DATABIOLOGICS, INC. IMPACT SERVICES AGREEMENT
This SERVICES AGREEMENT (this “Agreement”) is entered into as of the date on which Client indicates acceptance of this Agreement through Company’s online enrollment or clickwrap process (the “Effective Date”), by and between DATABIOLOGICS, INC., a Delaware corporation, with its principal place of business at 245 W 2nd St, Ste #7, Mesa, AZ 85201 (“Company”), and the individual or entity that accepts this Agreement through the online enrollment or clickwrap process (“Client”).
RECITALS
WHEREAS, Company has developed and licenses software that enables healthcare providers to collect and analyze data from their patients about the status of those patients’ medical history, treatments, and conditions through a consumer-facing software application (the “Consumer App”), and an online provider portal (the “Portal” (also referred to as the Provider App in related documents), in order to track patients’ condition and treatment results. The Consumer App and Portal may be hereinafter referred to as the “Database” and data submitted through either the Consumer App or the Portal shall be hereinafter referred to as “Database Information”; and
WHEREAS, Client is an individual licensed to practice medicine, or an entity that employs individuals licensed to practice medicine in the states in which Client operates and offers medical/surgical therapies to patients; and
WHEREAS, Client acknowledges that the Database and the information therein does not constitute medical advice or opinions, and its use does not guarantee any success regarding any treatment or therapeutic regimen offered to any patient under the Client's care, Client desires to (i) license the Database from Company, and Company is willing to license the Database to Client for the purpose of accessing the Database Information and (ii) grant its patients access to the Consumer App, through which the Client will collect, view, and track clinical observations and patient reported outcomes.
NOW, THEREFORE, in consideration of the mutual promises and covenants herein contained, and for other good and valuable consideration, the receipt and sufficiency of which are acknowledged, Company and Client hereby agree as follows:
1.1 License to Utilize Database. Subject to the terms and conditions of this Agreement, including the payment of the fees set forth in Section 6, and the accuracy of the representations and warranties made by Client in Section 4, Company grants Client and each Authorized User (as defined below) a nontransferable, non-sublicensable, non-exclusive right and license to utilize the Database during the Term in accordance with functionality and permissions as defined below.
1.2 Access to Consumer App. The license granted hereby also give Client the right to grant access to the Consumer App to each of Client’s patients for them to input data about their treatment. Access to the Consumer App will be provided by secure link that will be delivered to the patient via email or SMS message at an address or telephone number provided by Client to Company.
1.3 Functionality. The DataBiologics platform offers tools for tracking patient outcomes data including data collection and, where applicable, outcomes analysis. The platform, however, does not constitute or provide medical advice or opinions and should not be used as a guarantee of treatment success, effectiveness, or positive outcome related to any specific treatment. The specific functionalities available to Client may vary depending on the subscription plan selected. Company may change the functionality of the Database at any time. Client shall access the Portal via the Internet domain www.DataBiologics.com, or such other domains as the Company may elect to utilize from time to time.
1.4 Terms of Use and Privacy Policy. In addition to this Services Agreement, use of the Portal, and a patient’s use of the Consumer App, shall be governed by the Terms of Use and Privacy Policies for each of the Portal and the Consumer App set forth at wwwDataBiologics.com. Each Terms of Use and Privacy Policy may be amended by Company at any time. Client hereby accepts and agrees to comply each of the Terms of Use and Privacy Policies for each of the Portal and the Consumer App. These Terms of Use and Privacy Policies shall apply to all Clients and users of the Portal and Consumer App, regardless of subscription method or Plan Level, and shall be deemed standard terms and conditions applicable to all use of the Database. The provisions of each Terms of Use and Privacy Policy are hereby incorporated by reference and made a part of this Agreement. Privacy Policies include jurisdiction-specific terms to comply with applicable data protection laws in the U.S., EU, UK, Canada, Australia, and New Zealand.
1.5 Authorized Users. At the time of sign-up, Client shall provide Company via digital form or written communication with a list of all Authorized Users who are permitted to access the Portal (each, an “Authorized User”). Authorized Users may be added or removed either by request to a DataBiologics representative or directly within the platform by Client's designated administrators. Client is solely responsible for ensuring that all Authorized Users are bona fide employees, contractors, or agents of the Client’s organization and are legally permitted to access Protected Health Information ("PHI") under applicable law, including HIPAA. Client shall take all good faith measures to prevent access to the platform by any person who is not an Authorized User.
Client is responsible for any unauthorized access and shall be liable for additional fees, damages, and any improper downloading, reproduction, or other activity in violation of this Agreement. A username and password are required for access to the platform. Client and Client’s Authorized Users are responsible for maintaining the confidentiality of these credentials and must take appropriate measures to safeguard them. Client and its Authorized Users shall not share usernames or passwords, nor permit their use by anyone other than Authorized Users. Persons without valid login credentials shall not have access to the platform.
