OSMIND TERMS OF SERVICE

PLEASE READ THIS TERMS OF SERVICES (THE “TERMS”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY OSMIND INC. (“OSMIND”).  BY MUTUALLY EXECUTING ONE OR MORE ORDER FORMS WITH OSMIND WHICH REFERENCE THESE TERMS (EACH, AN “ORDER FORM”), YOU (“PROVIDER”) AGREE TO BE BOUND BY THESE TERMS (TOGETHER WITH ALL ORDER FORMS, COLLECTIVELY THE “AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS.  IN ADDITION, ANY ONLINE ORDER FORM WHICH YOU SUBMIT VIA OSMIND’S STANDARD ONLINE PROCESS AND WHICH IS ACCEPTED BY OSMIND SHALL BE DEEMED TO BE MUTUALLY EXECUTED.  IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS. OSMIND AND PROVIDER MAY BE REFERRED TO HEREIN AS EITHER A “PARTY” OR COLLECTIVELY AS THE “PARTIES”.

1. Definitions

The following terms used in this Agreement are defined as follows:

“Applicable Law” means all federal, state, and local laws, ordinances, rules, and regulations that apply to Osmind’s Services or this Agreement regardless of jurisdiction, including the HIPAA Rules.

"Cardholder Data" refers to the unique identifier assigned by the card issuer that identifies the cardholder's account or other cardholder personal information.

 “De-Identified Data” means data or information that does not identify an individual and with respect to which there is no reasonable basis to believe that the data or information can be used to re-identify or otherwise be used to identify an individual. De-identification of personally identifiable health information must be performed via the methods set forth under the HIPAA Rules.

“Documentation” means any proprietary documentation made available to Provider by Osmind for use with the Services, including any documentation available online or otherwise, as amended or updated by Osmind from time to time in its own and sole discretion.

“Fees” means the fees for the Services provided in each applicable Order Form.

“HIPAA Rules” means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended, and its’ related regulations (“HIPAA”), The Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Parts 160 and 164, as amended, and their related regulations, and the Health Information and Technology for Economic and Clinical Health Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, Public Law  No. 111-005, as amended, and its’ related regulations (“HITECH”).

“Patient” means an end user who wishes to communicate with a Provider over the Services.

“Patient Account” means the account that a Patient creates to use the Services (which is separate and distinct from a Provider’s account).

“Services” means the products, services and software specified in each Order Form;

“Usage Data” means statistics and data relating to a Provider’s or User’s activity, including the browsing or accessing of the Services, or the uploading and use of any other information collected from or about or otherwise regarding a User, whether in individual or aggregate form.

“Users” means employees or agents of Provider who are authorized by Provider to use the Services.

2. Order Forms

Upon mutual execution, each Order Form shall be incorporated into and form a part of this Agreement.

3. Provider License and Access to the Services

Subject to Provider’s payment of the applicable Fees on an Order Form and compliance with: 1) the terms and conditions set forth herein, 2) any limitations and restrictions set forth on an Order Form, and 3) Applicable Law,  Osmind hereby grants to Provider during the relevant Order Form Term, a limited, non-exclusive, revocable, non-sublicensable,  non-transferable  right and license to access and use the Services for the internal business purposes of Provider and in connection with Provider’s treatment of his or her Patients or research interests, but in no event for the benefit of any other person or entity. Osmind may terminate any or all of the rights granted to Provider under this Section 3 at any time if Osmind believes that Provider has or is violating any terms or conditions of this Agreement.

Provider acknowledges that the Services include software applications and platforms (“Applications”), and related services for electronic prescribing, medication management, secure texting (“Integrated Offering”) provided by DrFirst.com, Inc. (“DrFirst”).  In that connection, Provider agrees as follows:

For electronic prescribing, Provider shall properly register with DrFirst and agree to DrFirst’s Terms of Use. Provider must be approved by DrFirst to activate an appropriate account, when applicable.

Provider shall have no right to sublicense the Integrated Offering, including the Applications as integrated therein, to any third party.

Provider agrees that the Applications are solely to be accessed from and within the United States of America.

Provider shall not use the Application for any purposes other than the provision of the Integrated Offering, except with the prior written consent of DrFirst.  

Provider will not: (i) copy or duplicate the Application; (ii) decompile, disassemble, reverse engineer or otherwise attempt to obtain or decipher the source code from which any component of the Application is compiled or interpreted, and Provider acknowledges that nothing in this Agreement will be construed to grant Provider any right to obtain or use such source code; (iii) modify the Application, the Application Documentation, or the DrFirst Brand or create any derivative product from any of the foregoing, except with the prior written consent of DrFirst; (iv) act as a service bureau of the Application or otherwise run the Application for any-third party; (v) use the Application for performing comparisons or other benchmarking activities, either alone or in connection with any other product or service; (vi) except as expressly permitted in this Agreement, assign, sublicense, sell, resell, lease, rent or otherwise transfer or convey, or pledge as security or otherwise encumber, Provider’s rights under the licenses granted in this Agreement.  

