hc1 Insights™ Master Services and Subscription Agreement, April 21, 2025
This Master Services and Subscription Agreement (the “Agreement“) is entered into and effective as of the Effective Date below and made by and between hc1 Insights, Inc., located at 6100 Technology Center Drive, Building K, Indianapolis, IN 46278 (“hc1“) and _________________________, located at ____________________________ (“Client“). Capitalized terms not defined elsewhere in this Agreement shall have the meaning given to them in an applicable Order Form (“Exhibit A”), Statement of Work (“Exhibit B”), the Business Associate Agreement (“Exhibit C”), the Terms of Service (“Exhibit D”), or the Support and Service Level Agreement (“Exhibit E”). hc1 and Client may be referred to herein as a “Party” or together as the “Parties”.
hc1 and Client hereby agree as follows:
1. Definitions. The following terms shall have the following meaning.
“Business Days” means Monday through Friday except for United States Federal holidays.
“Change Order” has the meaning set forth in Section 3.3.
“Claims” have the meaning set forth in Section 14.1.
“Client” has the meaning ascribed to it in the preamble of the Agreement.
“Client Affiliate” means any entity which directly or indirectly, through one or more intermediaries, controls, or is controlled by, or is under common control with Client, by way of majority voting stock ownership or the ability to otherwise direct or cause the direction of the management and policies of Client.
“Client Care” has the meaning set forth in Section 4 of Exhibit E.
“Client Data” has the meaning set forth in Section 6.1.
“Client Marks” has the meaning set forth in Exhibit D.
“Confidential Information” has the meaning set forth in Section 7.1 herein.
“De-Identified” and “De-Identified Data” have the meaning set forth in Section 6.2.
“Deliverable” means the reports or documentation that are an output of the Services.
“Documentation” means the documentation prepared by hc1 that generally describes the Services.
“Electronic Communications” means any transfer of data or information electronically received and/or transmitted through the Services.
“Exclusion” has the meaning set forth in Section 1 of Exhibit E.
“Fees” means collectively, Subscription Fees, Professional Services Fees or other fees pursuant to an Order Form or Statement of Work.
“Force Majeure Event” has the meaning set forth in Section 16.7.
“hc1®” means hc1 Insights, Inc., an Indiana corporation with its principal place of business located at 6100 Technology Center Drive, Building K, Indianapolis, IN 46278.
“hc1 Affiliate” means an affiliated or subsidiary business entity of hc1.
“hc1 Assessment” means the Professional Services Client will contract with hc1 to perform prior to the respective Service Subscription to the Software Services.
“hc1 Marks” has the meaning set forth in Exhibit D.
“Initial Term” has the meaning set forth in the respective Order Form.
“Legal Notices” has meaning set forth in Section 16.4.
“Losses” have the meaning set forth in Section 14.1.
“Marks” has the meaning set forth in Exhibit D.
“Order Form” means a document in the name of and executed by Client or a Client Affiliate and hc1 which specifies Client or a Client Affiliate’s Service Subscription to Software Service(s). Each Order Form is governed by this Agreement.
“Period” means a five (5) minute interval of time as more fully defined in Exhibit E.
“Professional Services” means services performed by hc1’s services team as set forth in a Statement of Work. For purposes of this Agreement, Professional Services include activation and consulting, advisory or assessment services.
“Professional Services Fees” means the fees Client pays hc1 for the Professional Services.
“Renewal Term” has the meaning set forth in the respective Order Form.
“Services” means, collectively, Professional Services and Software Services.
“Service Credit” means a dollar credit against future Subscription Fees that hc1 will credit back to the Client.
“Service Month” means a period of thirty (30) consecutive days used to measure the Uptime Commitment. By way of an example, if the Service Month begins on March 5 of a calendar month, such Service Month shall end of April 4 of the following calendar month.
“Service Subscription” means Client’s subscription to the Software Services.
“Software Service(s)” mean(s) an hc1 software solution.
“Statement of Work” or “SOW” means the document describing Professional Services performed by hc1 or an hc1 Affiliate. Each Statement of Work is governed by this Agreement.
“Subscription Fees” means the fees Client or a Client Affiliate pay hc1 for a Service Subscription.
“Support” means the maintenance and support services described in the support and service level agreement hc1 provides to Client throughout the Term upon payment of the Subscription Fees or support services fees if Client upgrades support services.
“Taxes” has the meaning set forth. In Section 4.3.
“Term” has the meaning set forth in the respective Order Form.
“Third-Party Applications” means online, Web-based applications and offline software products that are provided by third parties and interoperate with the Services.
“Unavailable” means the unavailability of the Software Services for use by Client due to any form of downtime, except for (a) maintenance, or (b) those instances that fall within an Exclusion.
“Uptime Commitment” has the meaning set forth in Section 1 of Exhibit E.
“Users” means individuals who are authorized by Client to use the Software Services, for whom Service Subscriptions to Software Services are purchased, and who have been supplied user identifications and passwords by Client (or by hc1 at Client’s request). Users may include but are not limited to Client and Client’s Affiliates’ employees, consultants, contractors, and agents.
2. Services. hc1 shall provide certain services, whether through Professional Services or the provision of Software Services, to Client as described in more detail in this Agreement, Order Form, or SOW, as applicable. Such Services shall be performed and received in accordance with the terms and conditions of this Agreement and any additional terms and conditions specified via any Order Form, SOW, the Terms of Service, or the Support and Service Level Agreement, as applicable. The Parties acknowledge and agree that hc1 may perform the Services contemplated under this Agreement via an hc1 Affiliate. References to “hc1” includes hc1 Affiliates to the extent applicable based on Services provided.
3. Service Subscription and Professional Services.
3.1 Service Subscription Order Forms. The Software Services shall be ordered by Client or Client Affiliate(s) pursuant to Order Forms. Each Order Form is attached hereto as Exhibit A (or part of a composite Exhibit A as applicable) and shall include, at a minimum, a listing of the Software Services being ordered and the Fees therefor. Except as otherwise provided on the Order Form, each Order Form is only valid and binding on the Parties when executed by both Parties and shall be subject to, governed by, and incorporates by reference the terms and conditions of this Agreement, the Terms of Service, and the Support and Service Level Agreement.
3.2 Professional Services Statements of Work. Each engagement for the Professional Services shall be specified in an SOW. Each SOW is attached hereto as Exhibit B (or part of a composite Exhibit B as applicable) and shall include, at a minimum, a description of the Professional Services to be provided and the Fees therefor. Client will cooperate with and assist hc1 in the Professional Services. Client’s failure to do so will relieve hc1 of responsibility for any related deficiencies in its performance and the Services.
As a part of the Professional Services, if applicable, and if so during the Professional Services engagement, hc1 may provide a test environment to Client. The test environment will be disabled at the conclusion of the Professional Services engagement unless Client contracts with hc1 for access to a test environment following the conclusion of the Professional Services engagement. The terms of the test environment and associated Subscription Fees will be outlined in an Order Form or SOW signed by Client and hc1. Client acknowledges that any test environment may include beta source code and/or configurations and is provided “AS IS.”
3.3 Change Control. In the event Client or hc1 requests a change in any of the specifications, requirements, Deliverables, or scope of the Professional Services described in an SOW, the Party seeking the change shall propose the applicable changes by written notice. Within two (2) Business Days of receipt of the written notice, each Party’s project leads shall meet, either in person or via telephone conference, to discuss and agree upon the proposed changes. hc1 will prepare a change order describing the proposed changes to the SOW and the applicable change in fees and expenses if any (each, a “Change Order”). Executed Change Orders shall be deemed part of, and subject to, this Agreement.
4. Term, Fees, Payment & Taxes.
4.1 Term of Agreement. This Agreement shall commence on the Effective Date and shall continue in effect until all Order Forms and SOWs have been terminated or otherwise expire unless terminated earlier by either Party in accordance with this Agreement.
