undisputed payments.

i. Disputed Payments. If Customer wishes to dispute any invoiced fees or expenses, Customer must notify Magnet in writing within five (5) business days of receipt of the invoice specifying such fees or expenses (a “Dispute Notice”). The Dispute Notice must specify the amounts that are being disputed as well as the reason for such dispute. Magnet and Customer agree to attempt to resolve such dispute through informal meetings and discussions in good faith between appropriate representatives of the Parties within forty- five (45) days of receipt of the Dispute Notice before resorting to any other dispute resolution procedure.

ii. SuspensionofServicesforNonpayment.Ifthereareundisputedpaymentsoutstandingformore than thirty (30) days from the due date, Magnet reserves the right to suspend Authorized Users’ access to the Software until such amounts are paid in full. Customer will continue to be obligated to pay all Fees during any such suspension period.

12

Terms of Agreement

4. Taxes. All amounts payable to Magnet pursuant to the Service Agreement are exclusive of all local, state, federal and foreign taxes, levies, or duties of any nature (“Taxes”), and all payments to Magnet are payable in full without reduction for Taxes. Customer is responsible for payment of all Taxes, excluding Taxes owed by Magnet based on Magnet’s net income. If Magnet is legally obligated to pay or collect Taxes for which Customer is responsible, the appropriate amount will be invoiced to and paid by Customer unless Customer provides Magnet with a valid tax exemption certificate authorized by the appropriate taxing authority.
5. Bona Fide Service Fees. The Parties agree the Fees set forth in the Service Agreement were determined in advance at arms-length and in a manner that represents the fair market value for the Services provided thereunder. The Parties agree that the Fees are: (i) compensation for bona fide services; (ii) not intended to diminish the objectivity or professional judgment of Customer; (iii) not intended in any way as remuneration for referrals or for other business generated which are reimbursed under Medicare, Medicaid or any private health insurance; (iv) not intended as discounts or rebates prohibited by federal or state law, including any state or federal anti-kickback law; and (v) not intended to induce either party to order, recommend, or arrange for the order of any goods or services from the other party.

5. PROPRIETARY RIGHTS AND NON-SOLICITATION.

a. Magnet Intellectual Property. As between Magnet and Customer, all right, title, and interest, including all Intellectual Property Rights, in the Software, Magnet Data, and any other Magnet property or materials furnished or made available as part of the Services, and all modifications and enhancements of the same, belong to and are retained solely by Magnet or Magnet’s licensors and providers, as applicable. Nothing in the Service Agreement is intended to or may be construed to transfer any such rights in any part of the Services to Customer other than as explicitly provided for in the Service Agreement. Customer will not re-distribute the Software or the Devices other than as specifically provided for in the Service Agreement.

i. Developments. Except as otherwise explicitly set forth in the Service Agreement, all inventions, works of authorship, and developments conceived, created, written, or generated by or on behalf of Magnet, whether solely or jointly, in connection with the Services (“Magnet Developments”) and all Intellectual Property Rights in the same, will be the sole and exclusive property of Magnet. This includes, without limitation, Magnet Developments derived based on suggestions, enhancements, requests, recommendations, or other feedback from Customer. Customer agrees to execute any documents or take any actions as may reasonably be necessary, or as Magnet may reasonably request, to perfect Magnet’s ownership of the Magnet Developments.

b. Publicity; Use of Marks. Customer will permit Magnet to generate widely disseminated publicity, advertising or promotion concerning the Service Agreement (“Publicity”) without prior written consent of Customer. Each Party reserve the right to control the use of its own name, tradenames, service marks, symbols, trademarks or other marks currently existing or later established. Neither Party may use any tradename, trademark, service mark, or symbol belonging to the other without first receiving the prior written consent of the Party owning the tradename, trademark, service mark, or symbol. Notwithstanding the foregoing, Customer hereby provides its written authorization for Magnet to use, during the term of the Service Agreement, Customer’s tradenames, trademarks, service marks or symbols in furtherance of Publicity or Magnet’s performance of the Service Agreement.

13

Terms of Agreement

c. Customer and Magnet Data. As between Magnet and Customer, all right, title, and interest in the Customer Data belong to and are retained solely by Customer. As between Magnet and Customer, all right, title and interest in the Magnet Data belong to and are retained solely by Magnet.

i. Magnet License. Customer grants to Magnet a limited, non-exclusive, royalty-free, worldwide, fully paid-up license to: (i) use, reproduce, aggregate, and modify the Customer Data and to perform all acts with respect to the Customer Data as may be necessary for Magnet to provide the Services to Customer; (ii) use or modify the Customer Data to create De-identified Data; and (iii) use Customer’s name, logo, and trademark for marketing purposes upon written consent of Customer. Magnet intends to use De-identified Data, aggregated with the de-identified data of other Magnet customers, to enable Magnet to provide more targeted, accurate, and useful insights to its customers.

ii. AccuracyofCustomerData.AsbetweenMagnetandCustomer,Customerissolelyresponsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Customer Data will be included in and treated as Customer’s Confidential Information under the Service Agreement.

4. Feedback License. Magnet owns all right, title, and interest in and to any suggestion, enhancement, request, recommendation, or other feedback related to the Software provided by Customer (any “Feedback”). Feedback is not Customer’s Confidential Information or Customer Data.
5. De-identified Data. Magnet may use, create, modify, aggregate, and disclose De-identified Data for any purposes not prohibited by law. Magnet owns all rights, title and interest, and all Intellectual Property Rights in such De- identified Data and any data, information and material created by Magnet with such De-identified Data. De- identified Data is NOT Customer Data or Customer Confidential Information. For the avoidance of doubt, the second and third sentences of this Section will survive the expiration or earlier termination of the Service Agreement.
6. Non-Solicitation. Customer covenants and agrees that during the Term and for three (3) years thereafter, Customer will not (directly or indirectly): (i) recruit, solicit, or induce, any person or entity who was a current or former employee, contractor, subcontractor, clinical or non-clinical staff, vendor, service provider, representative, and/or agent of Magnet to leave, modify, or cease such individual’s or entity’s employment or other contractual relationship with Magnet for any reason whatsoever; or (ii) hire or otherwise engage or purchase from any such individuals or entities during the Term and the restricted period thereafter. Customer agrees that the foregoing constitute Magnet’s Confidential Information and trade secrets.