Provider acknowledges and agrees that any act or omission by Provider in connection with use of, or access to, the Application, which act or omission would constitute a breach of this Agreement shall be considered a material breach of this Agreement by Provider, and that DrFirst or its third-party vendors may terminate or temporarily disable access for Provider.

DrFirst is an intended third party beneficiary with respect to the provisions of this Agreement related to the Applications and the Integrated Offering, with rights to enforce those provisions of this Agreement if necessary.

Provider shall, upon written request, provide Osmind with an accurate current count of the number of Users with access to the Services.  Log-ins by multiple users under the same or a single user name is prohibited.  Provider shall not make the Services available to anyone other than Users and shall be responsible and liable for any use of the Services not authorized under this Agreement.  Provider agrees that any usage by such Users is in accordance with the terms and conditions of this Agreement and that Provider is responsible for ensuring that any usage by such Users is in accordance with the terms and conditions of this Agreement.

4. Patient Access to the Services

Patients create a separate Patient Account by agreeing to Osmind’s Patient Terms of Use during the sign-up process. Providers and Patients are then able to communicate across Osmind’s Services. Providers and Patients may have a provider-patient relationship, which is between Provider and Patient. However, Osmind is not a healthcare provider, and use of Osmind’s Services does not establish a healthcare or provider-patient relationship between Osmind and a Patient.

To the extent Cardholder Data is processed, stored or transmitted by external parties, Provider ensures that commercially reasonable efforts shall be taken to comply with the Payment Card Industry Data Security Standard ("PCI DSS") requirements for Cardholder Data that are prescribed in the PCI Data Security Standard or otherwise issued by the PCI Security Standards Council, as they may be amended (collectively, the "PCI-DSS Requirements").

5. Implementation

Upon payment of the applicable fees set forth in each Order Form, Osmind agrees to use commercially reasonable efforts to provide standard implementation assistance for the Service, only if, and to the extent such assistance is set forth on such Order Form (“Implementation Assistance”).  If Osmind provides Implementation Assistance in excess of any agreed-upon hours estimated on an Order Form, or if Osmind otherwise provides additional services beyond those agreed to in an Order Form, Provider will pay Osmind’s then-current hourly rates for the excess time for Implementation Assistance or additional consultation services agreed to in the Order Form.

6. Support

Osmind will provide support and uptime for the Services in accordance with the support package selected by Provider on the applicable Order Form (if any).

7. Service Updates

From time to time, Osmind may provide upgrades, patches, enhancements, or fixes for the Services to its customers, generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Osmind shall have no obligation under this Agreement, or otherwise, to provide any such Updates. Provider understands that Osmind may cease supporting old versions or releases of the Services at any time and in its sole discretion. However, if Osmind chooses to cease supporting old versions or releases of the Services, Osmind will use commercially reasonable efforts to notify Provider of any such changes at least thirty (30) days prior to ceasing such support.

8. Ownership and Intellectual Property; Feedback

Ownership and Intellectual Property: As between the Parties, Osmind retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Osmind for the purposes of this Agreement, including any copies and derivative works of the foregoing.  Any software which is distributed or otherwise provided to Provider hereunder (including without limitation any software identified on an Order Form) shall be deemed a part of the “Services” and subject to all the terms and conditions of this Agreement.  No rights or licenses are granted except as expressly and unambiguously set forth in this Agreement.  

Nothing in this Agreement will impair Osmind’s right to develop, acquire, license, market, promote or distribute products, software or technologies that perform the same or similar functions as, or otherwise compete with any products, software or technologies that Provider may develop, produce, market, or distribute.

Feedback: Provider may from time to time provide suggestions, comments, testimonials, or other feedback to Osmind with respect to the Services (“Feedback”).  Provider hereby grants to Osmind a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid-up license to use and exploit the Feedback for any purpose.  

9. Fees; Payment

Provider shall pay Osmind fees for the Services as set forth in each Order Form (“Fees”).  Unless otherwise specified in an Order Form, all Fees shall be invoiced monthly in advance and all invoices issued under this Agreement are payable in U.S. dollars within thirty (30) days from the date of invoice. Past due invoices are subject to interest on any outstanding balance of the lesser of 1.5% per month or the maximum amount permitted by law.  Provider shall be responsible for all taxes associated with the Services (excluding taxes based on Osmind’s net income).  All Fees paid are non-refundable and are not subject to set-off. Osmind reserves the right to change the Fees or applicable charges and to institute new charges and Fees at any time, upon thirty (30) days prior notice to Provider (which may be sent by email). If Provider believes that Osmind has billed Provider incorrectly, Provider must contact Osmind no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit.  Inquiries should be directed to Osmind’s billing department at: support@osmind.org.