4.2 Fees and Payment. Client shall pay hc1 the Subscription Fees for the Software Services as specified in each Order Form and the Professional Service Fees set forth in each SOW. All payments shall be made in United States Dollars (USD). If Client requests (and hc1 agrees) for hc1 to accept payments denominated in a foreign currency, a minimum surcharge of five percent (5%) will apply to each invoice. hc1 reserves the right to change the Fees and other charges, if any, included in an Order Form or SOW at any time during the Term of this Agreement by amending such Order Form or SOW upon thirty (30) days’ prior written notice to Client, by email or otherwise. Purchase of additional subscriptions of the Software Services, or purchase of additional Users during a Term, will co-terminate with and be prorated through the end of the then-current Term. Subscription Fees on all subsequent Order Forms and for all Renewal Terms shall be set at then-current hc1 pricing. Unless otherwise specified in an Order Form, the Subscription Fees shall accrue and will be invoiced and due annually in advance. Unless otherwise specified, fees for Professional Services, and any related expenses, shall be invoiced by hc1 as incurred and shall be due upon receipt.
4.3 Taxes. Subscription Fees and Professional Services Fees do not include any local, state, federal or foreign taxes, levies or duties of any nature, including value-added, sale, use or withholding taxes (“Taxes“). Client is responsible for paying all Taxes, excluding only taxes based on hc1’s net income. If hc1 has the legal obligation to pay or collect Taxes for which Client is responsible under this Section, the appropriate amount shall be invoiced to and paid by Client unless Client provides hc1 with a valid tax exemption certificate authorized by the appropriate taxing authority.
4.4 Late Payments. Late payments shall be subject to a service charge equal to the lesser of one- and one-half percent (1.5%) of the amount due (calculated monthly) or the maximum amount allowed by law.
5. Termination. Either Party may immediately terminate this Agreement, and all Order Forms and SOWs issued hereunder in the event the other Party commits a material breach of any provision of this Agreement or the Terms of Service, which breach is not cured within thirty (30) days of written notice from the complaining Party. Such notice by the complaining Party shall expressly state all the reasons for the claimed breach in sufficient detail to provide the allegedly breaching Party a meaningful opportunity to cure such alleged breach. Upon termination or expiration of this Agreement for any reason, Client and/or Client Affiliate(s) shall have no rights to continue use of the Software Services. If this Agreement is terminated by Client for any reason other than a material breach by hc1, Client agrees that hc1 shall be entitled to all the Fees due including, without limitation, the Subscription Fees, and any other expenses advanced in anticipation of the performance of Services, due under this Agreement for the then-current Term. If this Agreement is terminated as a result of a breach on hc1’s part, hc1 shall refund the pro-rata portion of any Subscription Fees paid by Client to hc1 under this Agreement for the terminated portion of the Term. Further, upon termination of this Agreement or any applicable SOW: (i) the Professional Services shall no longer be provided to, or available for use by Client as and from the effective date of such a termination or expiration; and (ii) Client shall pay to hc1 the amount of all Professional Services Fees and any and all obligations accrued but unpaid hereunder (including under each SOW hereto) up to and including the date of termination calculated through the effective date of the termination; provided, however, that, with respect to any “gainshare” or other “at-risk” payments which may be provided for under a SOW hereto, such amounts shall be due as provided for under each such SOW (including over certain “tail” periods that may be provided for therein).
6. Client Data.
6.1 Defined. Throughout any engagements pursuant to this Agreement, Client will cooperate in good faith with hc1 to ensure that hc1 receives from Client the appropriate and germane data that is necessary for hc1’s provision of Services hereunder (such data being referred to herein as the “Client Data”).
6.2 License and Use.
6.2.1 Client hereby grants to hc1 a non-exclusive, royalty-free license during the Term to use the Client Data for the performance of the Services and as set forth in this Agreement (and each respective Order Form or SOW) and subject to the confidentiality covenants set forth in Section 7 below.
6.2.2 Client acknowledges and agrees that in performing Services hereunder, hc1 will prepare, compile, and otherwise receive or produce data regarding the performance of Client’s operations. All such data, when absent of any Protected Health Information (or otherwise “De-Identified” as required by HIPAA), shall be referred to herein as the “De-Identified Data”. It is hereby acknowledged and agreed that hc1 may freely use or disclose the De-Identified Data for any lawful purpose; including, without limitation, (i) to demonstrate hc1 or hc1 Affiliate’s accomplishments for potential Clients, and/or (ii) to deliver services to other clients in connection with hc1 or hc1 Affiliates’ service offerings and/or to improve their healthcare operations’ performance (e.g., in a generic data library used by hc1 or hc1 Affiliates and/or their clients), provided that in no event may hc1 or hc1 Affiliates publish or disclose such data to third parties without removing Client’s name, and all other information which could identify the Client, from such data. As used herein, “De-Identified” means the de-identification of data in accordance with 45 C.F.R. §164.514(a)-(c), as the same may be amended or succeeded from time to time and “De-Identified Data” means data that has been De-Identified.
6.3 Security and Retention. hc1 will maintain a data security program, which shall include appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of any Client Data resident on hc1’s systems. While retained, hc1 will treat Client Data (as applicable) in accordance with the requirements of this Agreement, including the terms and conditions regarding Confidential Information provided in Section 7 below. Nonetheless, hc1 is not Client’s primary source for maintaining any such Client Data or other data and accordingly has no obligation to retain Client Data.
6.4 Safeguards. hc1 shall treat any Client Data that constitutes “protected health information” as required under the terms of the Business Associate Agreement referenced in Section 10 below, and otherwise maintain any such data in accordance with the Federal Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009, and/or related regulations promulgated by the Secretary (collectively, and as in effect or as amended from time-to-time “HIPAA”).
7. Confidentiality and Use.
7.1 Definition. As used herein, “Confidential Information” of a Party means (i) this Agreement and its provisions, (ii) all intellectual property belonging to that Party furnished to or accessed by the other under this Agreement, (iii) in the case of hc1, all of hc1’s proprietary offerings and know-how (including, without limitation, as may be specified in a SOW or an Order Form) and any proprietary reports or tools provided to Client by hc1 which contain the De-Identified Data or aggregated data and information of hc1’s other clients or data sources, (iv) in the case of Client, the Client Data (as defined, and subject to the exceptions provided, above), (v) all information marked by a Party as “confidential”, “restricted”, or “proprietary”, and (vi) any other information that is treated as confidential by the disclosing Party and would reasonably be understood to be confidential by the receiving Party, whether or not so marked. Confidential Information shall not include information (other than PHI) which (a) was, is or becomes publicly available through no fault of the receiving Party, (b) is learned by a receiving Party from a third party with a reasonably apparent right to disclose such information without a known obligation of confidentiality, or (c) is developed by a receiving Party independently without breach of this Section 7.
7.2 Treatment of Confidential Information. Neither Party, nor its subsidiaries or affiliates, nor their respective agents and employees, shall at any time, either alone or in association with others, directly or indirectly, (i) use the other Party’s Confidential Information for any purpose other than to exercise rights provided under, perform under, or as otherwise permitted by, this Agreement during the Term, or (ii) make or cause to be made any disclosure not authorized by the other Party or required by law, of any Confidential Information belonging to the other Party, except that each of the Parties may disclose Confidential Information to their affiliates, auditors, attorneys, accountants, advisors, consultants and subcontractors, where (a) use by such person or entity is authorized under this Agreement, (b) such disclosure is necessary for the performance of such person’s or entity’s obligations under or with respect to this Agreement or otherwise naturally occurs in such person’s or entity’s scope of responsibility under this Agreement, and (c) the person or entity (and its applicable officers and employees) has agreed in writing with the disclosing Party to, or is otherwise bound by, obligations of confidentiality with scope and substance no less stringent than those described in this Section. In any event, the receiving Party shall be fully responsible for the acts or omissions of any such person(s) or entity(ies) with whom they share the other Party’s Confidential information and shall take any and all reasonable measures to ensure that the Confidential Information is not disclosed or used in contravention of this Agreement.