6. CONFIDENTIALITY.

a. Confidential Information Defined. “Confidential Information” means any and all non-public technical and non- technical information disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) in any form or medium, that the Disclosing Party identifies as confidential or that by the nature of the circumstances surrounding the disclosure and/or receipt ought to be treated as confidential and proprietary information. Confidential Information includes, without limitation: (a)

14

Terms of Agreement

techniques, inventions (whether or not patented or patentable), know-how, processes, algorithms, software programs, software source and object codes and documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (b) financial information, customer lists, business forecasts, and marketing plans and information; (c) the business relationships and affairs of either party (including contractors, subcontractors, agents, and services utilized) and its clients, patients, and referral sources; (d) the internal policies and procedures of either Party; (e) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business; and (f ) the terms of the Service Agreement. Magnet’s Confidential Information includes the Software and Magnet Data and Magnet’s employees, agents, contractors, subcontractors, and service providers. Confidential Information of Customer includes Customer Data. Confidential Information also includes all summaries and abstracts of Confidential Information. In addition, Confidential Information excludes PHI, which must be protected according to the BAA.

The term “Confidential Information” will not include any information which, as evidenced by Receiving Party’s records: (i) was known by the Receiving Party prior to receipt from the Disclosing Party either itself or through receipt directly or indirectly from a source with no obligation of confidentiality to the Disclosing Party; (ii) was developed by the Receiving Party without use of the Disclosing Party’s Confidential Information, or (iii) becomes publicly known or otherwise ceases to be secret or confidential, except as a result of a breach of the Service Agreement or any obligation of confidentiality by the Receiving Party.

2. Confidential Information Terms. The Receiving Party will, at all times, both during the term and thereafter, keep in confidence and trust all of the Disclosing Party’s Confidential Information. The Receiving Party will not use the Disclosing Party’s Confidential Information other than as necessary to fulfill the Receiving Party’s obligations or to exercise the Receiving Party’s rights under the Service Agreement. Either Party may disclose the other Party’s Confidential Information upon the order of any competent court or government agency; provided that, prior to disclosure and to the extent possible, the receiving Party must: (i) assert the confidential nature of the Confidential Information to the agency; (ii) immediately notify the other Party in writing of the order or request; and (iii) cooperate fully with the other Party in protecting against any such disclosure and/or narrowing the scope of the compelled disclosure. Each Party agrees to secure and protect the other Party’s Confidential Information with the same degree of care and in a manner consistent with the maintenance of such Party’s own Confidential Information (but in no event less than reasonable care). The Receiving Party will not disclose Confidential Information of the Disclosing Party to any person or entity other than its officers, employees, affiliates, and agents who need access to such Confidential Information in order to effect the intent of the Service Agreement and who are subject to confidentiality obligations at least as stringent as the obligations set forth in the Service Agreement.
3. Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damage.
4. Security. Each of Customer’s Authorized Users will create a unique user login and passwords to be used to access and use the Software. Customer will be, and will ensure that its Authorized Users are,

15

Terms of Agreement

responsible for maintaining the confidentiality of all Authorized User logins and passwords and for ensuring that each login and password is used only by the Authorized User to which it was issued. Customer is responsible for ensuring that its Authorized Users do not share passwords with each other or any third party. Customer agrees to immediately notify Magnet of any unauthorized use of any account or login and password issued to an Authorized User, or any other breach of security known to Customer. Magnet will have no liability for any loss or damage arising from Customer’s failure to comply with the terms set forth in this Section. Customer will ensure its Authorized Users do not circumvent or otherwise interfere with any user authentication or security of the Software.

7. TERMINATION.

1. Without Cause. Without cause termination, if any, will be set forth in the Service Agreement. If a Service Agreement includes the ability to terminate without cause, the Party or Parties so authorized to terminate without cause may do so by providing the requisite days’ written notice set forth in the Service Agreement. If early termination requires payment of a termination fee, the “Termination Fee,” such the terms of such fee will be set forth in the Service Agreement. Termination Fees may be flat rates or set per patient or some other methodology. In the event the Service Agreement includes a per-patient termination fee, it will be applied only to currently Participating Patients who have completed Patient RPM Onboarding and received at least one Device (“Onboarded Participating Patients”), unless Customer has violated the exclusivity provisions and then such termination fee will be based on all patients onboarded who have been Participating Patients. Magnet is explicitly authorized to charge/debit the Termination fee to Customer’s funding source.
2. For Cause.

i. Material Breach. Either Party may terminate the Service Agreement following a material breach of the Service Agreement by the other Party which is not cured during the Cure Period (defined below). The non- breaching Party will notify the breaching Party of the breach in writing and the breaching party will have thirty (30) days (the “Cure Period”) to cure the breach following receipt of the notification. If the breaching Party fails to cure the breach within the Cure Period, then the non-breaching Party may terminate the Service Agreement upon written notice to the breaching party.

ii. TerminationforChangeofLaw.TheServiceAgreementmayalsobeterminatedimmediatelyby either Party if such Party determines that any Applicable Law in effect or to become effective as of a date certain, or if Magnet or Client receives notice of an actual or threatened decision, finding or action by any governmental or private agency or court (collectively referred to herein as an “Action”), which Applicable Law or Action, if or when implemented, would have the effect of (i) subjecting either Party to civil, criminal, or administrative prosecution, litigation, or liability under local, state, and/or federal laws, or other material adverse proceeding on the basis of their participation herein; or (ii) which causes the arrangement contemplated hereunder to become unprofitable for either Party.

