supportable logo
Get Started Free

Navigate

Home

About

Services

Blog

Get Help!

Support
Help Center

Follow us

Supportable Free Trial Terms of Service

Recitals

WHEREAS, Supportable provides access to software on a subscription basis for a variety of entities, including social service agencies, to manage and streamline scheduling, client intake, insurance processing, and additional functionality (the “Software”); and 

WHEREAS, Customer wishes to subscribe to a trial (21 calendar days) of the Software (“Free Trial Period”), subject to the terms and conditions of this Agreement. 

NOW, THEREFORE, in consideration of the above premises, the mutual covenants contained herein, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereby agree as follows: 

Agreement

1. Access

1.1 Authorization

In consideration for, and conditioned upon, compliance with all other terms and conditions set forth in this Agreement, Supportable authorizes Customer and its Authorized Users (as defined in Section 1.2) to access and use the Software during the Term (as defined in Section 4.1) of this Agreement.

1.2 Authored Users

This Agreement allows Customer to access the Software, including through Customer’s account administrator (“Authorized User”). Upon consultation, Supportable may provide additional Free Trial Customers with the necessary number of usernames and passwords (or provide the opportunity to create usernames and passwords) to allow Customer to access and use the Software.

1.3 Self-Serve Tree Trial Signup

If Customer registers for a free trial, Supportable will make the Service available on a trial basis for twenty-one (21) days (the “Trial Period”). At Supportable’s discretion, Supportable will provide Free Trial up to one person per domain at a time. At Supportable’s discretion, and provided Customer continues to engage with Supportable’s sales team during the Trial Period, Supportable may extend the Trial Period. No credit card is required for trial activation and Customer will not be charged automatically at the end of the Trial Period. Unless Customer elects to upgrade to a paid Subscription within the product prior to the end of the Trial Period, access will terminate at the end of the Trial Period. Trial environments include synthetic demo data, reduced functionality and are provided AS IS.

2. Customer Responsibilities

2.1 General

Customer is responsible and liable for all use of the Software, materials, or services provided in connection with this Agreement resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, (a) Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer; and (b) Customer shall be solely responsible for any and all activities made under Customer’s account that are a result of Customer’s negligence, including, but not limited to, exceeding the agreed-upon number of Authorized Users. Customer shall use reasonable efforts to make all Authorized Users aware of the provisions of this Agreement as applicable to such Authorized User’s use of the Software, and shall cause Authorized Users to comply with such provisions.

2.2 Compliance with Legal Obligations

Customer is solely responsible for compliance with all applicable federal, state, and local laws, rules, and obligations including, but not limited to, advertising, marketing, spam, data privacy, and all other legal obligations.

2.3 Health and Medical Record Compliance

Customer acknowledges that the Software is not intended to manage, or otherwise assist with electronic medical records (“EMR”) or electronic health records (“EHR”) or otherwise assist with compliance with EMR and/or EHR regulations or requirements. The Software is a pre-EMR/EHR intake processing tool. Customer acknowledges that Supportable is in no way responsible for Customer’s compliance with EMR and EHR regulations or other requirements. Notwithstanding the foregoing, (a) to the extent Customer constitutes a covered entity within the meaning of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and/or the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (“HITECH”); and (b) to the extent Supportable is a business associate to Customer, then Customer and Supportable agree that the business associate agreement attached hereto as Exhibit B shall be incorporated into this Agreement.

2.4 Trial environment demo data

Trial environments are pre-loaded with synthetic demo data for evaluation only. Customer shall not upload, process, or store any Protected Health Information (PHI) in a trial or production account. While, it is not recommended to upload, process, or store any Protected Health Information (PHI) in a trial or production account, the BAA in Exhibit A governs Supportable’s processing of PHI.

2.5 Customer Content

The Software provides Customer with the ability to upload information, documents, images, and similar content (“Customer Content”). Customer agrees that it will only upload or otherwise use Customer Content that Customer owns, or that Customer has the right and ability to create and publish copies and to authorize Supportable to further distribute and publish such content through the Software. Customer represents and warrants that all Customer Content used or uploaded by Customer or its Authorized Users will comply with this provision and will not infringe the intellectual property or other rights of any third parties. Customer acknowledges that Customer Content will only be accessible during the Free Trial Period and that Customer Content will be permanently on or after the end of the Free Trial Period.

2.6 Security Responsibility

Customer is responsible for maintaining the confidentiality of the user names, password(s), or other access credentials assigned to, or selected by, Customer and its Authorized Users (the “Credentials”). Customer, on behalf of itself and its Authorized Users, agrees that the Credentials shall not be shared with anyone. Customer agrees to immediately notify Supportable if a password is lost, stolen, disclosed to an unauthorized third-party, or has otherwise been compromised.

2.7 Third-Party Products

Supportable may from time to time make third-party products available to Customer. For purposes of this Agreement, such third-party products are subject to their own terms and conditions and may include applicable flow-through provisions referred. If Customer does not agree to abide by the applicable terms for any such third-party products, then Customer shall inform Supportable of such refusal and should not install or use such third-party products.