7.3 Permitted Disclosures. A Party may disclose information concerning this Agreement and the transactions contemplated hereby, including providing a copy of this Agreement, to any or all of the following, in each case provided that such disclosures are made and accepted in confidence: (i) the Party’s outside accounting firm; (ii) the Party’s outside legal advisors; (iii) a bona fide legal, regulatory, or governmental authority upon their request (by oral questions, interrogatories, requests for information or documents, subpoenas, civil investigative demands, or similar processes); and (iv) potential acquirers, merger partners, investors, lenders, financing sources, and their personnel, attorneys, auditors and investment bankers, solely in connection with the due diligence review of such Party by persons.
7.4 Destruction. Upon expiration or termination of this Agreement or completion of each Party’s obligations under this Agreement and subject to the other Party’s written request, each Party will securely destroy all records of the other Party’s Confidential Information in a reasonably prompt period of time. If requested, each Party will deliver to the other Party written and duly signed certification of its compliance with the requirement. Notwithstanding the foregoing: (i) the receiving Party shall not, in connection with the foregoing obligations, be required to identify, return, or delete any Confidential Information of the other Party that is held electronically in archive or back-up systems in accordance with commercially secure systems archiving and back-up policies; (ii) each Party may retain one (1) complete copy of any written or electronic Confidential Information of the other Party in its legal archives solely for legal, audit, and compliance purposes; and (iii) hc1 is not required to delete (a) any analysis, compilations, reports, notes or other documents that also happen to contain Client’s Confidential Information, or (b) Client Data that is stored on or otherwise imbedded in its systems and records (it being understood that any such retained Client Data that constitutes Confidential Information shall remain subject to this Section 7).
8. No Referrals; No Inducement. Nothing in this Agreement nor any consideration given or received in connection with this Agreement contemplates or requires, or is intended to induce or influence, the admission or referral of any patient to, or the generation of, any business for Client.
9. Warranties.
9.1 Excluded Provider Warranty. Each Party represents and warrants that it is not now and at no time has been excluded from participation in any federally funded health care program, including Medicare and Medicaid. Each Party shall immediately notify the other of any actual exclusion from any federally funded health care program, including Medicare and Medicaid. Each Party further represents and warrants that, to its knowledge, none of its employees are now excluded from participation in any federally funded health care program, including Medicare and Medicaid. In the event that either Party is excluded from participation in any federally funded health care program during the Term of this Agreement, this Agreement shall, as of the effective date of such exclusion or breach, automatically terminate.
9.2 Performance. The Professional Services shall be performed consistent with generally accepted industry standards and performed by trained and qualified individuals in a professional, timely, skillful, and workman-like manner, exercising care, skill, and diligence consistent with industry standards and in accordance with this Agreement.
9.3 Licensure. Client represents and warrants that it has and shall duly maintain all licenses and permits required by applicable laws and government regulations with respect to its operations (be it laboratory, medical imaging department, etc.) and patient care facilities (including, without limitation, city, state and/or local operations permits).
10. Business Associate Agreement. The Parties shall comply with the terms and conditions of the Business Associate Agreement (“BAA”) attached hereto as Exhibit C. The Parties shall further negotiate in good faith any amendments to the BAA to the extent necessary to comply with any changes to applicable laws and regulations.
11. Screening for Viruses and Malicious Code. hc1 will use commercially reasonable measures, including generally accepted virus screening software, to protect the Software Services and its systems or software used, from viruses and other malicious code. In the event any viruses and other malicious code are discovered, they will be corrected pursuant to the provisions of this Agreement relating to support.
12. Disclaimer of Warranties. HC1 DOES NOT REPRESENT THAT CLIENT’S USE OF THE SERVICES OR TRANSMISSION OF CLIENT DATA TO/FROM THE SOFTWARE SERVICES WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR THAT THE SERVICES WILL MEET CLIENT’S REQUIREMENTS. FURTHERMORE, HC1 DOES NOT REPRESENT THE ACCURACY OF THE INFORMATION OR DATA IN THE SOFTWARE SERVICES, OR THAT ALL ERRORS IN THE SERVICES AND/OR DOCUMENTATION WILL BE CORRECTED OR THAT THE OVERALL SYSTEM THAT MAKES THE SOFTWARE SERVICES AVAILABLE (INCLUDING BUT NOT LIMITED TO THE INTERNET, THE AMAZON CLOUD, OTHER TRANSMISSION NETWORKS, AND CLIENT’S LOCAL NETWORK AND EQUIPMENT) WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE WARRANTIES STATED HEREIN ARE THE SOLE AND EXCLUSIVE WARRANTIES OFFERED BY HC1. THERE ARE NO OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS.
EXCEPT AS OTHERWISE STATED HEREIN, THE SERVICES AND DELIVERABLES ARE PROVIDED TO CLIENT ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND FOR COMMERCIAL USE ONLY. CLIENT ASSUMES ALL RESPONSIBILITY FOR DETERMINING WHETHER THE SERVICES AND/OR DELIVERABLE(S) OR THE INFORMATION GENERATED THEREBY IS ACCURATE OR SUFFICIENT FOR CLIENT’S PURPOSES. THE WARRANTIES STATED IN SECTION 9 ABOVE ARE THE SOLE REMEDIES FOR CLIENT, AND EXCLUSIVE OBLIGATIONS OF HC1 RELATED TO THE PROFESSIONAL SERVICES AND DELIVERABLES TO BE PERFORMED FOR AND DELIVERED TO CLIENT PURSUANT TO THIS AGREEMENT AND ANY ORDER FORM OR SOW.
13. Limitation of Liability. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO ANYONE FOR LOST PROFITS OR REVENUE OR FOR INCIDENTAL, CONSEQUENTIAL, PUNITIVE, COVER, SPECIAL, RELIANCE OR EXEMPLARY DAMAGES, OR INDIRECT DAMAGES OF ANY TYPE OR KIND HOWEVER CAUSED, WHETHER FROM BREACH OF WARRANTY, BREACH OR REPUDIATION OF CONTRACT, NEGLIGENCE, GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR ANY OTHER LEGAL CAUSE OF ACTION FROM OR IN CONNECTION WITH THIS AGREEMENT OR THE BAA (AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) TO THE MAXIMUM EXTENT PERMITTED BY LAW AND SHALL IN NO EVENT EXCEED THE DIRECT DAMAGE LIMITATIONS AS SET FORTH IN THIS SECTION 13.
Except with regard to amounts due under this Agreement, liability arising out of or in connection with the Services or Deliverables, liability resulting from gross negligence or willful misconduct, or claims subject to indemnification as set forth in Section 14 hereof, the maximum liability one Party may have to the other Party whatsoever arising out of or in the connection with any license, use or other employment of the Software Services, whether such liability arises from any claim based on breach or repudiation of contract, breach of warranty, negligence, tort, or otherwise, including but not limited to a breach of the BAA, shall in no case exceed Three Million Dollars ($3,000,000). The maximum liability of hc1 to any person, firm or corporation whatsoever arising out of or in connection with any Professional Services or Deliverables shall be the amount paid by Client for the Professional Services giving rise to the liability. The Parties acknowledge that the limitations set forth in this Section 13 are integral to the amount of fees charged in connection with making the Software Services available to Client and/or providing Professional Services and that, were hc1 to assume any further liability other than as set forth herein, such fees would of necessity be set substantially higher.
14. Indemnification.
14.1 Infringement. hc1 shall, at its own expense and subject to the limitations set forth in Section 13, defend Client from and against any and all allegations, threats, claims, suits, and proceedings brought by third parties (collectively “Claims“) alleging that the Services, as used in accordance with this Agreement, infringes third party copyrights, trade secrets or trademarks and shall indemnify and hold Client harmless from and against liability, damages and costs finally awarded or entered into in settlement (including, without limitation, reasonable attorneys’ fees) (collectively, “Losses“) to the extent based upon such a Claim. If a Claim of infringement is brought or threatened, hc1 shall, at its sole option and expense, use commercially reasonable efforts either (i) to procure a license that will protect Client against such Claim without cost to Client, (ii) to modify or replace all or portions of the Software Services as needed to avoid the alleged infringement, such update or replacement having substantially similar or better capabilities, or (iii) if (i) and (ii) are not commercially feasible, terminate this Agreement and refund to Client a pro-rata refund of the Subscription Fees paid for under the Agreement for the terminated portion of the Term. The rights and remedies granted to Client under this Section 14.1 state hc1’s entire liability, and Client’s exclusive remedy, with respect to any claim of infringement of the intellectual property rights of a third party.
