NaviNet Use Agreement

As of January 2025, we’ve updated the terms and conditions of the NaviNet Use Agreement. By continuing to use NaviNet, you agree to the terms laid out in our Use Agreement. We encourage you to review the entire content.

This NaviNet Use Agreement (the "Agreement") is entered into by and among NaviNet, Inc. ("Company" or “NaviNet”) and the healthcare provider or other authorized third party for which you work ("Licensee" or “you”). PLEASE READ THE TERMS AND CONDITIONS OF THIS AGREEMENT CAREFULLY. THESE TERMS AND CONDITIONS ARE A BINDING LEGAL AGREEMENT BETWEEN YOU AND COMPANY REGARDING YOUR USE OF SERVICES, CONTENT AND WEBSITES MADE AVAILABLE BY COMPANY.

This Agreement governs use of the NaviNet platform and services, as such services may be made available from time to time on NaviNet’s websites, including https://navinet.navimedix.com (the "Sites"), together with any Additional Services (as such term is defined below) used by Licensee to the extent such Additional Services are not governed by a separate agreement (collectively, the "Services"), and all user guides, operating manuals and functional specifications relating to any Service that Company or a Business Partner may make available (“Documentation”) and such other materials and information located on or accessed through the Services (together with the Documentation, as may be modified from time to time, the "Materials").

ACCEPTANCE OF AGREEMENT

You agree to the terms and conditions of this Agreement and consent to allow Company and its Business Partners (as defined below) to communicate with you electronically regarding the Services or as otherwise specified in this Agreement by clicking or checking any applicable acceptance, consent, agreement or similar request presented on a Site or otherwise using any of the Services through which this Agreement has been presented or made available to you. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS AND CONDITIONS, DO NOT USE THE SERVICES.

CHANGES

Company may at any time, at its sole discretion, update and revise this Agreement by posting an amended Agreement to the Services/Sites. Any changes to this Agreement will be effective immediately upon posting on the Service/Site. Please check the Sites and Services periodically for changes to the Agreement; you will be able to determine if this Agreement has been changed since your previous visit by viewing the "Last Updated" information that appears at the top of this Agreement. Use of the Services by Licensee or any Licensee Authorized User (as defined below) following the posting of any changes constitutes acceptance of those changes.

OTHER TERMS AND CONDITIONS

Company may offer an individual Service under different or supplemental terms and conditions (“Supplemental Terms”), in which case (i) Company will include such Supplemental Terms under a separate section of this Agreement or post or link to the Supplemental Terms on or within the individual Service and (ii) such Supplemental Terms will apply to that Service. If there is a conflict between any Supplemental Terms for a specific Service and the remainder of this Agreement, the Supplemental Terms for that specific Service shall have precedence with respect to your use of that Service.

AUTHORIZED USERS

Company has been engaged or otherwise authorized by its health plan and other similar subscribers (each, a "NaviNet Subscriber") to make the Services available to you and your Licensee Authorized Users (as defined below) to facilitate the exchange of health care information for payment and other healthcare administrative and operational purposes. You are being given access to the Services either because you are (i) a NaviNet Subscriber, a healthcare provider or other authorized third party that is exchanging health information with a NaviNet Subscriber or (ii) an employee or agent authorized by such person or entity to access the Services (such authorized employees and agents are referred to herein as "Licensee Authorized Users"). When you accept this Agreement, Licensee agrees to provide for the secure exchange of healthcare and other information electronically through identity management and authentication. Licensee further agrees that it is responsible for providing current, accurate and complete information regarding Licensee and the identifying information of any Licensee Authorized Users allowed to access the Services on behalf of Licensee.

Each Licensee Authorized User accessing the Services on behalf of Licensee represents that Licensee has authorized such person to access and use the Services and Materials on Licensee's behalf. Each Licensee Authorized User agrees that his or her provision of a username and password ("Log-in Information") is their signature and authorization for Company to authorize a Licensee Authorized User to access the Services and Materials. Each Licensee Authorized User represents that each such Licensee Authorized User is a natural person who is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, non-profit, or government agency and all of Licensee Authorized User’s communications or transactions with Company occur solely within the context of Company conducting due diligence regarding or providing or receiving a product or service.

You acknowledge that Licensee Authorized Users may submit personal information (including personally-identifiable information) through the Service ("Personal Information") and that Company may disclose, exchange, sell or release such Personal Information: (i) to Licensee, other Licensees and NaviNet Subscribers, as well as Company's service providers, third party clearinghouses and other business partners (collectively, "Business Partners"), and their respective employees, distributors and agents, in the provision or operation of the Services or to provide associated services; (ii) to a party or parties that acquire assets of the Company relating to a particular Service (whether by merger, acquisition or other similar transaction), (iii) to suggest personally relevant features, offer you customized content, invite you to participate in research activities such as surveys and focus groups, inform you about changes, improvements or additions to the Services that we offer, provide you with tailored advertising or send you promotional materials from us or our affiliates and Business Partners and (iv) for other purposes allowed under applicable law. For example, Company may contact Licensee Authorized Users regarding account status and other matters relevant to the Services and/or the information collected. Company may also use Licensee Authorized Users' Personal Information for the purpose of improving the operation of the Service.

In addition, Company may collect, use, retain or sell information that is not Personal Information to the extent permitted by law. For example, Company may collect, compile, and utilize aggregate statistical information about Licensee Authorized Users and/or Licensee, as well as usage data, for marketing and other purposes. Note that Personal Information does not include: publicly available information from government records; deidentified or aggregated consumer information; health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data; or personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver's Privacy Protection Act of 1994.

California residents may have additional personal information rights and choices. Please see the “Additional Disclosures for California Residents” section below.