2.8 Third-Party Integrations, Subprocessors

Customer-chosen integrations are solely between Customer and the third-party provider. Supportable is not responsible for such providers. Separately, Supportable may use subprocessors to deliver the Service. Where a subprocessor will access PHI, Supportable will maintain written agreements imposing HIPAA-compliant obligations and will publish a current subprocessor list with notice of material changes. Supportable remains responsible for its subprocessors’ performance.

2.8 Equipment

Customer is responsible for providing, maintaining and ensuring all hardware, software, electrical and other physical requirements for Customer’s use of the Software, including, without limitation, telecommunications, internet access, or other equipment, software and services required to access and use the Software.

3. Acceptable Use Policy

Customer and its Authorized Users must comply with Supportable’s Acceptable Use Policy (AUP) available at https://supportableapp.com/legal-aup, which is incorporated by reference into these Terms.

4. Fees and Payment

Customer acknowledges that there are no Subscription fees during the Free Trial Period.

5. Trial Conversion (No Auto-Charge)

Trials do not automatically convert to paid Subscriptions and no charges will be incurred unless and until Customer affirmatively elects a paid plan within the product and agrees to the applicable Order details.

6. Term and Termination

6.1 Term

This Agreement shall remain in effect for the period of the Free Trial Period or until a conversion to a paid Subscription.

6.2 Termination

Either Party may terminate this Agreement at any time by disabling access to the software (Supportable) or by discontinuing use of the software and letting the trial expire (Customer).

6.3 Effect of Termination

UPON THE EFFECTIVE DATE OF TERMINATION OF THIS AGREEMENT FOR ANY REASON, THE ACCESS GRANTED TO CUSTOMER UNDER THIS AGREEMENT CEASES AND CUSTOMER IS NO LONGER AUTHORIZED TO ACCESS THE SOFTWARE FOR ANY PURPOSE. CUSTOMER FURTHER AGREES THAT Customer’s access of SUPPORTABLE’S SOFTWARE, Servers and computer network following the effective date of termination of this Agreement is without authorization.

6.4 Survival

Notwithstanding the termination of this Agreement, the Parties shall be required to carry out any provision hereof that contemplates performance subsequent to such termination, and such termination shall not affect any liability or other obligation that has accrued prior to such termination, including, but not limited to, any liability for loss or damage on account of a prior breach. Without limiting the generality of the foregoing, the Parties specifically agree that the rights and duties contemplated in Sections 6.3, 10, 11, 12, 13, 14, 15, 16, and 17 shall survive termination or expiration of this Agreement for any reason.

7. Security; Incident Response

Supportable implements administrative, physical, and technical safeguards appropriate to the nature of the Service, including encryption in transit and at rest, role-based access controls, logging, and vulnerability management. Supportable maintains an incident response plan and will notify Customer without undue delay, and where Exhibit A applies without unreasonable delay and no later than 60 calendar days upon confirming a Security Incident affecting Customer Data. Further details are set forth in the Security Exhibit available at https://supportableapp.com/legal-security-exhibit.

8. Restrictions and Acknowledgements Regarding the Software

8.1 Use Restrictions

Customer and its Authorized Users shall not use the Software for any purposes beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Software, in whole or in part; (ii) rent, lease, or sell the Software to third parties; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any component of the Software, in whole or in part; (iv) remove any proprietary notices from the Software; (v) knowingly interfere with the operation of the Software or other computers or network connections; (vi) use the Software in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.

8.2 Reservation of Rights

Supportable reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third-party any intellectual property rights or other right, title, or interest in or to the Software or related intellectual property.

8.3 Promotional Displays

Customer acknowledges that Supportable has the option, but is not obligated, to display advertisements, promotions, or other marketing messages through the Software. Supportable shall exclusively retain all revenue generated by Supportable’s advertising, promotional, and marketing, unless otherwise agreed to in writing by Supportable.

8.4 Suspension

Notwithstanding anything to the contrary in this Agreement, Supportable may temporarily suspend Customer’s and Authorized Users’ access to any portion or all of the Software if: (a) Supportable reasonably determines that (i) there is a threat or attack on any of the Software; (ii) Customer’s or any Authorized User’s actions or use of the or Software disrupts or poses a security risk to Supportable or any other customer or user; (iii) Customer, or any Authorized User, is using the Software for fraudulent or illegal activities; or (iv) Supportable’s provision of the Software or other services to Customer or any Authorized User is prohibited by applicable law; (b) any vendor of Supportable has suspended or terminated Supportable’s access to or use of any third-party services or products required to enable Customer to access the Software; or (c) in accordance with Section 4.4 (any such suspension described in subclause (a), (b), or (c), a “Suspension”). Supportable shall use commercially reasonable efforts to provide Customer with written notice of any Suspension and to provide updates regarding resumption of access to the Software following any Suspension. Supportable shall use commercially reasonable efforts to resume providing access to the Software as soon as reasonably possible after the event giving rise to the Suspension is cured. Supportable will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Suspension.

9. Service Levels

Supportable targets 99.9% monthly uptime for the production Service, excluding scheduled maintenance windows and force majeure.