iii. Other Cause. Magnet may terminate the Service Agreement immediately by providing written notice to Customer upon the occurrence of any of the following events:

16

Terms of Agreement

1. Magnet reasonably determines that Customer and/or its Authorized User(s) have been or are engaged in unlawful activity associated with the use of the Software and/or the Services;
2. The filing, with respect to Customer, of a voluntary or involuntary petition in bankruptcy if such petition is not dismissed within thirty (30) days of such filing; or
3. Upon the appointment of a receiver or trustee to take possession of all, or substantially all, of Customer’s assets, if such appointment is not terminated within thirty (30) days.

c. Termination For Failure to Use Best Efforts. If, during the first year of the Service Agreement, Customer discontinues RPM for 75% or more of all Onboarded Participating Patients (“Constructive Termination Threshold”), that will constitute constructive evidence of a failure of Customer to utilize best efforts to promote adherence of Participating Patients to the RPM program. In such a circumstance, the Company may, in its sole discretion, terminate the Service Agreement immediately and charge Customer the Termination Fee (“Constructive Termination”). Failure of the Company to trigger Constructive Termination in a month where the Constructive Termination Threshold is met will not be considered a waiver of the Company’s ability to opt for Constructive Termination in subsequent months.

d. Effect of Termination. Unless otherwise stated below, upon expiration or termination of the Service Agreement for any reason: (a) the License will terminate and the Customer will not use or access, directly or indirectly, the Software; (b) Magnet’s obligation to perform support Services will cease; and (c) all fees and other amounts owed to Magnet accrued prior to expiration or termination will be immediately due and payable. Further, if Customer has made any copies of any Magnet property or materials furnished or made available under the Service Agreement, Customer will, within thirty (30) days of the effective date of the expiration or termination, either destroy or return to Magnet all such copies along with a certificate signed by Customer that all such copies have been either destroyed or returned, respectively, and that no copy or any part of the Software, data, or other materials has been retained by Customer in any form.

i. Return of Customer Data. Within thirty (30) days after the effective date of applicable termination or expiration, Magnet will make any Customer Data stored on the Software available upon written request to Customer.

ii. TerminationInFirstYearofAgreement.IftheServiceAgreementisterminatedforanyreason within one (1) year of the Effective Date, then, prior to the first anniversary of the Effective Date, Magnet and Customer will not enter into any similar agreement with each other for the Services covered hereunder with payment terms that differs from the payment terms set forth herein.

iii. Effect of Termination on Exclusivity. If Customer terminates the Service Agreement prior to the end of a Term other than for cause, Exclusivity will continue until the end of the Term. If during the Exclusivity period Customer enters an agreement with a company other than Magnet for Services subject to Exclusivity under the Service Agreement (“Competing Services”), Customer agrees to pay Magnet a fee equal to $60 per-patient, with the number of patients calculated as the greater of: (i) the number of Participating Patient enrolled in Services in the three months prior to termination; or (ii) the number of patients enrolled in the Competing Services.

8. REPRESENTATIONS & WARRANTIES.

17

Terms of Agreement

1. Mutual Representations and Warranties. Each Party represents, warrants and covenants that: (a) to its knowledge, it has the full power and authority to enter into the Service Agreement and to perform its obligations thereunder, without the need for any consents, approvals, or immunities not yet obtained; (b) its acceptance of and performance under the Service Agreement will not breach any oral or written agreement with any third party or any obligation it owes to any third party; and (c) it will comply with any and all Applicable Laws regarding data privacy and transmission of personal data.
2. Practice of Medicine. CUSTOMER HEREBY AGREES AND ACKNOWLEDGES THAT MAGNET IS IN NO WAY ACTING AS A MEDICAL PROVIDER, NOR IS MAGNET PROVIDING 24/7 CONTINUOUS, SYNCHRONOUS, OR EMERGENCY MONITORING OR ALERTING UNLESS SPECIFICALLY SET FORTH IN THE SERVICE AGREEMENT. CUSTOMER FURTHER ACKNOWLEDGES AND AGREES THAT ANY INFORMATION, PROCESSES, PRODUCTS, AND OTHER ITEMS REFERENCED BY MAGNET OR ITS SOFTWARE ARE NOT INTENDED AS A RECOMMENDATION OR ENDORSEMENT OF THAT INFORMATION, PROCESS, PRODUCT, OR OTHER ITEM AND THAT THE ULTIMATE RESPONSIBILITY FOR DIAGNOSING AND TREATING ANY PATIENT RESTS WITH CUSTOMER AND/OR ITS HEALTHCARE PROVIDER(S) TREATING SUCH PATIENT.
3. Third Party Materials. CUSTOMER UNDERSTANDS AND AGREES THAT USING, ACCESSING, DOWNLOADING, OR OTHERWISE OBTAINING INFORMATION, MATERIALS, OR DATA THROUGH THE SOFTWARE FROM A SOURCE OTHER THAN MAGNET (“Third Party Materials”) IS AT ITS OWN DISCRETION AND RISK AND THAT CUSTOMER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO ITS OR ITS AUTHORIZED USERS’ PROPERTY OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OR USE OF SUCH MATERIAL OR DATA.
4. Privacy Law Compliance. The Parties will comply with all Applicable Laws protecting the confidentiality of patient records and the disclosure of medical records and other health information including, but not limited to, all requirements of HIPAA and HITECH. The Parties will each maintain industry standard security systems to protect the privacy and confidentiality of the Data. The BAA at EXHIBIT C further describes the Parties’ obligations with respect to compliance with HIPAA and HITECH.
5. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION, THE SERVICES ARE PROVIDED ON AN AS-IS, WHERE-IS, BASIS. CUSTOMER’S USE OF THE SOFTWARE AND PURCHASE OF THE SERVICES ARE AT ITS OWN RISK. MAGNET DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS, STATUTORY, IMPLIED, OR OTHER WARRANTIES, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND ACCURACY (OF DATA OR ANY OTHER INFORMATION OR CONTENT), AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. ANY WARRANTIES MADE BY MAGNET ARE FOR THE BENEFIT OF CUSTOMER ONLY AND NOT FOR THE BENEFIT OF ANY THIRD PARTY. THE SOFTWARE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. MAGNET IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE

18

Terms of Agreement

SOFTWARE, INCLUDING WITHOUT LIMITATION ANY INFORMATION, DATA, PRODUCTS, PROCESSES, AND OTHER MATTERS REFERENCED BY THE SERVICES REMAINS WITH THE CUSTOMER. EXCEPT AS EXPRESSLY PROVIDED HEREIN, MAGNET DOES NOT GUARANTEE CONTINUOUS, ERROR- FREE, VIRUS-FREE, OR SECURE OPERATION AND ACCESS TO THE SOFTWARE.

f. Basis of the Bargain. CUSTOMER ACKNOWLEDGES AND AGREES THAT MAGNET HAS OFFERED ITS SERVICES AND ENTERED INTO THE SERVICE AGREEMENT TO WHICH IT IS A PARTY IN RELIANCE UPON THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN, THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN CUSTOMER AND MAGNET, AND THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN CUSTOMER AND MAGNET. CUSTOMER ACKNOWLEDGES AND AGREES THAT MAGNET WOULD NOT BE ABLE TO PROVIDE THE SERVICES TO CUSTOMER ON AN ECONOMICALLY REASONABLE BASIS WITHOUT THESE LIMITATIONS.

9. INSURANCE AND INDEMNIFICATION.

1. Insurance. During the Term, each Party will, at its own expense, maintain and carry insurance with financially sound and reputable insurers, in full force and effect that includes, but is not limited to: (i) cyber liability insurance with coverage of not less than One Million Dollars ($1,000,000) per occurrence; (ii) product liability insurance and comprehensive general liability coverage with coverage limits that are reasonable based on industry standards, but not less than one million dollars ($1,000,000) per occurrence and three million dollars ($3,000,000) in the aggregate; and (iii) as well as all insurance required by Applicable Law. Customer is responsible for obtaining professional liability (malpractice insurance) in an amount customary in Customer’s region, and for ensuring that Magnet is named as an additional insured under said policy. Customer will procure tail coverage, as necessary. Each Party may request from the other Party and is required to provide to the other Party certificates of insurance showing the insurance coverage required in the Service Agreement. Except where prohibited by Applicable Law, each Party will require its insurer to waive all rights of subrogation against the other Party and its insurers.
2. Indemnification by Customer. Customer will indemnify and hold harmless Magnet and its officers, directors, employees, owners, consultants, subcontractors, and agents (“Magnet Indemnified Parties”), from and against any and all damages, liabilities, penalties, interest, fines, losses, costs and expenses (including reasonable attorneys’ fees and expenses) (“Losses”), arising, directly or indirectly, out of or relating to any claim, action, regulatory agency process, or proceeding (a “Claim”) brought by a third party based on: (i) the improper use or operation of the Services (and any third party software provided to Customer pursuant to the Service Agreement) by Participating Patients, Customer, and/or Authorized Users, including, without limitation, any non-authorized use of Customer’s user logins, except to the extent that any such Loss was due to the gross negligence or willful misconduct of Magnet; (ii) a breach of the Agreement and/or the TOU by Customer or any of its Authorized Users; (iii) the accuracy, quality, integrity, legality, reliability, or appropriateness of Customer Data or any other content or data introduced to any part of the Services by any Authorized User; (iv) violation of any applicable law, rule, or regulation by Customer or any of the Authorized Users; (v) the diagnosis and/or treatment of any of

19

Terms of Agreement

Customer’s patients; and/or (vi) the negligent acts or willful misconduct of Customer or its personnel. Customer will pay all Losses (whether by settlement or award of by a final judicial judgment) incurred by the Magnet Indemnified Parties from any such Claim.

c. Indemnification by Magnet. Subject to limitations of liability set forth in these Terms of Agreement, Magnet agrees to defend Customer and its officers, directors, employees, and Agents (a “Customer Indemnified Party”) from and against any Losses resulting from or arising out of a successful claim resulting from the negligent acts or willful misconduct of Magnet or a claim that the Software infringes or misappropriates the patent, trade secret, trademark, copyright, or other Intellectual Property Rights of any third party (an “Infringement Claim”). Magnet will pay all Losses (whether by settlement or award of by a final judicial judgment) incurred by the Customer Indemnified Parties from any such Claim. In the event of an Infringement Claim, Magnet may, at its election, and sole expense: (i) modify the Software so that such Software is non-infringing and functionally equivalent; or (ii) obtain the right for Customer and Customer’s patients to continue using the Software at no additional cost to Customer. If none of the foregoing is commercially practicable, Magnet may immediately terminate the Service Agreement upon reasonable notice to Customer. An Infringement Claim does not include, and Magnet is not responsible for indemnifying a Customer Indemnified Party against, any claim brought by a “Non-practicing Entity” or “NPE” or other “Patent Assertion Entity”, which is defined by the Federal Trade Commission as a “busines[s] that acquire[s] patents from third parties and seek[s] to generate revenue by asserting them against alleged infringers.”

d. Procedure. Each Party will provide to the other Party prompt notice of any Claim for which they are seeking indemnification. The indemnified Party may have counsel reasonably acceptable to the indemnifying Party observe the proceedings at the indemnified Party’s expense, provided the indemnifying Party retains sole control of the defense of the Claim. The indemnified Party has the right to approve any settlement that affirmatively places on the indemnified Party an obligation that has a material adverse effect on the indemnified Party other than requiring the indemnified Party to cease using all or a portion of the Services or to pay sums eligible for indemnification under the Service Agreement. Such approval will not be unreasonably withheld.