14.2 Client’s Indemnity. Client shall, at its own expense and subject to the limitations set forth in Section 13, defend hc1 from and against any and all Claims (i) alleging that the Client Data or any trademarks or service marks, or any use thereof, infringes the intellectual property rights or other rights, or has caused harm to a third party, or (ii) arising out of Client’s breach of this Agreement, SOW, or Order Form, and shall indemnify and hold hc1 harmless from and against liability for any Losses to the extent based upon such Claims.
14.3 Indemnification Procedures and Survival. In the event of a potential indemnity obligation under this Section 14, the indemnified party shall (i) promptly notify the indemnifying party in writing of such Claim, (ii) allow the indemnifying party to have sole control of its defense and settlement (provided that the indemnifying party shall make no admission of fault or wrongdoing or other statement reflecting negatively on the indemnified party without the indemnified Party’s prior express written consent), and (iii) upon request of the indemnifying Party, cooperate in all reasonable respects, at the indemnifying Party’s cost and expense, with the indemnifying Party in the investigation, trial, and defense of such Claim and any appeal arising therefrom. The indemnification obligations under this Section are expressly conditioned upon the indemnified Party’s compliance with this Section 14.3 except that failure to notify the indemnifying Party of such Claim shall not relieve that Party of its obligations under this Section, but such Claim shall be reduced to the extent of any damages attributable to such failure. The indemnification obligations contained in this Section shall survive termination of this Agreement for one (1) year.
15. No Liability for Patient Decisions or Outcomes; Client Authority.
15.1 No Liability for Patient Decisions or Outcomes. Client acknowledges that: (i) the proper provision of healthcare services and care to its patients are solely Client’s responsibilities; (ii) Client has and shall exercise ultimate administrative, professional and financial authority, control and direction of Clients clinical services and operations; (iii) Services, data, and information provided by hc1 pursuant to this Agreement are intended as one potential resource to be taken into consideration by Client together with, and not as a substitute for, the knowledge, skill, expertise, and judgement of Client’s healthcare professionals and operators; (iv) Client shall have the obligation to comply at all times with any and all licensing and certification requirements, state and federal statutes and regulations applicable to Client and Client’s operations; (v) the professional and clinical duty to and decision making for all patients lies solely with Client and the health care professionals caring for each such patient; (vi) Client takes full responsibility for any use of information provided by hc1 in connection with its performance of Services pursuant to this Agreement; and (vii) all Services, data, and information provided by hc1 pursuant to this Agreement are in no way intended to replace or substitute for Client’s and its healthcare professionals’ or operators’ professional or clinical judgement. Accordingly, hc1 shall have no, and Client hereby disclaims and releases hc1 with respect to any and all authority, liability, and/or responsibility for any actions, omissions, and/or decisions made by Client pursuant to this Agreement and/or any SOW or Order Form (or otherwise) with respect to any impact to, or aspect of, patient care (including, without limitation, malpractice or negligence).
15.2 No Interference. hc1 shall not interfere with the clinical or preference judgment of Client or any of its medical professionals, or any physician or specialist consulting at the
request of an ordering physician or specialist consulting at the request of an ordering physician, or any other clinician at, or associated with Client; nor are any of the Services contemplated by this Agreement intended to be, nor are deemed by the Parties to involve or constitute, the practice of medicine.
16. General Provisions.
16.1 Assignment. Neither Party may assign this Agreement without written consent of the other; provided, however, that hc1 may assign this Agreement and delegate its obligations hereunder to any of its hc1 Affiliates, or to a successor, by way of merger or consolidation or the acquisition of substantially all of the business and/or assets relating to the subject matter of this Agreement, without Client’s prior written consent.
16.2 Governing Law; Jurisdiction; Venue. This Agreement shall be governed in accordance with the laws of the State of Indiana and any controlling U.S. federal law and excluding the Uniform Software Information Transactions Act (UCITA) and the United Nations Convention on Contracts for the International Sale of Goods (CISG). Any disputes, actions, claims or causes of action arising out of or in connection with this Agreement (or the Services) shall be subject to the exclusive jurisdiction of the state and federal courts located in the Southern District of Indiana, Indianapolis Division.
16.3 Attorneys’ Fees and Costs. The prevailing Party in any action to enforce this Agreement will be entitled to recover its attorneys’ fees and costs in connection with such action. In the event of any litigation or any controversy or dispute arising out of or in connection with this Agreement, its interpretations, its performance or the like, the prevailing Party shall be awarded reasonable attorneys’ fees and/or costs. If any provision is held by a court of competent jurisdiction to be contrary to law, such provision shall be eliminated or limited to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect.
16.4 Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (i) personal delivery, (ii) the second business day after mailing, or (iii), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Client will be addressed to the relevant billing contact designated by Client when signing the Order Form or SOW. All other notices to Client will be addressed to the relevant Software Service system administrator designated by Client.
16.5 Amendments; Waivers. No supplement, modification, or amendment of this Agreement will be binding unless executed in writing by a duly authorized representative of each Party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in writing signed by a duly authorized representative on behalf of the Party claimed to have waived. No provision of any purchase order or other business form employed by Client will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement will be for administrative purposes only and will have no legal effect.
16.6 Third Party Beneficiaries. There are no third-party beneficiaries to this Agreement. This Agreement does not create any joint venture, partnership, agency, or employment relationship between the Parties, although hc1 reserves the right to name Client as a User of the Software Services.
16.7 Force Majeure. Neither Party shall be liable for any loss or delay (including failure to meet the service level commitments) resulting from any force majeure event, including, but not limited to, acts of God, fire, natural disaster, terrorism, labor stoppage (other than those involving hc1 employees), Internet service provider failures or delays, civil unrest, war or military hostilities or criminal acts of third parties (collectively, a “Force Majeure Event”), and any payment date or delivery of service date shall be extended to the extent of any delay resulting from any Force Majeure Event.
16.8 Non-Solicitation/Non-Hire. During the Term of this Agreement and for a period of two (2) years thereafter, Client will not directly or indirectly solicit, employ or engage the services of any of the employees and/or contractors of hc1 who were involved in providing Services under or relating to this Agreement without prior written permission of hc1.
16.9 Entire Agreement. This Agreement, including all exhibits, addendums, Order Form(s), and/or SOW(s) shall constitute the entire understanding between Client and hc1 and is intended to be the final and entire expression of their agreement. The Parties expressly disclaim any reliance on any and all prior discussions, emails, Requests for Proposals and/or agreements between the Parties. Other than the attachments hereto, there are no other verbal agreements, representations, warranties, undertakings or other agreements between the Parties. Under no circumstances will the terms, conditions or provisions of any purchase order, invoice or other administrative document issued by Client in connection to this Agreement be deemed to modify, alter or expand the rights, duties or obligations of the Parties under, or otherwise modify this Agreement, regardless of any failure of hc1 to object to such terms, provisions or conditions.
This Agreement shall not be modified or amended, except as expressly set forth herein or in the Terms of Service, or in writing and signed or accepted electronically by the Party against whom the modification, amendment or waiver is to be asserted, or by a properly executed Order Form and/or SOW. Notwithstanding the above, after execution of this Agreement, and during the electronic provisioning of Client’s account, Client may be presented with the requirement to “agree” to a click-through agreement pertaining to terms of service before Client’s account can be successfully provisioned.
Sections 4.2, 4.3, 4.4, Subsection 6.2.2, Section 7, Subsection 9.1, Sections 12, 13, 14, Subsections 16.2 through 16.9 of this Agreement and Subsections 1.5, 1.6, 1.7, 1.9, 1.10, 1.11, 2.3, and Section 4 of the Terms of Service shall survive the termination or expiration of this Agreement.
Exhibit A – Order Form
The Order Form(s) will be attached following this page. The Order Form(s) contain(s) applicable items purchased or subscribed for, the related Fees and related details. Each Order Form is hereby subject to the terms of this Agreement.