Client is responsible for all activities conducted on the platform under its account, including actions taken by its Authorized Users, regardless of whether those activities were authorized by Client. Company shall not be liable for any damages, losses, or liabilities arising from unauthorized access or activity on Client’s account due to Client’s failure to safeguard login credentials or ensure proper authorization of users. In the event of any unauthorized access or use, Client must promptly notify Company.
While Company may, at its discretion, review activity on the platform for compliance purposes, Company is under no obligation to do so. Company is not responsible for the content of any data within Client’s account or how Client or its Authorized Users utilize the platform to transmit, store, or process data. However, if Company reasonably believes there has been a violation of these Terms or applicable law, or there is a risk of harm to Company, the platform, patients, other users, or third parties, Company reserves the right to suspend or block access to the platform or take other necessary actions, including with respect to Client's data.
1.6 Training. Following the execution of this Agreement and upon activation of the Client account on the DataBiologics platform, Company will provide access to training and support resources to Client and its Authorized Users in accordance with the subscription plan selected. If applicable, live training sessions will be conducted remotely and may be recorded for future use. These recordings will be made available exclusively to Client's Authorized Users and Company. Any additional training beyond the initial session shall be mutually agreed upon by the Parties.
1.7 Support. Company will use commercially reasonable efforts to provide technical support services in accordance with the Client's subscription plan. While Company aims to offer the best service possible, it does not guarantee that the platform will meet all of Client’s requirements or that it will be free from faults. Should any issue arise with the platform, Client may report it to Company at support@databiologics.com. Company will review the issue and, where deemed appropriate, take steps to correct it. Support services, including service levels and applicable fees, are subject to the terms provided for in Client’s subscription plan. Company will not be liable for any failure to meet Client’s expectations or for any issues that arise from faults beyond Company’s control.
2.1 Right, Title, and Interest. The Parties agree that, as between the Parties, Company is the sole owner of the Database. All rights not expressly granted to Client hereunder shall remain the exclusive property and right of the Company. Consistent with the terms of this Agreement, Client shall perform all lawful acts and execute such instruments as Company may reasonably request to confirm, evidence, maintain or protect Company’s rights in, to and under the Database.
3.1 Term of Agreement. The term of this Agreement (Subscription Term) shall commence on the date set forth above (the “Commencement Date”) and shall continue indefinitely, unless otherwise specified in Special Terms defined in Exhibit 1 of this agreement or terminated earlier in accordance with the provisions of this Agreement. The Agreement will automatically renew for successive one (1) year periods (each a “Renewal Term”) unless either Party provides written notice of non-renewal to the other Party at least sixty (60) days prior to the end of the then-current term. The Initial Term and any subsequent Renewal Terms are collectively referred to as the “Term” of this Agreement.
3.2 Special Terms. Any arrangements and Subscription Terms agreed upon between Company and Client as outlined in Exhibit 1 supersede terms and conditions outlined elsewhere in this agreement.
4.1 Client Qualifications. Client represents that each Authorized User is a bona fide employee or contractor of the Client. Client will not provide access to the Database to any person that is not an Authorized User. Any such access constitutes unauthorized sub-licensing in breach of this Agreement.
4.2 Regulatory and Professional Liability. Client acknowledges that the Database and the information therein does not constitute medical advice or opinions, and its use does not guarantee any success regarding any treatment or therapeutic regimen offered to any patient under the Client's care. Client shall be solely responsible for any and all regulatory compliance and matters of professional decision-making. Company shall not be liable for Client’s compliance, including, but not limited to, with respect to any professional practice or reporting obligations. Client shall ensure that all Authorized Users who are licensed medical professionals maintain professional malpractice insurance in the amounts consistent with other such professionals with similar size practices in the same area of operation as Client.
4.3 HIPAA Business Associate Agreement. Client acknowledges that the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) and other laws protect confidentiality of and restrict or prohibit access to certain patient information. As a condition to the effectiveness of this Agreement, Client shall execute and deliver to Company a HIPAA Business Associate Agreement. Company shall safeguard all personal identifying information in its possession in compliance with HIPAA, the applicable Business Associate Agreement, and all other applicable confidentiality laws. Client is solely responsible for ensuring its own compliance with HIPAA and any other applicable privacy regulations when collecting, entering, or using patient data within the Services.
