ENGAGEMENT LETTER – Dentist on Demand and Harvest Dental Care
Dentist on Demand is pleased to provide the professional services to Harvest Dental Care described herein. This letter is to confirm our understanding of the terms and objectives of our engagement and the nature and limitations of the service we will provide. This engagement between you and our firm will be governed by the terms of this letter.
Scope and Output of the Engagement
You have engaged us to maintain the scope of services for Harvest Dental Care detailed herein. You will review and approve all journal entries, transaction classifications, and account codes determined or changed by our firm. Without limiting the extent of the work we may provide for you, we will perform only the specified services at the specified intervals for this engagement.
Additional Services
Only the services which are listed in the attached schedules are included within the scope of our instructions. If there is additional work that you wish us to carry out which is not listed in the schedule, any additional work will be quoted to you before the commencement of said additional work. Once the scope of the additional work is agreed upon, we will issue an additional or updated letter of engagement via our online proposal system and will ask you to sign the new agreement before we commence the new work.
Period of Engagement
This engagement starts on 23 March, 2023 and is valid until it’s ended by mutual agreement or superseded by a newer engagement. We will not deal with earlier periods unless you specifically ask us to do so and we agree. You or we may agree to vary or terminate this agreement at any time without penalty. Notice of variation or termination must be given in writing.
We will use all reasonable efforts to complete the engagement as described in this letter within the agreed upon time frames. However, we shall not be liable for failures or delays in performance that arise from causes beyond our control, including the untimely performance by Harvest Dental Care of its obligations.
Billing
Services may be billed on a fixed rate or hourly billing rate, as indicated herein. Where we cannot provide a fixed rate quote, we will quote an hourly rate in cases of project work where it is difficult to define the scope of the service required. In the case where you have been quoted an estimate based on an hourly rate, Dentist on Demand will inform Harvest Dental Care of the amount of time used before we issue the final bill and collect payment. Our professional fees will be based on our regular billing rates, plus direct out-of-pocket expenses and applicable provincial sales tax, and are due when rendered. Fees for additional services will be established separately.
Invoicing and Payment
We will submit our bill monthly as services are performed, and it will be due and payable upon receipt. If an extension of our services is requested, we will discuss our fee arrangements at that time. Plan implementation as well as plan monitoring and updating, if needed, are separate engagements. If you choose one of these additional services, a separate engagement letter will be provided. These services will be billed separately.
We reserve the right to suspend our services or to withdraw from this engagement in the event that any of our invoices are deemed delinquent. In the event that any collection action is required to collect unpaid balances due to us, you agree to reimburse us for our costs of collection, including lawyers’ fees.
Termination
Dentist on Demand or Harvest Dental Care may terminate the relationship at any time upon reasonable notice (After year term has expired), except where prohibited by applicable laws or professional conduct rules. Dentist on Demand shall send Harvest Dental Care a final invoice for services rendered up to the date of termination. For fixed fee engagements that terminate prior to completion of the work identified herein, Dentist on Demand reserves the right to charge for any completed work at a fair and reasonable rate.
Confirmation of Terms
Please review and digitally sign this letter below to indicate that it is in accordance with your understanding of the arrangements. This letter will be effective for future years unless we advise you of any change.
Yours sincerely,
Dentist on Demand
Dentist on Demand Terms and Conditions / Privacy Policy: https://dentistondemand.com/wp-content/uploads/2020/09/Dentist-on-Demand-Terms-and-Conditions.pdf https://dentistondemand.com/wp-content/uploads/2020/09/Dentist-on-Demand-Privacy-Policy.pdf
Acknowledgment of Terms of Engagement
By signing below, I confirm I have the authority to contract on behalf of Harvest Dental Care. I hereby agree to the terms of engagement dated 23 March, 2023 of Dentist on Demand as set out above in this letter of engagement.
CareCru Terms and Conditions
This Terms of Service (“Agreement”) is entered into between (“Client”), a dental practice having a principal place of business at St Petersburg, FL and CareCru Incorporated, a Canadian corporation with a principal place of business at 900 West Hastings Street, Suite 310, Vancouver, BC V6C 1E5 (“CareCru”). Client and CareCru are collectively referred to as the “Parties” and each, individually, as a “Party.” CareCru develops dental practice software applications and platforms, which it makes available on a subscription basis for the purpose of assisting dental practices with management and growth. Client desires to use CareCru’s services in its business operations and CareCru has agreed to provide and the Client has agreed to pay for such services, subject to this Agreement.
1. DEFINITIONS
Certain capitalized terms used in this Agreement are defined as follows: a. “Applicable Laws” means all applicable local, provincial, state, national, and foreign laws, treaties, and regulations; b. “Call Recording” means CareCru’s service of recording calls between Client and Patients regarding the Services undertaken in connection with and as part of the Services; c. “CASL” means An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (Canada); d. “Confidential Information” means all information regarding a Party’s business including, without limitation, this Agreement (only with respect to Client as the recipient), and technical, marketing, financial, employee, planning and other confidential or proprietary information disclosed under this Agreement and that is clearly identified as confidential or proprietary at the time of disclosure or that the receiving Party knew or should have known, under the circumstances, was considered confidential or proprietary, including but not limited to Client Data, Patient Data and information derived from or concerning the Services, the System or the Documentation; e. “Custom Services” means any professional services provided by CareCru to Client as specifically identified and described in an Order Form; f. “Client Data” means any data, information or records, or information contained in any database, template, records or other similar document submitted by Client through the Services or provided by Client to CareCru as part of the Services, including without limitation Patient Data; g. “Documentation” means the designated final user manuals, handbooks, online materials, specifications or forms furnished by CareCru that describe the features, functionality or operation of the System; h. “Harmful Code” means viruses, worms, trap doors, back doors, timers, counters, Trojan horses, bugs, errors, or other programming routines or code that interrupt, destroy or limit the functionality of any computer software or hardware; i. “HIPAA” means Health Insurance Portability and Accountability Act of 1996 (United States) and the regulations promulgated thereunder, including but not limited to the Privacy Rule and Security Rule, as amended; j. “Implementation” means the process of implementing the Services with Client’s business and technology, as set forth in the Order Form; k. “Intellectual Property Rights” means all present and future worldwide copyrights, trademarks, trade secrets, know how, patents, patent applications, moral rights, and other proprietary rights; l. “Listing Service” means CareCru’s service of providing Client’s Business Information to search engines, indexes, websites and other publicly available systems and applications; m. Omnibus Rule” means the HIPAA Omnibus Rule of 2013; n. “Order Form” means, collectively, the order documents representing the initial subscription to the Services or Custom Services (and any subsequent modifications or additions to the subscription agreed to between the Parties in writing from time-to-time) that, upon acceptance and signature by the Parties, are incorporated in and made a part of this Agreement, on one or more occasions; o. “Patients” means any customer or potential customer of Client; p. “Patient Data” means any data, information, or records submitted by Client through the Services, provided by Client to CareCru, or collected by CareCru on behalf of the Client as part of the Services and relating to Patients; q. “Privacy Policy” means the CareCru Privacy Policy located at www.carecru.com/privacy, as amended on one or more occasions; r. “Services” means the on-line services delivered by CareCru to Client using the System, as made available by CareCru on one or more occasions, as specified in the Order Form; s. “System” means the technology, including hardware and software, used by CareCru to deliver the Services to Client in accordance with this Agreement and the Order Form; t. “TCPA” means the Telephone Consumer Protection Act of 1991 (United States); and u. “Users” means Client’s employees, directors and officers authorized to use the Services on behalf of Client and supplied user identifications, logins and passwords for this purpose from CareCru.