Exhibit B – Professional Services Statement of Work
The Statement(s) of Work will be attached following this page. The Statement(s) of Work contain(s) applicable Professional Services, the related Fees, and related details. Each Statement of Work is hereby subject to the terms of this Agreement.
Exhibit C – Business Associate Agreement
This Business Associate Agreement (“BAA”) is made by and between hc1 Insights, Inc. (“Business Associate”) and ________________ (“Covered Entity”) and effective as of ________________, 20__ (the “BAA Effective Date”). In this BAA, Covered Entity and Business Associate are each a “Party” and, collectively, are the “Parties”.
BACKGROUND
A. Covered Entity is a “covered entity” as defined under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended by the “HITECH Act” (as defined below) and the related regulations promulgated by “HHS” (as defined below) (collectively, “HIPAA”), including, without limitation, the Privacy, Security, Breach Notification and Enforcement Rules at 45 CFR Parts 160 and 164 (the “HIPAA Rules”) and, as such, is required to comply with HIPAA Rule provisions regarding the confidentiality and privacy of “Protected Health Information” (as defined below).
B. The Parties have entered into or will enter into one or more agreements under which Business Associate provides or will provide certain specified services and/or functions to Covered Entity (collectively, the “Underlying Agreement(s)”).
C. In providing services and functions pursuant to the Underlying Agreement(s) Business Associate has or will have access to Protected Health Information and so is or will become a “business associate” (as such term is defined under the HIPAA Rules) of Covered Entity.
D. The Parties are committed to complying with all federal and state laws governing the confidentiality and privacy of health information, including, without limitation, the HIPAA Rules.
E. The Parties intend to protect the privacy and provide for the security of Protected Health Information created or received by Business Associate pursuant to the terms of this BAA, the HIPAA Rules and other applicable laws.
AGREEMENT
NOW, THEREFORE, in consideration of the mutual covenants and conditions contained herein and the continued provision of PHI by Covered Entity to Business Associate under the Underlying Agreement(s) in reliance on this BAA, the Parties agree as follows:
1. Definitions. For purposes of this BAA, the Parties give the following meaning to each of the terms in this Section 1 below. Any capitalized term used in this BAA, but not otherwise defined, has the meaning given to that term in the HIPAA Rules.
“Breach Notification Rule” means the portion of the HIPAA Rules set forth in Subpart D of 45 CFR Part 164.
“Data Aggregation” means, with respect to PHI created or received by Business Associate in its capacity as a business associate of Covered Entity, the combining of such PHI by Business Associate with protected health information received by Business Associate in its capacity as a business associate of one or more other covered entities, to permit data analyses that relate to the Health Care Operations of the respective covered entities. The meaning of “data aggregation” in this BAA shall be consistent with the meaning given to that term in the Privacy Rule.
“Data Breach” means the acquisition, access, use, or disclosure of Unsecured PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI, as “breach” is defined in 45 C.F.R. § 164.402.
“Derivative Work” means a new or modified work that is based on or derived from a preexisting work, including, without limitation, a work that: (i) includes substantially most or all of the preexisting work (provided the resulting Derivative Work includes new or original content), (ii) uses trade secrets or other proprietary information with respect to such preexisting work, (iii) is created by an algorithm or other automated/artificial intelligence process, and/or (iv) is a collection, aggregation, or compilation of information fixed in any tangible media.
“Designated Record Set” has the meaning given to such term under the Privacy Rule, including 45 CFR §164.501.
“Electronic PHI” means any PHI maintained in or transmitted by “electronic media” as defined in 45 CFR §160.103.
“Health Care Operations” has the meaning given to that term in 45 CFR §164.501.
“HHS” means the U.S. Department of Health and Human Services.
“HITECH Act” means the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-005.
“Individual” has the same meaning given to that term in 45 CFR §160.103 and includes a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).
“Privacy Rule” means that portion of the HIPAA Rules set forth in 45 CFR Part 160 and Part 164, Subparts A and E.
“Protected Health Information” or “PHI” has the meaning given to the term “protected health information” in 45 CFR §160.103, limited to the protected health information created, maintained, transmitted, accessed or received by Business Associate from or on behalf of Covered Entity.
“Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system of Business Associate or any of its Subcontractors.
“Security Rule” means the Security Standards for the Protection of Electronic Health Information provided in 45 CFR Part 160 & Part 164, Subparts A and C.
“Underlying Agreement” has the meaning set forth above in the recitals and shall include, without limitation, any software agreement, end user license agreement or master services agreement, whether entered into prior to, on or after the BAA Effective Date, pursuant to which or in connection with which Business Associate creates, maintains, transmits, accesses or receives PHI during the term of this BAA.
“Unsecured Protected Health Information” or “Unsecured PHI” means any PHI that is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the HHS Secretary in the guidance issued pursuant to the HITECH Act and codified at 42 USC §17932(h).
2. Use and Disclosure of PHI.
A. Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as reasonably necessary to provide the functions and services described in the Underlying Agreement(s), and to undertake other activities of Business Associate permitted or required of Business Associate by this BAA or the Underlying Agreement(s), or as Required by Law.
B. Covered Entity authorizes Business Associate to use the PHI in its possession for the proper management and administration of Business Associate and to carry out its legal responsibilities. Business Associate may disclose PHI for its proper management and administration, provided that (i) the disclosures are Required By Law; or (ii) Business Associate obtains, prior to making any disclosure to a third party (a) reasonable assurances from this third party that the PHI will be held confidentially and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to this third party and (b) an agreement from this third party to notify Business Associate promptly of any breaches of the confidentiality of the PHI, to the extent it has knowledge of the breach.
C. Business Associate will not use or disclose PHI in a manner other than as provided in this BAA, as permitted in the Underlying Agreements, as permitted under the Privacy Rule, or as Required by Law. When using or disclosing PHI or when requesting PHI, Business Associate shall make reasonable efforts to limit the use, disclosure or request of the PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request, to the extent the minimum necessary requirement under 45 CFR §164.502(b) applies.
D. Business Associate may use and disclose PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).
E. Business Associate may de-identify PHI and may use, disclose and create Derivative Works from the de-identified information for any lawful purposes, including, without limitation, to aggregate, process and commercialize portions or the entirety of such de-identified information, all in accordance with 45 C.F.R. §164.514(a)-(c) and other applicable law. This Subsection E shall survive termination of this BAA.
F. Business Associate may use PHI to provide Data Aggregation services as permitted by the Privacy Rule.
3. Safeguards Against Misuse of PHI. Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided by the Underlying Agreement(s) or this BAA and Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate agrees to take reasonable steps to ensure compliance with this BAA and to ensure that the actions or omissions of its employees or agents do not cause Business Associate to breach the terms of this BAA.
4. Reporting Disclosures of PHI and Security Incidents. Business Associate will report to Covered Entity any use or disclosure of PHI by or on behalf of Business Associate not provided for by this BAA of which it becomes aware, and Business Associate agrees to report to Covered Entity any Security Incident adversely affecting Electronic PHI of Covered Entity of which it becomes aware. Business Associate agrees to report any such event within 15 business days of becoming aware of the event. Covered Entity and Business Associate hereby agree that actual or attempted Security Incidents that fail to result in the unauthorized use or disclosure of Electronic PHI, such as pings and other broadcast attacks on the Business Associate’s firewall, port scans, unsuccessful log-on attempts, and denials of service occur, and that this constitutes Business Associate’s report and notification to Covered Entity of such events, and that no further reporting of such unsuccessful Security Incidents is required under this BAA.
5. Reporting Breaches of Unsecured PHI. Business Associate will notify Covered Entity in writing promptly upon the Discovery of any Data Breach of Unsecured PHI in accordance with the requirements set forth in 45 CFR §164.410, but in no case later than twenty (20) business days after Discovery of a Data Breach of Unsecured PHI.
6. Mitigation of Disclosures of PHI. Business Associate will take reasonable measures to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of any use or disclosure of PHI by Business Associate or its agents or Subcontractors in violation of the requirements of this BAA.