4.4 International Privacy Addendum. Where Client or its patients are located outside the United States, each Party shall comply, to the extent applicable, with international data protection laws, including the EU General Data Protection Regulation (“GDPR”), the United Kingdom Data Protection Act 2018, including the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), Australia’s Privacy Act 1988, and New Zealand’s Privacy Act 2020. To the extent personal data is accessed, stored, or processed outside the jurisdiction of origin, Company agrees to implement and maintain appropriate safeguards to ensure lawful cross-border data transfers.
4.5 Use of Consumer App. Client acknowledges and agrees that any data provided through the Database is for information purposes and Client and each Authorized User shall be solely responsible for making diagnostic and treatment decisions. Company shall have no liability for any actions taken or not taken by Client, any Authorized User, any patient or any agent, employee, or other service provider of any of them in connection with the use of the Database. Client shall not predicate any patient’s treatment on that patient’s use of the Consumer App.
4.6 License of Deidentified Database Information. Client hereby grants and agrees to grant to Company a royalty-free, perpetual, irrevocable, transferrable, worldwide license, with the right to sublicense, to directly or indirectly use, publish, disclose, distribute, transfer, aggregate, analyze, commercialize, provide access to, and otherwise exploit any and all Database Information that has been Deidentified, for any and all purposes, to the extent permitted by applicable law. For purposes of this Agreement, “Deidentification” or “Deidentify” means the process of removing, coding or otherwise eliminating or concealing data elements to de-identify data in accordance with the de-identification standards of HIPAA, including 45 CFR §§ 164.502(d) and 164.514 or any successor regulation. Data that is “Deidentified” is data that has undergone Deidentification. Notwithstanding anything herein to the contrary, the Parties acknowledge that the Client may not confer any right to PHI that would be in violation of HIPAA. The license granted herein is not intended, and shall not be interpreted, to be a license of PHI that would be in violation of HIPAA.
4.7 Copying. Copying and Disclosure. An Authorized User shall not share the Database, Database Information, or any information derived from Database Information, with anyone who is not an Authorized User under this Agreement, except as necessary in furtherance of an individual patient’s treatment. The prohibition on disclosure or access to the Database, Database Information, or any derived information does not apply to disclosures required by HIPAA or other applicable law, including requests made by a patient or their authorized representative. However, Client shall not solicit or cause a patient or their representative to make such a request for the purpose of circumventing this Agreement. The contents of the Database may not be sold, recompiled, or manipulated in any manner. Any use of the Database or Database Information by Client in publications, studies, professional papers, Client marketing materials, or other materials must include proper attribution to Company.
4.7.1 Use Limitations on IMPACT Registry Data. Notwithstanding the permitted uses set forth in Section 4.7, data derived from the IMPACT Registry shall not be used for purposes other than internal benchmarking, research, and Client practice promotion, as specifically outlined herein. IMPACT Registry data may not be sublicensed, transferred, or disclosed for third-party use or broader commercial application, including but not limited to pharmaceutical, biotechnology, or medical device industry use, without the prior express written consent of Company.
4.7.2 Acknowledgment and Notification Requirements. Client may only publish or present data derived from the global IMPACT Registry with prior written approval from Company. Any such use of aggregated, multicenter, or registry-wide data for research, publication, or public dissemination must follow a formal request process administered by Company, which may include a scientific review, feasibility assessment, and data access governance in alignment with the Company’s registry research framework. Unauthorized use of global IMPACT Registry data for publication is strictly prohibited.
Client may, however, publish or present analyses based solely on their own patient data collected through the DataBiologics platform without prior approval, provided that the publication does not represent or imply use of aggregate registry data or outcomes beyond their own practice. Any such publications or presentations must clearly acknowledge that Company served as the data collection and outcomes tracking platform, using phrasing such as:
“This study is based on patient data collected using the Company outcomes platform.”
“Clinical outcomes were collected and managed via the Company software solution.”
“Data for this retrospective review were obtained through the Company patient-reported outcomes system.”
The acknowledgment must include the following disclaimer or its equivalent:
“Company is not responsible for and does not necessarily endorse the analysis or conclusions presented herein.”
Client shall notify Company in writing prior to submission or presentation of any such work and must provide a final copy of the abstract, manuscript, poster, or presentation upon completion. These materials may be referenced or highlighted by Company, with attribution to the Client and authors, for educational or promotional purposes.
Any questions regarding permissible data use for research or publication should be directed to Company in advance of any submission or analysis planning.