General Responsibilities: Licensee is responsible for implementing and maintaining the quality and security procedures to be followed by Licensee Authorized Users using this Services. Licensee will ensure that Licensee Authorized Users follow appropriate procedures to safeguard the security of Licensee's hardware, software and information. Licensee is responsible for adequate protection, security and backup of data and/or equipment used in connection with the Services. Accordingly, Licensee agrees to indemnify and hold harmless Company and its Business Partners and affiliates from and against any and all claims, demands, actions, losses, damages, costs and expenses, including reasonable attorney's fees, arising from or relating to use of the Services or Materials, violation or alleged violations of this Agreement, or violation or alleged violation of any rights of another by Licensee, any unauthorized user, or any employee, officer, director or affiliate of Licensee which accesses the Services.
User Conduct: Neither Licensee nor any Licensee Authorized User may access or use the Services or Materials in any unlawful manner or for any unlawful purpose or in violation of these terms and conditions or applicable laws, rules and regulations. Licensee agrees that it and Licensee Authorized Users will only access and use the Services and Materials solely for Licensee's internal business purposes, consistent with this Agreement. Licensee shall not, and shall not permit any Licensee Authorized User to, post, upload or otherwise transfer to or via servers or communication lines by any means, including but not limited to web page content, linked web pages, e-mail or FTP, anything which (i) is obscene or constitutes child pornography under applicable law, (ii) is defamatory, (iii) contains any computer code that disrupts, disables, harms or otherwise impedes the operation of any Service or any associated data, software, firmware, hardware, computer or network (sometimes referred to as "viruses" or "worms"), or (iv) is commercial or promotional in nature. Licensee is solely responsible for all usage of the Services and Materials through Licensee's account and all related fees and any fees associated with use of other services accessed through the Services on Licensee's account, whether or not authorized by Licensee. Licensee will not permit any other individuals to use the Services or Materials unless they are Licensee Authorized Users. Licensee agrees not to, and not to permit any Licensee Authorized User to, (a) reproduce, duplicate, copy, sell, trade, resell, or exploit for any commercial purposes any portion of the Services or Materials (including Log-In Information), use of the Services or Materials, or access to the Services or Materials and (b) collect any information about any Service users or otherwise use any information obtained from the Services in order to contact, advertise to, solicit or sell to any user; (c) compile or collect any content, data or materials from the Services as part of a database or other work or composition, including, without limitation, use of any robot, spider, crawler, site search/retrieval application or other manual or automatic device or process to retrieve, index, “data mine”, harvest, scrape or in any way reproduce or circumvent the data, navigational structure or presentation of the Services; (d) interfere with, disrupt, create an undue burden on or otherwise impair the Services, the networks or services connected to the Services or any other party’s use of the Services, including, without limitation, any attempt to circumvent the access controls or security measures of the Services; or (e) “frame” or “mirror” any part of the Services without Company’s prior written authorization.
Passwords: Licensee's Designated Security Officer (as defined below) shall be responsible for access and use of the Services on Licensee's behalf and for the confidentiality of all passwords issued to Licensee and/or Licensee Authorized Users. Company may unilaterally suspend or terminate some or all of Licensee's access to the Service if Company has reason to believe that (1) an unauthorized user is accessing and/or using any Site or Service on Licensee's behalf, (2) Licensee Authorized Users are sharing passwords or using the login credentials of any other Licensee Authorized User, (3) Licensee is not regularly monitoring its roster of Licensee Authorized Users and notifying Company when an individual's access to the Services should be terminated, or (4) any other acts or omissions to suggest that Licensee and/or Licensee Designated Security Officer is not actively engaged in monitoring Licensee and Licensee Authorized Users' access to the Services. The suspension or termination of Licensee Designated Security Officer's access to the Services will also prevent other Licensee Authorized Users from accessing the Services, until such time as Licensee has resolved the security concern to Company's satisfaction. Licensee agrees to immediately notify Company of any unauthorized use of any password or any other breach of security.
Use of Licensee Data: Notwithstanding anything to the contrary in this Agreement or any other written agreement between the parties, Licensee authorizes Company and its Business Partners and affiliates to use, share, or sell any data including but not limited to Personal Information and metadata, except financial information, received by Company or its Business Partners from Licensee pertaining to Licensee, and/or Licensee’s Authorized Users for any purposes allowed under applicable law.

ROLE OF LICENSEE DESIGNATED SECURITY OFFICER

Licensee is required to designate one Licensee Authorized User as a security officer (the "Licensee Designated Security Officer") and to ensure that the Licensee Designated Security Officer complies with his or her obligations under this Agreement. The Licensee Designated Security Officer serves as Licensee's primary contact with Company regarding security issues. Company's Security Officer oversees Company's information security program and serves as the primary contact for requests pertaining to Service security from Licensee Designated Security Officers.

Licensee represents and warrants that its Licensee Designated Security Officer is knowledgeable concerning the statutory and regulatory requirements applicable to Licensee and the electronic storage and transmission of patient information within and from Licensee, including HIPAA and any state medical privacy mandates. Licensee Designated Security Officer is responsible for remaining actively informed of developments concerning these legal requirements and will identify security services, products and solutions to ensure Licensee adheres to legal requirements related to information privacy and security.

Licensee Designated Security Officer responsibilities include the following:

Ensuring that every Licensee Authorized User will have his or her own unique password.
Ensuring that these unique passwords are not shared with anyone, even among Licensee Authorized Users.
Regenerating a user password, if a Licensee Authorized User forgets his or her password and challenge and response answers and needs it to be regenerated.
Regenerating a user password, if a Licensee Authorized User's username or password has been shared or otherwise compromised.
Adding or terminating the access of any Licensee Authorized Users to the Services.
Managing the access of any Licensee Authorized Users to the Services by granting or denying access to specific functions of the Services.
Maintaining tax IDs and provider IDs within the Services, if authorized by Licensee to do so.
Ensuring that information accessed via the Services is only used for legitimate business purposes.
Setting the amount of time before the Services automatically log off inactive sessions.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Company is committed to the ideals of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Licensee hereby certifies that Licensee is a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ("HIPAA"), and the regulations promulgated thereunder, including but not limited to, the Standards for Privacy of Individually Identifiable Health Information, 45 CFR Parts 160 and 164, Subparts A and E (the "Privacy Rule"), and the Security Standards for the Protection of Electronic Protected Health Information, 45 CFR Parts 160 and 164, Subparts A and C (the "Security Rule" and, together with the Privacy Rule, the "HIPAA Rules"). As such, Licensee shall assure that each Licensee Authorized User agrees to maintain full compliance with HIPAA and the HIPAA Rules, and any other laws, now or hereafter existing, that are applicable to Licensee, directly or indirectly, with respect to the gathering, use, transmission, processing, receipt, reporting, disclosure, maintenance or storage of health information. Licensee further certifies that Licensee's, and each Licensee Authorized User's, access to and use of the Services is exclusively for "payment" and "health care operations" (in each case as such terms are defined in the HIPAA Rules).