10. Intellectual Property

10.1 Customer Intellectual Property

To the extent Customer provides Supportable with its trademarks, copyrighted-protected works, or other intellectual property (collectively “Customer’s Intellectual Property”), Customer hereby grants Supportable a limited, non-exclusive, sublicensable, revocable, royalty free, and fully paid up right to use, reproduce, and make derivative works of Customer’s Intellectual Property for the purpose of complying with its obligations under the Agreement and related marketing purposes. Customer represents that Customer owns or has the necessary licenses, rights, consents, and permissions to use and authorize Supportable to use Customer’s Intellectual Property. Supportable acknowledges and agrees that Customer shall exclusively retain all ownership, rights, title, and interest in and to Customer’s Intellectual Property. Upon termination of this Agreement, Supportable will discontinue the use of Customer’s Intellectual Property.

10.2 Supportable Intellectual Property

To the extent Customer provides Supportable with its trademarks, copyrighted-protected works, or other intellectual property (collectively “Customer’s Intellectual Property”), Customer hereby grants Supportable a limited, non-exclusive, sublicensable, revocable, royalty free, and fully paid up right to use, reproduce, and make derivative works of Customer’s Intellectual Property for the purpose of complying with its obligations under the Agreement and related marketing purposes. Customer represents that Customer owns or has the necessary licenses, rights, consents, and permissions to use and authorize Supportable to use Customer’s Intellectual Property. Supportable acknowledges and agrees that Customer shall exclusively retain all ownership, rights, title, and interest in and to Customer’s Intellectual Property. Upon termination of this Agreement, Supportable will discontinue the use of Customer’s Intellectual Property.

10.3 Customer Data

Supportable acknowledges that, as between Supportable and Customer, Customer owns all right, title, interest in and to Customer’s data (“Customer Data”). Subject to the terms of this Agreement, Customer grants to Supportable the non-exclusive, non-transferable, revocable, royalty free, and fully paid up right to use, copy, store, transmit, and display Customer Data solely in connection with the Software. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data, and Supportable is not responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any Customer Data. Customer acknowledges and agrees that: (i) no computer, network, storage or other security is risk free or impenetrable; (ii) the Service should not be relied upon as the sole repository of Customer Data; (iii) Customer is responsible for maintaining back-up and archival copies of all Customer Data; and (iv) that Customer is solely responsible for data used with third party integrations where the relationship is between the Customer and the third party. Customers warrants and represents that its provision of Customer Data to Supportable does not violate any laws, regulations, contracts, or proprietary rights of any third-parties.

10.4 Feedback

If Customer or any of its Authorized Users, employees, or contractors sends or transmits any communications or materials to Supportable by mail, email, telephone, or otherwise, suggesting or recommending changes to the Software or other Supportable IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (collectively, “Feedback”), Supportable is free to use such Feedback irrespective of any other obligation or limitation between the Parties governing such Feedback. Customer hereby assigns to Supportable on Customer’s behalf, and on behalf of its Authorized Users, employees, contractors and/or agents, all right, title, and interest in, and Supportable is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although Supportable is not required to use any Feedback.

10.5 Aggregated Data

Notwithstanding anything to the contrary in this Agreement, Supportable may monitor Customer’s use of the Software and collect and compile data and information related to Customer’s use of the Software to be used by Supportable in an anonymized manner, including to compile statistical and performance information related to the provision and operation of the Software (“Aggregated Data”). As between Supportable and Customer, all right, title, and interest in Aggregated Data, and all intellectual property rights therein, belong to and are retained solely by Supportable. Customer acknowledges that Supportable may compile Aggregated Data based on Customer Data input into the Software. Customer agrees that Supportable may (i) make Aggregated Data publicly available in compliance with applicable law, and (ii) use Aggregated Data to the extent and in the manner permitted under applicable law; provided that such Aggregated Data does not identify Customer.

11. Indemnification

Customer shall indemnify, hold harmless, and, at Supportable’s option, defend Supportable from and against any Losses resulting from any third-party claim that the data, information, trademarks, works, or other materials provided by Customer, or Customer’s Authorized Users, to Supportable infringes or misappropriates such third-party’s intellectual property rights and any third-Party claims based on Customer’s or any Authorized User’s (i) negligence or willful misconduct; (ii) provision of medical, health, social, or other services provided by Customer; (iii) use of the Software in a manner not authorized by this Agreement; (iv) inaccurate, mis-entered, or otherwise incorrect data provided, or entered into any database or system, by Customer or at Customer’s direction; (v) breach of any representations or warranties; (vi) infringement of any third-party’s intellectual property rights; and (vii) modifications to the Software not made by Supportable. Customer may not settle any third-party claim arising out of or in connection with this Agreement or the Software unless Supportable consents to such settlement, and further provided that Supportable will have the right, at its option, to defend itself against any such third-party claim or to participate in the defense thereof by counsel of its own choice.

12. Limitations and Disclaimers

12.1 Accessibility

Customer acknowledges and agrees that at times the Software may be inaccessible or inoperable for any reason whatsoever, including, without limitation: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs that Supportable may undertake from time to time; or (iii) causes that are beyond the control of Supportable or that are not reasonably foreseeable.