10 Restrictions

Except as expressly set forth in this Agreement, Provider shall not (and shall not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Services (except to the extent applicable laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Services; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the Services; (iv) use the Services for the benefit of a third party (other than Provider or Users); (v) remove or otherwise alter any copyright or proprietary notices or labels from the Services or any portion thereof; (vi) use the Services to build an application or product that is competitive with any Osmind products or services; (vii) use the Services for any purpose other than its intended purpose; (viii) interfere or attempt to interfere with the proper working of the Services or any activities conducted on the Services; (ix) bypass any measures Osmind may use to prevent or restrict access to the Services (or other accounts, computer systems or networks connected to the Services); (x) “crawl,” “scrape,” or “spider” any page, data, or portion of or relating to the Services (or any information, data or content made available through the Services), whether through use of manual or automated means; (xi) publish or disclose to third parties any evaluation of the Services without Osmind's prior written consent; (xii) use the Services for any commercial purpose, or for any public display or distribution (commercial or non-commercial) without prior written permission from Osmind; (xiii) introduce viruses, worms, Trojan horses and/or harmful code to the Services; or (xiv) use the Services in a manner that violates Applicable Law. Provider is responsible for all of Provider’s activity and its Users in connection with the Services, including but not limited to uploading Provider Data (as defined below) onto the Services.  Provider (i) shall use the Services in compliance with all applicable local, state, national and foreign laws, treaties, and regulations in connection with Provider’s use of the Services (including those related to data privacy, international communications, export laws and the transmission of technical or personal data protection laws), and (ii) shall not use the Services in a manner that violates any third-party intellectual property, contractual or other proprietary rights. The license granted under Section 3 shall automatically terminate if Provider or its Users violate any of these restrictions.

Osmind does not offer medical advice or diagnoses, or engage in the practice of medicine. The Services are not intended to be a substitute for professional medical advice, diagnosis, or treatment and are offered for informational and communicative purposes only. The Services are not intended to be, and must not be taken to be, the practice of medicine, nursing, pharmacy or other healthcare advice by Osmind. The Services should never be used as a substitute for medical care.

The Services are not meant to diagnose or treat any conditions or substitute for a medical professional. Reliance on any information provided by Osmind or in connection with the Services is solely at Provider’s own risk. Provider is solely responsible for any decisions or actions that it takes based on the information and materials available through the Services.

The Services are not medical devices and are not intended to be used as medical devices. Furthermore, the Services and the Products are neither regulated nor approved by the U.S. Food and Drug Administration, and are not designed to detect or prevent causes of any medical condition. The Services and Content are not a substitute for medical care or adult supervision.

11. Confidential Information

“Confidential Information” means any and all non-public technical and non-technical information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in any form or medium, whether oral, written, graphical or electronic, pursuant to this Services Agreement, that is marked confidential and proprietary, or that the Disclosing Party identifies as confidential and proprietary, or that by the nature of the circumstances surrounding the disclosure or receipt ought to be treated as confidential and proprietary information, including but not limited to: (i) techniques, sketches, drawings, models, inventions (whether or not patented or patentable), know-how, processes, apparatus, formulae, equipment, algorithms, software programs, software source documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (ii) information concerning research, data, Patient Data, experimental work, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising and marketing plans and information; (iii) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business, including Patients who disclose Patient Data; and (iv) the terms of this Agreement and any Order Forms. Confidential Information of Osmind shall include its products and Services, the Applications and the Integrated Offering. Confidential Information also includes all summaries and abstracts of Confidential Information.

Confidential Information does not include information that:

        i. Is in the public domain at the time of disclosure, or thereafter becomes part of the          public domain other than by a breach of this Agreement by the Receiving Party;

        ii. Was within the Receiving Party’s possession, as shown by written records, prior to it being furnished by or on behalf of Disclosing Party;

        iii. Becomes available to the Receiving Party on a non-confidential basis from a source other than the Disclosing Party, provided that the source had the legal right to disclose such information; or

        iv. Is independently developed by or on behalf of the Receiving Party without the knowledge, aid, application or use of the Confidential Information of the Disclosing Party and such independent development can be properly demonstrated by the Receiving Party.

Each Party agrees to use the other Party’s Confidential Information only as necessary to perform their obligations under this Agreement and to maintain the confidentiality of the other party’s Confidential Information using at least the same degree of care in safeguarding the other’s Confidential Information as it uses in safeguarding its own Confidential Information, subject to a minimum standard of reasonable diligence and protection to prevent any unauthorized copying, use, distribution, installation or transfer of possession of such information. Confidential Information will be disseminated only to those employees, officers, contractors and directors who have a need to know such information for the purpose of the business relationship and who are informed of and bound by the obligations of this section.

Notwithstanding the foregoing restrictions on disclosure of Confidential Information, the Receiving Party may disclose Confidential Information: (i) in response to a valid order of a court or any governmental agency or regulatory body, or (ii) as otherwise required by law; provided that, unless otherwise barred by legal or regulatory order, the Receiving Party promptly notifies the Disclosing Party of such pending order or requirement and lends the Disclosing Party all reasonable assistance, so that the Disclosing Party may seek a protective order or other appropriate remedy; and provided further that in the event that no such protective order or other remedy is obtained, the Receiving Party will furnish only that portion of the Confidential Information which it is legally required to furnish in order to comply.