If Licensee is a NaviNet Subscriber and has engaged Company to provide access to the Services on its behalf, or if Licensee has engaged Company to provide Additional Services (as defined below) on its behalf, Company acts as a "Business Associate" of such NaviNet Subscriber or Licensee (as applicable). Company hereby certifies that it has "Business Associate Agreements" in place with of each of its NaviNet Subscribers, in compliance with the terms of 45 CFR § 164.504(e). Licensee hereby certifies that, as a HIPAA Covered Entity, it is permitted to exchange Protected Health Information with other Licensees (and their Business Associates) without a direct Business Associate Agreement with Company, in accordance with the terms of 45 CFR § 164.506.

ADDITIONAL SERVICES AND PAYMENT TERMS

Company may from time to time offer certain services that are in addition to and/or separate from the NaviNet portal services provided pursuant to an engagement with a NaviNet Subscriber, including, without limitation, the AllPayer Services (defined below), access to Medicare eligibility and billing information services and access to third party prior authorization services (as further described from time to time on the Sites) (collectively, the "Additional Services"). Licensee may contact Company if Licensee wishes to receive access to the Additional Services.

Business Associate Agreement Terms

By agreeing to access the Additional Service(s), if and to the extent Licensee does not already have a Business Associate Agreement in place with Company, Licensee agrees to the Business Associate Agreement terms set forth at the end of this Agreement and incorporated herein.

Payment Terms

Certain Additional Services are available only upon payment of additional charges. The following payment terms apply to your purchase of such Additional Services:

Charges

If there is a fee associated with an Additional Service, you agree to pay that charge. Fees for Additional Services shall be as published by Company on the Sites or otherwise specified in the applicable order form (which may be presented/completed online) and/or the receipt for such Additional Services. Fees may be updated from time to time as provided below and on the Sites. Unless otherwise specified on the applicable Site, order form or receipt or in the Supplemental Terms for an Additional Service, (i) all recurring payment obligations start from the completion and processing of the applicable order form and (ii) Company will charge Licensee's credit card or checking account monthly for all Additional Services (either in advance or in arrears, at Company’s option, for the particular Additional Service).
Payor Registration

Licensee acknowledges that, for certain Additional Services (such as the AllPayer Services) (i) Company must register each provider for which the Additional Services will be used with the applicable health plans and/or the Centers for Medicaid and Medicare Services and (ii) due to this registration requirement, there may be a delay of up to 4 business days (or longer if Licensee has not supplied Company with the information required for such registration) between when the Additional Service order is completed and charges begin and when the Additional Service can be used.
Price/Fee Changes

Company may, in its sole discretion, change fees upon 30 days’ notice (which notice may be provided by email or in another reasonable manner). If you do not agree to the fee change, you must cancel and stop using the Additional Service before the fee change takes effect. If there is a fixed term and fee for your Additional Service offer, that fee will remain in force for the fixed term.
Failure to Pay

Company reserves the right to terminate this Agreement, and its provision of Additional Services, upon any failure of payment, regardless of the reason for such failure.
Your Billing Account.

To pay the charges for Additional Services, you will be asked to provide a payment method. You can change your billing information and payment method through Company’s payment processor or such other method as Company may make available to you. Additionally, you agree to permit Company (or its agent) to use any updated account information regarding your selected payment method provided by your issuing bank or the applicable payment network. You agree to promptly update your account and other information, including your email address and payment method details, so we can complete your transactions and contact you as needed in connection with your transactions. Changes made to your billing account will not affect charges we submit to your billing account before we could reasonably act on your changes to your billing account.
Billing and Payment Information.

By providing Company (or its agent) with a payment method, you (i) represent that you are authorized to use the payment method you provided and that any payment information you provide is true and accurate and (ii) authorize Company (or its agent) to charge you for the Additional Services you choose to sign up for or use. Company (or its agent) may bill you (a) in advance; (b) at the time of purchase; (c) shortly after purchase; and/or (d) on a recurring basis for Additional Services offered on a subscription basis. Company (or its agent) may bill you at the same time for more than one of your prior billing periods for amounts that haven't previously been processed. Company is not responsible for any consequences of your provision of inaccurate information. Company may take reasonable measures to detect and prevent fraud, including viewing, monitoring and recording any activity conducted by you, without providing notice or obtaining your prior consent. Any information obtained as a result of such measures may be provided to governmental authorities.
Recurring Payments

When you purchase an Additional Service on a subscription basis (e.g., monthly, every 3 months or annually), you agree that you are authorizing recurring payments, and payments will be made to Company by the method and at the recurring intervals you have agreed to, until the subscription for that Additional Service is terminated by you or by Company. You must cancel such Additional Service before the next billing date to stop being charged. We will provide you with instructions on how you may cancel the Additional Service. By authorizing recurring payments, you are authorizing Company (or its agent) to store your payment instrument and process such payments as either electronic debits or fund transfers, or as electronic drafts from your designated account (for Automated Clearing House or similar payments), or as charges to your designated account (for credit card or similar payments) (collectively, "Electronic Payments"). Subscription fees may be charged in advance or in arrears of the applicable subscription period, at Company’s option for the applicable Additional Service. If any payment is returned unpaid or if any credit card or similar transaction is rejected or denied, Company or its service providers reserve the right to collect any applicable return, rejection or insufficient funds fee and process any such payment as an Electronic Payment.
Bank Account Payment Method