12.2 Disclaimer Regarding Use of the Software

In addition to the disclaimers and limitations set forth in this Section 12, you acknowledge and agree that Supportable does not provide medical advice or legal advice. The Software provides data and information management and analysis, but is not intended to ensure legal compliance or provide health or medical advice. Customer agrees that Supportable is not providing any services to Customer that constitutes the practice of medicine or law under the state where Customer is located. Supportable is not responsible for any of the information or data you share, store, or process through the Software. Supportable is also not responsible for any user’s actions, statements, or any other conduct conducted through the Software. Supportable specifically disclaims any and all liability with respect to Customer’s compliance with any laws, regulations, or other legal requirements.

12.3 Disclaimer Warranties

EXCEPT FOR THE EXPRESS WARRANTIES MADE IN THIS AGREEMENT, SUPPORTABLE AND ITS AGENTS, OFFICERS, DIRECTORS, EMPLOYEES, SUCCESSORS, ASSIGNS, AND AFFILIATES PROVIDE THE SOFTWARE “AS IS WITH ALL FAULTS” WITHOUT ANY OTHER WARRANTY OF ANY KIND, AND SUPPORTABLE HEREBY DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS WITH RESPECT TO THE SOFTWARE WHETHER EXPRESS OR IMPLIED AND EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND SATISFACTORY QUALITY. SUPPORTABLE DOES NOT WARRANT AGAINST INTERFERENCE WITH CUSTOMER’S ENJOYMENT OF THE SOFTWARE, THE AVAILABILITY OF THE CONTENT, THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET OF CUSTOMER REQUIREMENTS, THAT THE SOFTWARE IS FREE OF VIRUSES, THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS IN THE SOFTWARE WILL BE CORRECTED, OR THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL FUNCTION WITH OTHER SOFTWARE OR HARDWARE, OR WITHIN A SYSTEM. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY SUPPORTABLE OR A SUPPORTABLE AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTORY RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION MAY NOT APPLY.

12.4 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT SHALL EITHER PARTY OR ITS AGENTS, OFFICERS, DIRECTORS, EMPLOYEES, SUCCESSORS, ASSIGNS, OR AFFILIATES BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES, WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOST TIME, LOST SAVINGS, LOSS OF DATA, DAMAGED DATA, INACCURATE DATA, FAILURE OF TELECOMMUNICATION SERVICES, LOST CONFIDENTIAL OR OTHER INFORMATION, OR FOR BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES ARISING OUT OF OR RELATED TO THE USE OR INABILITY TO USE THE SOFTWARE, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (TORT, CONTRACT OR OTHERWISE) AND EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY.

EXCEPT FOR (I) AMOUNTS DUE FOR FEES; (II) EACH PARTY’S INDEMNIFICATION OBLIGATIONS; AND (III) A PARTY’S BREACH OF CONFIDENTIALITY OR PHI OBLIGATIONS, EACH PARTY’S AGGREGATE LIABILITY WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER FOR THE SERVICE GIVING RISE TO THE CLAIM IN THE TWELVE (12) MONTHS PRECEDING THE EVENT.

12.5 Faulty or Incorrect Data

Customer acknowledges and agrees that Supportable is not responsible for the accuracy of Customer Data, or any other information or data provided by Customer in connection with this Agreement. Customer is solely responsible for ensuring that all Customer Data and any other information or data provided, entered, or otherwise created by Customer or any individual or affiliate of Customer is accurate, correct, and properly entered into any software, systems, or other databases.

13. Non-Solicitation

For the duration of this Agreement and a period of one (1) year after the termination of this Agreement, neither Party nor their affiliates will recruit, offer, solicit for employment, hire, engage as a consultant, or otherwise employ the employees of the other Party except in response to a general solicitation offering employment.

14. Interpretation

To the extent there is any conflict between a provision of this Agreement and an Exhibit, the wording of the Exhibit shall control. The section and subsection headings used herein are for reference and convenience only, and shall not enter into the interpretation hereof. The exhibits referred to herein, are incorporated herein to the same extent as if set forth in full herein. For the purposes of interpreting this Agreement, no Party shall be considered the author or drafter, and this Agreement shall not be construed against a Party on that basis. The covenants, agreements and remedies provided herein are in addition to, and are not to be construed as a replacement for or limited by, the rights and remedies otherwise available to Supportable and/or Customer.

15. Enforcement

15.1 Governing Law, Jurisdiction and Venue

This Agreement shall be construed and enforced in accordance with the laws of the State of Minnesota. All actions, claims or disputes arising under or relating to this Agreement shall be brought in the federal or state courts in the State of Minnesota. The Parties irrevocably submit and consent to the exercise of subject matter jurisdiction and personal jurisdiction over each Party by the federal and/or state courts in the State of Minnesota. The Parties hereby irrevocably waive any and all objections which any Party may now or hereafter have to the exclusive exercise of personal and subject matter jurisdiction by the federal or state courts in the State of Minnesota and to the venue of any such suit, action, or proceeding brought in any such federal or state court in the State of Minnesota.

15.2 Equitable Relief

Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Sections 2.2, 2.3, 8.1. 10.1, 10.2, 11, and 13 would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

16. Notice

All notices, demands, and other communications to be given or delivered under or by reason of the provisions of this Agreement will be in writing and will be deemed to have been given when personally delivered by hand, registered mail, or courier such as Federal Express or UPS when receipt is acknowledged or confirmed through a delivery confirmation. Notices, demands, and communications to Supportable and Customer will, unless another address is specified in writing, be sent to the address indicated provided by the primary customer administrator upon account setup.