12. Provider Data and Data Use Rights

Provider Data: “Provider Data” means any data, information or other material provided, uploaded, or submitted by Provider to the Services while using the Services.  Provider Data may include Protected Health Information. Provider Data may also include data, information, or material shared by Patients to Provider or to Osmind over the Services. Provider shall retain all right, title and interest in and to the Provider Data, and Patients shall retain all right, title and interest in and to their data shared over the Services.  

Provider, not Osmind, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and ownership or right to the use of all Provider Data. Provider and its Users shall be responsible for obtaining any consents, authorizations, and other rights necessary to transfer, collect, submit, use, and process Provider Data in connection with the Services. Provider represents and warrants that it will ensure that its collection, provision, and use of information via the Services complies with all Applicable Laws and this Agreement and will not violate the rights of any third party when used in accordance with this Agreement.

Osmind’s obligations regarding the privacy, security and integrity of the Services and the Provider Data are set forth in the Business Associate Agreement executed by the Parties.  Osmind is not responsible to Provider or Provider’s patients for unauthorized access to, or unauthorized disclosure of, Provider Data or the unauthorized use of the Services unless such access is due to Osmind’s own gross negligence or willful misconduct.  Provider is responsible for the use of the Services by any person or User to whom Provider has given access to the Services, even if Provider did not authorize such use.

Usage Data: Notwithstanding anything else in this Agreement or otherwise, Osmind may create, disclose, monitor, store or use Usage Data for any purpose, and Osmind retains all Intellectual Property Rights in such Usage Data.

Licenses to Use Provider Data: Provider hereby grants to Osmind a worldwide, non-exclusive, fully paid up, royalty-free license to reproduce, distribute, display and/or create derivative works of Provider Data for the following purposes: (i) to perform and provide the Services; (ii) to analyze, maintain, develop and improve Osmind’s products, software and Services, and/or to develop new Osmind products, software or services; (iii) to compile and use Usage Data as provided above; and (iv) for research purposes. Notwithstanding the foregoing, Provider hereby also grants to Osmind a worldwide, non-exclusive, fully paid up, royalty-free, perpetual, non-revocable license to de-identify Provider Data and to use De-identified Provider Data, including any Usage Data, for any purpose.

Data Retention: Within ninety (90) days after the termination or expiration of this Agreement, Osmind will delete or destroy all Provider Data. However, Osmind may store or maintain Provider Data if required by Applicable Law, or the internal policies of Osmind to maintain business records, for disaster recovery and business continuity purposes, or as otherwise permitted pursuant to this Agreement. Notwithstanding anything contained herein, for avoidance of doubt, Osmind may de-identify or anonymize the Provider Data and use such for any legal and valid purpose at any time, including after the termination or expiration of this Agreement pursuant to the license provided by Provider to Osmind hereinabove.

13. Term; Termination

This Agreement shall commence upon the Effective Date set forth in the first Order Form, and, shall continue until terminated in accordance herewith.  

Termination for Convenience: Either Party shall be entitled to terminate this Agreement for convenience upon prior written notice of no less than thirty (30) days.

Termination for Breach: In the event of a material breach of this Agreement by either Party, the non-breaching party may terminate this Agreement by providing written notice to the breaching party, unless the breaching party is able to cure such breach within thirty (30) days of receipt of such notice.  

Suspension: Without limiting the foregoing, Osmind may suspend or limit Provider’s access to or use of the Services if: (i) Provider’s account is more than sixty (60) days past due, or (ii) Provider’s use of the Services results in (or is reasonably likely to result in) damage to or material degradation of the Services which interferes with Osmind’s ability to provide access to the Services to other customers; provided that in the case of subsection (ii) Osmind shall reinstate Provider’s use of or access to the Services, as applicable, if Provider remediates the issue within ten (10) days of receipt of notice from Osmind describing the nature of the damage or degradation.  

Termination of this Agreement or any license to the Services shall not limit either party from pursuing other remedies available to it, including but not limited to injunctive relief, nor shall such termination relieve Provider of its obligation to pay all fees that have accrued or are otherwise owed by Provider. All provisions of this Agreement which by their nature shall survive termination, including, without limitation, accrued payment obligations, ownership provisions, data use provisions,  warranties, disclaimers, indemnity and limitations of liability.

In the event that this Agreement terminates in the middle of a monthly billing cycle, then Provider shall be responsible for the fees solely for the portion of the monthly billing cycle through the termination date.

Upon expiration or termination of this Agreement, Provider and its Affiliates shall (i) cease using the Service and related Confidential Information of Osmind, and (ii) certify to Osmind within thirty (30) days after termination that Provider has destroyed, or has returned to Osmind, the Confidential Information of Osmind, and all copies thereof, whether or not modified or merged into other materials.  Any use of the Service after expiration or termination is a violation of this Agreement, and also constitutes an unlawful violation of Osmind’s copyright in the Service under applicable law and international treaties.