2. THE SERVICES
2.1 Subscription to the Services.
CareCru hereby grants Client a non-sublicensable, non-transferable, revocable, non-exclusive subscription to access and use the Services solely for Client’s internal business purposes for the Term, as set forth in this Agreement and the Order Form (“Subscription”). 2.2 Access. Certain Service features may require Client to provide CareCru with access to, or provide to CareCru, Client’s login and password information for accounts or services Client has with third party service providers. By providing such access or providing such login and password information to CareCru, Client represents and warrants that it has read all agreements with third-parties governing such access and login and password information and that Client has all necessary legal rights to provide CareCru such access and login and password information and to do so does not violate any such agreement with a third-party. If Client is unable to provide CareCru access to certain accounts or services Client has with third party service providers, CareCru may be unable to provide certain features of the Services to the Client. Client shall not assert any claims against CareCru based on the unavailability of certain features of the Services. 2.3 Listing Services. CareCru may offer a complimentary Listing Service under which Client’s business information and customer reviews (“Business Information”) are submitted to search engines, indexes, websites and other publicly available systems and applications (“Third Party Sites”). Client shall participate in Listing Services, and hereby authorizes CareCru to make Business Information available to, and to register Client on, Third Party Sites. Acceptance of Client’s registration is subject to Third Party Sites’ acceptance and CareCru makes no representation or warranty as to acceptance of Client’s registration. For so long as Client continues to subscribe to the Services, CareCru shall make a good faith attempt to ensure the confidentiality of information it provides to Third Party Sites pursuant to the Listing Services. Additional tools may be available from third parties enabling Client to update its Business Information on Third Party Sites. CareCru does not control Third Party Sites, which are provided by companies or persons other than CareCru and, if Client uses such Third Party Sites or third party tools, CareCru is not liable for any claim, loss or damage arising out of such Third Party Sites or the use or combination of third party tools with the Listing Services. During the Term, Client may request a copy of the Business Information on Third Party Sites that CareCru controls, which CareCru shall provide in PDF format within four (4) weeks following Client’s request, subject to CareCru timely receiving access to Business Information from such Third Party Sites. 2.4 Custom Services. Client may request the provision of Custom Services, performance of which is subject to an Order Form signed by the Parties setting out the Fees, payment terms, description of Custom Services, performance standards and timeline for delivery, among other terms. 2.5 Support. CareCru shall use commercially reasonable efforts during regular business hours to correct any reproducible material failure of the Services to substantially conform to its expected operation, provided that CareCru shall not be obligated to provide a correction for all such nonconformities.
3. CLIENT’S USE OF THE SERVICES 3.1 Access and Security Guidelines.
Client may create up to the number of User accounts specified in the Order Form and by supplying a unique user identification name and password (“UserID”) to CareCru for each User. Each User shall access and use the Services with their specific UserID. Client is responsible for ensuring that UserIDs are not shared and that Users retain the confidentiality of their UserIDs. Client is responsible for any and all activity occurring under the UserIDs associated with Users and shall cause Users to abide by all Applicable Laws in connection with their use of the Services, including those related to data privacy, international communications and the transmission of technical and personal data. Client shall promptly notify CareCru of any actual or suspected unauthorized use of the Services. CareCru may require that a UserID be replaced at any time.
3.2 Application of Agreement to Users.
Client acknowledges and agrees that all Users are subject to and bound by this Agreement. Client shall notify all Users of their obligations under this Agreement and obtain advanced written agreement from each User to such obligations, which agreements Client shall provide to CareCru upon CareCru’s request.
3.3 Client Responsibilities and Restrictions.
Client and Users shall not: a. use the Service in violation of Applicable Laws or in any manner not expressly permitted by this Agreement; b. use the Service to violate, infringe or appropriate any person’s or entity’s privacy rights, publicity rights, Intellectual Property Rights, proprietary rights, contractual rights or any other legal right; c. use the Service in a manner that is misleading, deceptive or fraudulent or otherwise illegal or promotes illegal activities, including engaging in phishing or otherwise obtaining financial or other personal information in a misleading manner or for fraudulent or misleading purposes; d. use the Service in a manner that is libelous or defamatory, harmful to minors, or that is otherwise threatening, abusive, violent, harassing, malicious or harmful to any person or entity, or is invasive of another’s privacy; e. use the Service in a manner that is hateful or discriminatory based on race, colour, sex, religion, nationality, ethnic or national origin, marital status, disability, sexual orientation or age or is otherwise objectionable; f. impersonate a CareCru employee, User or any other person, or falsely state or otherwise misrepresent Client or its User’s affiliation with any person or entity; g. except as expressly provided in this Agreement, sublicense or transfer any rights under this Agreement or otherwise use the Services for the benefit of a third party or to operate a service bureau; h. copy, modify, alter, change, translate, decrypt, obtain or extract the source code of, create derivative works from, reverse engineer, reverse assemble, decompile, disassemble or reverse compile any part of the Services or System; i. develop or assist with developing or updating a feature, service or product that is similar to any feature, service or product of CareCru; j. use or launch any automated system, including without limitation any “robot” or “spider” that accesses the Services or System; or k. interfere with, or attempt to interfere with, the Services, the System or any other networks or services connected to the Services through use of Harmful Code, as determined by CareCru in its sole discretion.
3.4 Client Data.
Client is solely responsible for obtaining advanced written permission from its Patients and, if a Patient is under the age of 13, such Patient’s legal guardian or parent, to provide, post or transmit the Patient’s information, records and data to CareCru, which permissions Client shall make available to CareCru upon CareCru’s request. Client and Users are solely responsible for Client Data and shall not provide, post or transmit any Client Data or any other information, data or material that: (a) infringes or violates any Intellectual Property Rights, publicity/privacy rights, or Applicable Law; or (b) contains any Harmful Code that intends to or does alter, erase, damage, surreptitiously intercept or expropriate any system, data or personal information such that it becomes inaccessible, inoperable or incapable of being used in the manner for which it was designed. CareCru may take remedial action if Client Data violates this Section 3.4 but is not obligated to review Client Data for accuracy or potential liability.