4.8 Permitted Uses of Data. Data collected from Client’s patients through the platform may be used for the following purposes, provided it is consistent with the applicable Subscription Plan and does not violate HIPAA or other applicable regulations:
4.8.1 Research and Publications. Data may be used for scientific research, webinars, podium presentations, and publications on which Client or a Client affiliated licensed provider is an author or co-author provided that Company has the right but not the obligation to review any such presentations or publications prior to public disclosure. Company shall not unreasonably withhold its approval of any such public disclosure. If Company employees collaborate with Client on a scientific publication, those individuals will be listed as co-authors in accordance with the guidelines issued by the International Committee of Medical Journal Editors. Client agrees to acknowledge the contribution of Company in all publishable work arising from the analysis. Copies of such publications, presentations, and abstracts must be provided to Company and may be featured on Company’s website.
4.8.1.1 Acknowledgement. The acknowledgement must include the following wording: “This article is based [in whole] [in part] on reports and/or analyses from the Company' IMPACT Registry. Company is not responsible for and does not necessarily endorse the analysis or conclusions in this article.”
4.8.2 Practice Promotion and Patient Conversations. In accordance with Client's Subscription Plan, Data from the Database may be used by the Client in patient conversations, promotion of the Client’s medical practice, and within continuing medical education accredited training programs.
4.8.3 No Licenses to Third-Parties. Database shall not be provided to unauthorized parties for any use, including but not limited to research, or promotion of pharmaceutical, biotechnology, medical device companies or other commercial interests without express written permission from Company.
4.8.4 Permission for Additional Uses. If Client wishes to use the Database or Database Information for purposes not expressly permitted under this Agreement, Client must request and obtain prior written approval from Company.
4.9 Data Integrity and Ownership. Client acknowledges that all data collected through the DataBiologics platform, including patient data, is subject to the data integrity and security standards of the platform. The Client retains ownership of their patient data, but the Company retains ownership of the Database and the aggregated data derived from it. The use of the Database or any derived information must comply with the terms of this Agreement and applicable laws.
4.10 Notification of Infringement. Client shall promptly notify Company of unauthorized use or breach of this Agreement which Client learns of or suspects. Client shall take reasonable steps requested by Company to stop such activity. Client shall cooperate with Company in any investigation of infringement or unauthorized use.
4.11 Special Terms. Any special permissions and terms agreed upon between Company and Client as outlined in Exhibit 1 supersede terms and conditions outlined elsewhere in this agreement.
5.1 Termination by Company. Company may, in its sole discretion, suspend or terminate Client’s account and access to the platform without prior notice, for any reason, including but not limited to if Company determines that Client or any Authorized User: (a) has violated any term or condition of this Agreement; (b) has violated the rights of Company, its partners, or third parties; (c) has engaged in any conduct that is harmful, unlawful, or otherwise inappropriate for continued access to the platform; (d) has maintained an inactive account for an extended period, as determined by Company; or (e) in the event of subscription cancellation or non-payment.
5.2 Non-Payment by Client. In the event of subscription cancellation or non-payment, Company reserves the right, at its sole discretion, to downgrade Client's account to a free subscription level, allowing Company to continue to be contracted with the Client under an the Business Associate Agreement (“BAA”) so that patient data may continue to be collected. Client retains the right to terminate this engagement entirely with sixty (60) days’ written notice to Company. If Client terminates engagement prior to contracted term, Client will be responsible for any remaining fees due to Company in accordance with the term defined in section 3 and fees outlined in Section 6.
5.3 Effect Of Termination. Upon the termination, expiration or non-renewal of this Agreement: (a) neither Party shall be discharged from any previously accrued obligation which remains outstanding; (b) Client’s and each Authorized User’s access and license to access or otherwise utilize the Database shall cease; (c) Client’s patients shall no longer have access to the Consumer App; and (d) Client shall pay any compensation to Company that has been earned, but unpaid, prior to the termination, expiration, or nonrenewal date. Client acknowledges and agrees that Company shall not be liable to Client or any third party for any claims, damages, or liabilities arising out of any termination, suspension, downgrading, or other actions taken by Company in connection therewith.
5.4 Termination or Modification for Legal or Regulatory Purposes. In the event (a) any federal, state or local law or regulation is enacted or issued, (b) a court of competent jurisdiction or another government authority or an accrediting body with jurisdiction over any Party hereto, or (c) any Party hereto receives an opinion of qualified outside legal counsel stating, in each case, that this Agreement or the obligations to be performed hereunder are illegal or unenforceable, in whole or in part, then the Parties agree to negotiate in good faith for a period of thirty (30) days to restructure this Agreement so as to eliminate the illegal or unenforceable or detrimental aspects while retaining the intent and purpose of this Agreement. If the Parties are unable to agree, within such thirty (30) day period, upon a restructuring of this Agreement, then either Party may terminate this Agreement upon providing at least ten (10) days prior written notice of termination to the other Party.
5.5 Delivery of Patient Data. Upon termination, Company will use reasonable efforts to provide Client with the patient data that is maintained on the Database of Client’s patients. Requests requiring work beyond what Company deems as reasonable effort may require additional fees and scope.