You may be able to register an eligible bank account to use it as a payment method. Eligible bank accounts include accounts held at a financial institution capable of receiving direct debit entries (e.g., a United States-based financial institution that supports automated clearing house ("ACH") entries). Terms you agreed to when adding your bank account as a payment method also apply. You represent and warrant that your registered bank account is held in your name or you are authorized to register and use this bank account as a payment method. By registering or selecting your bank account as your payment method, you authorize Company (or its agent) to initiate one or more debits for the total amount of your purchase or subscription charge (in accordance with the terms of your subscription service) from your bank account (and, if necessary, initiate one or more credits to your bank account to correct errors, issue a refund or similar purpose), and you authorize the financial institution that holds your bank account to deduct such debits or accept such credits. You understand that this authorization will remain in full force and effect until you remove your bank account information from your Company account. Contact Company’s customer support team as soon as possible if you believe you have been charged in error. Laws applicable in your country may also limit your liability for any fraudulent, erroneous or unauthorized transactions from your bank account. By registering or selecting a bank account as your payment method, you acknowledge that you have read, understand and agree to these terms.
Statements and Errors

Company (or its agent) will provide you with a billing statement (online or via email or other method determined by Company). If we make an error on your bill, you must tell us within 90 days after the error first appears on your bill. We will then promptly investigate the charge. If you do not tell us within that time, you release us from all liability and claims of loss resulting from the error and we won't be required to correct the error or provide a refund. If Company has identified a billing error, we will correct that error within 90 days.
Refund Policy

Unless otherwise provided by law or by a particular Additional Service offer, all purchases are final and non-refundable. If you believe that Company has charged you in error, you must contact us within 90 days of such charge. No refunds will be given for any charges more than 90 days old. We reserve the right to issue refunds or credits at our sole discretion. If we issue a refund or credit, we are under no obligation to issue the same or similar refund in the future. This refund policy does not affect any statutory rights that may apply.
Taxes

All fees payable by Licensee are exclusive of any federal, state, municipal or other governmental taxes, duties, excise taxes or tariffs now or hereinafter imposed on the use of the AllPayer Services or any other transactions hereunder, all of which shall be paid by Licensee, unless Licensee provides Company with a valid tax exemption certificate authorized by the appropriate taxing authority.

Additional Service Termination

Company may terminate this Agreement, and discontinue the provision of any Additional Service, at any time in its sole discretion and without prior notice. Upon any such termination, Licensee must discontinue all use of the Additional Service(s). In the event of any such termination prior to the last day of any month, Licensee will be reimbursed for a pro rata portion of the fees it has paid for such Additional Service(s) for such month, based on the number of days remaining in such month. The provisions of this Agreement (other than your right to use the Additional Services) shall survive termination of this Agreement.

COMPANY ASSUMES NO RESPONSIBILITY FOR YOUR USE OR MISUSE OF THE INFORMATION TRANSMITTED THROUGH THE ADDITIONAL SERVICES.

DISCLAIMERS, LIMITATION OF REMEDIES AND LIABILITY

Risks

Company acts solely as an operator of the Services and does not warrant that the use or operation of the Services will be uninterrupted or error-free. Use of the Services and any reliance upon any Materials, including any action taken or not taken by Licensee, any Licensee Authorized User, or any user who obtains access to the Services via Licensee, because of such use or reliance, is at the sole risk of Licensee. Without limiting the foregoing, Licensee agrees that Company and its Business Partners and affiliates are not responsible for the accuracy of the Materials or other information, including personal, medical or health care information accessed through the Services, and it is the responsibility of Licensee and Licensee Authorized Users to confirm the accuracy of such information.

Internet Disclaimer

Company and its Business Partner’s do not warrant that any Service will be uninterrupted, error-free, or completely secure. Company and its Business Partners do not and cannot control the flow of data to or from their networks and other portions of the internet. Such flow depends in large part on the internet services provided or controlled by third parties. Actions or inactions of such third parties can impair or disrupt Licensee’s connections to the internet (or portions thereof). Accordingly, Company and its Business Partners disclaim any and all liability resulting from or related to such events.

General Disclaimer of Warranties

WITHOUT LIMITATION OF THE FOREGOING OR ANY OTHER DISCLAIMER OF WARRANTY IN THIS AGREEMENT, LICENSEE EXPRESSLY UNDERSTANDS AND AGREES THAT:

COMPANY MAKES NO WARRANTY THAT (i) THE SERVICES WILL MEET LICENSEE'S REQUIREMENTS, (ii) THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICES WILL BE ACCURATE, UP TO DATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED THROUGH THE SERVICES WILL MEET THE EXPECTATIONS OF YOU OR LICENSEE, AND (v) ANY ERRORS IN SOFTWARE WILL BE CORRECTED.
ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICES IS DONE AT LICENSEE'S OWN DISCRETION AND RISK, AND LICENSEE WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO COMPUTER SYSTEMS OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL.
NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COMPANY OR THROUGH OR FROM THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.
THE SERVICES AND THE MATERIALS ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. COMPANY DISCLAIMS ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Indemnification

Licensee agrees to indemnify, defend and hold harmless Company and its Business Partners and affiliates (the “Company Indemnified Parties”) from and against all damages, costs and expenses, including, without limitation, interest, penalties and reasonable attorneys' fees and disbursements, asserted against, directly resulting to, imposed upon or directly incurred by a Company Indemnified Party by reason of or resulting from any of the following: (a) Licensee or any Licensee Authorized User's gross negligence, willful misconduct or violation of law; (b) Licensee or any Licensee Authorized User's use of the Services for any purpose other than the purpose for which they were intended; and (c) Licensee or any Licensee Authorized User's unauthorized use or disclosure of any information obtained through the Services.