10. LIMITATIONS OF LIABILITY.

1. No Consequential Damages. Neither Party will be liable for any indirect, incidental, special, consequential or punitive damages, or any damages for lost data, business interruption, lost profits, lost revenue, or lost business arising out of or in connection with the Service Agreement, including without limitation any such damages arising out of Magnet’s provision or Customer’s use of the Services or the results thereof, even if a party has been advised of the possibility of such damages. In no event will Magnet be liable for the cost of procurement of substitute goods or Services.
2. Limits on Liability. In no case will Magnet be liable for any aggregate amount greater than the amounts actually paid by Customer to Magnet under the Service Agreement during the three (3) month period preceding the date on which the claim first accrued, without regard to whether such claim is based in contract, tort (including negligence), product liability, or otherwise.
3. Essential Purpose. Customer acknowledges that the terms in this Section (Limitations of Liability) are a bargained for reasonable allocation of the risk between the parties and will apply (a) to the maximum

20

Terms of Agreement

extent permitted by applicable law, and (b) even if an exclusive or limited remedy stated herein fails of its essential purpose.

d. Limitation of Action. No action (regardless of form) arising out of the Service Agreement may be commenced by Customer against Magnet more than one (1) year after the cause of action arose.

11. MISCELLANEOUS.

1. Subcontractors. Magnet may use its affiliates or subcontractors to perform its obligations under the Service Agreement.
2. Notices. Any notices, requests, consents, demands, or other communications required or permitted under the Service Agreement will be in writing and deemed to have been duly given when delivered, if delivered by hand, sent by email (return and delivery receipt requested), or delivered by nationally recognized commercial overnight courier; and in each case to the parties at the following addresses or email addresses (or at other addresses or email addresses specified by a notice) with applicable postage or delivery charges prepaid. Notices to Magnet will be sent to the following address: Health Magnet, LLC, Health Magnet, LLC, 1386 Legendary Blvd., Clermont, FL 34711, with copies to clinton@healthmagnet.life and rob@healthmagnet.life. Notices to Customer will be sent to the address or email address specified in the Service Agreement.
3. Amendment. Except as may otherwise be specified in the Service Agreement, the Service Agreement may be modified, changed, or amended only by a written amendment mutually agreed to and signed by both Parties.
4. Waiver; Severability. A Party’s right to enforce a provision of the Service Agreement may only be waived in writing and signed by the Party against which the waiver is to be enforced. Failure to enforce any provision of the Service Agreement in any one instance will not be construed as a waiver of future performance of that provision, and the Party’s obligations under that provision will continue in full force and effect. The provisions of the Service Agreement are severable. The invalidity or unenforceability of any term or provision in any jurisdiction will be construed and enforced as if it has been narrowly drawn so as not to be invalid, illegal, or unenforceable to the extent possible and will in no way affect the validity or enforceability of any other terms or provisions in that jurisdiction or of this entire Agreement in that jurisdiction.
5. Mandatory Compliance Provisions. If Magnet furnishes, or otherwise authorizes the furnishing of, Medicaid health care items or services, performs billing or coding functions, or is involved in the monitoring of health care for the Customer, pursuant to Section 6032 of the Deficit Reduction Act of 2005 relating to “Employee Education About False Claims Recovery,” Magnet hereby agrees to abide by Customer’s policies required by said law, insofar as they are relevant and applicable to Magnet’s work performed on behalf of Customer, including participation in reviews or audits of claims or services, and agrees to make such policies available to Magnet’s personnel involved in the performance of such work. To the extent that Section 952 of the Omnibus Reconciliation Act of 1980 (the “Act”) and the regulations promulgated thereunder are applicable to this Agreement, Magnet and the organizations related to it, if any, performing any of the duties pursuant to this Agreement valued at Ten Thousand Dollars ($10,000) or more in any twelve (12)-month period shall, until four (4) years after the furnishing

Terms of Agreement

21

of services pursuant to this Agreement, comply with requests by the Comptroller General, the Secretary of the Department of Health and Human Services, and their duly authorized representatives for access (in accordance with Section 952 of the Act) to any contract or agreement between Magnet and Customer for Services and to any contract or agreement between Magnet and such related organizations, as well as the books, documents and records of Magnet and its related organizations, if any, which are necessary to verify the cost of the services provided. Magnet will promptly advise Customer of such request, and will promptly provide to Customer copies of any documents so provided. Neither party shall be deemed to have waived any attorney-client or work-product privilege by virtue of this Section.

6. Excluded Provider Representation. Each Party represents that: (i) it is not currently excluded, debarred or suspended from participation in any federal health care programs and is not under investigation or by any state or federal governmental agency that may lead to such an exclusion, debarment or suspension; and (ii) to the best of its reasonable knowledge, none of its employees, officers, directors or any health care providers contracted to provide Services hereunder is currently excluded, debarred, or suspended from participation in any federal health care programs and is not under investigation or by any state or federal governmental agency that may lead to such an exclusion, debarment, or suspension. If any of the representations and warranties set forth in this Section ceases to be true, the Party with this information will promptly remove, or cause to be removed, the excluded, debarred or suspended individual from providing Services hereunder and notify the other Party within one (1) business day of confirming the exclusion, debarment, or suspension. It is understood and agreed to by the Parties that the ability to verify if any individual is currently debarred is dependent upon the accuracy of the information contained on the OIG list of excluded persons and the representations of such individual.
7. Compliance with Laws. Each party is responsible for their own compliance with law and billing/coding and payor requirements. Neither party is relying upon, nor entitled to rely upon, the other party’s assertions as to compliance with laws, or billing/coding. The parties, however, intend that this Agreement comply at all times with all existing and future applicable laws, and billing and coding requirements. If at any time, as the result of the enactment of a new statute, the issuance of regulations, or otherwise, either party receives a written opinion of counsel that there is a substantial risk that, as a result of this Agreement, either party does not comply with applicable law, then the parties shall use good faith efforts to reform this Agreement in such a manner so that it complies with applicable law or does not preclude Magnet’s clients/customers from billing a third party payor, as applicable. If, after the exercise of such good faith efforts for a period of at least thirty (30) business days, the parties have not agreed on amendment(s) to this Agreement that resolve the legal issues referred to above, then the party(s) whose receipt of a legal opinion triggered renegotiation may terminate this Agreement upon at least sixty (60) calendar days written notice to the other party. Nothing in this Agreement or any other relationship of the Parties will be construed as requiring or inducing any Party or any of its owners, directors, members, officers, employees, affiliates, contractors or agents to refer any patients or business to the other Party. Nothing in this Agreement or any other relationship of the Parties will be construed as providing for payments over the fair market value or comparable compensation paid to professionals for their services in comparable locations and circumstances. Neither Party to this Agreement was selected by the other Party, or made its determination to enter into this Agreement, based on the volume or value of the previous referrals, current referrals, or anticipated future referrals to/from either Party. Referrals between the Parties are explicitly not a condition for entering into or continuing the relationship memorialized in this Agreement.