7. Agreements with Subcontractors. Business Associate will ensure that any of its Subcontractors that have access to, or to which Business Associate provides, PHI agree in writing to substantially the same restrictions and conditions concerning uses and disclosures of PHI contained in this BAA and agree to implement reasonable and appropriate safeguards to protect any Electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate or, through the Business Associate, Covered Entity.
8. Access to PHI by Individuals. Upon request, Business Associate agrees to furnish Covered Entity with copies of the PHI maintained by Business Associate in a Designated Record Set in the time and manner designated by Covered Entity to enable Covered Entity to respond to an Individual’s request for access to PHI under 45 CFR §164.524. This Section 8 and Section 9 will apply only to PHI maintained by Business Associate in a Designated Record Set.
9. Amendment of PHI. Upon request and instruction from Covered Entity, Business Associate will amend PHI or a record about an Individual in a Designated Record Set that is maintained by, or otherwise within the possession of, Business Associate as reasonably directed by Covered Entity in accordance with procedures established by 45 CFR §164.526. Any request by Covered Entity to amend such information will be completed by Business Associate within twenty (20) business days of Covered Entity’s request.
10. Accounting of Disclosures.
A. Business Associate will document any disclosures of PHI made by it to account for such disclosures as required by 45 CFR §164.528(a). Business Associate also will make available information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of such disclosures in accordance with 45 CFR §164.528. At a minimum, Business Associate will furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure.
B. Business Associate will furnish to Covered Entity information collected in accordance with this Section, within twenty (20) business days after written request by Covered Entity, to permit Covered Entity to make an accounting of disclosures as required by 45 CFR §164.528.
11. Availability of Books and Records. Business Associate will make available its internal practices, books, agreements, records, and policies and procedures relating to the use and disclosure of PHI, upon request, to the Secretary of HHS for purposes of determining Covered Entity’s and Business Associate’s compliance with HIPAA Rules, and this BAA.
12. Responsibilities of Covered Entity. With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity agrees to:
A. Notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI;
B. Notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of PHI;
C. Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI;
D. Obtain any consent, authorization or permission that may be required by HIPAA Rules or otherwise Required by Law prior to furnishing PHI to Business Associate; and
E. Not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Rules if done by Covered Entity.
13. Term and Termination.
A. This BAA will become effective on the BAA Effective Date and will continue in effect until all obligations of the Parties have been met under the Underlying Agreement(s) and under this BAA, including, without limitation, so long as Business Associate holds PHI for access by Covered Entity.
B. A Party (“Non-Breaching Party”) may terminate this BAA if the other Party (“Breaching Party”) has materially breached this BAA and fails to cure such breach within thirty (30) days after written notice from the Non-Breaching Party of such breach. The Non-Breaching Party may exercise this right to terminate by providing written notice of termination to the Breaching Party, stating the failure to cure the breach of this Agreement that provides the basis for the termination. Any such termination will be effective immediately or at such later date specified in the notice of termination.
C. Upon termination of this BAA, all PHI maintained by Business Associate will be returned to Covered Entity or destroyed by Business Associate, provided that Business Associate may retain PHI as necessary to perform its obligations to Covered Entity or maintain PHI for access by Covered Entity in accordance with any Underlying Agreement(s). If return or destruction of the PHI is not feasible, in Business Associate’s reasonable judgment, Business Associate will extend the protections of this BAA to such information for as long as Business Associate retains such information and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible. The Parties understand that this Subsection 13.C. will survive any termination of this BAA.
14. Effect of BAA.
A. This BAA is a part of and subject to the terms of the Underlying Agreement(s).
B. This BAA is intended to apply to all uses and disclosures of PHI by Business Associate as a business associate of Covered Entity during the term of this BAA, whether such PHI was created prior to or during the term of this BAA, and shall supersede, as of the BAA Effective Date, any prior business associate agreement between the Parties.
C. Except as expressly stated in this BAA or as provided by law, this BAA will not create any rights in favor of any third party.
15. Regulatory References. A reference in this BAA to a section in HIPAA or HIPAA Rules means the section as in effect or as amended at the time.
16. Notices. All notices, requests and demands or other communications to be given under this BAA to a Party will be made via either first class mail, registered or certified or express courier, or electronic mail to the Party’s address given below:
If to Covered Entity, to:
[Covered Entity]
[mailing address]
[email address]
Attn:
If to Business Associate, to:
hc1 Insights, Inc.
6100 Technology Center Drive, Building K
Indianapolis, Indiana 46278
Attn: Chief Privacy Officer
17. Amendments. This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the Parties.
18. Amendment to Comply with Law. The Parties hereby acknowledge that laws relating to electronic data security and privacy are rapidly evolving and that amendment of this BAA may be required to provide for different or additional procedures to ensure compliance with such developments. The Parties agree to negotiate in good faith to amend this BAA and/or the Underlying Agreement(s) as necessary to comply with HIPAA Rules or any changes to HIPAA.
19. Interpretation. The interpretation of this BAA and the resolution of any disputes arising under this BAA shall be governed by the laws of the state of Indiana, provided that this BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA Rules and other applicable laws and regulations.
Exhibit D – Terms of Service
1. Terms of Service. Client acknowledges and agrees to the following Terms of Service, which together with the terms of the Agreement, shall govern Client’s access and use of the Software Service. Capitalized terms not otherwise defined in the Agreement shall have the meaning given to them in in this Exhibit C. In addition, Client agrees that unless explicitly stated otherwise, any new features that augment or enhance the Service(s) or new Service(s) subsequently purchased by the Client will be subject to the Agreement and these Terms of Service.
1.1 Software Services. Subject to the terms and conditions of this Agreement, these Terms of Service, and any applicable Order Form(s), and during the Term, hc1 hereby grants to Client a non-exclusive, terminable, non-transferable right and license to access and use the Software Services pursuant to the Agreement, in and under hc1’s intellectual property rights, solely for Client and Client Affiliates’ internal business operations and for no other use or purpose. hc1 shall provide standard Client Care support for the Software Service at no additional charge, or provide upgraded Client Care support if purchased, as set forth in an Order Form(s). The terms of these Terms of Service shall also apply to updates and upgrades subsequently provided by hc1 to Client for the Software Services. hc1 shall host the Software Services and may update the functionality and user interface of the Software Services from time to time in its sole discretion and in accordance with this Agreement, these Terms of Service or the Support and Service Level Agreement as part of its ongoing mission to improve the Software Services and Client’s use of the Software Services.
Unless otherwise provided in the applicable Order Form, the Software Services are purchased as subscriptions under the foregoing license. Service Subscriptions may be added during the Term at the same pricing as the underlying Fees, prorated for the portion of the Term remaining at the time the subscriptions are added. Any added Service Subscriptions will terminate on the same date as the underlying Service Subscriptions.
Service Subscriptions are subject to usage limits based on the quantities specified in the Order Form(s). Client and Client Affiliates shall not use or otherwise access the Software Services in a manner that exceeds Client’s and/or the Client Affiliate’s authorized use and usage limits as set forth in the applicable Order Form(s).
1.2 Client Must Have Internet Access. A broadband Internet connection is required for proper transmission of the Software Services. Client is responsible for procuring and maintaining the network connections that connect the Client network to the Software Services. hc1 is not responsible for any compromise of data or information transmitted across computer networks or telecommunications facilities (including but not limited to the Internet). hc1 assumes no responsibility for the reliability or performance of any networks. Furthermore, hc1 is not responsible for notifying Client of any upgrades, fixes or enhancements to any such software, or for any compromise of data transmitted across computer networks or telecommunications facilities (including but not limited to the Internet) which are not owned or operated by hc1.
1.3 Accuracy of Client’s Contact Information. Client shall provide accurate, current and complete information on Client’s legal business name, address, email address, and phone number, and maintain and promptly update this information if it should change.