3.5 Call Recording.
CareCru may record calls between Client and Patients regarding the Services and in connection with and as part of the Services, which includes but is not limited to incoming calls Client receives from Patients (“Call Recording”). Client hereby consents to Call Recording and agrees that it is solely responsible for: a. obtaining advanced written permission for Call Recording from recorded parties, including but not limited to its employees, representatives, consultants, contractors, agents and Patients who may be recorded as part of a Call Recording (“Recorded Persons”); b. ensuring that all notices and permissions from Recorded Persons as may be required by Applicable Laws are included in the written permissions obtained from the Recorded Persons; and c. complying with all Applicable Laws regarding Call Recording and privacy. Client shall provide copies of Call Recording permission to CareCru upon CareCru’s request. Client shall notify Recorded Persons that if information collected during a Call Recording is subject to privilege (including but not limited to attorney-client or doctor-patient privilege), such privilege may be waived by use of a third party service provider to perform Call Recording. If information collected from Recorded Persons is subject to privilege, Client assumes the risk of using a third party service provider, such as CareCru, for Call Recording, including any preclusion of the application of such privilege with respect to information exchanged during the Call Recording.
3.6 Compliance with TCPA.
If applicable to Client or Client’s use of the Services, Client and Users shall comply with TCPA, including without limitation as set forth in Schedule A. Client and Users are solely responsible for obtaining advanced written permissions from Patients before sending any sort of text message or automated telephone message to Patients through the Services.
3.7 Compliance with HIPAA.
If Client or Client’s use of the Services is subject to HIPAA, Client and Users shall comply with HIPAA, including without limitation as set forth in Schedule B. Client and Users are solely responsible for obtaining all required written consents, authorizations and releases for making a Patient’s personal health information available to CareCru, including without limitation as set forth in Schedule B. Client and Users are also responsible for notifying Patients in writing of all potential uses of the Patient’s personal health information by CareCru as set forth in Schedule B.
3.8 Compliance with Anti-Spam Legislation.
Client and Users shall comply with all Applicable Laws, including but not limited to federal, provincial, state, municipal, regulatory or otherwise, whether of Canada, the United States or any other jurisdiction, including without limitation CASL, applicable to Client’s use of the email or electronic messaging functionality provided through the Services.
3.9 No Responsibility for Data Storage and Backup.
Client is solely responsible for backing up all Client Data that Client submits to CareCru and any and all data, files, records and information Client receives from CareCru. CareCru is not responsible for storage of Client Data and cannot guarantee that the System shall provide regular data backups of any Client Data stored on the System.
3.10 Internet Security Disclaimer.
Client acknowledges that: (a) CareCru exercises no control over, and accepts no responsibility for, any content passing through the Internet or other networks or for connectivity outside of CareCru’s full control; and (b) the Internet and any other networks outside of CareCru’s full control are inherently risky, despite reasonable measures being taken, and Client assumes responsibility for its use of the Services over the Internet and any other networks outside of CareCru’s full control.
4. FEES, PAYMENT AND SUSPENSION 4.1 Payment of Fees.
Client shall pay CareCru the fees (“Fees”) set forth in and in accordance with the Order Form. Implementation Fees are due immediately upon execution of an Order Form. All Fees are billed in advance (annual Fees prorated on a monthly basis) and due within 5 business days of Client’s receipt of an invoice from CareCru, unless otherwise agreed in the Order Form. Fees, other than Implementation Fees, are charged immediately following the Go-Live date, as such date is determined by CareCru, acting reasonably. Overdue amounts accrue interest at the rate of 18% per annum, or the highest legal interest rate, if less. Client shall reimburse CareCru for all expenses (including reasonable attorneys’ fees) incurred by CareCru to collect any overdue amount. Fees are exclusive of, and Client shall pay, all sales, use, excise and other taxes that may be levied upon Client in connection with this Agreement, except for employment taxes and taxes based on CareCru’s net income.
4.2 Non-Payment of Fees.
CareCru reserves the right (in addition to any other rights or remedies CareCru may have) to discontinue the Services and suspend all UserIDs and Client’s and Users’ access to the Services if any Fees are more than thirty (30) calendar days overdue, until such amounts are paid in full. Client shall maintain complete, accurate and up-to-date Client billing and contact information at all times. Client shall not withhold payment of Fees due to CareCru’s failure to deliver any future functionality or features, nor is Client’s obligation to pay Fees dependent upon any oral or written public comments made by CareCru with respect to future functionality or features.
4.3 Change Order.
Client may request in writing to amend the Order Form, for example to increase or decrease the number of locations and number and type of features, by submitting a request to their designated CareCru representative (“Change Order”). CareCru may either accept or reject a Change Order and, upon acceptance, such Change Order takes effect upon: (a) if the Change Order increases Fees, immediately upon CareCru’s provision of the additional Services subject to the Change Order; or (b) if the Change Order decreases Fees, upon the subsequent Renewal Term. CareCru’s failure to respond to a Change Order shall be deemed a rejection thereof.
4.4 Renewal Term Fees.
CareCru reserves the right to update the Fees as of each Renewal Term and shall inform Client of such updated Fees least 60 days prior to such Renewal Term. Client is deemed to accept any updated Fees by continuing to use the Service and not terminating prior to such Renewal Term.
5. TERM AND TERMINATION 5.1 Term.
The term of this Agreement begins on the Effective Date and continues until the end of the Initial Term set forth in the Order Form (“Initial Term”), thereafter automatically renewing for the same duration as the Initial Term (“Renewal Term”) (the Initial Term and each Renewal Term, together, the “Term”), until terminated.
5.2 Termination.
This Agreement may be terminated as follows: a. by CareCru, for any reason upon at least thirty calendar days’ prior written notice; b. by either party, upon at least 30 calendar days’ prior written notice, prior to expiration of the Initial Term or commencement of a Renewal Term; or c. by either party upon written notice if the other party materially breaches this Agreement and does not cure such breach within 30 calendar days after written notice of such breach.
5.3 Effect of Termination.
Upon termination: (a) all Fees are immediately due and payable without proration for any partial year of Services, except if terminated by CareCru pursuant to Section 5.2(a) or if terminated by Client pursuant to Section 5.2(c) in which case only Fees owed up to the date of termination are owed by Client; and (b) Client and Users shall return to CareCru all property (including any Confidential Information) of CareCru in their possession or control.
5.4 Client Data upon Termination.
If Client is not in breach of this Agreement, CareCru shall allow the Client and Users to access, without the right to modify, enhance or add to, Client Data (either through on-line access or an off-line mechanism provided by CareCru) (“Access Service”) for up to 180 calendar days after termination. Thereafter, CareCru shall remove all Client Data from the System that is required to be removed pursuant to this Agreement, excluding data used in the Listing Services, which CareCru shall only remove from platforms controlled by CareCru upon Client’s request, and CareCru shall provide written confirmation to Client that all such Client Data has been removed. All Client and User access to or use of the System and the Access Service is immediately suspended 180 calendar days after termination. Excluding the Access Service, all other Services, rights, and grants provided by CareCru to Client immediately cease upon termination.