6.1 Subscriptions and Fees. Client agrees to pay fees based on the subscription plan enrolled at the time of entering this Agreement, as determined by the payment link and/or invoices provided by the Company. The applicable fees may vary depending on the subscription level chosen, the number of users, or additional services requested. Payment for all fees will be processed in accordance with the payment method selected by Client in the payment link.
6.2 Billing and Payments. Subscription fees are billed in accordance with the subscription payment plan, as selected and agreed to by the Client, and will automatically renew indefinitely unless terminated in accordance with this Agreement. The Client may upgrade or modify their subscription plan either through the platform or by contacting a DataBiologics representative. Any subsequent subscription plan enrollment, payment links, or invoicing schedules will supercede prior plan enrollments. The Company reserves the right to adjust fees at any time without prior notice. Any changes in fees will be reflected in future billing cycles in accordance with the plan and terms agreed upon.
6.3 Flexible Pricing & Automated Onboarding. Company offers subscription services with pricing determined based on the subscription plan and terms selected by the Client at the time of enrollment. The specific pricing, features, and applicable terms are set forth in the subscription documentation, payment links, and/or invoices provided by Company during the onboarding process (the “Subscription Terms”). These Subscription Terms shall form an integral part of this Agreement and be deemed incorporated herein by reference.
Client may upgrade their subscription, including but not limited to adding additional users, features, or services, at any time through the DataBiologics platform or via written or electronic request to Company. By initiating such upgrades, Client agrees to the updated pricing and terms applicable to the selected plan, which shall immediately become binding and supersede any prior Subscription Terms, without the need for a formal amendment to this Agreement.
Company may facilitate the onboarding of Clients and Authorized Users through automated digital workflows. Acceptance of the Subscription Terms and this Agreement by electronic means, including checkbox assent or digital signature, shall constitute valid and binding acceptance by Client.
7.1 Limitation on Liability. IN NO EVENT SHALL COMPANY BE LIABLE TO PHYSICIAN OR ANY OF PHYSICIAN’S AUTHORIZED USERS, PATIENTS, EMPLOYEES, CONTRACTORS, AGENTS OR REPRESENTATIVES FOR ANY SPECIAL, INCIDENTAL, INDIRECT, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF THE USE OF THE DATABASE OR THE INFORMATION THEREIN OR IN CONNECTION WITH THIS AGREEMENT. IN NO EVENT SHALL COMPANY’S AGGREGATE LIABILITY FOR ANY DAMAGES ARISING FROM OR IN CONNECTION WITH THIS AGREEMENT EXCEED THE FEES PAID TO COMPANY HEREUNDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE ACT OR OMISSION RESULTING IN LIABILITY, REGARDLESS OF THE FORM OF ACTION.
7.2 Indemnification. Client agrees to indemnify, defend and hold harmless Company and its owners, officers, directors, managers, employees, agents, representatives, successors and assigns (each a “Company Indemnitee”) from and against any and all losses, demands, audits, causes of action, judgments, claims, lawsuits, proceedings, liabilities, penalties, fines, damages, debts, costs and expenses (including reasonable attorneys’ fees and court costs) of every kind and nature (“Claims”) imposed upon, incurred by, or asserted against any Company Indemnitee in any way arising out of or in connection with this Agreement resulting from (a) Client’s breach of this Agreement or default in any performance obligation of Client hereunder, (b) the negligence or willful misconduct of Client or any of its employees, agents, contractors, subcontractors, Authorized Users, or any other person acting at its direction or on its behalf or (c) any actions taken or not taken by Client, any Authorized User, any patient or any agent, employee, or other service provider of any of them in connection with the use of the Database. Company agrees to indemnify, defend, and hold harmless Client from and against any claims, fines, or penalties arising from Company’s material breach of its obligations under HIPAA, the Business Associate Agreement, or any applicable international data protection addendum, to the extent such breach is not caused by Client. Company’s indemnity covers regulatory penalties from Company’s breach of privacy law. Any Company Indemnitee seeking indemnification pursuant to this provision shall give Client notice promptly after learning of any Claim in respect to which indemnification is covered under this provision. The provisions of this Section 7.2 shall survive the termination, expiration or nonrenewal of this Agreement.
This Agreement and the Exhibits attached hereto constitute the complete and exclusive statement of the agreement among the Parties with respect to the subject matter hereof and supersedes all prior agreements and understandings, written, oral or otherwise, with respect to such subject No agreements, promises, covenants, representations, warranties or indemnities have been made or relied upon by any of the Parties hereto, other than those that are expressly set forth herein.