Notices to Supportable:
Supportable
Attn: Beau Jeffrey
615 W Travelers Trail
Burnsville, MN 55337
With an email copy to:
tsitzmann@winthrop.com

In the event multiple customer entities are executing this Agreement, notices for additional entities shall be sent to the address and email address indicated on the signature page.

17. Miscellaneous

17.1 Use of Customer and Supportable Name

Customer and Supportable may each identify each other by name in promotional and marketing materials for the sole purpose of identifying the other party as a customer or vendor, as the case may be. Such identification shall be in plain text font in the manner of a nominative use for informational purposes only. However, if the other party provides prior written approval, then such party may utilize the logos or other materials as approved, but only in accordance with such approval and only for so long as such approval has not been withdrawn.

17.2 Authority to Bind Customer

The individual signing this agreement represents and warrants that (a) they have the full power and authority to enter into, execute and deliver this Agreement on behalf of Customer, and to consummate the transactions contemplated hereby and thereby and any instruments or agreements required herein; and (b) no further approval, consent, or authorization of any kind from any individual, governmental body, or other person shall be required for this Agreement to valid, binding, and enforceable against Customer.

17.3 Force Majeure

Neither Party shall be deemed in default of this Agreement to the extent that performance of its obligations or attempts to cure any breach are delayed, restricted, or prevented by reason of any act of God, act of terrorism, fire, natural disaster, act of government, strikes or labor disputes, inability to provide raw materials, power or supplies, or any other act or condition beyond that Party’s reasonable commercial control.

17.4 Successors and Assigns

This Agreement is binding upon the Parties and each Party’s respective successors and permitted assigns.

17.5 Entire Agreement; Modification

This Agreement states the Parties’ entire agreement and understanding of the subject hereof. This Agreement supersedes all prior understanding and agreements. Any prior agreement or understandings between the Parties is null and void. Supportable shall have the right to add to or modify the Software and other serviced provided hereunder, provided it will not substantially and materially diminish the Software. Other than such modifications to the Software and related services.

17.6 Updates to Terms

For click-through/self-serve accounts, Supportable may update these Terms from time to time.

17.7 Third-Party Beneficiaries

There are no intended third-party beneficiaries of this Agreement.

17.8 Waiver; Severability

No waiver of any term, provision, or condition of this Agreement, whether by conduct or otherwise, in any one or more instances, shall be deemed to be, or shall constitute, a waiver of any other term, provision or condition hereof, whether or not similar, nor shall such waiver constitute a continuing waiver of any such term, provision or condition hereof. No waiver shall be binding unless executed in writing by the party making the waiver. If any provision or clause of this Agreement as applied to either Party or to any circumstances, shall be adjudged by a court of competent jurisdiction to be invalid or unenforceable, said adjudication shall in no way affect any other provision of this Agreement, the application of such provision in any other circumstances, or the validity or enforceability of this Agreement.

17.9 Assignment

Customer may not assign its rights or obligations under this Agreement without Supportable written consent provided, however, that Customer may assign its rights and obligations, in whole only, without such consent to an entity that acquires all or substantially all of the business or assets of such party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale, or otherwise. Supportable may freely assign its rights and obligations, in whole only, to another party without the consent of Customer.

17.10 Counterparts

This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement.

17.11 Export Regulation

Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Software or any data outside the US.

17.12 U.S. Government Rights

The Software and any components that constitute the Software is a “commercial item” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the US Government or any contractor therefor, Customer only receives those rights with respect to the Software as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.

Exhibit A: Business Associate Agreement

The Software and any components that constitute the Software is a “commercial item” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the US Government or any contractor therefor, Customer only receives those rights with respect to the Software as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.

1. Scope

The Business Associate Agreement applies only if and to the extent that Supportable is a business associate to Covered Entity, (as defined in HIPAA and HITECH). HITECH includes a definition of which Business Associates are covered by the Act at 45 C.F.R. § 160.103.

2. Definitions

Breach. “Breach” shall mean the acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted under Subpart E of 45 C.F.R. Part 164 and which compromises the security or privacy of the Protected Health Information. This definition excludes certain unintentional acquisitions, access or uses by a workforce member or person acting on behalf of the Business Associate or Covered Entity as set forth in 45 C.F.R. § 164.402.

Compromises the Security Or Privacy of Protected Health Information. “Compromises the Security or Privacy of Protected Health Information” shall mean poses a significant risk of financial, reputational, or other harm to the individual as set forth in 45 C.F.R. § 164.402.

Discovers. “Discovers” shall mean the date the breach is: (a) first known to Covered Entity or Business Associate; or (b) the date the breach should have reasonably been known by Covered Entity or Business Associate.

Gap Analysis. “Gap Analysis” shall mean comparing the current state of the business with the requirements specified by the Standards for Electronic Transactions final rule as set forth in 45 C.F.R. § 162 and the HIPAA Security Rule requirements to determine where Covered Entity or Business Associate’s information security system and program falls short of meeting the HIPAA Security Rule requirements.