1.4 Users Passwords, Access, and Notification. Client shall authorize access to and assign unique passwords and usernames to the number of Users purchased by Client on the Order Form. User logins are for designated Users and cannot be shared or used by more than one (1) User, but any User login may be reassigned to another User as needed. Client will be responsible for the confidentiality and use of User’s passwords and usernames. Client will also be responsible for all Electronic Communications, including those containing business information, account registration, account holder information, financial information, Client Data, and all other data of any kind contained within emails or otherwise entered electronically through the Software Services or under Client’s account. hc1 will act as though any Electronic Communications it receives under Client’s passwords, username, and/or account number will have been sent by Client. Client shall use commercially reasonable efforts to prevent unauthorized access to or use of the Software Services and shall promptly notify hc1 of any unauthorized access or use of the Software Services and any loss or theft or unauthorized use of any User’s password or name and/or Service account numbers.
1.5 Client’s Lawful Conduct. The Software Services allows Client to send Electronic Communications directly to hc1 and to third parties. Client shall comply with all applicable local, state, federal, and foreign laws, treaties, regulations, and conventions in connection with its use of the Software Services, including without limitation those related to privacy, electronic communications and anti-spam legislation. Client shall comply with the export laws and regulations of the United States and other applicable jurisdictions in using the Software Services and obtain any permits, licenses, and authorizations required for such compliance. Without limiting the foregoing, (a) Client represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, (b) Client shall not permit Users to access or use the Software Services in violation of any U.S. export embargo, prohibition or restriction, and (c) Client shall comply with all applicable laws regarding the transmission of technical data exported from the United States and the country in which its Users are located. Client will not send any Electronic Communication from the Software Services that is unlawful, harassing, libelous, defamatory or threatening. Except as permitted by the Agreement or these Terms of Service, no part of the Software Services may be copied, reproduced, distributed, republished, displayed, posted or transmitted in any form or by any means. Client agrees not to access the Software Services by any means other than through the interfaces that are provided by hc1. Client shall not do any “mirroring” or “framing” of any part of the Software Services specific to the Software Services or create Internet links to the Software Services which include log-in information, usernames, passwords, and/or secure cookies.
Client will not in any way express or imply that any opinions contained in Client’s Electronic Communications are endorsed by hc1. Client shall ensure that all access and use of the Software Services by Users is in accordance with the terms and conditions of the Agreement, including but not limited to those Users that are contractors and agents, and Client’s Affiliates. Any action or inaction of Client’s employees, contractors, agents are deemed those of Client, and Client is responsible for such actions and inaction.
1.6 Third Party Web Sites, Products and Services. hc1 may offer certain Third-Party Applications from third parties for sale under Order Form(s) or as links or integrations to the Software Services. Any purchase and use of such Third-Party Applications by Client shall be subject to the terms specified by such third parties in connection with such Third-Party Applications. hc1 does not provide any warranties with respect to any such Third-Party Applications. Any purchase by Client of any Third-Party Applications is solely between Client and the applicable third-party provider. hc1 is not responsible for the availability or the quality, accuracy, integrity, fitness, safety, reliability, legality, or any other aspect of such Third-Party Applications or any descriptions, promises or other information related to the foregoing. If Client installs or enables Third Party Applications for use with the Software Services, Client agrees that hc1 may allow such third party providers to access Client Data as required for the interoperation of such Third Party Applications with the Software Services, and any exchange of data or other interaction between Client and a third party provider is solely between Client and such third party provider. hc1 shall not be responsible for any disclosure, modification or deletion of Client Data resulting from any such access by Third Party Applications or third-party providers. No purchase of such Third-Party Applications or services is required to use the Software Services.
1.7 Transmission and Processing of Client Data; Use of Certain Data. Client understands that Client’s use of the Software Services may require the processing and transmission of Client Data by Client, hc1, or its subcontractors. hc1 is not responsible for any Electronic Communications and/or Client Data which are delayed, lost, altered, intercepted or stored during the transmission of any data by means of third-party networks (other than third parties providing computing or storage services under these Terms of Service on behalf of hc1) or otherwise. Furthermore, hc1 is not responsible for (i) verifying or validating the data Client sends via the hc1 applications or solutions is the data Client intends to send or that the content and underlying data is complete or accurate data; (ii) verifying or validating the recipient of the data is the intended recipient; or (iii) any loss or misuse of the data or any damages, costs, or fees incurred.
1.8 Service Level. During the Term, hc1 will provide the support services and service levels as further specified in the Support and Service Level Agreements attached as Exhibit E which is incorporated herein by reference.
1.9 Ownership of Client Data; Client Marks. All title and intellectual property rights in and to the Client Data are owned exclusively by Client. Further, all Client service marks, logos and product and service names are marks of Client (the “Client Marks”) are owned exclusively by Client. Client grants hc1 during the Term the right to display the Client Marks on its websites and marketing and other promotional materials. Client acknowledges and agrees that in connection with the Software Services, hc1, as part of its standard service offering, makes backup copies of the Client Data in Client’s account and stores and maintains such data for a period consistent with hc1 standard business processes.
1.10 hc1 Intellectual Property Rights. Client agrees that all rights, title, and interest in and to all intellectual property rights in the Software Services are owned exclusively by hc1 or its licensors. Except as provided in the Agreement, the license granted to Client does not convey any rights in the Software Services, express or implied, or ownership in the Software Services or any intellectual property rights thereto. In addition, hc1 shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, and perpetual license to use or incorporate into the Software Services any suggestions, enhancement requests, recommendations or other feedback provided by Client, including Users, relating to the operation of the Software Services. Any rights not expressly granted herein are reserved by hc1. hc1 service marks, logos and product and service names are marks of hc1 (the “hc1 Marks”). Client further agrees not to display or use the hc1 Marks in any manner without hc1’s express prior written permission. The trademarks, logos and service marks of Third-Party Application providers (“Marks”) are the property of such third parties. Client is not permitted to use these Marks without the prior written consent of such third party which may own the Mark.
1.11 Restrictions. Client is responsible for all activities conducted under its User logins and for its Users’ compliance with this Agreement. Client’s use of the Software Services shall not include service bureau use, outsourcing, renting, reselling, sublicensing, concurrent use of a single User login, or time-sharing of the Software Services. Client shall not and shall not permit any third party to (a) copy, translate, create derivative works of, reverse engineer, reverse assemble, disassemble, or decompile the Software Services or any part thereof or otherwise attempt to discover any source code or modify the Software Services in any manner or form, (b) use unauthorized modified versions of the Software Services, including (without limitation) for the purpose of building a similar or competitive product or service or for the purpose of obtaining unauthorized access to the Software Services, (c) use the Software Services in a manner that is contrary to applicable law or in violation of any third party rights or privacy or intellectual property rights, (d) publish, post, upload or otherwise transmit Client Data that contains any virus, Trojanhorses, worms, timebombs, corrupted files or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any systems, data, personal information or property of another, or (e) use or knowingly permit the use of any security testing tools in order to probe, scan or attempt to penetrate or ascertain the security of the Software Services.
2. Suspension/Termination.
2.1 Suspension for Delinquent Account. hc1 reserves the right to suspend Client’s and any Client Affiliates’ access to and/or use of the Software Services for any accounts (a) for which any payment is due but unpaid but only after hc1 has provided Client a delinquency notice, and at least thirty (30) days have passed since the transmission of the first notice, or (b) for which Client has not paid for the Renewal Term and has not notified hc1 of its desire to renew the Software Services by the expiration of the then-current Term. The suspension is for the entire account and Client understands that such suspension would, therefore, include Client Affiliate sub-accounts. Client agrees that hc1 shall not be liable to Client or to any Client Affiliate or other third party for any suspension of the Software Services pursuant to this Section.
2.2 Suspension for Ongoing Harm. Client agrees that hc1, may with reasonably contemporaneous notice to Client (via phone, email or other written notice) suspend access to the Software Services if hc1 reasonably concludes that Client’s Software Services is being used to engage in denial of service attacks, spamming, or illegal activity, and/or Client’s use of the Software Services is causing immediate, material and ongoing harm to hc1 or others. In the extraordinary event that hc1 suspends Client’s access to the Software Services, hc1 will use commercially reasonable efforts to limit the suspension to the offending portion of the Software Services and resolve the issues causing the suspension of Software Services. Client further agrees that hc1 shall not be liable to Client nor to any third party for any suspension of the Software Services under such circumstances as described in this Section.