Remedies: Subject to the terms and conditions of the paragraph with the heading "Limitations on Liability": (i) Licensee's and Licensee Authorized Users' sole and exclusive remedy for any failure or nonperformance of the Services or any Materials (including any associated software) shall be for Company to use commercially reasonable efforts to adjust or repair the applicable Service or the Materials and (ii) in the event of the failure of essential purpose of the foregoing remedy, Licensee's sole and exclusive alternative remedy for any failure or nonperformance of the Services shall be for actual out-of-pocket damages incurred by Licensee as a result of such failure or nonperformance.

LIMITATIONS ON LIABILITY. COMPANY AND ITS BUSINESS PARTNERS, AFFILIATES AND NAVINET SUBSCRIBERS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED AS A RESULT OF USE OF OR INABILITY TO USE THE SERVICES AND/OR THE MATERIALS. TO THE EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT SHALL COMPANY OR ANY OF ITS BUSINESS PARTNERS, AFFILIATES OR NAVINET SUBSCRIBERS BE LIABLE TO YOU, LICENSEE OR ANY OTHER PERSON FOR ANY MONEY DAMAGES, WHETHER INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, COVER, RELIANCE, CONSEQUENTIAL OR EXEMPLARY DAMAGES, EVEN IF PREVIOUSLY INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. IN THE EVENT THAT COMPANY OR ANY OF ITS BUSINESS PARTNERS, AFFILIATES OR NAVINET SUBSCRIBERS IS NEVERTHELESS FOUND LIABLE FOR DAMAGES FROM ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE), THE LIABILITY OF COMPANY OR ANY BUSINESS PARTNERS, AFFILIATES OR NAVINET SUBSCRIBERS WILL BE LIMITED TO THE AMOUNT PAID TO COMPANY FOR THE APPLICABLE SERVICE DURING THE TWELVE MONTH PERIOD PRECEDING THE APPLICABLE CLAIM. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU OR LICENSEE.

INTELLECTUAL PROPERTY

Limited License: Subject to the terms of this Agreement, including, without limitation, the receipt of payment where applicable, Company hereby grants Licensee a nonexclusive, nontransferable, nonsublicensable license for Licensee and Licensee Authorized Users to access and use the Services as made available by Company for their intended purpose and to create on-line or off-line printouts of the forms and other print-formatted content made available from the Services, in each case, solely in connection with Licensee's normal internal business activities. No other right or license of any kind is granted by Company to Licensee or any Licensee Authorized User hereunder with respect to the Services or any portion thereof, including the Additional Services and Materials.

Ownership: The Services, Materials, and the Company and NaviNet names and logos and all related product and service names, design marks and slogans are the property of Company, its affiliates or Business Partners. Other product names and service marks, etc. are the property of their respective owners. Licensee is not authorized to use any of these marks. Use of the Services confers no title or ownership in any Service, the Materials or the marks. References to any names, marks, products or services of third parties or hypertext links to third party sites or information do not necessarily constitute or imply Company's endorsement, sponsorship or recommendation of the third party, information, product or service. Licensee acknowledges that Company owns all copyrights and associated intellectual property rights in the Services and Materials. Licensee will not, and will not permit any Licensee Authorized User to, copy, modify, translate, reverse engineer, decompile, disassemble or create derivative works of any software or Materials licensed to Licensee by Company in connection with the Services.
Feedback: Licensee and/or Licensee Authorized Users may from time to time provide suggestions, comments or other feedback to Company or its Business Partners or affiliates regarding a Service or their other current or future products and services (collectively, “Feedback”). Licensee agrees that such Feedback, even if designated as confidential, shall not create any confidentiality obligation hereunder for or upon Company or its Business Partners or affiliates. Licensee agrees that Company and its Business Partners and affiliates shall be free to use, disclose, reproduce, license or otherwise distribute, and exploit any and all Feedback provided to it as it sees fit, entirely without obligation or restriction of any kind on account of intellectual property or otherwise.

OTHER TERMS

Export Controls: The Services and Materials are provided by Company in the United States for access and use in the United States only. Those who access the Services do so on their own initiative and at their own risk, and are responsible for compliance with their local laws, if and to the extent such local laws are applicable. Use of the Services is subject to applicable United States export controls. None of the Services, Materials or underlying information or technology may be downloaded or otherwise exported or re-exported outside of the United States.
No Third Party Beneficiaries: Except with respect to rights, privileges and/or protections provided hereunder for Company’s Business Partners and affiliates, Licensee and Company agree that they do not intend any third party beneficiaries to this Agreement.
General Terms: Except for any Supplemental Terms posted by Company for any specific Service, this Agreement constitutes the entire agreement among Licensee and Company with reference to use of the Services and the Materials, and supersedes any prior agreement between or among the parties regarding its subject matter. Further, and notwithstanding the foregoing, this Agreement does not supersede any separate written licensing or Business Associate Agreement executed by both Company and Licensee. This Agreement is governed by the laws of the Commonwealth of Massachusetts (excluding rules dealing with conflicts of law). Company may freely transfer, assign or delegate all or any portion of this Agreement, and any rights and duties hereunder. Except as otherwise expressly provided in this Agreement, Licensee may not transfer, assign or delete any rights or obligations hereunder without the prior written consent of Company. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of any heirs, successors and permitted assignees of the parties. In the event any provision of this Agreement is found to be unenforceable or invalid, such provision shall be modified so as to make it valid and enforceable and as so modified the entire Agreement shall remain in full force and effect.
Subcontractors and Agents: The Company consents to Licensee's use of independent contractors and agents to exercise Licensee's right to access and use the Services for Licensee's internal purposes, as set forth herein; provided that: (i) Licensee informs any such independent contractor or agent of the use restrictions, confidentiality and other obligations and restrictions set forth herein related to the use of the Services, (ii) the independent contractor or agent complies with all applicable laws and regulations in the exercise of Licensee's rights hereunder, and (iii) Licensee shall remain solely responsible for its obligations under this Agreement and shall assume all responsibility for the acts and omissions of any such independent contractor or agent.
Termination of Agreement: Company may terminate this Agreement immediately, with or without notice, if Licensee or any Licensee Authorized User breaches or threatens to breach any of the provisions of this Agreement. Upon any such termination or expiration, Licensee must immediately discontinue all use of the Services and immediately destroy all copies of the Materials. The provisions of this Agreement (other than your right to use the Services) shall survive termination or expiration of this Agreement.