Limited Data Set. “Limited Data Set” shall mean a set of data stripped of most identifiers in connection with the analysis of the “Minimum Necessary Requirement.” Moreover, it is Protected Health Information from which 16 of the 18 direct identifiers listed at 45 C.F.R. § 164.514(e)(2) of the HIPAA Privacy Rule have been removed, but the data may still contain certain geographic information (so that the data may not be considered de-identified).

Minimum Necessary Requirement. “Minimum Necessary Requirement” requires that a Covered Entity Or Business Associate that uses, discloses, or requests Protected Health Information must make reasonable efforts to limit disclosure of Protected Health Information to the minimum necessary to accomplish the intended purpose as set forth in 45 C.F.R. § 164.502(b) and in HITECH. The Limited Data Set complies with this requirement.

Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45

C.F.R. Part 160 and Part 164, Subparts A & E.

Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 164.501, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

Health Record. “Health Record” shall have the same meaning as the term “heath record” in Minn. Stat. 144.291 subd. 2, limited to any health records created or received by Business Associate from or on behalf of Covered Entity.

Required by Law. “Required by Law” shall have the same meaning as the term “required by law” in 45 C.F.R. § 164.501.

Secured Protected Health Information. “Secured Protected Health Information” shall mean data protected under the technologies and methodologies that secure Protected Health Information, thus rendering the data unusable, unreadable, or indecipherable to an unauthorized individual, as defined by the Department of Health and Human Services (“HHS”) Guidance at 45 C.F.R. Parts 160 and 164 and 74 Fed. Reg. 19006. This also applies to secured personal health records. Such Protected Health Information must either be encrypted (as defined at 45 C.F.R. § 164.304) or destroyed per the HHS Guidance to be considered “secured.” If Protected Health Information is secured in accordance with the HHS Guidance, then unauthorized access to, or use or disclosure of such information will not trigger the security breach notification requirements of HITECH.

Security Rules. “Security Rules” shall mean the Security Standards for Protection of Electronic Protected Health Information as set forth in 45 C.F.R. Part 164, Subpart C. This includes the following rules:

  1. Administrative Safeguards set forth in 45 F.R. §164.308;
  2. Physical Safeguards set forth in 45 C.F.R. § 164.310;
  3. Technical Safeguards set forth in 45 C.F.R. § 164.312; and;
  4. Policies and Procedures and Documentation Requirements set forth in 45 F.R. § 164.316.

Unsecured Protected Health Information. “Unsecured Protected Health Information” means Protected Health Information that is not secured through the use of a technology or methodology specified by the HHS.

3. Responsibilities and Activities of Business Associate

Compliance with HIPAA and HITECH. Business Associate agrees to fully comply with the “Business Associate” requirements under HIPAA and HITECH, and that every agent, employee, subsidiary, affiliate of Business Associate will be required to fully comply with HIPAA and HITECH, and will be bound by written agreement to the same restrictions and terms and conditions throughout the term of this Agreement. Business Associate agrees that even if an agent, employee, subsidiary, or affiliate of Business Associate does not sign a written agreement, Business Associate is still responsible for ensuring their compliance with the terms of HIPAA and HITECH throughout the term of this Agreement.

Disclosure of Protected Health Information. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Agreement or as required by law.

Agents and Subcontractors. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. The agent or subcontractor must be bound to report Security Breaches to Business Associate within 24 hours of when it becomes aware.

Use of Safeguards. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Agreement and to abide by the Security Rules set forth in HIPAA and HITECH.

Follow Minimum Necessary Requirements. Business Associate agrees to limit any use, disclosure, or request for use or disclosure to the minimum amount necessary to accomplish the intended purpose of the use, disclosure, or request in accordance with the requirements of HIPAA.

  1. Business Associate makes an initial determination whether the purpose for the use or disclosure of Protected Health Information could be practicably accomplished with a Limited Data Set in connection with its Minimum Necessary Requirements analysis.
  2. If the Business Associate determines it is not practicable to use or disclose only Limited Data Sets, then the Business Associate must determine what constitutes the Minimum Necessary to accomplish the intended purposes of such use or disclosure and document the same.

Policies and Procedures. Business Associate agrees to have internal practices, books, and records, including policies and procedures to:

  1. Govern the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity;
  2. Implement administrative, physical and technical safeguards that are reasonably appropriate to protect the confidentiality, integrity and availability of electronic Protected Health Information that the Business Associate creates, receives, maintains or transmits on behalf of Covered Entity;
  3. Define “Minimum Necessary” standard and train employees regarding the “Minimum Necessary” standard;
  4. Ensure prompt internal investigation of alleged breaches or a Risk This should include: (1) decide whether the disclosure is a breach, (2) does an exception apply, and (3) was there a significant impact of harm;
  5. Ensure a coordinated system for internal reporting of breaches of Unsecured Protected Health Information;
  6. Ensure reporting to the Covered Entities with whom they contract;
  7. Designate a Security Officer to monitor compliance;
  8. Train personnel how to protect electronic Protected Health Information, about the HIPAA Security Rules and procedures for breaches, including prompt notification; and
  9. Discipline workforce members who violate the law or the Business Associate’s

Analysis. Business Associate agrees to conduct or has conducted a HIPAA Gap Analysis.