5.5 Third Party Sites upon Termination.
During the Term and following termination, Business Information may remain in any data feeds provided to third parties under the Listing Services. Following termination, Client may request removal of Business Information from Third Party Sites, such removal services to be performed at CareCru’s sole discretion and CareCru is not obligated to request that third parties remove such Business Information nor does CareCru guarantee that such third parties will remove all such Business information.
5.6 Limitation, Suspension or Termination of Access.
In addition to other rights and remedies of CareCru under this Agreement, CareCru may suspend, terminate or limit (in CareCru’s sole discretion) Client’s or Users’ access to or use of the Services, or any part thereof, without notice in order to: a. prevent damage to, or degradation of the integrity of the System or any of Client’s systems; b. comply with any Applicable Law, court order or other governmental request or order; or c. otherwise protect CareCru from harm to its reputation or business. CareCru shall use commercially reasonable efforts to notify Client of a limitation, suspension or termination action as soon as reasonably practicable. In the event of a limitation or suspension, CareCru shall restore Client’s or Users’ access to the Services when CareCru determines the event resolved. Nothing in this Agreement limits CareCru’s right to take any action or invoke remedies, or acts as a waiver of CareCru’s rights in any way with respect to any of the foregoing activities. CareCru shall not be responsible for any loss or damage of any kind incurred by Client as a result of any limitation, termination or suspension of the Services under this Section 5.6.
6. CONFIDENTIAL INFORMATION
6.1 Protection of Confidential Information.
Each Party shall: (a) hold the other Party’s Confidential Information in strict confidence; (b) limit access to the other Party’s Confidential Information to those of its employees, officers or directors having a need to know and who are bound by confidentiality obligations at least as restrictive as those contained herein; and (c) not use such Confidential Information for any purpose except as expressly permitted in this Agreement and Privacy Policy.
6.2 Exceptions.
The restrictions on Confidential Information set forth in Section 6.1 do not apply to any Confidential Information, or portion thereof, which: (a) is or becomes a part of the public domain through no act or omission of the receiving Party; (b) was in the receiving Party’s lawful possession prior to the disclosure, as shown by the receiving Party’s verifiable written records; (c) is independently developed by the receiving Party without reference to Confidential Information, as shown by the receiving Party’s verifiable written records; (d) is lawfully disclosed to the receiving Party by a third party, such third party without restriction on disclosure or use; or (e) is disclosed in response to a valid order or requirement by a court or other governmental body, provided that the receiving Party provides the other Party prior written notice of such disclosure in order to provide the other Party with the opportunity to seek confidential treatment of such information.
7. OWNERSHIP 7.1 System and Technology.
CareCru and its licensors retain all right, title and interest in and to the Services and the System, all software, materials, formats, interfaces, information, data, content, and CareCru proprietary information and technology used or generated by CareCru (for example, De-Identified Information pursuant to Schedule B) or provided to Client in connection with the Services (collectively, “CareCru Technology”). CareCru Technology is protected by Intellectual Property Rights owned by or licensed to CareCru. All Intellectual Property Rights in and to CareCru Technology are the property of CareCru and its licensors, and Client and Users have no ownership interest in CareCru Technology or any Intellectual Property Rights therein. CareCru shall own any updates or new features of the Services and System resulting from any suggestions, enhancement requests, recommendations or other feedback provided by Client, including but not limited to Users (“Updates”). Client shall obtain all Intellectual Property Rights from all Users in such Update, and Client, on behalf of itself and Users, shall assign and does hereby assign to CareCru all Intellectual Property Rights in such Updates.
7.2 Client Data.
Client retains all right, title and interest in and to Client Data. CareCru shall only use Client Data to provide the Services under this Agreement and as set out in the Privacy Policy. Client shall be solely responsible for providing all Client Data required for the proper operation of the Services. Client grants to CareCru all necessary licenses in and to such Client Data as necessary for CareCru to provide the Services to Client and for the uses set forth in the Privacy Policy. CareCru shall not knowingly use or access any Client Data for any purposes other than to provide the Services under this Agreement and as set out in the Privacy Policy, unless authorized to do so by Client in writing.
8. DISCLAIMER OF WARRANTIES THE SERVICES AND ANY OTHER PRODUCTS AND SERVICES PROVIDED BY CARECRU TO CLIENT AND USERS ARE PROVIDED “AS IS”, “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT ANY WARRANTIES, REPRESENTATIONS OR CONDITIONS OF ANY KIND. CARECRU HEREBY DISCLAIMS ALL EXPRESS, IMPLIED, COLLATERAL OR STATUTORY WARRANTIES, REPRESENTATIONS OR CONDITIONS, WHETHER WRITTEN OR ORAL, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, FREEDOM FROM HARMFUL CODE, SECURITY, RELIABILITY, COMPLETENESS, QUIET ENJOYMENT, ACCURACY, QUALITY, INTEGRATION OR FITNESS FOR A PARTICULAR PURPOSE. CARECRU DOES NOT WARRANT THAT THE SERVICES WILL OPERATE WITHOUT INTERRUPTION OR BE ERROR FREE. WITHOUT LIMITING THE GENERALITY OF ANY OF THE FOREGOING, CARECRU EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY THAT ANY DATA OR INFORMATION PROVIDED TO CLIENT AND USERS IN CONNECTION WITH CLIENT’S USE OF THE SERVICES (INCLUDING ALERTS AND RECOMMENDATIONS) IS ACCURATE, OR CAN OR SHOULD BE RELIED UPON BY CLIENT AND USERS FOR ANY PURPOSE WHATSOEVER. CARECRU EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITY AND LIABILITY WITH RESPECT TO: (A) SEPARATE AGREEMENTS CLIENT MAY MAKE WITH PATIENTS, USERS OR OTHER USERS OF THE SERVICES; AND (B) CLIENT’S OBLIGATION TO COMPLY WITH APPLICABLE LAWS IN CONNECTION WITH ITS USE OF THE SERVICES, INCLUDING BUT NOT LIMITED TO CLIENT’S OBLIGATION TO OBTAIN CONSENTS, AUTHORIZATIONS OR RELEASES FROM PATIENTS CONCERNING INFORMATION CONNECTED FROM SUCH PATIENTS. CLIENT IS SOLELY RESPONSIBLE FOR THE PROFESSIONAL AND TECHNICAL SERVICES CLIENT PROVIDES. CARECRU HAS NO LIABILITY FOR THE CONSEQUENCES TO CLIENT OR CLIENT’S PATIENTS OR USERS ARISING FROM THEIR USE OF THE SERVICES. CARECRU IS NOT RESPONSIBLE FOR THE ACTS OR OMISSIONS OF, OR FOR THE FAILINGS OF, ANY THIRD PARTY PROVIDER OF ANY SERVICE, NETWORK, SOFTWARE OR HARDWARE, INCLUDING, BUT NOT LIMITED TO, INTERNET SERVICE PROVIDERS, HOSTING SERVICES UTILIZED BY CARECRU, TELECOMMUNICATIONS PROVIDERS, OR ANY SERVICES, SOFTWARE OR HARDWARE NOT PROVIDED BY CARECRU. THE SERVICES ARE OFFERED AND CONTROLLED BY CARECRU FROM ITS FACILITIES IN CANADA. CARECRU MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE SERVICES ARE APPROPRIATE OR AVAILABLE FOR USE IN ANY LOCATIONS OTHER THAN CANADA AND THE UNITED STATES. THOSE WHO ACCESS OR USE THE SERVICES FROM OTHER JURISDICTIONS DO SO OF THEIR OWN VOLITION AND ARE RESPONSIBLE FOR COMPLIANCE WITH APPLICABLE LAWS. CLIENT IS RESPONSIBLE FOR ENSURING THAT CLIENT DATA, INCLUDING WITHOUT LIMITATION PATIENT DATA, PROVIDED TO CARECRU IS SOLELY FROM RESIDENTS OF THE U.S. AND CANADA. IF CLIENT DATA INCLUDES PATIENT DATA FROM RESIDENTS OF COUNTRIES OTHER THAN THE U.S. AND CANADA, CLIENT IS FULLY AND SOLELY RESPONSIBLE FOR SUCH CLIENT DATA AND COMPLIANCE WITH APPLICABLE LAWS. CLIENT ACKNOWLEDGES AND AGREES THAT ANY DATA, INFORMATION, CONTENT OR MATERIALS CONTAINED IN OR MADE AVAILABLE IN CONNECTION WITH THE SERVICES IS NOT INTENDED AS A SUBSTITUTE FOR THE KNOWLEDGE, EXPERTISE, SKILL AND JUDGMENT OF TAX, LEGAL OR OTHER PROFESSIONALS. THE SERVICES DO NOT PROVIDE TAX OR LEGAL ADVICE. CLIENT IS RESPONSIBLE FOR OBTAINING SUCH ADVICE.