NAVINET ALLPAYER SUPPLEMENTAL TERMS

The following Supplemental Terms shall apply with respect to Company’s AllPayer services, including NaviNet AllPayer Basic, NaviNet AllPayer Premium, and NaviNet AllPayer Ultimate, (collectively, the “AllPayer Services”).

Transaction-Based Charges: Except as otherwise expressly specified in the applicable order form and/or receipt, any Transaction-based fees for AllPayer Services will be charged by Company monthly (or portion thereof if a service is upgraded or terminated mid-month) based on Transactions processed during the previous month. As used in these Supplemental Terms for the AllPayer Services, “Transaction” means information received from Licensee or its agent that is processed by Company, either directly or indirectly, via or in connection with an AllPayer Service.
Modifications to AllPayer Services: Company may modify or discontinue any AllPayer Service at any time for any reason. Additionally, Licensee acknowledges and agrees that future regulations or industry practices may affect performance of the AllPayer Services and require Company to generate additional or different information, to use different Transaction formats, to reprogram software and/or incur delays in processing Transactions. If any changes relate to a particular Transaction recipient and involve an unreasonable cost to either party to accommodate such Transaction recipient, then such party may discontinue the AllPayer Service with respect to such Transaction recipient upon prior written notice to the other party.
Use of AllPayer Services: Licensee will: (a) cooperate fully with Company and its Business Partners and provide access to all appropriate Licensee facilities, equipment and supporting documentation requested, as reasonably necessary for Company and its Business Partners to provide the AllPayer Services; (b) secure any authorizations necessary to receive the AllPayer Services; (c) use the AllPayer Services in accordance with any conditions of use set forth in the Documentation furnished by Company and/or a Business Party (electronically or otherwise) or specified from time to time by Company or a Business Party; (d) provide Company and its Business Partners with necessary data in the proper format to enable them to properly furnish the AllPayer Services; (e) comply with all applicable contractual obligations imposed by payors in order for Company and its Business Partners to obtain such access to payors as may be necessary for performance of the AllPayer Service; provided, however, that neither Company nor its affiliates or Business Partners will be liable for any reimbursement decisions made by payors with respect to any AllPayer Service; (f) select operators who are qualified to operate/use the AllPayer Service; (g) convert its own data files to print image files for use with the AllPayer Services when necessary; (h) complete and return to Company and its Business Partner all forms reasonably required by them or by payors; (i) provide authorized signatures to Company, its Business Partners and payors as required by applicable law; (j) consider and treat all information received through the AllPayer Services as confidential; (k) request information from Company only in connection with the AllPayer Services, and in connection with data that Licensee is legally entitled to view and/or modify; (l) make or request modifications to the AllPayer Services or Licensee data that comply with all applicable federal and state laws, rules, and regulations, and (m) use or access the AllPayer Services only in a way that does not adversely affect the performance or function of the AllPayer Services or interfere with the ability of other authorized parties to access the AllPayer Services.

Failure to Comply: Licensee acknowledges and agrees that neither Company nor its Business Partners or affiliates will be liable for any delay in the performance of its obligations, where such delay is due to Licensee’s action or inaction. Company may suspend Licensee and it’s users’ access to or use of the AllPayer Services, without credit, at any time if, in Company’s sole discretion, the performance, integrity or security of an AllPayer Service is in danger of being compromised as a result of such access. In addition to other remedies available to Company under this Agreement, any breach of the foregoing may result in immediate termination of access to and use of the AllPayer Services.
Permitted Access: Neither Licensee nor any Licensee Authorized User may access or use the AllPayer Service in any unlawful manner or for any unlawful purpose or in violation of these terms and conditions or applicable laws, rules and regulations. Licensee represents and warrants that only duly authorized representatives of Licensee will be permitted to access the AllPayer Services, solely for Licensee’s internal business purposes, consistent with the uses described herein. Licensee users will be required to register and receive a login ID and password before accessing the AllPayer Services. After the initial registration, Licensee will ensure that all additional users are authorized and receive login IDs and passwords. Company and its Business Partners are entitled to rely upon the certification, statement, or electronic representation thereof, of Licensee’s representative in providing the AllPayer Services to Licensee. Licensee will not, except as otherwise agreed to in writing, either (a) allow any third party not under the control of Licensee to obtain access to any AllPayer Service, or (b) allow use of any AllPayer Service in any manner which would allow the general public access or for the benefit of any third party.
Delivery of Data: Licensee will deliver accurate and complete Transaction data to Company and its Business Partners using a format in accordance with the Documentation. Company and its Business Partners will have no obligation to verify, check or otherwise inspect the information furnished by Licensee, except to verify the number of records, the number of Transactions, and the total dollar amount of the Transactions. In addition to the foregoing, Licensee will submit Transactions in accordance with applicable law. Payors, Business Partners, fiscal intermediaries, government entities and other third-party information suppliers may require that Licensee agree to comply with certain obligations as a condition of accessing their information. Licensee will comply with such obligations as a condition of Company providing the AllPayer Services.
Data Records: At Licensee’s expense, Licensee will maintain all source documents for verification of Transaction data to any payor and be responsible for record keeping, security backup of transactions information and loss of data.
Re-Submission: Both (a) Transactions rejected by a payor for any reason other than inappropriate format, and (b) Transactions rejected by Company or a Business Party must be corrected and resubmitted by Licensee for processing at Licensee’s expense.
AllPayer Service Liability Limitation: Without limitation of other exclusions and limitations on liability provided under this Agreement, due to the nature of the AllPayer Services, Licensee acknowledges and agrees that (a) in no event will Company or its Business Partners or affiliates be liable for any loss, damage, cost or expense arising from the inaccuracy, invalidity, incompleteness, error, omission, misdelivery, or other fault of Licensee, any payor, or any third party and relating to any information or Transaction provided to or processed by Company and/or a Business Partner, and (b) in no event will Company and/or any Business Partner be liable for any claim, loss correction, damage or expense caused by Licensee’s performance or use of the AllPayer Services or failure to use or perform any AllPayer Service. The parties acknowledge that the foregoing limitations are a material condition for their entry into this Agreement.
Term & Termination: The term of your license to access and use the AllPayer Services shall be specified on the applicable order and/or receipt and shall automatically renew as set forth in the order and/or receipt, unless either party gives written notice of its intention to terminate or the AllPayer Services are otherwise terminated as provided this Agreement. Licensee must give notice of its intention to terminate the AllPayer Services in accordance with Company’s cancellation request form (as made available by Company upon written request).
Use of Transaction Data: Notwithstanding anything to the contrary in this Agreement or any other written agreement between the parties, Licensee authorizes Company and its Business Partners and affiliates to (a) de-identify PHI (as defined in the Business Associate Agreement terms below) contained in any Transaction in accordance with 45 C.F.R. 164.514(b) and/or (b) perform data aggregation on PHI, in each of the foregoing cases, for statistical compilations, reports, research and all other purposes allowed under applicable laws.
Additional Supplemental Terms for Services enabled by CoverMyMeds (including Drug Authorizations): In addition to the terms and conditions of this Agreement, you acknowledge and agree that certain Services (including “Drug Authorizations”) made available to you by CoverMyMeds, LLC (a Business Partner) via the NaviNet platform (the “CoverMyMeds Services”) are subject to and governed by the additional Supplemental Terms available at Supplemental CoverMyMeds Terms of Service. IF YOU DO NOT AGREE TO BE BOUND BY THESE SUPPLEMENTAL TERMS, DO NOT USE THE COVERMYMEDS SERVICES.

ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

This section applies solely to Licensee Authorized Users who reside in the State of California. Any terms defined in the California Consumer Privacy Act of 2018 (“CCPA”) have the same meaning when used in this section.

Personal Information Sales Opt-Out and Opt-In Rights: If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by sending an email message to privacy@navinet.net with the title/subject line of "Do Not Sell My Personal Information" or by completing a Do Not Sell My Personal Information form. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by sending an email message to privacy@navinet.net with your opt-in authorization. You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not engage in any of the following on account of your exercise of your CCPA rights: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

BUSINESS ASSOCIATE AGREEMENT TERMS

These Business Associate Agreement terms apply to NaviNet Subscribers and to Licensees that engage Company to provide Additional Services on such Licensee’s behalf, in each case, to the extent such NaviNet Subscriber or Licensee does not already have a separate, written Business Associate Agreement (as defined in the HIPAA Standards) in place with Company. By clicking or checking any applicable acceptance, consent, agreement or similar request presented on a Site or otherwise using any of the Services, you agree that you have read, understand, and agree to be bound by these Business Associate Agreement terms. If you do not agree to these Business Associate Agreement terms, do not use Company and its associated services. If you prefer to use another form of Business Associate Agreement, please contact the Company Security Officer and do not use the Company service until proper agreements are put in place.

The U.S. Department of Health and Human Services issued regulations on "Standards for Privacy of Individually Identifiable Health Information" comprising 45 C.F.R. Parts 160 and 164, Subparts A and E (the "Privacy Standards"), "Security Standards for the Protection of Electronic Protected Health Information" comprising 45 C.F.R. Parts 160 and 164, Subpart C (the "Security Standards"), "Standards for Notification in the Case of Breach of Unsecured Protected Health Information" comprising 45 C.F.R. Parts 160 and 164, Subpart D (the "Breach Notification Standards"), and "Rules for Compliance and Investigations, Impositions of Civil Monetary Penalties, and Procedures for Hearings" comprising 45 C.F.R. Part 160, Subparts C, D, and E ("the "Enforcement Rule"), promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), and the Genetic Information and Nondiscrimination Act of 2008 ("GINA") (the Privacy Standards, the Security Standards, the Breach Notification Standards, and the Enforcement Rule are collectively referred to herein as the "HIPAA Standards”).

In providing services described in this Agreement, Company may create, receive, maintain, or transmit certain Protected Health Information ("PHI") and may function as a "Business Associate" on your behalf.

You (the "Licensee") are required by the HIPAA Standards to obtain satisfactory assurances that Company will appropriately safeguard all PHI created, received, maintained, or transmitted by Company on your behalf. You and Company desire to enter into these Business Associate Agreement terms to memorialize our respective obligations with respect to PHI pursuant to the requirements of the HIPAA Standards, as amended from time to time.

Except as otherwise specified, capitalized terms used but not defined in these Business Associate Agreement terms will have the same meaning as those terms in the HIPAA Standards, as amended from time to time.

Obligations and Activities of Company

Company will not use or further disclose PHI other than as permitted or required by the terms of these Business Associate Agreement terms or as Required by Law. Company will also comply with any further limitations on uses and disclosures of PHI by Licensee in accordance with the HITECH Act and 45 C.F.R. § 164.522, provided that Licensee communicates such limitations to Company.

Company will use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement (including these Business Associate Agreement terms).

Company will use appropriate safeguards and comply with 45 C.F.R. Part 164, Subpart C with respect to Electronic Protected Health Information ("ePHI") that it creates, receives, maintains, or transmits on behalf of Licensee.

Company will report to Licensee any use or disclosure of PHI not provided for by this Agreement (including these Business Associate Agreement terms) of which Company becomes aware. Additionally, Company will report to Licensee any Security Incident of which Company becomes aware. At the request of Licensee, Company will identify the date and nature and scope of the Security Incident, Company' response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known. Notwithstanding the foregoing, the parties acknowledge and agree that this paragraph constitutes notice by Company to Licensee of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Licensee shall be required. Unsuccessful Security Incidents means, without limitation, pings and other broadcast attacks on Company's firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Licensee's electronic PHI.