8.1 Amendments; Waivers. No amendment, modification, or waiver of any provision of this Agreement shall be binding unless in writing and signed by the Party against whom the operation of such amendment, modification, or waiver is sought to the enforced. No delay in the exercise of any right shall be deemed a waiver thereof, and no waiver of a right or remedy in a particular instance shall constitute a waiver of such right or remedy generally.
8.2 Assignment. Neither Party may assign this Agreement or any rights under this Agreement, or delegate any duties under this Agreement, without the other Party’s prior written consent. Notwithstanding the foregoing, Company may utilize subcontractors to provide services, consistent with the terms of this Agreement.
8.3 Binding Effect. This Agreement shall be binding upon and inure to the benefit of the Parties hereto, and their respective heirs, executors, administrators, successors and permitted assigns.
8.4 Counterparts. This Agreement may be executed in any number of counterparts, each of which shall be deemed to be an original as against any Party whose signature appears thereon, and all of which shall together constitute one and the same instrument. This Agreement shall become binding when one or more counterparts hereof, individually or taken together, shall bear the signatures of all the Parties reflected herein as the signatories. Signatures transmitted by facsimile or pdf/email transmission shall be deemed originals for this purpose.
8.5 Publicity. Notwithstanding the foregoing, Company may, in its sole discretion: (a) identify Client as customer of Company in any public communications; and (b) publish and display the Client’s logo or other registered mark on its website or other software assets, including the Portal and Consumer App, and in any advertising materials.
8.6 Force Majeure. Except with respect to payment obligations, neither Party will be liable for any failure or inability to perform, or delay in performing, such Party’s obligations under this Agreement if such failure, inability or delay arises from an extraordinary cause beyond the reasonable control of the nonperforming Party; provided that such Party diligently and in good faith attempts to cure such nonperformance as promptly as reasonably practicable.
8.7 Further Assurances. Each Party agrees to promptly execute and deliver to the other Party such further documents, instruments and assurances and take such further actions as the other Party may reasonably request in order to carry out the intent and purpose of this Agreement and to establish and protect the rights and remedies created or intended to be created hereunder.
8.8 Governing Law. All issues and questions concerning the construction, validity, enforcement and interpretation of this Agreement shall be governed by, and construed in accordance with, the laws of the State of Delaware without giving effect to any choice of law or conflict of law rules or provisions that would cause the application of the laws of any other jurisdiction. Notwithstanding the foregoing, for purposes of international privacy compliance (e.g., EU GDPR Standard Contractual Clauses), the applicable governing law shall be that of the data subject’s jurisdiction where required.
8.9 Disputes. Any dispute arising under or in connection with this Agreement or the Database or services provided by Company (whether provided or allegedly not provided) shall be resolved exclusively by arbitration, conducted in English before the American Arbitration Association in Maricopa County, Arizona, according to its commercial rules in effect at the outset. The arbitrator shall not have authority to add to, detract from, or modify this Agreement nor to award punitive damages. The arbitrator’s decision shall be final and binding. Judgment may be entered on the award in any court having jurisdiction. Each party shall be responsible for the party’s attorney fees and costs. Costs of the arbitrator shall be shared equally. Any arbitration or legal proceeding arising from or relating to this Agreement must be brought no later than one (1) year from the date the claim arises, unless concealed and if concealed shall be subject to the applicable statute of limitations.
8.10 No Third-Party Beneficiary. Except as specifically set forth herein, the provisions of this Agreement are intended to be and shall be binding upon and for the benefit of only the Parties hereto, and no provisions of this Agreement are intended to be or shall be for the benefit of any third party, nor shall any third party have any rights hereunder or any right to enforce the terms of this Agreement against any Party hereto.
8.11 No Strict Construction. The Parties hereto have participated jointly in the negotiation and drafting of this Agreement. In the event an ambiguity or question of intent or interpretation arises, this Agreement shall be construed as if drafted jointly by the Parties hereto, and no presumption or burden of proof shall arise favoring or disfavoring any Party hereto by virtue of the authorship of any of the provisions of this Agreement.
8.12 Notices. Any notice or document required or permitted to be given under this Agreement shall be deemed to be given: (a) if deposited in the United States mail, postage, prepaid, certified mail, return receipt requested, on the third (3rd) day following mailing or (b) if deposited with a commercial overnight delivery service, on the day following deposit. Notice shall be addressed to the recipient at the address set forth on the first page of this Agreement, or such other address or addresses as the Parties may designate from time to time by notice satisfactory under this Section 8.12.
8.13 Severability. If any provision of this Agreement shall be deemed by a court of competent jurisdiction to be legally invalid or unenforceable, then the validity and enforceability of the remainder of the Agreement shall not be affected and such provision shall be deemed modified to the minimum extent necessary to make such provision consistent with applicable law, and, in its modified form, such provision shall then be enforceable.