14. Indemnification

Osmind Indemnity: Osmind shall, subject to the terms and conditions set forth in this Agreement, (i) defend Provider from and against any and all third party claims, actions, suits, demands, or proceeding brought against Provider (a “Claim”) to the extent the Claim alleges that Provider’s use of the Services in accordance with the terms of this Agreement (and Order Forms) infringes any United States copyright or United States patent issued as of the Effective Date, and (ii) indemnify and hold harmless Provider against any damages awarded to the third party bringing the Claim or any settlement amount approved by Osmind in writing and paid to the third party bringing the Claim in order to settle the Claim. Osmind’s obligations under this Section are conditioned upon (i) Osmind being promptly notified in writing of such Claim, (ii) Osmind having the exclusive right to control the defense and/or settlement of the Claim, and (iii) Provider providing all reasonable assistance (at Osmind’s request and expense) in the defense of the Claim. In no event shall Provider settle any Claim without Osmind’s prior written approval. Provider may, at its own expense, engage separate counsel to advise Provider regarding a Claim and to participate in the defense of the Claim, subject to Osmind’s right to control the defense and settlement.

Mitigation. In the event of any such third-party Claim or threat thereof, Osmind, at its sole option and expense, may (i) procure for Provider the right to continue to use the allegedly infringing Services, or (ii) replace or modify the Services with functionally equivalent software and/or Services. If, in Osmind’s opinion, neither subpart (i) nor (ii) of this paragraph is commercially reasonable or practical, Osmind may terminate this Agreement with respect to the allegedly infringing Services upon thirty (30) days written notice to Provider. In the event of such termination, Osmind shall refund to Provider any portion of Fees paid to Osmind by Provider for use of the allegedly infringing Services following the date of such termination.

Exclusions. Notwithstanding anything to the contrary in this Agreement, Osmind shall have no obligations to Provider pursuant to this Section 14 (Osmind Indemnity) with respect to any infringement or alleged infringement resulting or arising from: (i) any modifications to the Services made by any person or entity other than Osmind that is not previously approved by Osmind; (ii) any use of the Services by Provider beyond the scope of the express rights and licenses granted in this Agreement; (iii) any use of the Services in combination with another service, software, hardware or data; (iv) Osmind’s compliance with Provider’s request for changes to the Services; or (v) Provider’s breach of Applicable Law or this Agreement.

THE FOREGOING STATES OSMIND’S ENTIRE LIABILITY WITH RESPECT TO THE INFRINGEMENT OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS BY THE SERVICES OR OTHERWISE, AND PROVIDER HEREBY EXPRESSLY WAIVES ANY OTHER LIABILITIES OR OBLIGATIONS OF OSMIND WITH RESPECT THERETO.

Provider’s Indemnity: Provider shall indemnify and hold harmless, and at Osmind’s request defend, Osmind and its Affiliates, licensors, successors and assigns (and its and their officers, directors, employees, contractors, representatives and agents) from and against any and all claims, suits, demands, losses, liabilities, damages, settlements, expenses and costs (including, without limitation, attorneys’ fees and court costs) which arise out of or relate to any third-party claim or threat thereof that is due to: (i) the Provider Data or Provider’s use of the Services infringes, misappropriates or violates any third-party’s Intellectual Property Rights or violates any Applicable Law,  including with respect to the use and disclosure of Protected Health Information; (ii) Provider’s breach or alleged breach of this Agreement; or (iii) Provider’s negligence, willful misconduct or fraud. Osmind shall notify Provider promptly of any claim or liability for which indemnification is sought, provided, however, that the failure to give such notice shall not relieve Provider of its obligations hereunder except to the extent that Provider was actually and materially prejudiced by such failure. Provider may not settle any claim for which indemnification is sought under this Section 14 without the prior written approval of Osmind, which approval shall not be unreasonably withheld or delayed.

15. Disclaimer

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED.

16. Limitation of Liability

EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THIS SERVICES AGREEMENT (I) FOR ANY LOST REVENUE, LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), (III) FOR ANY DIRECT OR INDIRECT DAMAGES RESULTING FROM CLAIMS OF NON-COMPLIANCE WITH ACCESSIBILITY LAWS INCLUDING, BUT NOT LIMITED TO, THE AMERICANS WITH DISABILITIES ACT, OR (IV) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY PROVIDER TO OSMIND HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.

THE FOREGOING LIMITATIONS SHALL NOT APPLY TO ANY CLAIMS THAT ARISE DUE TO PROVIDER’S: (I) BREACH OF THIS AGREEMENT, OR (II) PROVIDER’S NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUD.