Access to Policies and Procedures. Business Associate agrees to make internal practices, books, and records, including policies and procedures discussed in the section above, titled Policies and Procedures, relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, available to Covered Entity, or to the Secretary of the HHS or his or her designee (“Secretary”), in a time and manner as deemed reasonable by both Parties at the time of the request, or designated by the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.

Access to Protected Health Information. Business Associate agrees to provide access to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity to an individual in order to meet the requirements under 45 C.F.R. § 164.524. Such disclosure should be made in a time and manner as deemed reasonable by both Parties at the time of the request,

Amendments to Protected Health Information. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of Covered Entity or an individual, and in a time and manner as deemed reasonable by both Parties at the time of the request.

Accounting to Individuals. Business Associate agrees to provide an accounting to a requesting individual in an Electronic Health Record that includes all disclosures for treatment, payment or health care operations, pursuant to HITECH.

Security Breach Notification to Covered Entity. Business Associate agrees to provide Security Breach Notification to Covered Entity as soon as it becomes aware of such Security Breach, and in any event without unreasonable delay and no later than 60 calendar days from discovery, and should provide the following data:

  1. Date when the disclosure occurred;
  2. Description of what happened;
  3. What type of Protected Health Information was disclosed (e.g., diagnostic information, social security number);
  4. Who disclosed the information;
  5. To whom the information was disclosed;
  6. The number of people affected, including, but not limited to, whether there were more than 500 individuals who are residents of the same state or jurisdiction that were affected; and
  7. Brief description of steps Business Associate has taken to investigate incident, risk assessment, mitigate harm and protect against further breaches (e.g., asked to destroy Personal Health Information).

Notifications of Security Breach.

  1. Business Associate agrees that if it is the subject of a Security Breach it will inform the Covered Entity without unreasonable delay.
  2. Covered Entity agrees that if it is the subject of a Security Breach it will make the required notifications and be responsible for all costs associated with a Security Breach.

Breach Log. Business Associate agrees to document in a log all disclosures constituting breaches of Protected Health Information pursuant to HITECH and to provide this log to Covered Entity so that it can respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528. Such a breach log must be filed by Covered Entity within 60 days of year end.

Mitigate Harm. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.

Notification of Disclosure Not Arising to a Breach. Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this Agreement of which it becomes aware even if it is not a Security Breach as defined herein. Such report should include:

  1. Date when the disclosure occurred;
  2. Description of what happened;
  3. What type of Protected Health Information was disclosed (e.g., diagnostic information, social security number);
  4. Who disclosed the information;
  5. To whom the information was disclosed;
  6. The number of people affected, including, but not limited to, whether there were more than 500 individuals who are residents of the same state or jurisdiction that were affected;
  7. Brief description of steps Business Associate has taken to investigate incident, risk assessment, mitigate harm, and protect against further disclosures (e.g., asked to destroy);
  8. Why the disclosure is not a breach or which exception to HITECH applies; and
  9. Why the disclosure has no risk of financial, reputational or other harm to the individual (See 45 C.F.R. § 402).

Disclosure Log. Business Associate agrees to document disclosures of Protected Health Information including all disclosures for treatment, payment or health care operations or that were determined not to be breaches, pursuant to HITECH and information related to such disclosures and to provide the documentation to Covered Entity so that it can respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528 and any additional regulations in connection with HITECH.

4. Permitted Uses and Disclosures by Business Associate

General Use and Disclosure Provisions. Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information on behalf of, or to provide services to, Covered Entity for purposes of administration as required by Covered Entity, if such use or disclosure of Protected Health Information would not violate the Privacy Rule if done by Covered Entity or the minimum necessary requirements under HITECH and the policies and procedures of Covered Entity.

Specific Use and Disclosure Provisions.

  1. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.
  2. Except as otherwise limited in this Agreement, Business Associate may disclose Protected Health Information for the proper management and administration of Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
  3. Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
  4. Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 502(j)(1).

5. Responsibilities of the Covered Entity

Compliance with HIPAA and HITECH. Covered Entity agrees to fully comply with the requirements under HIPAA and HITECH including the Security Rules, and that every agent, employee, subsidiary, affiliate of Covered Entity will be required to fully comply with HIPAA and HITECH, and will be bound by written agreement to the same restrictions and terms and conditions throughout the term of this Agreement.

Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions. Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45

C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.

  1. Covered Entity shall notify Business Associate of any applicable Notice of Privacy Protection limitations, such as changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information
  2. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of Protected Health Information.

Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule, HITECH or other law, if done by Covered Entity.

6. Audits

Governmental Audits. Both Covered Entity and Business Associate agree to be prepared for, and assist with, any audits and other enforcement by federal governmental agencies (e.g., the Office of Civil Rights, HHS, Centers for Medicare and Medicaid Services) and/or the Secretary of State in enforcing HIPAA and HITECH.

7. Sale of and/or Marketing of Protected Health Information

Sale of Protected Health Information. Both Covered Entity and Business Associate agree not to directly or indirectly receive remuneration in exchange for any Protected Health Information except as allowed under HITECH, § 13406 and its implementing regulations.