9. INDEMNITY
Client shall indemnify, defend and hold harmless CareCru, its affiliates, and each of their respective officers, directors, agents, shareholders, employees and representatives (collectively, the “Indemnified Parties”), from and against any third party claim, allegation, lawsuit, action, demand, loss, damage, cost or liability (including reasonable attorneys’ fees) (collectively and individually, “Claims”) incurred by or made against the Indemnified Parties in connection with, arising out of or relating to this Agreement, Privacy Policy, the Services or System, including without limitation: a. Client’s or Users’ use, non-use or misuse of the Services or System; b. Client’s or Users’ violation or alleged violation of this Agreement; c. Client’s or Users’ violation of any rights, including Intellectual Property Rights, of a third party; d. CareCru’s use of Client Data including without limitation Patient Data; e. Client’s or Users’ use of CareCru’s services, including without limitation the limitations set forth in Section 2.3 “Listing Service,” Section 2.2 “Access” and Section 3.5 “Call Recording”; f. Client’s or Users’ provision, posting, or transmission of Client Data including without limitation Patient Data as set forth in Section 3.4 “Client Data”; g. Client’s or Users’ failure to comply with TCPA including without limitation the limitations set forth in Section 3.6 “Compliance with TCPA”; h. Client’s or Users’ failure to comply with HIPAA including without limitation the limitations set forth in Section 3.7 “Compliance with HIPAA”; i. any allegation that Client Data, or the use of Client Data pursuant to this Agreement or the Privacy Policy, infringes the Intellectual Property Rights or other rights of a third party or otherwise causes harm to a third party; and j. any allegation that Client Data, or use of Client Data pursuant to this Agreement and the Privacy Policy violates the privacy rights or other rights of Client’s Patients. CareCru reserves the right, at Client’s expense, to assume the exclusive defense and control of any matter for which Client is required to indemnify the Indemnified Parties, and Client shall cooperate with CareCru’s defense of these Claims. Client shall not settle any matter without the prior written consent of CareCru. CareCru shall use reasonable efforts to notify Client of any such Claims upon becoming aware of them, but any delay does not release Client of its obligations.
10. LIMITATION OF LIABILITY
The following provisions have been negotiated by each Party, are a fair allocation of risk, are an essential basis of the bargain under this Agreement and survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy: 10.1 Amount. CARECRU’S TOTAL AGGREGATE LIABILITY FROM ANY AND ALL CLAIMS IN CONNECTION WITH OR UNDER THIS AGREEMENT OR PRIVACY POLICY IS LIMITED TO THE TOTAL AMOUNT OF FEES RECEIVED BY CARECRU FROM CLIENT UNDER THIS AGREEMENT IN THE 12 MONTHS IMMEDIATELY PRECEDING THE DATE THE CLAIM FIRST AROSE. FOR GREATER CERTAINTY, THE EXISTENCE OF ONE OR MORE CLAIMS UNDER THIS AGREEMENT WILL NOT INCREASE THIS MAXIMUM LIABILITY AMOUNT. IN NO EVENT SHALL CARECRU’S SUPPLIERS HAVE ANY LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT. 10.2 Type. IN NO EVENT SHALL CARECRU BE LIABLE TO CLIENT OR USERS FOR ANY: (A) SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES; (B) LOST SAVINGS, PROFIT, DATA, USE OR GOODWILL; (C) BUSINESS INTERRUPTION, EVEN IF NOTIFIED IN ADVANCE OF SUCH POSSIBILITY; (D) LOSSES OR LIABILITIES DUE IN WHOLE OR IN PART TO INADVERTENT, PREMATURE OR UNAUTHORIZED RELEASE OR DISCLOSURE OF INFORMATION BY CLIENT OR USERS THROUGH THE SERVICES; OR (E) PERSONAL OR PROPERTY DAMAGE ARISING OUT OF OR IN ANY WAY CONNECTED TO THE SERVICES, THIS AGREEMENT OR PRIVACY POLICY, REGARDLESS OF CAUSE OF ACTION OR THE THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, GROSS NEGLIGENCE, FUNDAMENTAL BREACH, BREACH OF A FUNDAMENTAL TERM) OR OTHERWISE. IN NO EVENT SHALL CARECRU BE LIABLE FOR PROCUREMENT OR COSTS OF SUBSTITUTE PRODUCTS OR SERVICES. 10.3 No Jury Trial. CLIENT AND USERS IRREVOCABLY AND UNCONDITIONALLY WAIVE ANY RIGHT CLIENT AND USERS MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LEGAL ACTION ARISING OUT OF OR RELATING TO THE SERVICES OR THIS AGREEMENT WITH THE EXCEPTION OF ANY DISPUTE RELATED TO INTELLECTUAL PROPERTY RIGHTS OF A PARTY. 10.4 No Participating in Class Action. CLIENT AND USERS AGREE THAT, WITH RESPECT TO ANY DISPUTE ARISING OUT OF OR RELATING TO THE SERVICES, THIS AGREEMENT OR PRIVACY POLICY, CLIENT AND USERS HEREBY GIVE UP THEIR RIGHTS TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS IN ANY LAWSUIT INCLUDING BUT NOT LIMITED TO CLASS ACTION LAWSUITS INVOLVING ANY SUCH DISPUTE. 10.5 Limitation of Time. Client and Users agree that they shall not bring a Claim under or related to the Services, this Agreement or Privacy Policy more than 12 months from when such Claim first arose.