17. Third-Party Materials

Provider acknowledges and agrees that: (i) the Services may incorporate certain information, data and materials received from Osmind’s third party licensors and data vendors (“Third Party Materials”); (ii) Third Party Materials may only be used in conjunction with the Services; and (iii) Provider’s use of the Third Party Materials shall be subject to (and Provider agrees it is bound by) any additional terms and conditions applicable to use of such Third-Party Materials, as they may be provided and/or modified from time to time by Osmind and/or its third-party licensors and data vendors. Osmind cannot and does not guarantee that the Services will incorporate (or continue to incorporate) any particular Third-Party Materials.

18. Publicity

Provider hereby grants to Osmind the rights to use Provider’s name, logos or trademarks in promotional and marketing materials, or in any other publicity made by Osmind that relates to Osmind’s products, services or software.

19. Miscellaneous

This Agreement represents the entire agreement between Provider and Osmind with respect to the subject matter hereof, and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between Provider and Osmind with respect thereto. This Agreement shall be governed by and construed in accordance with the laws of the State of California, excluding its conflicts of law provisions, and the Parties consent to exclusive jurisdiction and venue in the state and federal courts located in San Francisco, California. All notices under this Agreement shall be in writing and shall be deemed to have been duly given when received, if personally delivered or sent by certified or registered mail, return receipt requested; two days after receipt, if transmitted by facsimile or e-mail; or the day after it is sent, if sent for next day delivery by recognized overnight delivery service.  Notices must be sent to the contacts for each Party set forth on the Order Form.  Either Party may update its address set forth above by giving notice in accordance with this section. Except as otherwise provided herein, this Agreement may be amended only by a writing executed by both Parties.  Notwithstanding the foregoing, Osmind may modify the terms of this Agreement at any time, if in its reasonable discretion, such modification is necessary to comply with applicable law. If it does so, Osmind will notify Provider.  Except for payment obligations, neither Party shall be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God, including pandemics, and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes lock-outs or labor disruptions; any laws, orders, rules, regulations, acts or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. Neither Party may assign any of its rights or obligations hereunder without the other Party’s consent; provided that either Party may assign all of its rights and obligations hereunder without such consent to a successor-in-interest in connection with a sale of all or substantially all of such Party’s business relating to this Agreement. Osmind may utilize subcontractors in the performance of its obligations hereunder.  No agency, partnership, joint venture, or employment relationship is created because of this Agreement and neither Party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing Party shall be entitled to recover costs and attorneys’ fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable.   Except as set forth in Section 3, this Agreement benefits solely the Parties and their respective permitted successors and assigns.  The failure of either Party to act with respect to a breach of this Agreement by the other Party shall not constitute a waiver and shall not limit such Party’s rights with respect to such breach or any subsequent breaches.

OSMIND BUSINESS ASSOCIATE AGREEMENT

THIS BUSINESS ASSOCIATE AGREEMENT (“BAA”) is entered into on _________, 2023 (“Effective Date”) by and between ______________    (“Customer”) who may be a “Covered Entity” and OSMIND INC. (“Business Associate”). Customer and Business Associate are sometimes referred to in this BAA individually as a “Party” and collectively as the “Parties”.  

RECITALS

        WHEREAS, The Parties have executed one or more Order Forms subject to the Osmind Terms of Service (collectively, “Agreement”) under which Business Associate will create, receive, maintain, store, use and/or disclose individually identifiable health information from or on behalf of Customer in its performance of the services for Customer;

        WHEREAS, the Parties intend to protect the privacy and provide for the security of PHI in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended, and its’ related regulations (“HIPAA”), The Privacy, Security, Breach Notification, and Enforcement Rules  at 45 C.F.R. Parts 160 and 164, as amended, and related regulations (the “HIPAA Rules”), and the Health Information and Technology for Economic and Clinical Health Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, Public Law  No. 111-005, as amended, and its’ related regulations (“HITECH”), collectively referred to in this BAA as the “HIPAA Regulations”;

        WHEREAS, this BAA applies to the extent that Customer is a Covered Entity under HIPAA and Osmind is a Business Associate of Customer, with regard to such protected health information that Osmind receives in its capacity as a Business Associate of Customer;

        NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties, intending to be legally bound, agree as follows:

ARTICLE I. DEFINITIONS

Capitalized terms used, but not otherwise defined in this BAA, shall have the same meaning given to those terms by the HIPAA Regulations. For the purposes of this BAA, the following terms are defined as follows:

“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity.

“Services” means the services for or functions on behalf of Covered Entity performed by Business Associate pursuant to the Services Agreement.

        “Services Agreement” means the Services Agreement dated [                ], including any amendments made thereto, as well as any future agreements, either written or oral, between Covered Entity and Business Associate under which Business Associate will create, receive, maintain, store, use, and/or disclose PHI from or on behalf of Covered Entity in its performance of the services for Covered Entity.