22

Terms of Agreement

8. Drafter; Legal Counsel and Accounting Advice. No Party will be considered the drafter of this Agreement or any paragraph or term hereof and no presumption will apply to any Party as the “drafter.” EACH PARTY HAS BEEN ADVISED OF ITS RIGHT TO, AND THE ADVISABILITY OF, ENGAGING AND SEEKING THE ADVICE OF INDEPENDENT COUNSEL AND HAS HAD THE FULL AND ADEQUATE OPPORTUNITY TO BE REPRESENTED BY INDEPENDENT COUNSEL OF ITS OWN CHOOSING WITH RESPECT TO EVALUATING THE CONTEMPLATED TRANSACTION AND ENTRY INTO THIS AGREEMENT.
9. Governing Law. The Service Agreement, any additional applicable terms and conditions incorporated by reference there in, and each Party’s rights and obligations under each will be governed by and construed in accordance with the laws of Florida without giving effect to conflicts of law principles. The Parties hereby submit to the exclusive jurisdiction of, and waive any venue objections against, state or federal courts sitting in Orlando, Florida in any litigation arising out of the Service Agreement.
10. Assignment. Neither Party may assign or transfer the Service Agreement without the prior written consent of the other Party; provided, however, that Magnet may assign or transfer the Service Agreement without Customer’s consent to any of Magnet’s affiliates, subsidiaries, entities controlled by or under common control with Magnet, or in the event of a merger, change of control or sale of substantially all of its assets. The Service Agreement will bind the Parties and their respective successors and permitted assigns and will inure to the benefit of the Parties and their respective permitted successors and assigns.
11. Invalidity. If any provision of the Service Agreement is found by a court of competent jurisdiction to be unenforceable, the other provisions of the Service Agreement will be unimpaired, and the unenforceable provision will be deemed modified so that it is enforceable to the maximum extent permitted by law (unless such modification is not permitted by law, in which case such provision will be disregarded).
12. Force Majeure. If any Party is unable to perform any of its obligations under the Service Agreement (other than payment obligations) because of any cause beyond the reasonable control of and not the fault of the Party invoking this section, including any act of God, fire, casualty, flood, earthquake, war, strike, lockout, epidemic or pandemic, destruction of production facilities, communications infrastructure failure, riot, insurrection or material unavailability, and if the non- performing Party has been unable to avoid or overcome its effects through the exercise of commercially reasonable efforts, such non- performing Party will give prompt notice to the other Party, its performance will be excused after giving such prompt notice, and the time for its performance will be extended for the period of delay or inability to perform due to such occurrences. If performance is extended under this section for more than sixty (60) days, then at any time before reinstatement of the performance, the other Party may terminate the Service Agreement upon notice to the non-performing Party.

m. RelationshipoftheParties.ThesolerelationshipbetweenthePartiesissolelythatofindependent contractors. The Service Agreement will not create a joint venture, partnership, agency, employment, or other relationship between the Parties.

n. Survival. Any term, condition, obligation, or other provision of the Service Agreement that contemplates performance after termination of the Service Agreement, or by its nature should survive termination/expiration, will survive expiration or termination and continue until fully satisfied.

23

Terms of Agreement

15. Entire Agreement. The Service Agreement, including all applicable exhibits and other documents incorporated by reference therein, constitutes the entire agreement between the Parties relating to this subject matter and supersedes all prior or simultaneous understandings, representations, discussions, negotiations, and agreements, whether written or oral.
16. Counterparts. The Service Agreement may be executed in one or more counterparts and may be executed electronically. Each counterpart or electronic copy thereof will be an original, but all such counterparts will constitute a single instrument.

24

Terms of Agreement

EXHIBIT C Business Associate Addendum

THIS HIPAA BUSINESS ASSOCIATE ADDENDUM (the “Addendum”) is entered into by and between Magnet (“Business Associate”), and Customer, on behalf of itself and its affiliates, if any (individually and collectively, the “Covered Entity”), and adds to any current or future agreement(s) for services entered into between Business Associate and Covered Entity which involve the creation, use, receipt, or disclosure of PHI (the “Agreement”).

Pursuant to the Agreement, Business Associate may perform functions or activities on behalf of Covered Entity involving the use and/or disclosure of protected health information received from, or created or received by, Business Associate on behalf of Covered Entity (“PHI”). Therefore, if Business Associate is functioning as a business associate to Covered Entity, Business Associate agrees to the following terms and conditions set forth in this Addendum.

1. Definitions and Regulatory References. For purposes of this Addendum, the terms used herein, whether or not capitalized, unless otherwise specifically defined, will have the same meanings as used in the Health Insurance Portability and Accountability Act of 1996, and any amendments or implementing regulations and the Health Information Technology for Economic and Clinical Health Act (Title XIII of the American Recovery and Reinvestment Act of 2009), and any amendments or implementing regulations (collectively, “HIPAA”, inclusive of the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Part 160 and 164). A reference in this Addendum to any provision of a law or regulation means the provision as then in effect, amended, or implemented via regulation.