2.3 Handling of Client Data in The Event of Termination. Client agrees that following termination of Client’s account or use of the Software Services, hc1 may deactivate Client’s account and following a reasonable period of not less than thirty (30) days may delete Client’s account from the Software Services. During this 30-day period and upon Client’s request, hc1 will grant Client limited access to the Software Services for the sole purpose of permitting Client to retrieve Client Data, provided that Client has paid in full all good faith undisputed amounts owed to hc1. Client further agrees that hc1 shall not be liable to Client nor to any third party for any termination of Client access to the Software Services or deletion of Client Data, provided that hc1 is in compliance with the terms of this Section.
3. Modification; Discontinuation of the Software Services.
3.1 To the Software Services. hc1 may make modifications to the Software Services or particular components of the Software Services from time to time and will use commercially reasonable efforts to notify Client of any material modifications. hc1 reserves the right to discontinue offering the Software Services at the conclusion of Client’s then-current Term. hc1 shall not be liable to Client nor to any third party for any modification of the Software Services as described in this Section.
3.2 To Applicable Terms. If hc1 makes a material change to these Terms of Service, then hc1 will notify Client by either sending an email to the notification email address or posting a notice in Client’s account. If the change has a material adverse impact on Client and Client does not agree to the change, Client shall so notify hc1 via legal@hc1.com in accordance with the notice section of this Agreement within thirty (30) days after receiving notice of the change. If Client notifies hc1 as required, then Client will remain governed by the Terms of Service in effect immediately prior to the change until the end of the then-current Term for the affected Software Service(s). If the affected Software Service(s) is renewed, it will be renewed under hc1’s then-current Terms of Service.
4. Access to Books and Records. Until the expiration of four (4) years after the furnishing of any Software Services pursuant to the Agreement, hc1 shall retain and make available, upon request by the Secretary of the U.S. Department of Health and Human Services, the Comptroller General or any of their duly authorized representatives, the contracts, books, documents, and records of hc1 needed to certify the nature and extent of all Medicare costs with respect to the Service. If hc1 carries out any of the duties of the Agreement using a subcontract with a value of or cost of Ten Thousand Dollars ($10,000) or more over a twelve (12) month period with a related/third-party organization, that subcontract shall also include a clause to this same effect. In the event the Agreement is not subject to the provision of 42 U.S.C. 1395x(v)(1)(I) and 42 C.F.R. 420.300 et seq. or relevant regulations, this section shall be null and void.
5. Screening for Viruses and Malicious Code. hc1 will use commercially reasonable measures, including generally accepted virus screening software, to protect the Software Services and their systems or software used from viruses and other malicious code. In the event that any viruses and other malicious code are discovered, they will be corrected pursuant to the provisions of this Agreement relating to support.
Exhibit E – Support and Service Level Agreement
This Support and Service Level Agreement outlines hc1’s support services. Support services are provided via Service Subscriptions to the Software Services for Clients under contract with hc1. Capitalized terms not defined in this Support and Service Level Agreement have the meaning given to them in the Agreement or the Terms of Service (“Exhibit E”).
1. The Service will not be Unavailable for more than 3.6 hours (99.5% availability) per Service Month throughout the Term of this Agreement (the “Uptime Commitment”). In the event hc1 fails to meet such Uptime Commitment, the Client is eligible to receive a Service Credit, which will be equal to the number of Periods beyond the Uptime Commitment for which the Service is Unavailable during a particular Service Month, multiplied by the Subscription Fees paid for the Service Month divided by the number of Periods in the Service Month. The total Service Credits shall not exceed 50% of the paid Subscription Fees for that Service Month. A Service Credit will apply against future Subscription Fees otherwise due from Client. Service Credits do not entitle Client to any additional payments from hc1.
The Software Services shall not be deemed Unavailable if the cause of the unavailability is due to any of the following, hereinafter, and each, an “Exclusion”: (a) the suspension or termination of Client’s or User’s right to use the Software Services in accordance with the Agreement; (b) factors outside of hc1’s reasonable control, including a Force Majeure Event, Internet access or related problems beyond the demarcation point of hc1’s hosting provider, services provided by a third party that are made available to Client via the Software Services; or (c) the action or inaction of Client or a User.
2. Credit Request and Payment Procedures. To receive a Service Credit, Client must submit a request by sending an e-mail message to sla-request@hc1.com. The Service Credit request must:
- include Client’s account number in the subject of the e-mail message;
- include, in the body of the e-mail, the dates and times of each incident the Client claims the Software Services were Unavailable; and
- be received by hc1 within sixty (60) business days of the last reported incident in the request.
hc1 will confirm the extent to which the Software Services were Unavailable as claimed in the request, and if each instance is affirmatively confirmed by hc1, then hc1 will issue the Service Credit to Client (a) after the anniversary of the Effective Date following the date in which the Software Services were Unavailable or (b) at the time Client signs an Order Form for additional Software Services, whichever occurs first.
3. Maintenance. hc1 will perform routine and when needed, emergency maintenance from time to time as described in this Section.
- Scheduled Maintenance. hc1 will routinely perform maintenance on Wednesday, Friday or Sunday between the hours of 11:00 PM and 3:00 AM, Eastern Time. This maintenance may require specific Software Services to be suspended during the maintenance period. hc1 will endeavor to provide notice two (2) Business Days in advance of such maintenance.
- Emergency Maintenance. Under certain circumstances, hc1 may need to perform emergency maintenance, such as security patch installation or hardware replacement. hc1 reserves the right to perform such maintenance at any time and without advance notice in case of emergency maintenance.
In addition to performing maintenance, hc1 will use industry standard practices to determine whether server hardware is functioning properly and will replace non-functioning hardware with similarly functioning hardware of equal or greater quality. hc1 shall use commercially reasonable efforts to implement hardware replacement. Unless an emergency, such replacement shall take during scheduled maintenance.
4. Client Care. This section relates to the contents of maintenance and support services (“Client Care”) to be provided to Client during the Term. hc1 shall provide standard Client Care as described in the ‘hc1 Client Care Standard Support’ table below. hc1 shall provide Client Care Services during the Term subject to the payment of all fees when due.
Furthermore, hc1 shall (a) provide to Client standard Client care as outlined below, and if selected by Client upgraded Client care, for the Service at such fees as further described in the Order Form, (b) use commercially reasonable efforts to make the Service available, and (c) provide the Software Services only in accordance with applicable laws and government regulations.
Client Care calls and emails are handled by a hc1 support analyst. Each issue is logged at intake into hc1’s Client Care ticketing system and assigned an incident number for the Client’s future reference. Response, Analysis, Interim and Final Resolution are documented using this log to ensure continuity throughout the process and to provide future reference for others encountering similar issues. Each Client may receive the status of the Client’s problem by contacting hc1 and requesting the status of the assigned incident number.
hc1’s Standard Client Care:
|
Support Hours |
9 am – 5 pm, Eastern Time, Business Days | |
| Submission Channels | Client Care Line and Online Portal | |
| Response Time* | ||
| Severity Level 1 | 2 hours | Description: A catastrophic production problem resulting in production unavailability |
| Severity Level 2 | 2 hours | Description: An instance in which Client’s production environment is functioning but in a severely reduced capacity. Client’s production environment is exposed to loss or interruption in service.
|
| Severity Level 3 | 3 – 5 Business Days | Description: A problem that involves partial or non-critical functionality loss. Client resources may be required to resolve the problem and impact to Client operations may exist. Workarounds may exist.
|
| Severity Level 4 | 3 – 5 Business Days | Description: General issues, usage issues, questions, or recommendation for future product enhancements and/or modifications. There is only minor impact on the quality, performance, or functionality of the product. |
| Initial Analysis** | ||
| Severity Level 1/Severity Level 2 | 4 hours |
|
*Response time begins when hc1 receives the Client call or inquiry via the online submission form.
**Initial analysis begins when hc1 responds to the Client call or inquiry via the online submission form.
All support requests should be made through the authorized support contact and/or system admin.