Marketing of Protected Health Information. Both Covered Entity and Business Associate agree to abide by the conditions on marketing communications, including, but not limited to, communications about a product or service that encourages the recipient to purchase or use the product or service, as set forth in HITECH, § 13406, and its implementing regulations and HIPAA at Subpart E of 45 C.F.R. 164, unless the communication is made as described in subparagraph (i) or (ii) of paragraph (1) of the definition of marketing in section 164.501.

8. Term and Terminations

Term. The Term of this Agreement shall become effective on the Effective Date, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this section 8.

Termination by Covered Entity for Cause. Upon Covered Entity’s knowledge of a material breach by Business Associate, Covered Entity shall either:

  1. Provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement if Business Associate does not cure the breach or end the violation within two weeks (14 days) of notification of the material breach by Covered Entity;
  2. Immediately terminate this Agreement if Business Associate has breached a material term of this Agreement and the Parties agree that cure is not possible; or
  3. If neither termination nor cures are feasible, Covered Entity shall notify the Secretary. At least two days prior to notifying the Secretary, Covered Entity must provide notice of its intention to Business Associate.

Termination by Business Associate for Cause. Upon Business Associate’s knowledge of Covered Entity’s failure to comply with HIPAA and/or HITECH, Business Associate shall either:

  1. Provide an opportunity for Covered Entity to cure the breach or end the breach of obligations under HIPAA/HITECH and terminate this Agreement if Covered Entity does not cure the breach or end the violation within the time specified by Business Associate; or
  2. If neither termination nor cures are feasible, the Business Associate may notify the Secretary. At least two days prior to notifying the Secretary, the Business Associate must provide notice of its intention to Covered Entity.

Effect of Termination.

  1. Except as provided in paragraph b of this section, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
  2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.

9. Confidentiality

Confidentiality Obligations. In the course of performing under this Agreement, each Party may receive, be exposed to or acquire Confidential Information including but not limited to, all information, data, reports, records, summaries, tables and studies, whether written or oral, fixed in hard copy or contained in any computer database or computer readable form, as well as any information identified as confidential (“Confidential Information”) of the other Party. For purposes of this Agreement, “Confidential Information” shall not include Protected Health Information, the security of which is the subject of this Agreement and is provided for elsewhere. The Parties including their employees, agents or representatives (i) shall not disclose to any third party the Confidential Information of the other Party except as otherwise permitted by this Agreement, (ii) only permit use of such Confidential Information by employees, agents and representatives having a need to know in connection with performance under this Agreement, and (iii) advise each of their employees, agents, and representatives of their obligations to keep such Confidential Information confidential. Notwithstanding anything to the contrary herein, each Party shall be free to use, for its own business purposes, any ideas, suggestions, concepts, know how or techniques contained in information received from each other that directly relates to the performance under this Agreement. This provision shall not apply to Confidential Information: (a) after it becomes publicly available through no fault of either Party; (b) which is later publicly released by either Party in writing; (c) which is lawfully obtained from third parties without restriction; or (d) which can be shown to be previously known or developed by either Party independently of the other Party.

10. Miscellaneous

Regulatory References. A reference in this Agreement to a section in the HIPAA Privacy or Security Rules, or HITECH means the section as in effect or as amended.

Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of HIPAA, and for the Parties to comply with HITECH. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the Parties.

Legal Counsel.  The Parties warrant and represent that they have consulted with and received advice from legal counsel of their choice with respect to this Agreement or have had the opportunity to consult with legal counsel of their choice prior to executing this Agreement.

No Third-Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

Disputes. If any controversy, dispute or claim arises between the Parties with respect to this Agreement, the Parties shall make good faith efforts to resolve such matters informally.

Survival. The respective rights and obligations of the Parties under the sections above, titled Effect of Termination and Confidentiality Obligations, of this Agreement shall survive the termination of this Agreement.

Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with HIPAA and the Parties to comply with HITECH. In addition, to the extent that HIPAA and HITECH are amended or further guidance from the HHS is given, they shall be incorporated herein.

Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Minnesota and any disputes shall be brought in a Minnesota District Court, judicial district to be determined by the Business Associate, or in the United States District Court for the District of Minnesota.

Indemnification. Notwithstanding anything herein to the contrary, Business Associate agrees that it shall be liable for any breach of HIPAA rules and regulations by Business Associate, pursuant to applicable law. Business Associate further agrees to indemnify, defend and hold harmless Covered Entity, and any of its affiliated entities for any claims, damages, fines, fees, or penalties (including reasonably attorneys’ fees) incurred by Covered Entity or its affiliated entities which arise out of or relate to a breach of HIPAA or this Agreement by Business Associate, to the fullest extent under applicable law. In turn, notwithstanding anything herein to the contrary, Covered Entity agrees that it shall be liable for any breach of HIPAA rules and regulations by Covered Entity, pursuant to applicable law. Covered Entity further agrees to indemnify, defend and hold harmless Business Associate, and any of its affiliated entities for any claims, damages, fines, fees, or penalties (including reasonably attorneys’ fees) incurred by Business Associate or its affiliated entities which arise out of or relate to a breach of HIPAA or this Agreement by Covered Entity, to the fullest extent under applicable law.

Headings. The headings in this Agreement are inserted for convenience and shall not be considered a part of this Agreement or used in its interpretation.

 

IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed to be effective on the last date written below.