2. Compliance with Applicable Law. The parties acknowledge and agree that Business Associate will comply with its obligations under this Addendum and with all obligations of a business associate under HIPAA. All other provisions of HIPAA that are applicable to Business Associate, and its relationship with Covered Entity under this Addendum and the Agreement, will be and by this reference hereby are incorporated into this Addendum.

3. General Limitation on Uses and Disclosures of PHI. Business Associate will not, and will ensure that its directors, officers, employees, subcontractors and agents do not, use or disclose PHI in any manner that is not permitted or required by the Agreement, this Addendum, or by law. Business Associate may also not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 of HIPAA if done by Covered Entity, except, Business Associate may use or disclose PHI for Business Associate’s own management and administration and legal responsibilities or for data aggregation services.

4. Permissible Use and Disclosure of PHI. Business Associate may only use and disclose PHI as is specifically and minimally necessary to carry out its duties to Covered Entity pursuant to the terms of the Agreement and as otherwise allowed by this Addendum.

5. Uses and Disclosures for Management and Administration. Business Associate may also use and disclose PHI: (i) for its own proper management and administration; and/or (ii) to carry out its legal responsibilities. If Business Associate discloses PHI to a third party for either above reason, unless such disclosure is required by law, prior to making any such disclosure, Business Associate must obtain: (a) reasonable written assurances from the receiving party that such PHI will be held and remain confidential and be used and further disclosed only as required by law or for the purposes for which it was disclosed to such receiving party; and (b) an agreement from such receiving party to immediately notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been compromised. Without limiting the foregoing, Business Associate may permit access to the system by Business Associate’s contracted system developers under appropriate confidentiality agreements.

6. Data Aggregation Services; De-Identified Data; Limited Data Sets; Other Data Uses. Business Associate may use and further disclose PHI to provide data aggregation services as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B). Business Associate may use PHI to prepare activity or quality reports and analyses or other reports that may from time to time be necessary or integral or related to either the services provided under the Agreement or for Business Associate’s own management and administration. Such

Terms of Agreement

25

reports and analyses will not make any disclosure of PHI that is not permitted by applicable laws, rules and/or regulations, or under the Agreement or this Addendum. Business Associate may also use PHI to de-identify the PHI in accordance with 45 C.F.R. §§ 164.502(d) and 164.514(a)-(c). Business Associate may create Limited Data Sets (“LDS”) from PHI. Business Associate may disclose the LDS for any purpose allowable by applicable law, rule and/or regulation. Business Associate will require the recipient of the LDS to enter into a Data Use Agreement specifying that the permitted uses and disclosures of the LDS are limited to the purpose of research, public health, or health care operations, and restrictions and/or guidelines on use of the LDS. Business Associate may use PHI to identify patients of Covered Entity who may be eligible for certain programs, including, but not necessarily limited to including savings programs, coupons, sampling, educational, safety, adherence or treatment support materials which you may choose to share with your patients, and to provide notification of same. Said notifications of potential eligibility are not a substitute for Covered Entity’s professional medical judgment regarding the appropriateness of said programs for a patient. Business Associate may receive remuneration in connection with presenting Covered Entity with patients’ eligibility for said programs. Business Associate may incorporate information received from Covered Entity’s authorized service providers, Business Associate’s third-party associates, or other covered entities (including their business associates) who are providing or paying for services for one or more of Covered Entity’s patients, into the services provided by Business Associate. Covered Entity hereby authorizes Business Associate to request and receive such information on Covered Entity’s behalf and to incorporate same as described herein. Finally, Covered Entity acknowledges and agrees that Business Associate may engage in further data use/disclosure activities (to the extent permitted by law), and that such activities may not be explicitly described herein. Covered Entity agrees to the same, so long as Business Associate conducts its activities in accordance with law.

It is further acknowledged and agreed that without the rights conferred in this Section 6 Business Associate would not have agreed to or entered into the Agreement or this Addendum. All rights, title and interest to any De-Identified Data, aggregated data, LDS data, or other data created by Business Associate is the exclusive property of Business Associate, who may use, disclose, market, license and sell such data for any allowable purpose, and without restriction, without further consideration. In many instances, such data is no longer PHI and is no longer subject to HIPAA. Further, it is explicitly acknowledged that Business Associate may receive any allowable remuneration in connection with the same.

7. Minimum Necessary. All uses and disclosures of, and requests by, Business Associate for PHI are subject to the minimum necessary rule of the HIPAA Privacy Rules. Business Associate will comply with the same.

8. Required Safeguards To Protect PHI. Business Associate agrees that it will implement appropriate safeguards in accordance with the HIPAA Privacy and Security Rules to prevent the use or disclosure of PHI other than pursuant to the terms and conditions of this Addendum. In doing so, without limitation, Business Associate will comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI.

9. Reporting of Improper Uses and Disclosures of PHI, Security Incidents, and Breaches. Business Associate will promptly report to Covered Entity any security incident, or any use or disclosure of PHI which is not provided for in this Addendum or is otherwise violative of HIPAA, of which it becomes aware. This provision applies regardless of whether such unauthorized use or disclosure was by Business Associate, its officers, directors, employees, agents, subcontractors, or by any third party. Business Associate will promptly report to Covered Entity a Breach of Unsecured PHI, in accordance with 45 C.F.R. §§ 164.400-414.

10. Mitigation of Harmful Effects. Business Associate agrees to mitigate, to the extent practicable, any harmful effect of an unauthorized use or disclosure of PHI by Business Associate in violation of the requirements of this Addendum or HIPAA.