11. GENERAL PROVISIONS
11.1 Authority.
If the Party signing this Agreement is entering this Agreement on behalf of a company or other legal entity, the Party represents that it is authorized to bind such company or other entity to this Agreement. In order to enter into this Agreement, the Party signing this Agreement shall be of the legal age of majority in the Party’s jurisdiction of residence and fully able and competent to enter into the terms, conditions, obligations, affirmations, representation and warranties set forth in this Agreement, and to abide by and comply with this Agreement. The signing Party shall ensure that it is legally eligible to enter into this Agreement under any Applicable Laws.
11.2 Privacy Policy.
Client and Users agree to be bound by the terms and conditions of this Agreement, as well as the Privacy Policy, as may be amended on one or more occasions. CareCru may amend the Privacy Policy at any time and shall make such amended Privacy Policy available through the Services, for example a notification posted on the CareCru website. Client and Users are deemed to accept an amended Privacy Policy by continuing to use the Service. Unless CareCru states otherwise, an amended Privacy Policy is automatically effective 30 days after posting on the Services. Client and Users should review the Privacy Policy from time-to-time. Client and Users continued use of the Services is deemed irrevocable acceptance of any such revisions to the Privacy Policy. Client shall provide written notification to Users, Patients and Patients’ legal guardians and parents, if the Patient is under the age of 13, of this Privacy Policy and require that they read and acknowledge the Privacy Policy in writing.
11.3 Publicity.
CareCru shall only make public announcements, including, but not limited to, press releases and media announcements or statements regarding the exisent’s name in customer lists and other protence of this Agreement and the relationship between the Parties if CareCru receives prior written consent from Client. CareCru may use Climotional materials describing Client as a customer of CareCru and user of the Services, if CareCru receives prior written consent from Client.
11.4 Assignment.
Client may not assign this Agreement to a third party without CareCru’s prior written consent, not to be unreasonably withheld, except to a third party that controls, is controlled by or is under common control with Client. CareCru may assign this Agreement or any rights hereunder to any third party without Client’s consent. Any assignment in violation of this Section 11.4 shall be void. Any assignment is conditional upon the assignee agreeing in writing to be bound to this Agreement, which shall be binding upon and inure to the benefit of the Parties’ successors and permitted assignees.
11.5 Arbitration.
Except for any dispute related to the Intellectual Property Rights of a Party, a Party shall refer any dispute or claim arising out of or relating to this Agreement or the Privacy Policy to and finally resolved by arbitration administered by the Vancouver International Arbitration Centre pursuant to its applicable rules. The place of arbitration shall be Vancouver, British Columbia, Canada. The number of arbitrators shall be 1.
11.6 Governing Law.
This Agreement is deemed to have been made and performed in and shall be construed pursuant to the laws of the province of British Columbia, excluding application of its conflict of laws principles. The Parties agree to submit to the exclusive jurisdiction of the appropriate provincial and federal courts in the province of British Columbia. Each Party irrevocably waives, to the maximum extent permitted by applicable law, any objection that it may now or hereafter have to the laying of venue for any such proceeding and any claims that a proceeding brought in such court has been brought in an inconvenient forum. The U.N. Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
11.7 Notices.
Any notice or other communication required or permitted under this Agreement shall be given in writing: (a) to CareCru, by email at [email protected]; or (b) to Client, by email or certified mail at the address set forth in the most recent Order Form. Notwithstanding the foregoing, each Party may change its address for notice on one or more occasions upon written notice to the other Party of the new address. Notices are deemed given upon receipt, or when delivery is refused.
11.8 Entire Agreement.
This Agreement, including the Order Form and the Privacy Policy, are the entire understanding and agreement of the Parties, and supersede any and all previous and contemporaneous understandings, agreements, proposals or representations, written or oral, between the Parties, as to the subject matter hereof. Any amendment or waiver of the terms of this Agreement is effective only if made in writing and signed by an authorized and duly empowered representative of each of the Parties.
11.9 Severability and Waiver.
If any provision of this Agreement is found by a court of competent jurisdiction to be unenforceable or invalid, that provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will remain in full force and effect. No failure to exercise and no delay in exercising any right in this Agreement will operate as a waiver of such right, and no single or partial exercise of any right will preclude further exercise of any rights contained in this Agreement.
11.10 Relationship of the Parties.
The Parties to this Agreement are independent contractors, and no agency, partnership, franchise, joint venture or employee-employer relationship is intended or created by this Agreement.
11.11 Updates.
CareCru reserves the right to modify this Agreement (each, an “Update”) effective as of each Renewal Term and shall inform Client of each Update at least 30 days prior to such Renewal Term. Client is deemed to accept any Update by continuing to use the Service and not terminating prior to such Renewal Term.
11.12 Survival. Sections 1, 3.4 through 3.10, 5.3 through 5.5, 6, 7, 8, 9, 10 and 11 survive termination or expiration of this Agreement.
SCHEDULE A: TCPA REQUIREMENTS The Telephone Consumer Protection Act of 1991 (“TCPA”) is a U.S. federal law regulating the way consumers are contacted by telephone, fax and text message. The TCPA regulations apply to the text and automated messages Client and Users are able to send through the Services to communicate with Patients. Those TCPA regulations described below are intended to help Client and Users understand the restrictions. Client and Users are solely responsible for TCPA compliance and shall not rely on this Schedule A as a complete or accurate statement of their TCPA compliance obligations. 1. Prior Consent TCPA regulations require that companies obtain consent from consumers prior to sending any sort of text or automated telephone messages. For HIPAA covered entities, requirements for how consent is obtained are different depending on whether the messaging only contains health-related information or if it includes marketing-focused content. CareCru automates text message communications to Patients, but Client and Users are responsible for ensuring that recipients of those communications have provided prior express written consent to receive them. 2. Consent for Informational Health Care Messages For HIPAA covered entities sending informational only health-related messages, the Patient’s consent may be written, electronic or verbal. Such health-related informational messages include appointment reminders without marketing content. CareCru requires that Client’s “Notice of Privacy Practices” or “Privacy Policy” specifically state that Client may use Patients’ landline or cell phone numbers to contact them with informational messages, specifically, that third party business associates may text them with reminders. CareCru also requires that Client and Users obtain written acknowledgement from each Patient stating that they have received and reviewed Client’s “Privacy Policy” or “Notice of Privacy Practices” which should include a notice that Patients’ landline or cell phone numbers may be used to contact them with informational messages. Client agrees to make such written acknowledgement of Client’s “Privacy Policy” or “Notice of Privacy Practices” containing the notice that Patients’ landline or cell phone numbers may be used to contact them with informational messages available to CareCru upon request. The Services include default templates for informational only health-related messages that meet the requirements for HIPAA information- only content. However, messages sent through the Services can be personalized by Client and Users, so CareCru encourages Client and Users to educate themselves on TCPA guidelines by visiting the U.S. Federal Communications Commission website prior to making any modifications to the default templates provided by CareCru. 3. Consent for Marketing-Focused Messages: The Services can also be used to send or automate marketing-focused messages, which are subject to more stringent TCPA regulations. Messages with any sort of marketing content require that a Patient provide Client with “express written consent”, which may be obtained in an electronic format. Prior express written consent must identify that Client may be sending text messages related to Client’s goods and services using automated technology and that Patient affirmatively agrees to receive such messages. Prior express consent must include Patients’ written or electronic acceptance. CareCru requires that Client and Users obtain written consent from each Patient stating that they agree to receive messages relating to Client’s goods and services. Client agrees to make such written consent from each Patient available to CareCru upon request. 4. Opt-Out By entering a cell phone number into Client’s management system or the System and not opting such cell phone out of the CareCru text message feature, Client and Users are directing CareCru to automatically send text message reminders and other communications to such cell phone and certifying that the user of such cell phone consents to the receipt of those messages. TCPA regulations require Client and Users to honor Patient requests to opt-out of telephone, fax or text messages. The Services allow Client and Users to honor these requests on an individual basis. Also, a Patient may opt-out of text messages at any time by replying with the word STOP to any text message sent through the Services. Client and Users are solely and fully responsible for all liability for any failure to receive consent or failure to opt Patients out of the text message feature. 5. Identity Disclosure TCPA regulations require Client and Users to identify Client’s practice by name and telephone number in all text messages Client and Users send to Patients. The Services enable Client and Users to comply with this rule by requiring Client and Users to include identifying tokens in all text message templates. Client and Users shall not be able to send any text messages that do not contain complete the proper identification. Additionally, Client and Users may not attempt to spoof sender domains, send spam or other offending text message practices. CareCru makes no express or implied warranty of individual message receipt. Standard text message rates apply for all text message services. CareCru shall not be liable for any issues that arise associated with the content that Client and Users provide or unforeseen liabilities of it being delivered. Client and Users shall be solely and fully responsible for complying with Applicable Laws within Client’s jurisdiction in connection with telecommunication (e.g., email and text) messages that Client and Users send to Patients.
For more information about Client and Users’ responsibilities under the TCPA, please visit the U.S. Federal Communications Commission website at www.fcc.gov/document/telephone-consumer-protection-act1991.
SCHEDULE B: HIPAA REQUIREMENTS The Health Insurance Portability and Accountability Act of 1996, and regulations promulgated thereunder, including the Privacy Rule and Security Rule, as amended, (collectively, “HIPAA”) applies to the Services. Those HIPAA regulations described below are intended to help Client and Users understand the restrictions. Client and Users are solely responsible for HIPAA compliance and shall not rely on this Schedule B as a complete or accurate statement of their HIPAA compliance obligations. 1. Client and User Obligations Client and Users agree to follow and abide to the following (all undefined terms in this Schedule B have their meaning defined by the HIPAA regulations): a. ensuring that Client and Users use of the Services complies with Applicable Law, including, but not limited to, laws relating to maintenance of privacy, security, and confidentiality of Patients and other health information; b. implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Services, which comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule; and c. maintain appropriate security with regard to all personnel, systems, and administrative processes used by Client, Users or other members of Client’s workforce to transmit, store and process electronic health information through the use of the Services. By using the Services, Client and Users consent to the terms of the Business Associate Agreement set forth in Appendix 1 (the “BAA”) and Client and Users agree to protect any information received through such communication services in accordance with the terms of such BAA. 2. Specially Protected Information CareCru applies the standards of the Privacy Rule in permitting access to the Services. Client and Users acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of health information, or health information pertaining to certain classes of individuals. Client and Users are solely responsible for ensuring that personal health information is subject to the restrictions of the Privacy Rule and applicable law. In particular, Client and Users shall: (a) not make available to other users through the Services any information in violation of any restriction on use or disclosure (whether arising from Client’s agreement with such users or under law); and (b) obtain written consents, authorizations or releases necessary from individuals for making their personal health information available to CareCru, in each case including such statements in Client’s notice of privacy practices. CareCru is committed to maintaining the confidentiality of information entrusted to CareCru, especially individually identifiable personal and health information. CareCru follows its HIPAA policies and procedures. Client is responsible for determining if the Services meet Client’s compliance standards. 3. CareCru’s Use of Protected Health Information The Services may include use of Patients’ Protected Health Information (as defined in the Health Information Technology for Economic and Clinical Health Act (United States)) (“PHI”) that Client or Users input or upload onto the Services or that CareCru receives on Client’s behalf from Client’s authorized service providers or CareCru’s third party partners with Client’s express written consent (“Client’s Health Information”). Client retains all rights with regard to Client’s Health Information, and CareCru shall only use such information as expressly permitted in the Agreement, the BAA and the Privacy Policy. Client authorizes CareCru, as its business associate, to use and disclose Client’s Health Information as follows: CareCru shall permit access to Client’s Health Information by business associates to whom Client has consented in writing to provide access to the Services and who have otherwise agreed to integrate with CareCru’s systems pursuant to appropriate assurances (i.e. practice management integration vendor). Client acknowledges that once CareCru has granted access rights to another provider or covered entity (or their respective business associates), CareCru has no control over the uses and disclosures that the business associate makes of Client’s Health Information, and the recipient may be subject to its own legal or regulatory obligations (including HIPAA) to retain such information and make such information available to Patients, governmental authorities and others as required by applicable law or regulation. CareCru may de-identify Client’s Health Information in association with the provisions of the Privacy Rule and use and disclose such de-identified information (“De- Identified Information”) as set forth in this Schedule B. CareCru may create limited data sets from Client’s Health