ARTICLE II. BUSINESS ASSOCIATE’S OBLIGATIONS

        2.1 Use and Disclosure. Business Associate shall only Use or Disclose PHI created, received, maintained, or transmitted for or on behalf of Covered Entity to perform the Services authorized by the Services Agreement, as permitted by this BAA, or as Required by Law. Business Associate is also permitted to: (i) Use and Disclose PHI for the proper management and administration of Business Associate, or (ii) to carry out the legal responsibilities of Business Associate, provided that with respect to any such Disclosure either: (a) the Disclosure is Required by Law; or (b) Business Associate obtains an agreement from the person or entity to whom the PHI is to be Disclosed that such person or entity will hold the PHI in confidence and will not Use or further Disclose such PHI except as Required by Law and for the purpose(s) for which it was Disclosed by Business Associate to such person or entity, and that such person or entity will notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been Breached. Covered Entity acknowledges and agrees that proper management and administration of Business Associate includes, without limitation, modifications or upgrades to its software or services, and development of new features or functionality thereof, or new related products or services. Notwithstanding the foregoing, Business Associate shall not Use or Disclose PHI in any manner that would constitute a violation of the HIPAA Regulations if so Used or Disclosed by Covered Entity.

        2.2 Appropriate Safeguards. Business Associate shall use appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity and availability of Electronic PHI created, received, maintained, or transmitted by Business Associate for or on behalf of Covered Entity pursuant to the HIPAA Regulations and to prevent the Use or Disclosure of PHI other than as permitted by this BAA.

        2.3 Mitigation. Business Associate shall mitigate any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of the requirements of this BAA.

        2.4 Reporting Security Incidents and Non-Permitted Uses or Disclosures. Business Associate shall notify Covered Entity of any Use or Disclosure by Business Associate or its Subcontractors that is not permitted by this BAA and each Security Incident, including Breaches of Unsecured PHI, within ten (10) business days of discovery. Notwithstanding the foregoing, the Parties acknowledge the ongoing existence and occurrence of attempted but ineffective Security Incidents that are trivial in nature, such as pings and other broadcast service attacks, and the Parties agree that no additional notification to Covered Entity of such ineffective Security Incidents is required, if the ineffective Security Incidents do not result in the unauthorized access, Use or Disclosure of PHI. In the event of a Breach of unsecured PHI, Business Associate shall provide a written report to Covered Entity, without unreasonable delay, but no later than ten (10) business days after discovery of the Breach and will provide adequate support and assistance to Covered Entity to investigate the Breach and implement any required Breach response measures, including Notifications. Business Associate shall be deemed to have discovered a Breach as of the first day on which the Breach is, or should reasonably have been, known to: (i) Business Associate, or (ii) any employee, officer, or other agent of Business Associate other than the individual committing the Breach.  

        2.5 Data Aggregation. Business Associate may use PHI to provide Data Aggregation services to Covered Entity.

        2.6 Designated Record Sets. Business Associate shall make any amendment(s) to PHI in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. §164.524 at the request of Covered Entity or an Individual, and in the time and manner mutually agreed upon by Business Associate and Covered Entity. If an Individual makes a request for access to PHI directly to Business Associate, Business Associate shall notify Covered Entity of the request within ten (10) business days of such request. Covered Entity shall have the sole responsibility to make decisions regarding whether to approve a request for access to PHI.

        2.7 De-Identification. Business Associate may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. Business Associate may use or disclose de-identified health information for any purpose.

        2.8 Accounting. Business Associate agrees to document Disclosures of PHI and information related to such Disclosures as would be required for Covered Entity to respond to a request by an individual for an accounting of Disclosures of PHI in accordance with 45 C.F.R. § 164.528. Business Associate shall provide to Covered Entity or, at the request of Covered Entity, directly to an individual, no more than thirty (30) days after Business Associate’s receipt of a written request from Covered Entity, the information collected in accordance with this Section 2.8 of this BAA. Notwithstanding the foregoing, it is Covered Entity’s sole responsibility to ensure the proper accounting of Disclosures to Individuals.

        2.9 Minimum Necessary. Business Associate shall comply with the Minimum Necessary requirements under the HIPAA Regulations and shall implement policies and procedures to abide by the Minimum Necessary requirements in the performance of the Services under the Services Agreement.

        2.10 Subcontractors. Business Associate shall require each of its Subcontractors that creates, receives, maintains, or transmits PHI on behalf of Business Associate, to execute a written agreement that includes terms that are no less restrictive than the terms in this BAA that apply to Business Associate with respect to PHI.  

        2.11 Inspections. Business Associate shall make available to the Secretary all internal practices, books and records relating to the use and disclosure of PHI received from, or created by, Business Associate on behalf of Covered Entity, for purposes of determining Business Associate’s and Covered Entity’s compliance with the HIPAA Regulations.

ARTICLE III. COVERED ENTITY’S OBLIGATIONS

        3.1 Covered Entity shall not request Business Associate to Use or Disclose PHI in any manner that would not be permissible under the HIPAA Regulations, if done so by Covered Entity.

        3.2 Except as required under the HIPAA Regulations or other applicable law, Covered Entity shall not include any limitation in the Covered Entity’s notice of privacy practices that would limit Business Associate’s Use or Disclosure of PHI under this BAA or the Services Agreement.