8.14 Titles and Captions. All articles, section and paragraph titles and captions contained in this Agreement are for convenience only and are not deemed a part of the context hereof.
8.15 Electronic Execution. This Agreement and all related agreements, including any Exhibits or referenced documents such as the Business Associate Agreement or Pricing Schedule, may be executed electronically, including through digital signature platforms or interfaces provided by the Company. The Parties agree that electronic signatures have the same force and effect as handwritten signatures and acknowledge that execution via the Company’s digital workflow shall constitute valid and binding acceptance of the terms herein.
EXHIBIT A: BUSINESS ASSOCIATE AGREEMENT ADDENDUM
THIS BUSINESS ASSOCIATE AGREEMENT (this “Addendum”) is incorporated by reference into the Services Agreement (“Agreement”) between DataBiologics, Inc. (“Company,” or the “Business Associate”) and the counterparty identified as “Client” in the Agreement (“Covered Entity”). Covered Entity and Business Associate may hereinafter be referred to individually as a “Party” and collectively the “Parties.” It forms an integral part of those Agreements and is effective as of the date of execution or acceptance thereof.
WHEREAS, the Parties have entered into one or more agreements for the provision of services/products (the “Underlying Contracts”); and
WHEREAS, the Underlying Contracts require Business Associate to be provided with, to have access to, and/or to create Protected Health Information (as defined in 45 C.F.R. § 160.103) on behalf of Covered Entity that is subject to the federal privacy regulations (the “Privacy Rule”) and the federal security regulations (the “Security Rule”) issued pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”) and codified at 45 C.F.R. parts 160 and 164, and the Health Information Technology for Economic and Clinical Health Act and any rules promulgated thereunder (“HITECH Act”) as may be amended from time-to-time; and
WHEREAS, the Parties desire to meet their obligations under the Privacy Rule, Security Rule, HIPAA and the HITECH Act; and
WHEREAS, the Parties desire to make procedural arrangements to assure that their business relationships meet these regulatory requirements as of the required compliance date(s); and
WHEREAS, the Parties desire to set forth the terms and conditions pursuant to which Protected Health Information that is provided to, or created or received by, the Business Associate on behalf of the Covered Entity, will be handled between themselves and third parties; and
WHEREAS, the Parties desire to set forth the terms and conditions pursuant to which any Breach of Unsecured Protected Health Information is reported.
NOW, THEREFORE, in consideration of the foregoing and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:
Unless otherwise defined in this Agreement, all capitalized terms used in this Agreement have the meanings ascribed to them in the Privacy Rule, the Security Rule, HIPAA, and/or the HITECH Act.
1.1 “Breach” shall mean the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.
1.2 “Electronic PHI” shall mean Electronic Protected Health Information, as defined in 45 C.F.R. § 160.103, limited to the information received from or created or received by Business Associate on behalf of Covered Entity.
1.3 “PHI” shall mean Protected Health Information, as defined in 45 C.F.R. § 160.103, limited to the information received from or created or received by Business Associate on behalf of Covered Entity.
1.4 “Required by Law” shall mean, as defined in 45 C.F.R. § 160.103, a mandate contained in law that compels an entity to make a use or disclosure of Protected Health Information and that is enforceable in a court of law. Required by Law shall include, but is not limited to, court orders and court-ordered warrants; subpoenas or summons issued by a court, grand jury, a governmental or trial inspector general, or an administrative body authorized to require the production of information; a civil or an authorized investigative demand; Medicare conditions of participation with respect to health care providers participating in the program; and statutes or regulations that require the production of information, including statutes or regulations that require such information if payment is sought under a government program providing public benefits.
1.5 “Secretary” shall mean the Secretary of the Department Health and Human Services or his or her designee.
1.6 “Subcontractor” shall mean, as defined in 45 C.F.R. § 160.103, a person to whom Business Associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of Business Associate.
1.7 “Unsecured PHI” shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary.
2.1 Obligations of Business Associate. Business Associate agrees to:
2.2 Permitted Uses and Disclosures of PHI by Business Associate. Except as otherwise specified in this Agreement, Business Associate may use and disclose the PHI as reasonably necessary to perform its obligations under the Underlying Contracts. Unless otherwise limited herein, Business Associate may (a) use the PHI in its possession for its proper management and administration and to carry out the legal responsibilities of Business Associate; (b) disclose the PHI in its possession to a third party for the purpose of Business Associate’s proper management and administration or to carry out the legal responsibilities of Business Associate, provided that the disclosures are Required by Law or Business Associate obtains reasonable assurances from the third party that (i) the information will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the third party, and (ii) the third party will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information has been breached; and (c) provide data aggregation services to Covered Entity.
2.3 Prohibited Access and Use of Certain PHI by Business Associate. Business Associate understands and agrees that it will not access or use any PHI of any patient except for those patients whose accounts have been assigned to Business Associate, and it will further limit access to that PHI to that which is necessary to the activities undertaken by Business Associate on behalf of Covered Entity.
2.3 Obligations of Covered Entity. Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices in accordance with 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
2.4 Effect of Changes to the Law. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the Privacy Rule, the Security Rule, HIPAA, HITECH Act, and applicable state privacy and security laws and regulations.
3.1 Effective Date. This Agreement is effective as of the as of the date of execution of this Agreement. This Agreement shall continue in effect unless terminated as provided in Sections 3.2 or 3.3.
3.2 Termination without Cause. This Agreement shall terminate when (a) all of the PHI obtained from Covered Entity or created or obtained by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity as Required by Law, or (b) each Underlying Contract has terminated or expired, provided that if it is infeasible to return or destroy the PHI, protections shall be extended to such information in accordance with Section 2.1.17 of this Agreement.
3.3 Termination for Cause. If either Party knows of a pattern of activity or practice of the other Party that constitutes a material breach or violation of this Agreement, then the Party shall provide written notice of the breach or violation to the other Party that specifies the nature of the breach or violation. The breaching Party must cure the breach or end the violation on or before thirty (30) days after receipt of the written notice. In the absence of a cure reasonably satisfactory to the non-breaching Party within the specified time frame, or in the event the breach is reasonably incapable of cure, then the non-breaching Party may do the following: (a) if feasible, terminate this Agreement and any and all Underlying Contracts; or (b) if termination of this Agreement or the Underlying Contracts is infeasible, report the issue to the Department of Health and Human Services.
Notwithstanding the foregoing, Covered Entity may immediately terminate this Agreement and any and all Underlying Contracts if Covered Entity determines that Business Associate has breached a material term of this Agreement.
4.1 Independent Contractors. Business Associate and Covered Entity agree that they are independent parties and not employees, partners, or party to a joint venture of any kind.
4.2 Regulatory References. A reference in this Agreement to a section of the Privacy Rule, Security Rule, HIPAA, or HITECH Act means the section as in effect or as amended.
4.3 Interpretation. As of the Effective Date, the terms of this Agreement shall prevail in the case of any conflict with the terms of any Underlying Contract to the extent of the conflict and only to the extent that it is reasonably impossible to comply with both the terms of the Underlying Contract and the terms of this Agreement.
4.4 No Third Party Beneficiaries. Nothing in this Agreement shall confer upon any person other than the Parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.
4.5 Right to Audit. Business Associate understands and agrees that its access to PHI stored in databases and information systems at Covered Entity is subject to review and audit by Covered Entity at any time, that remote audits of such access may occur at any time, on-site audits of such access will be conducted during regular business hours, and that any review or audit may occur with or without prior notice to Business Associate by Covered Entity.
4.6 Notices. Any notice or document required or permitted to be given under this Agreement shall be deemed to be given on the date such notice is (i) deposited in the United States mail, postage, prepaid, certified mail, return receipt requested or (ii) deposited with a commercial overnight delivery service, to the principal business address of the recipient as set forth above, or such other address or addresses as a Party may designate from time-to time by notice satisfactory under this section.
4.7 Governing Law; Jurisdiction. All issues and questions concerning the construction, validity, enforcement and interpretation of this Agreement shall be governed by, and construed in accordance with, the laws of the State of New Jersey without giving effect to any choice of law or conflict of law rules or provisions that would cause the application of the laws of any other jurisdiction. Any litigation brought hereunder shall be conducted in the State or Federal courts located in the State of Arizona.
4.8 Counterparts. This Agreement may be executed in any number of counterparts, each of which shall be deemed to be an original as against any Party whose signature appears thereon, and all of which shall together constitute one and the same instrument. This Agreement shall become binding when one or more counterparts hereof, individually or taken together, shall bear the signatures of all the Parties reflected herein as the signatories. Signatures transmitted by facsimile or pdf/email transmission shall be deemed originals for this purpose. The Parties agree that the electronic signatures, whether digital or encrypted, of the Parties included in this Agreement are intended to authenticate this writing and to have the same force and effect as manual signatures.
By electronically accepting the Services Agreement and this Addendum (including through a checkbox, click-wrap mechanism, digital signature, or similar electronic acceptance workflow), each Party agrees to be bound by all terms of this Addendum as of the date of such acceptance (the “Effective Date”).
No handwritten signature, printed name, or separately dated signature page is required.