Information, and disclose them for any purpose for which a Party may disclose a limited data set and Client hereby authorizes CareCru to enter into data use agreements on Client’s behalf with prior written consent for the use of limited data sets, in accordance with applicable law and regulation. CareCru may use Client’s Health Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the Services make available, in order to render these reports to Client. Preparation of such analyses and reports may include the use of data aggregation services relating to Client’s treatment and health care operations, which CareCru may perform using Client’s Health Information. Such reporting shall be done in a manner that does not make any disclosure of Client’s Health Information that Client would not be permitted to make. CareCru may use Client’s Health Information for the proper management and administration of the Services and CareCru’s business, and to carry out its legal responsibilities. CareCru may also disclose Client’s Health Information for such purposes if the disclosure is required by law, or CareCru obtains reasonable assurances from the recipient that it shall be held confidentially and used or further disclosed only (a) as required by law (as such term is defined in 45 CFR §164.103), or (b) for the purpose for which it was disclosed to the recipient, and the recipient notifies CareCru of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, CareCru may permit access to the system by CareCru’s contracted system developers under appropriate confidentiality agreements. CareCru may use Client’s Health Information and Directory Information (defined below) to contact Patients on Client’s behalf for certain Services, including: (a) for treatment and health care operations messages, including sending appointment requests and reminders or post-visit treatment satisfaction surveys; and (b) to provide information about health- related products or services that Client provides, or that CareCru provides on Client’s behalf as Client’s business associate. On one or more occasions CareCru may incorporate information it receives from Client’s authorized service providers (including any third party product or services), or CareCru’s third party partners, into the Services provided to Client, if Client has provided prior written consent for CareCru to use this information and Client has represented that Patients have consented in writing to these uses. Such information may include, without limitation, clinical information such as lab results, imaging results, eligibility information, and prescription history and shall, upon incorporation into the Services, be treated as “Client’s Health Information” for all purposes hereunder. Client shall notify Patients in Client’s “Notice of Privacy Practices” or “Privacy Policy” of Client’s disclosure of their Protected Health Information to CareCru and identify all of the ways that CareCru may use or disclose their Protected Health Information as set forth above. Client agrees to obtain Patient’s written acknowledgement of its “Notice of Privacy Practices” or “Privacy Policy” containing such notification and make these written acknowledgements available to CareCru upon request. 4. De-Identified Information In consideration of CareCru’s provision of the Services, Client hereby transfers and assigns to CareCru all right, title and interest in and to all De-Identified Information that CareCru makes from Client’s Health Information. Client agrees that CareCru may use, disclose, market, license and sell such De-Identified Information for any purpose without restriction, and that Client has no interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. Client acknowledges that the rights conferred by this Section are the principal consideration for the provision of the Services, without which CareCru would not enter into the Agreement. 5. Individuals’ Rights Client is solely responsible for affording individuals their rights with respect to relevant portions of Client’s Health Information, such as the rights of access and amendment. Client shall not undertake to afford an individual any rights with respect to any information in the Services other than Client’s Health Information. APPENDIX
1: BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement (“BAA”), is entered into by and between CareCru Incorporated, (“Business Associate”) and Client (“Healthcare Provider”) who entered into the Agreement with Business Associate, for the purpose of compliance with the Health Insurance Portability and Accountability Act and its implementing administrative simplification regulations (“45 CFR 160-164”) (“HIPAA”), Subtitle D of the United States Health Information Technology for Economic and Clinical Health Act (“HITECH”), and the Omnibus Rule of 2013 (“Omnibus Rule”). This BAA hereby amends and is incorporated into any underlying agreement between Healthcare Provider and Business Associate; to the extent that the provisions of this BAA conflict with those of an underlying agreement, the provisions of this BAA shall control. Capitalized terms used but not otherwise defined herein shall have the same meaning as those terms defined in HIPAA, HITECH and the Omnibus Rule. If, in the provision of services to Healthcare Provider, Business Associate representatives may receive or have access to Protected Health Information (“PHI”) that is created and/or maintained by Healthcare Provider, Business Associate shall be bound by the following terms: 1. Permitted Uses and Disclosures Business Associate may use and disclose PHI: (a) in the course of performing services for or on behalf of Healthcare Provider; (b) to any court, regulatory agency or accrediting body to whom Healthcare Provider or Business Associate may be required to disclose such PHI by law, regulation or Court order; and (c) as permitted by law, regulation or Court order. Business Associate may also use PHI for the proper management and administration of Business Associate, for the uses set forth in Business Associate’s Privacy Policy or to carry out the legal responsibilities of Business Associate. 2. Business Associate Obligations. Business Associate shall: a. ensure that its agents and subcontractors to whom it may provide PHI in the course of performing services for or on behalf of Healthcare Provider agree to the same terms and conditions as are applicable to Business Associate as set forth herein; b. implement reasonable and appropriate safeguards to prevent use or disclosure of PHI other than as permitted herein and report to Healthcare Provider any use or disclosure of PHI not provided for by this Agreement or its Privacy Policy of which it becomes aware; c. make available to the Secretary of Health and Human Services, Business Associate’s practices, books and records relating to the use or disclosure of PHI for purposes of determining Healthcare Provider’s compliance with HIPAA, subject to any attorney-client or other privileges; d. report to the Healthcare Provider, and mitigate to the extent practicable, any harmful effect that is known to Business Associate of uses or disclosures of PHI of which Business Associate becomes aware that do not comply with the terms herein; e. to the extent that Healthcare Provider and Business Associate agree in writing that Business Associate shall maintain PHI as part of a Designated Record Set, as defined in HIPAA, upon Healthcare Provider’s request, provide access and make amendments to such PHI, in order to meet the requirements under HIPAA; f. document such uses and disclosures of PHI and, upon Healthcare Provider’s request, provide such information as would be required for Healthcare Provider to account for disclosures of PHI as required under 45 CFR 164.528; g. when Business Associate ceases to perform services for or on behalf of Healthcare Provider, Business Associate shall destroy all PHI received within 180 days of cessation of all services to Healthcare Provider or if such destruction of PHI is not feasible, continue to abide by the terms set forth herein with respect to such PHI; h. following a discovery of a breach of Unsecured Protected Health Information, as defined in HITECH, notify Healthcare Provider of such breach within sixty (60) calendar days of the discovery of the breach; and i. to the extent Business Associate is to carry out one or more of Healthcare Provider’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to Healthcare Provider in the performance of such obligation(s). 3. Healthcare Provider Obligations Healthcare Provider shall: a. notify Business Associate of any limitations in the notice of privacy practices of Healthcare Provider under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI; b. notify Business Associate of any restrictions on the use or disclosure of PHI that Healthcare Provider has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restrictions may affect Business Associate’s use or disclosure of PHI; c. notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose their PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI; d. not request Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Healthcare Provider; and e. be responsible for notifying Individuals, Media, and the Secretary of a Breach of PHI by Healthcare Provider or Business Associate in accordance with 45 CFR 164.404, 164.406, and 164.408. 4. Term and Termination The term of this BAA shall be effective as of the date of the Agreement and shall terminate when Business Associate ceases to perform services for Healthcare Provider, except as provided in Section 2(g) above. Healthcare Provider may terminate the Agreement and this BAA if Business Associate fails to cure or take substantial steps to cure a material breach of this BAA within thirty (30) calendar days after receiving written notice of such material breach from Healthcare Provider. 5. Agreement This BAA may be amended only in writing signed by Healthcare Provider and Business Associate. The Parties agree to take such action to amend this BAA as is necessary to comply with the requirements of HIPAA and HITECH. This BAA and the rights and obligations of the Parties hereunder shall in all respects be governed by, and construed in accordance with, the laws of British Columbia, Canada, including all matters of construction, validity and performance. Each Party irrevocably submits to the exclusive jurisdiction of the local and federal courts residing in British Columbia, Canada, respectively arising out of any disputes of this BAA.