11. Business Associate Agreements Required With Third Parties. Business Associate will enter into a written agreement with any agent or subcontractor of Business Associate that will have access to PHI, or who will create, receive, maintain, or transmit PHI on behalf of Business Associate. Pursuant to such written agreement and 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), the agent or subcontractor will agree to be bound by the same restrictions, terms, conditions, and requirements that apply to Business Associate under this Addendum with respect to such PHI.

Terms of Agreement

26

12. Access to Information. Promptly upon a request by Covered Entity, Business Associate will make available PHI maintained by Business Associate in a Designated Record Set, to Covered Entity, as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524. In the event any individual delivers directly to Business Associate a request for access to PHI, Business Associate will promptly forward such request to Covered Entity. Unless otherwise required by law, the term “Designated Record Set,” for the purposes of this Addendum, will not include any information in the possession of Business Associate that is the same as information in the possession of Covered Entity (information will be considered the same information even if the information is held in a different format, medium or presentation or it has been standardized). Business Associate may charge Covered Entity a reasonable fee for such access.

13. Availability of PHI for Amendment. Promptly upon the receipt of a request from Covered Entity, Business Associate will make any amendment(s) to PHI maintained by Business Associate in a Designated Record Set as directed or agreed to by Covered Entity pursuant to 45 C.F.R. § 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526. In the event any individual delivers directly to Business Associate a request for amendment to PHI, Business Associate will promptly forward such request to Covered Entity.

14. Access and Amendment Responsibility. Pursuant to HIPAA, in the event that Business Associate maintains PHI in a Designated Record Set, the parties agree that Covered Entity will have the responsibility to handle, track and maintain records of all requests by individuals to access or amend such PHI. Business Associate, as a business associate of Covered Entity, will not have any responsibility to handle, track and maintain records of any such requests except as set forth above or in the Agreement.

15. Documentation and Accounting of Disclosures. Business Associate will maintain, and make available promptly upon a request by Covered Entity, the information required to provide an accounting of disclosures, to Covered Entity, as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528. In the event the request for an accounting is delivered directly to Business Associate, Business Associate will promptly forward such request to Covered Entity. Unless otherwise required by changed HIPAA regulations or the Agreement, in response to a request from an individual for an accounting of disclosures from an electronic health record maintained or hosted by Business Associate, Covered Entity will provide the individual with an accounting of disclosures in accordance with HIPAA. Unless otherwise required by changed HIPAA regulations or the Agreement, with respect to Business Associate, Covered Entity may not elect to provide an individual with Business Associate’s name and contact information.

16. Business Associate Performing Covered Entity’s Obligations (If Applicable). To the extent that Business Associate is required by this Addendum or the Agreement to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate must comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s).

17. Availability of Books and Records. Business Associate hereby agrees to make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining compliance with HIPAA.

18. Term and Termination. The Term of this Addendum will be effective as of the effective date of the underlying Agreement(s), and will terminate on the termination or expiration of the last of the underlying Agreement(s), or on the date Covered Entity terminates this Addendum as authorized below, whichever is sooner. Covered Entity may: (i) terminate this Addendum if Covered Entity reasonably determines that Business Associate has violated a material term of HIPAA or this Addendum; or (ii) at Covered Entity’s option, Covered Entity may permit Business Associate to cure or end any such violation within the reasonable period of time specified by Covered Entity.

19. Effect of Termination of Addendum. Upon the termination or expiration of this Addendum for any reason, Business Associate, with respect to PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, will do the following:

19.1 Retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities or for which it is not feasible for Business Associate to return or destroy;

Terms of Agreement

27

19.2 Return to Covered Entity, or, if agreed to by Covered Entity, destroy, other remaining PHI that the Business Associate still maintains in any form, recorded on any medium, or stored in any storage system;
19.3 Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section, for as long as Business Associate retains the PHI; 19.4 Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set forth in this Addendum which applied prior to termination; and

19.5 Return to Covered Entity, or, if agreed to by Covered Entity, destroy, the PHI retained by Business Associate when it is feasible to do so and the PHI is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

Notwithstanding the foregoing, the parties agree that it is infeasible for Business Associate to destroy PHI, and that Business Associate needs to retain PHI for its proper management and administration and to carry out its legal responsibilities. Business Associate will remain bound by the provisions of this Addendum, which will survive even after termination or expiration of the Agreement or Addendum.

20. Covered Entity Obligations. Covered Entity will notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI. Covered Entity will notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI. Covered Entity will notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Covered Entity will not request for Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164 if done by Covered Entity, except that Business Associate may use or disclose PHI for data aggregation or management and administration and legal responsibilities of Business Associate.

21. Third Party Rights. The terms of this Addendum do not grant any rights to any parties other than Business Associate and Covered Entity.

22. Independent Contractor Status. For the purposed of this Addendum, Business Associate is an independent contractor of Covered Entity, and will not be considered an agent of Covered Entity.

23. Changes in the Law. The parties agree that, with no further action required by the parties, this Addendum will be deemed automatically amended to include and incorporate amendments or revisions to HIPAA, so that the parties remain in compliance with such amendments or revisions. All references to regulations or provisions of HIPAA herein will be deemed to also refer to any amendment or revision thereto and/or to any successor regulation.

If, as a result of any amendments or revisions to HIPAA, both parties determine that modifications to the terms of this Addendum: (i) may not be deemed to be automatically incorporated into this Addendum; and (ii) are strictly required by HIPAA to be reduced to writing; the parties agree to take such action as is necessary to enter into a mutually acceptable amendment to this Addendum that addresses solely the legal changes that are required to be reduced to writing. The parties agree that this Addendum may only be modified by mutual written amendment, signed by both parties, effective on the date set forth in the amendment. Neither party has the right to unilaterally amend or alter the provisions of this Addendum.

24. Interpretation and Conflicts. Any ambiguity in this Addendum will be interpreted to permit compliance with HIPAA. If there is any direct conflict between the Agreement and this Addendum, the terms and conditions of this Addendum will control.

***REMINDER***
Incorporate Covered Entity into Business Associate’s Security Rule Risk Analysis.