Company will notify Licensee of any Breach of Unsecured Protected Health Information of Licensee within ten (10) business days of the date Company learns of the Breach. Company will provide such information to Licensee as required by the Breach Notification Standards. Company will reasonably cooperate and assist Licensee in making the notification to third parties required by the Breach Notification Standards in the event of a Breach due solely to Company.

Company will obtain and maintain an agreement with each agent or subcontractor that creates, receives, maintains, or transmits Licensee's PHI on behalf of Company. Under the agreement, such agent or subcontractor shall agree to the same restrictions and conditions that apply to Company pursuant to these Business Associate Agreement terms with respect to such PHI.

Company will mitigate, to the extent practicable, any harmful effect that is known to Company of a use or disclosure of PHI by Company in violation of the requirements of these Business Associate Agreement terms or the HIPAA Standards.

Upon request of Licensee, and to the extent Company retains information in a Designated Record Set, Company will provide access to PHI in a Designated Record Set as defined in 45 C.F.R. § 164.501 to an Individual in order for Licensee to comply with the requirements under 45 C.F.R. § 164.524. Company will make available PHI for amendment and incorporate any amendments to PHI in a Designated Record Set in order for Licensee to comply with 45 C.F.R. § 164.526. If Company receives a direct request from an Individual for access or amendment to PHI, it will forward the request to Licensee to fulfill. If the PHI that is the subject of a request for access is maintained in one or more Designated Record Sets electronically and if the Individual requests an electronic copy of such information, Company shall provide access to the PHI in the electronic form and format requested, if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed to by Licensee and the Individual. If Company provides copies or summaries of PHI to an Individual it may impose a reasonable, cost-based fee in accordance with 45 C.F.R. § 164.524(c)(4).

Company agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI created or received by Company on behalf of Licensee available to the Secretary of the Department of Health and Human Services, for purposes of determining Licensee's compliance with the Privacy Standards.

Company will document those disclosures of PHI, and information related to such disclosures, as required to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and the HITECH Act. Company agrees to provide Licensee such information upon request to permit Licensee to respond to a request by an Individual for an accounting of disclosures of PHI, in accordance with 45 C.F.R. § 164.528, or, if required by the HITECH Act, to provide an Individual an accounting of disclosures of PHI upon request made by the Individual directly to Company.

Company acknowledges that it will limit the use, disclosure or request of PHI to perform or fulfill a specific function required or permitted hereunder to the Minimum Necessary, as defined by HIPAA Standards and relevant guidance, to accomplish the intended purpose of such use, disclosure or request.

If Company agrees to conduct any Standard Transactions on behalf of Licensee, Company will comply with the applicable requirements of 45 C.F.R. Part 162.

If Company agrees to carry out an obligation of Licensee under 45 C.F.R. Part 164, Subpart E, Company will comply with the requirements of 45 C.F.R. Part 164, Subpart E that apply to Licensee in the performance of such obligations.

Except as otherwise permitted by law, Company will not directly or indirectly receive remuneration in exchange for a disclosure of PHI without the Individual's authorization.

Permitted Uses and Disclosures of PHI by Company

Company may use or disclose PHI to perform functions and activities for, or on behalf of, Licensee pursuant to this Agreement, provided that such use or disclosure would not violate the Privacy Standards if done by Licensee.

Company may use PHI for the proper management and administration of Company or to carry out the legal responsibilities of Company. Management and administration includes but is not limited to the use of PHI for data analytics as it relates to quality assurance, utilization review, compliance, fraud prevention, auditing, cost-management and planning-related analyses, and product improvement and development insofar as permitted by law.

Company may disclose PHI for the proper management and administration of Company or to carry out the legal responsibilities of Company, provided that (i) disclosures are Required by Law, or (ii) Company obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Company of any instances of which it is aware in which the confidentiality of the information has been breached.

Company may use PHI to provide Data Aggregation to Licensee as permitted by 42 C.F.R. §164.504(e)(2)(i)(B).

Further, Company may de-identify any and all PHI in accordance with 45 C.F.R. § 164.514(b). Licensee acknowledges and agrees that de-identified information is not PHI and Company and its affiliates may use such de-identified data in any manner determined by Company.

Obligations and Activities of Licensee

Licensee shall notify Company of: (a) any limitations(s) in its notice of privacy practices in accordance with 45 CFR § 164.520 to the extent that such changes may affect Company’s use or disclosure of Protected Health Information; (b) any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, to the extent that such changes may affect Company’s use or disclosure of Protected Health Information; and (c) any restriction to the use or disclosure of Protected Health Information that Licensee has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Company’s use or disclosure of Protected Health Information.

Term and Termination of Business Associate Agreement Terms

Term. These Business Associate Agreement terms will terminate when all of the PHI provided by Licensee to Company, or created or received by Company on behalf of Licensee, is destroyed or returned to Licensee.

Termination for Cause

Without limiting the termination rights of the parties pursuant to this Agreement, upon Licensee's knowledge of a material breach of these Business Associate Agreement terms by Company, Licensee may either: (1) provide an opportunity for Company to cure the breach or end the violation and, if Company does not cure the breach or end the violation within thirty days of receipt of Licensee's notice of the breach, terminate these Business Associate Agreement terms; (2) immediately terminate these Business Associate Agreement terms if cure is not possible; or (3) if neither termination nor cure is feasible, Licensee will report the violation to the Secretary of the Department of Health and Human Services.

Effect of Termination

Upon termination of these Business Associate Agreement terms, Company will return or destroy all PHI received or created by Company on behalf of Licensee. In the event that Company determines that returning or destroying the PHI is infeasible, Company will notify Licensee and will extend the protections of these Business Associate Agreement terms to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Company maintains such PHI. This provision will apply to PHI that is in the possession of subcontractors or agents of Company.

Limitation of Liability Under Business Associate Agreement Terms

WITH REGARD TO ANY LIABILITY ARISING DIRECTLY OR INDIRECTLY UNDER THESE BUSINESS ASSOCIATE AGREEMENT TERMS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND OR NATURE, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.

If you have any questions regarding this Agreement, please call NantHealth Support at 1-888-482-8057.