        3.3 Covered Entity warrants that it has obtained and/or will obtain any consents, authorizations, or other legal permissions required under the HIPAA Regulations or other applicable law for the Disclosure of PHI to Business Associate. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual, including authorization to Use or Disclose his or her PHI, to the extent such changes may affect Business Associate’s Use or Disclosure of PHI.

        3.4 Covered Entity shall notify Business Associate of any restrictions to the Use or Disclosure of PHI to which Covered Entity has agreed to or is required to abide by under the HIPAA Regulations to the extent that such restriction may affect Business Associate’s Use or Disclosure of PHI.

ARTICLE IV.  TERM AND TERMINATION

        4.1 Term. The term of this BAA shall be effective as of the Effective Date and shall terminate on the early of: (i) the date the Services Agreement between the Parties terminates or expires; (ii) upon Termination for Breach as provided in Section 4.2 below, or (iii) as of the date that all of the PHI provided by Covered Entity to Business Associate, or created, or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. If the return or destruction of PHI is infeasible for any reason, Business Associate will comply with the terms in accordance with Section 4.3 below.

        4.2 Termination For Breach. Any other provision of this BAA notwithstanding, either Party (the “Non-Breaching Party”), upon knowledge of a material breach by the other Party (the “Breaching Party”), shall provide an opportunity for the Breaching Party to cure the breach or end the violation. If the Breaching Party does not cure the breach or end the violation within thirty (30) calendar days, the Non-Breaching Party may terminate this BAA.

        4.3 Disposition of PHI Upon Termination. Upon termination of this BAA, Business Associate shall either return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form and Business Associate shall retain no copies of such PHI. If return or destruction of any PHI is not feasible, Business Associate shall continue to extend the protections of this BAA to the PHI for as long as Business Associate retains the PHI and limit all further Uses and Disclosures of such PHI to those purposes that make the return or destruction of the PHI infeasible. Covered Entity hereby acknowledges and agrees that: (1) it is infeasible for Business Associate to delete PHI from its backup tapes or other backup systems, and (2) it is infeasible for Business Associate to delete all PHI during an ongoing investigation in connection with a Security Incident or Breach of Unsecured PHI, and that temporarily retaining certain PHI may be necessary for such investigation.

ARTICLE V.  MISCELLANEOUS PROVISIONS

        5.1 Regulatory References.  Any references made in this BAA to a section in the HIPAA Regulations or to a section of the Code of Federal Regulations means the section as in effect, or as amended, and for which compliance is required.  

        5.2 Amendment/Waiver.  Covered Entity and Business Associate agree to take any such action(s) necessary to amend this BAA, from time to time, if necessary for Covered Entity and Business Associate to comply with the requirements of the HIPAA Regulations.  This BAA and the Services Agreement contain the entire agreement between the Parties and supersedes all other understandings and agreements, oral or written, between the Parties regarding privacy and security of PHI and compliance with the HIPAA Regulations.  A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.

        5.3 Survival. To the extent Required by Law, the rights and obligations of Business Associate under this BAA shall survive the termination of this BAA.

        5.4 Interpretation.  Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Regulations.  When a section of this BAA calls for Business Associate to respond to a request from Covered Entity in conjunction with a regulation specifically cited in the section, Business Associate may rely on Covered Entity’s request as verification by Covered Entity that the request is made in compliance with the regulation.  Business Associate is not responsible for confirming that Covered Entity’s request is made in compliance with the specific regulation.  

        5.5 Governing Law.  This BAA shall be governed by the HIPAA Regulations, and where not covered by the HIPAA Regulations or other federal law, the laws of the state of California, excluding its choice of law provisions.

        5.6 Binding Nature/Invalidity.  This BAA shall be binding upon and inure to the benefit of the Parties hereto and their respective successors and permitted assigns.  If any provision of this BAA is held invalid or unenforceable, such invalidity or unenforceability shall not affect any other provision, and this BAA shall be construed and enforced as if such provision had not been included.

        5.7 No Third-Party Beneficiaries.  Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Business Associate, or Covered Entity and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.

        5.8 Injunctive Relief. Either Party shall be entitled to seek injunctive relief in a court of law with respect to any breach of the terms of this BAA.

        5.9 Notices.  Any notice to be given under this BAA to a Party shall be made via U.S. Mail, commercial courier, or hand delivery to such Party at its address set forth in the relevant Agreement, and/or via facsimile to the facsimile telephone number listed therein, or to such other address or facsimile number as shall hereafter be specified by notice from the Party in accordance with the terms of the Agreement.  Any such notice shall be deemed given when so delivered to or received at the proper address.

        5.10 Counterparts.  This BAA may be executed in any number of counterparts, each of which shall be deemed an original.

        5.11 BAA Part of Services Agreement.  This BAA is incorporated by reference and made a part of the Services Agreement.

This BAA is hereby executed by the Parties as of the Effective Date: