Last Modified on November 13, 2020

Implementation approach and support

• Implementation includes up to 20 hours of dedicated implementation time to be used within the first 120 days after contract signature. Additional hours can be purchased for an additional fee as quoted under Professional Services.
• You should appoint a project lead from your team to be responsible for the success of the project and serve as 1MP’s main point of contact throughout.
• Web-based training for physician office staff (where applicable) is available for an additional fee as quoted under Professional Services.

Project Management

• A project manager will be assigned to your implementation to guide you through project planning, configuration, training, activation, and post-go live transition.
• Implementation is conducted remotely, via webinar, emails, and phone calls. Onsite training may be requested for an additional fee.

Medical Passport configuration

• We will configure Medical Passport from our library of available preop questions to include the questions you want to ask patients in your preop screening process.
• We will work with you to choose from our library of forms (demographic/insurance, anesthesia preop, nursing assessment, etc.) the ones that you would like to use to display each patient’s information. There is no additional charge for charts created from our existing library.
• If the forms in our library do not fit the workflow at your facility, we can create custom forms for you for an additional charge. Note: Due to space requirements for printing patient data, it is not possible to duplicate existing paper forms exactly.
• All customization of forms and “text reports” will be billable at the Forms Customization rate quoted under Professional Services

Scheduling feed set up

Last Modified on October 9, 2020

1. Agreement.  As referred to herein, the “Agreement” consists of these Terms and Conditions, the Order Summary that incorporates these Terms and Conditions by reference, and any additional order or proposal executed by the parties that incorporates these Terms and Conditions, together with all exhibits, policies and addenda that are incorporated herein by reference, including the then-current Terms of Service  and Privacy Policy, both of which may be periodically updated as needed.

2. Cloud Services. The Order Summary that incorporates these Terms and Conditions by reference (the “Order Summary”) sets forth all software-based services that we have agreed to provide and you have agreed to purchase. These are collectively referred to in this Agreement as the “Cloud Services.” During the Term (defined below), we will provide the non-exclusive right for your employees, independent contractors and affiliated physicians who have been assigned a user ID and password (“Authorized Users”) to access and use the Cloud Services for your internal business purposes, and for patients scheduled for a procedure at your facility and/or their legal guardians (“Patients”) to access and use the Cloud Services for their personal purposes. See the Order Summary for additional information and terms related to the Cloud Services.

3. Implementation and Support Services. We will provide implementation services to you as set forth in the Order Summary. We will provide support services to you and your Authorized Users as described in the Service Level Agreement  

4. Upgrades/versioning. As a subscriber to the Cloud Services, you will have access to any new functionality added to the Cloud Services to which you subscribe, at no additional charge.

5. Fees and Billing. You agree to pay all fees for the Cloud Services you have selected as set forth in the Order Summary. We will bill you quarterly, typically in advance of the service period, and you will have thirty (30) days from the start of each new quarter or the date of the invoice, whichever is later, to pay all fees for that service period. Amounts that remain unpaid more than thirty (30) days after the due date are subject to interest at the lesser of 1.5% per month or the maximum rate permitted by law.

6. Taxes.  You agree to pay all taxes that we are required by law to collect as a result of your Cloud Service Fees, including any applicable transaction, local, value-added, sales, or service taxes. All of our fees are exclusive of any such taxes, duties, levies or fees.

7. Our Information Security Obligations

a. We will comply with all relevant privacy and security requirements applicable to Business Associates (as defined in HIPAA), including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”). In addition, we will comply with the Business Associate Agreement (the “BAA”), which is incorporated by reference as part of this Agreement.

b. In accordance with the HIPAA Security Rule, we will use commercially reasonable administrative, physical and technical safeguards, including encryption, to guard against the unauthorized access, alteration, destruction or loss of demographic, insurance, medical history, diagnostic testing results, and other personal data of Patients that has been entered, updated or modified in the Cloud Services by a Patient or Authorized User (“Patient Medical Information”) and is stored by the Cloud Services or in transit from the Cloud Services.

c. We will store and process all Patient Medical Information using systems located in the United States. 

d. We will use a current industry-standard, real-time intrusion detection system. We will actively monitor the intrusion detection system for signatures that correspond to attempts at breaking the security of the Cloud Services. Along with the deployment of such a system, we will adopt and follow operational procedures to disable the source of any perceived attack and escalation procedures to notify you for follow-up action.

e. We will perform industry-standard backup procedures.   

f. We will use industry-standard virus, worm and virus-like damaging code (collectively “Virus”) prevention measures. If a Virus is found to have been introduced into the Cloud Services or to your data, we will, at no additional charge to you, use commercially reasonable efforts to reduce the effects of the Virus and to mitigate and restore any damage or loss to the Cloud Services or your data, in addition to your other remedies at law or in equity. The anti-Virus solution will be configured to receive regularly scheduled updates to ensure appropriate protection of information assets.

g. We will not allow access to any Protected Health Information, as defined under HIPAA (“PHI”), that is not required for the performance of the Cloud Services. 

8. Your Information Security Obligations. 

a. Patient Medical Information that you or your Authorized Users process and/or download using the Cloud Services is deemed “Processed Medical Information.” You are responsible for protecting the integrity, security and confidentiality of Processed Medical Information in the same manner as you protect all other PHI in your possession.

b. You will use best efforts to ensure that each Authorized User will: (i) be responsible for the security and/or use of his or her user ID and password; (ii) not permit any other person or entity to use his or her user ID and password; and (iii) access and use the Cloud Services only in accordance with all applicable local, state, and federal laws and regulations. You are responsible for any breach of this Agreement by Authorized Users. 

9. Confidentiality. If the parties have entered into a separate agreement that includes restrictions on the use or disclosure of confidential information, such as a separate Non-Disclosure Agreement, and one of the confidentiality provisions conflicts with a confidentiality provision in this Section, then the provision that affords a greater level of protection to the protected Party will control and be enforced to the maximum extent permitted by law.

a. As used in this Agreement, “Confidential Information” means (i) PHI; (ii) this original written Agreement, any paper or electronic copies thereof, and its material terms; (iii) trade secrets, computer code, algorithms, inventions (whether or not patentable), techniques, software design and architecture, private specifications, performance information, non-public documentation, names and expertise of employees, consultants, customers and prospects; and business, financial, and product development plans and forecasts; and (iv) information that is conspicuously marked as “confidential” or “proprietary,” information disclosed verbally that is designated as “confidential” or “proprietary” at the time of disclosure, and information that, by its nature, would reasonably be considered as confidential to any other person, firm or corporation. 

b. Confidential Information, other than PHI, does not include (i) information that is independently developed by the receiving party without the use of the disclosing party’s Confidential Information, as shown by the receiving party’s written business records; (ii) information that is known by a receiving party prior to disclosure by the disclosing party as shown by the receiving party’s written business records; or (iii) information that is or becomes generally available to the receiving party or the public other than through a violation of this Agreement.

c. A party shall not disclose the other party’s Confidential Information except (i) on a need-to-know basis, to its agents, employees and representatives who are bound by confidentiality restrictions at least as stringent as those stated in this Agreement; or (ii) as required by law, governmental regulation or requirement, court order, or subpoena, in which case and subject to applicable law, the receiving party shall provide prompt notice to the disclosing party so that the disclosing party may seek a protective order or other appropriate remedy. A party shall not use Confidential Information of the other party except as required to perform its obligations under this Agreement.

d. Each party shall use the same degree of care to protect the other party’s Confidential Information that it uses to protect its own highly confidential information from unauthorized disclosure, but (i) in no event shall either party use less than a commercially reasonable degree of care and (ii) nothing in this Section shall diminish a party’s other obligations under this Agreement with respect to information security. 

10. Term. Unless otherwise set forth in the applicable Order Summary, the initial term of this Agreement (the “Initial Term”) will begin on the first day of the month that is at least thirty (30) days after the signature date of the Agreement, and will continue for the period set forth in the Order Summary, unless terminated earlier by either party pursuant to this Agreement.  This Agreement shall automatically renew for successive terms as defined in the Order Summary (each a “Renewal Term,” and collectively, the Initial Term and all Renewal Terms are defined as the “Term”) unless written notice of non-renewal is received by either party at least sixty (60) days prior to the end of the then-current Term.

11. Termination

a. By Client. You have the right, upon written notice to us, to terminate this Agreement if 1MP breaches any material term or condition of this Agreement, provided such breach is not cured or substantial efforts to cure are not commenced by 1MP within thirty (30) calendar days following your written notice to 1MP of such breach. 

b. By 1MP. We have the right, upon written notice to you, to terminate this Agreement if: (i) you breach any material term or condition of this Agreement, provided such breach is not cured or substantial efforts to cure are not commenced by you within thirty (30) calendar days following 1MP's written notice to you of such breach; (ii) at the end of the Initial Term or any Renewal Term, in accordance with Section 10 (“Term”); or (iii) 1MP determines to cease its business operations related to providing the Cloud Services, provided that 1MP provides ninety (90) calendar days prior written notice to Client.

12. Effect of Termination.  Upon the termination of this Agreement:

a. Your access to the Cloud Services will terminate.

b. Unless otherwise authorized, each party will promptly return or certify in writing the destruction of the other party’s Confidential Information, including any electronic files stored in the Cloud Services, not more than thirty (30) days following the effective date of termination or expiration of this Agreement.  However, 1MP shall not be required to return or destroy Patient Medical Information or data that is archived as part of its standard backup procedures.

c. 1MP will extend the same security and protections as it was required to provide during the Term of this Agreement to any retained Confidential Information for so long as it retains such Confidential Information.

d. Each party will continue to comply with its confidentiality obligations under this Agreement. 

e. If you purchase the Archive Module and later choose not to renew Archive, we will, upon your request, make your previously uploaded documents available for transfer to you.  Such documents will be provided as unencrypted PDF files on a secure FTP folder. These documents will be available for 14 days from the time the FTP access is granted.  Upon your request, a separate file will also be provided that identifies the patient, procedure date and document type based on the PDF file name. The Archive files stored in the Cloud Services will be deleted after 60 days, consistent with Subsection 12(b) above.

13. Suspension. We may immediately suspend or block all or part of the Cloud Services by sending you a written notice of suspension if we have the right to terminate this Agreement, in lieu of termination or prior to termination. Notwithstanding the foregoing, we will endeavor in good faith to provide you with advance notice of any suspension in accordance with the notice provisions below, and we will provide you with notice of the suspension or termination as soon as it becomes practicable for us to do so. 

14. Our Representations and Warranties. We represent and warrant the following:

a. The Cloud Services will substantially conform to the documentation provided or made available to you by us.

b. We will devote commercially reasonable efforts to perform the Cloud Services promptly, diligently and commensurate with relevant professional standards.

c. Your use of the Cloud Services as permitted under this Agreement does not and will not infringe any third party’s rights.

15. Your Representations and Warranties. You represent and warrant that your performance of this Agreement does not conflict with any obligations or duties, express or implied, that you may have to third parties.

16. Your General Restrictions and Responsibilities.

a. You are responsible for the accuracy and completeness of Processed Medical Information and for verifying such Processed Medical Information with Patients. You shall neither rely on, nor make medical decisions on, Processed Medical Information until you have verified the accuracy and completeness of the Processed Medical Information and obtained all necessary and appropriate supplemental information. You are solely responsible for verifying the accuracy of and interpreting the Processed Medical Information, for making any medical decisions based on the Processed Medical Information, and for making or suggesting any course of medical treatment on the basis of the Processed Medical Information.

b. Your use of the Cloud Services will comply with all applicable laws, rules and regulations.

c. Your Authorized Users will be limited to your employees, independent contractors and affiliated physicians.

e. Except as otherwise expressly provided in this Agreement, you will not, and will not permit any Authorized User to: (i) provide, disclose, divulge or make available to or permit use of the Cloud Services by any third party (other than Authorized Users and Patients); (ii) copy or reproduce all or any part of the Cloud Services (except as expressly provided for herein); (iii) interfere, or attempt to interfere, with the Cloud Services in any way; (iv) distribute, market, resell, lease, transfer, license or sublicense the Cloud Services; (v) modify, change, alter, translate, create derivative works from, reverse engineer, disassemble or decompile the software that operates the Cloud Services, or discover or attempt to discover the source code of any portion of such software in any way for any reason; (vi) engage in spamming, spoofing or any other fraudulent, illegal or unauthorized use of the Cloud Services; (vii) introduce into or transmit through the Cloud Services any Virus; (viii) create any frames at any other web sites pertaining to or using any of the information provided by the Cloud Services; or (ix) engage in or allow any action involving the Cloud Services that is inconsistent with the terms and conditions of this Agreement.

17. Disclaimers

a. EXCEPT AS PROVIDED IN THE SECTIONS ENTITLED “OUR REPRESENTATIONS AND WARRANTIES” AND “OUR INFORMATION SECURITY OBLIGATIONS,” ALL GOODS AND SERVICES ARE PROVIDED “AS-IS,” AND 1MP AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD-PARTY LICENSORS, IF ANY, MAKE NO OTHER REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY REGARDING OR RELATING TO SERVICES PROVIDED TO CLIENT UNDER THIS AGREEMENT. 1MP IS NOT A HEALTH SERVICES PROVIDER AND MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO CLIENT, AUTHORIZED USERS OR PATIENTS OR OTHER USERS OF THE SERVICES REGARDING THE COMPLETENESS OR ACCURACY OF THE PROCESSED MEDICAL INFORMATION OR PATIENT MEDICAL INFORMATION AS ENTERED BY PATIENTS OR AUTHORIZED USERS, NOR ANY INTERPRETATION, MEDICAL DECISION OR COURSE OF MEDICAL TREATMENT RELATED THERETO. 

b. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT OR REQUIRED BY LAW, WE AND OUR SERVICE SUPPLIERS AND LICENSORS DISCLAIM ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. YOU ARE SOLELY RESPONSIBLE FOR THE SUITABILITY OF ALL GOODS AND SERVICES CHOSEN AND FOR DETERMINING WHETHER THEY MEET YOUR CAPACITY, PERFORMANCE AND SCALABILITY NEEDS.

c. WE AND OUR SERVICE SUPPLIERS AND LICENSORS DO NOT WARRANT THAT THE CLOUD SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, COMPLETELY SECURE, OR THAT ALL DEFECTS WILL BE CORRECTED. YOU ACKNOWLEDGE THAT WE DO NOT CONTROL OR MONITOR THE TRANSFER OF DATA OVER THE INTERNET, AND THAT INTERNET ACCESSIBILITY CARRIES WITH IT THE RISK THAT YOUR PRIVACY, DATA, CONFIDENTIAL INFORMATION OR PROPERTY MAY BE LOST OR COMPROMISED. 

d. 1MP DOES NOT WARRANT TO CLIENT THE AVAILABILITY OF THE SERVICES AT ALL TIMES AND SPECIFICALLY EXCLUDES AVAILABILITY DURING SCHEDULED DOWNTIME FOR MAINTENANCE PURPOSES, UNSCHEDULED MAINTENANCE AND SYSTEM OUTAGES, AND/OR AVAILABILITY OF THE SERVICES FOR REASONS BEYOND 1MP’S CONTROL.

e. NO SUPPORT, ADVICE OR INFORMATION RELATING TO THE CLOUD SERVICES THAT YOU OBTAIN FROM ONE MEDICAL PASSPORT OR FROM ANY THIRD PARTY, OR THAT YOU OBTAIN THROUGH THE CLOUD SERVICES, WILL CREATE ANY WARRANTY THAT IS NOT EXPRESSLY WRITTEN IN THIS AGREEMENT.

18. Limitation of Damages

a. NEITHER WE NOR ANY OF OUR EMPLOYEES, AGENTS, REPRESENTATIVES, SERVICE SUPPLIERS, OR LICENSORS WILL BE LIABLE FOR ANY PUNITIVE, INDIRECT, CONSEQUENTIAL OR SPECIAL DAMAGES, OR FOR ANY LOST PROFITS, LOST DATA, LOST BUSINESS, LOST REVENUES, DAMAGE TO GOODWILL, LOST OPPORTUNITIES OR LOSS OF ANTICIPATED SAVINGS, EVEN IF ADVISED OF THE POSSIBILITY OF SAME, AND REGARDLESS OF WHETHER THE CLAIMS ARE BASED IN CONTRACT, TORT, STRICT LIABILITY, INFRINGEMENT, OR ANY OTHER LEGAL OR EQUITABLE THEORY.

b. EXCLUDING ITS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT, EACH PARTY’S AGGREGATE LIABILITY AND THE AGGREGATE LIABILITY OF ITS EMPLOYEES, AGENTS AND REPRESENTATIVES TO THE OTHER PARTY UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, WILL NOT EXCEED THE TOTAL AMOUNT PAID OR PAYABLE TO US FOR THE CLOUD SERVICES DURING THE TWELVE-MONTH PERIOD IMMEDIATELY PRECEDING THE MONTH IN WHICH THE FIRST EVENT GIVING RISE TO THE CLAIM(S) OCCURRED.

19. Intellectual Property

a. All materials, including without limitation, the Cloud Services, web pages, web-based applications, Internet domain names, data, or information developed or provided by 1MP under this Agreement or other agreements between 1MP and Client, and any ideas, know-how, methodologies or processes conceived, developed or used to provide the Cloud Services or other deliverables or services under this Agreement between 1MP and Client, including, without limitation, all copyrights, trademarks, patents, trade secrets and any other proprietary rights related to such materials, shall be and remain the sole and exclusive property of 1MP. You may only use that software in connection with the Cloud Services as permitted under this Agreement. 

b. Each Patient owns and retains all right, title and interest in and to his or her Patient Medical Information created using the Cloud Services. Client has the right to download in electronic form and retain a copy of the Processed Medical Information. Client owns and retains all right, title and interest in the medical records it creates from the Processed Medical Information.

c. We will have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use and incorporate into the Cloud Services any suggestions, enhancement requests, recommendations or other feedback provided by you or your Authorized Users, relating to the Cloud Services.

20. Indemnification

a. We agree to indemnify, defend and hold you and your employees, agents, shareholders, officers, directors, successors and assigns harmless from and against any and all claims, damages, liabilities, costs, settlements, penalties and expenses (including attorneys’ fees, expert’s fees and settlement costs) arising out of or relating to any suit, action, proceeding, arbitration, subpoena, claim or demand brought or asserted by a third party pursuant to any theory of liability arising out of or relating to: (i) any material breach by 1MP of this Agreement; (ii) the alleged or actual infringement or misappropriation of any intellectual property right or other proprietary right by 1MP; or (iii) 1MP’s failure to use reasonable security precautions. You will provide 1MP with written notice of the existence of any basis for indemnification. If an intellectual property infringement claim is made, 1MP will, at its sole option and expense: (X) procure for Client the right to continue to use the allegedly infringing intellectual property through the Cloud Services or (Y) modify, amend or replace the allegedly infringing intellectual property so that the Cloud Services are non-infringing. If 1MP determines that neither of these options is commercially reasonable, then 1MP may terminate this Agreement and no further payment obligations shall be due from the Client therefor. THIS SECTION SETS FORTH 1MP'S ENTIRE OBLIGATION AND LIABILITY AND CLIENT'S SOLE AND EXCLUSIVE REMEDY WITH REGARD TO CLAIMS OF INFRINGEMENT.

b. You agree that 1MP does not have any responsibility for the conduct of your business or medical practice, including the medical treatment or care of your Patients. You agree that any reliance upon the Cloud Services shall not diminish your responsibility for exercising proper medical treatment and patient care. You agree to indemnify, defend and hold 1MP and its employees, agents, shareholders, officers, directors, successors and assigns harmless from and against any and all claims, damages, liabilities, costs, settlements, penalties and expenses (including attorneys’ fees, expert’s fees and settlement costs) arising out of or relating to any suit, action, proceeding, arbitration, subpoena, claim or demand brought or asserted by a third party pursuant to any theory of liability arising out of or relating to: (i) any injury resulting from the use of Patient Medical Information or Processed Medical Information; (ii) any claim that the Patient Medical Information and/or Processed Medical Information is inaccurate or incomplete; (iii) any non-compliance with Section 17 (“YOUR GENERAL RESTRICTIONS AND RESPONSIBILITIES”); (iv) claims that content or information provided by an Authorized User or a Patient infringes the privacy or intellectual property rights of a third party; (v) any breach by you of this Agreement; or (vi) your failure to use reasonable security precautions. We will provide you with written notice of the existence of any basis for indemnification. 1MP will have the right to approve any settlement but may not unreasonably withhold approval.

21. Relationship of the Parties. 1MP and Client are each independent parties. This Agreement and any transaction under it does not create any agency, joint venture, or partnership between us and you. 

22. Amendment. We may amend the Terms of Service or Privacy Policy by posting the modified version online, or emailing you a copy of the amendment document. Other than as set forth in the previous sentence, no other amendment to this Agreement will be effective unless it is in writing and signed by both parties. No waiver of any provision of this Agreement will be effective unless in writing and signed by the waiving party, and no delay or failure to exercise or enforce any right or remedy hereunder will constitute a waiver of that right or remedy. Express waiver of any right or remedy in a particular instance will not constitute a waiver of that right or remedy in any other instance, or a waiver of any other right or remedy.

23. Notices. Any written notice required or permitted to be delivered pursuant to this Agreement will be in writing and will be deemed delivered: (a) upon delivery if delivered in person; (b) three (3) business days after deposit in the United States mail, registered or certified mail, return receipt requested, postage prepaid; (c) upon transmission if sent via e-mail with a confirmation copy sent via overnight mail; and (d) one (1) business day after deposit with a national overnight courier, in each case to the respective addresses listed on the signature page of this Agreement.

24. Public Announcements. Client grants 1MP the right to use Client's name, logo, trademarks and/or trade names in 1MP brochures, presentations and financial reports indicating that Client is a client of 1MP. 1MP grants Client the right to use 1MP’s name, logo, trademarks and/or trade names in Client brochures, presentations and financial reports indicating that 1MP is a vendor of Client. All other public statements or releases shall require the mutual consent of the parties.

25. Assignment; Resale; Binding Effect. Neither party may assign this Agreement without the other party’s prior written consent; provided, however, that a party shall have the right to assign this Agreement to an affiliate or a third party in connection with a merger, sale of a controlling equity interest or sale of substantially all its assets or other transfer or disposition of its business operations. This Agreement will be binding upon and inure to the benefit of all of our and your successors and assigns.

26. Subcontracting. We may subcontract any portion of the Cloud Services to a third-party contractor, provided that we will remain fully responsible to you for the Cloud Services pursuant to this Agreement. We may collect and report information regarding your use of the Cloud Services to our subcontractors as required to provide you with the Cloud Services.

27. Governing Law; Venue; Jurisdiction; Waiver of Jury Trial. The laws of the State of Delaware, without reference to its choice of law principles, govern this Agreement and any claims arising out of or relating to this Agreement or our relationship. All disputes and controversies arising out of or relating to this Agreement or our relationship must be resolved in the state or federal courts in the county and state in which your headquarters are located, if within the United States, or otherwise in the state or federal courts in the State of Connecticut, and each of us irrevocably consents to the exclusive venue and personal jurisdiction of those courts for the resolution of such disputes and waives all objections thereto. TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO A TRIAL BY JURY IN ANY ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE PARTIES’ RELATIONSHIP. 

28. Force Majeure. Except with regard to your payment obligations, neither party shall have any liability to the other party or to third parties for any failure or delay in performing any obligation under this Agreement due to circumstances beyond its reasonable control including, without limitation, interruptions of the Cloud Services due to Internet-related and/or communications service degradation, problems or interruptions, acts of God or nature, actions of the government, fires, floods, strikes, civil disturbances or terrorism.

29. Miscellaneous. The headings in this Agreement are solely for convenience of reference and will not affect its interpretation. This Agreement does not create any third-party beneficiary rights. If any term, provision, covenant, or condition of this Agreement is held invalid or unenforceable in a valid legal proceeding, that term or provision may be modified only to the extent necessary for enforcement, that term or provision will be enforced to the maximum extent permitted by law, and the rest of this Agreement will remain in full force and effect and will in no way be affected or invalidated. This Agreement may be executed in counterparts, each of which so executed will be deemed to be an original, and such counterparts together will constitute one and the same agreement.

30. Entire Agreement. This Agreement constitutes the final and entire agreement between the parties regarding its subject matter, and it supersedes all other oral or written agreements or policies relating thereto. If there is a conflict between or among any of the parts of this Agreement, they will govern in the following order: an addendum or amendment signed by both parties, the Agreement, the Terms of Service, and the Privacy Policy. Additional or different terms in any written communication from you, including any purchase order or request for Cloud Services, are void. 

31. Survival. All terms of this Agreement that should by their nature survive termination will survive, including, Sections 5-9, 12, 16-20, 23, 25, 27, 29-31.

Last Modified on October 9, 2020

We will use commercially reasonable efforts to achieve the standards outlined in this Service Level Agreement (“SLA”). 

1. Uptime commitment.  We commit to provide 99.9% uptime with respect to the Cloud Services during each calendar quarter of the Term, excluding Scheduled Maintenance times and Force Majeure events (as defined in this Agreement).
   
2. Service credits.  If in any calendar quarter this uptime commitment is not met by 1MP and you are negatively impacted (i.e., attempted to sign into or access a Cloud Service and failed due to the unscheduled downtime), 1MP shall provide, as the sole and exclusive remedy, a service credit pro-rated to the number of unscheduled downtime hours in excess of the 0.1% allowed downtime. 
   
3. Scheduled maintenance.  We reserve the right to periodically take the Cloud Services offline for the shortest period reasonably necessary, without liability to you (i) in order to maintain (i.e., modify, upgrade, patch, or repair) our software, data centers, security devices, cables, routers, switches, hosts, computer nodes, physical servers, and other equipment that we use; or (ii) as we determine may be required by law or regulation. Scheduled Maintenance time does not count as downtime. Maintenance time is “Scheduled” if it is communicated at least twenty-four (24) hours in advance of the maintenance start time. We will endeavor to perform Scheduled Maintenance during “off peak” hours whenever possible. Scheduled Maintenance time will typically occur at night on the weekend and will never be greater than 10 hours per month.
   
4. Downtime notification.  We will provide notice of Scheduled Downtime via alerts on the user sign in screens of the Cloud Services. During the actual downtime, Authorized Users and Patients who attempt to access a Cloud Service will see a notification that it is unavailable due to maintenance, along with an estimate of when the Cloud Service will become available again.
   
5. Emergency maintenance. If an identified issue must be addressed urgently to protect the security and/or user experience with the Cloud Services, Emergency Maintenance may begin with little or no advance notification.  In the event of Emergency Maintenance, Authorized Users and Patients attempting to access a Cloud Service will see a notification that it is unavailable due to maintenance, along with an estimate of when the Cloud Service will become available again.
   
6. User support.  All Authorized Users and Patients will have access via the Cloud Services to our Passport Assist support platform, which provides self-serve support via Frequently Asked Questions and allows them to submit inquiries for more individualized support as needed.  Our Passport Care Team representatives will be available to respond to inquiries during extended business hours to cover patients in all US time zones.  Responses will typically be delivered by email, and when necessary, by return phone call.  We will endeavor to provide an initial response to all inquiries within twenty (20) minutes of submission.  Inquiries or issues requiring escalation will be routed to the relevant Customer Success Manager, Development Team, or other 1MP staff for further assistance.  For inquiries submitted outside of the extended business hours, we will endeavor to provide an initial response within the first hour of the next day. 

Last Modified on October 9, 2020

This Business Associate Addendum Agreement (“Agreement”) is an addendum to the Services Agreement and made and entered into effective as of the effective date of the Services Agreement (the “Effective Date”) and is by and between you (“Covered Entity”) and One Medical Passport, Inc., a Delaware corporation (“Business Associate”). 

YOU REPRESENT AND WARRANT THAT: (I) YOU HAVE FULL LEGAL AUTHORITY TO ENTER INTO THIS AGREEMENT, (II) YOU HAVE READ AND UNDERSTAND THIS AGREEMENT, AND (III) YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE LEGAL AUTHORITY TO ENTER INTO OR DO NOT AGREE TO THESE TERMS, DO NOT ACCEPT THE TERMS OF THIS AGREEMENT. 

RECITALS 

WHEREAS, Subtitle F of the Health Insurance Portability and Accountability Act of 1996, Public Law No. 104-191, as amended by the American Recovery and Reinvestment Act of 2009, Public Law No. 111-005, Part I, Title XIII, Subpart D, Sections 13401-13409, (the “HITECH Act”), (collectively, “HIPAA”) provides that Covered Entity comply with standards to protect the security, confidentiality and integrity of health information; and 

WHEREAS, the Department of Health and Human Services has issued regulations under HIPAA (the “HIPAA Regulations”), including the Standards for Privacy of Individually Identifiable Health Information, 45 CFR Parts 160 and 164, sub-parts A and E, as amended by the HITECH Act (the “Privacy Rule”) and the Standards for Security of Electronic Protected Health Information, 45 CFR Parts 160, 162 and 164, as amended by the HITECH Act (the “Security Rule”) (collectively, the “Privacy and Security Rules”); and 

WHEREAS, Sections 164.502(e) and 164.504(e) of the Privacy and Security Rules set forth standards and requirements for Covered Entity to enter into written agreements with certain business associates that will have access to Covered Entity's Protected Health Information (as defined below); and 

WHEREAS, Business Associate will provide services to Covered Entity pursuant to an agreement by and between the parties (“Services Agreement”). 

NOW THEREFORE, in consideration of the mutual promises below, the parties agree as follows: 

 1. DEFINITIONS 
a. “Breach” shall have the meaning given to such term in 45 CFR Section 164.402. 
b. “Designated Record Set” shall have the meaning given to such term under the Privacy Rule at 45 CFR Section 164.501. 
“Electronic Protected Health Information” or “Electronic PHI” shall mean Protected Health Information which is transmitted by or maintained in Electronic Media (as defined in the Privacy and Security Rules), and for purposes of this Agreement, shall be limited to the information Business Associate received from or created, maintained, transmitted or received on behalf of Covered Entity. 
d. “Individual” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103. 
e. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103, limited to the information maintained, created or received by Business Associate from or on behalf of Covered Entity.  “Protected Health Information” includes, without limitation, “Electronic Protected Health Information”. 
f. “Required by Law” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103. 
g. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee. 
h. “Security Incident” shall have the meaning given to such term under the Security Rule at 45 CFR Section 164.304.

2. PERMITTED USES AND DISCLOSURES OF PHI 

Business Associate agrees not to use or further disclose PHI received or created by Business Associate (or its agents and subcontractors) other than as permitted or required by this Agreement or as otherwise Required By Law.  In connection with the foregoing and except as otherwise limited in this Agreement, Business Associate may: 

a. use or disclose PHI received or created by Business Associate to perform functions, activities or services for, or on behalf of, Covered Entity, provided that such use or disclosure would not violate the Privacy and Security Rules if done by Covered Entity; 

b. use PHI received or created by Business Associate for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate; and 

c. disclose PHI received or created by Business Associate for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided (i) the disclosure is Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and that the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 

3. RESPONSIBILITIES OF BUSINESS ASSOCIATE 
a. Appropriate Safeguards.  Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement.  Business Associate shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI, as required by the Security Rule.

b. Reporting of Improper Use or Disclosure.  Business Associate shall report to Covered Entity, as soon as reasonably practicable, any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of Unsecured Protected Health Information (as defined in the Privacy and Security Rules).  Knowledge of any improper use or disclosure by an agent or subcontractor of Business Associate shall not be imputed to Business Associate unless and until such agent or subcontractor shall have reported such improper use or disclosure to the Business Associate representative responsible for the Covered Entity engagement.  With respect to Electronic PHI, Business Associate shall, as soon as reasonably practicable, report to Covered Entity any Security Incident.  The parties acknowledge and agree that this Section 3.b. constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined herein) for which no additional notice to Covered Entity shall be required.  “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

c. Business Associate’s Agents.  Business Associate shall ensure that any agent, including a subcontractor, to whom it provides any PHI received from Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such PHI. 

d. Access to PHI.  To the extent that Business Associate maintains PHI in a Designated Record Set, and to the extent that Business Associate maintains the key or has the ability to decrypt the PHI in a Designated Record Set, Business Associate shall make such information available to the Covered Entity, and in the time and manner reasonably designated by Covered Entity, to Covered Entity in order to meet the requirements under 45 CFR Section 164.524. 

e. Amendment of PHI.  To the extent that Business Associate maintains PHI in a Designated Record Set, and to the extent that Business Associate maintains the key or has the ability to decrypt the PHI in a Designated Record Set, Business Associate shall make functionality available to the Covered Entity to allow the Covered Entity to make any amendment(s) to such information pursuant to 45 CFR Section 164.526. 

f. Documentation of Disclosures.  Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. 

g. Accounting of Disclosures.  Business Associate agrees to provide to Covered Entity, in the reasonable time and manner designated by Covered Entity, information collected in accordance with Section 4(f) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. 

h. Governmental Access to Records.  Business Associate shall make its internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the Privacy and Security Rules. 

4. RESPONSIBILITIES OF COVERED ENTITY 

In addition to any other obligations set forth in this Agreement, Covered Entity shall: 

 a. identify which of the records it furnishes to Business Associate it considers to be PHI for purposes of this Agreement; 

b. provide to Business Associate only the minimum PHI necessary to accomplish the services under the Services Agreement; 

c. implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI, as required by the Security Rule; 

d. notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI; 

e. notify Business Associate of any restrictions to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, to the extent that such restrictions may affect Business Associate’s use or disclosure of PHI; and 

f. obtain any consent or authorization that may be required by applicable or federal or state laws and regulations prior to furnishing PHI to Business Associate. 

5. TERM AND TERMINATION 

a. Term.  This Agreement will commence on the Effective Date and will terminate upon expiration or termination of all contracts, agreements or arrangements governing the services provided by Business Associate to which this Agreement applies, unless terminated earlier by written notice by either Party. 

b. Termination for Cause.  Upon Covered Entity’s knowledge of a material breach by Business Associate of this Agreement, Covered Entity shall either (i) provide an opportunity for Business Associate to cure the breach or end the violation within the time specified by Covered Entity, or (ii) immediately terminate this Agreement if cure is not possible. 

c. Effect of Termination. 
i. Except as provided in paragraph (ii) of this Section 5(c), upon termination of this Agreement for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, and shall retain no copies of the PHI. 
ii. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible.  If Business Associate determines that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. 

6. REGULATORY REFERENCES 

A reference in this Agreement to a section in the Privacy and Security Rules means the section as in effect or as amended, and for which compliance is required. 

The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy and Security Rules and HIPAA. 

 8. NO AGENCY RELATIONSHIP 

The parties agree that each individual party shall maintain its own independent HIPAA and HITECH Act compliance obligations.  The parties will be providing their services as separate legal entities and independent contractors.  The parties expressly agree that no agency relationship is created by this Agreement with regard to the individual parties’ HIPAA obligations.  Each party certifies that (1) Covered Entity shall not have the right or authority to control Business Associate’s conduct in the performance of services or in the performance of HIPAA obligations; (2) Covered Entity shall not have the authority to direct the daily performance of services by Business Associate; and (3) Covered Entity shall not have the right to give interim instruction to Business Associate regarding the performance of services. 

9. SURVIVAL 

The respective rights and obligations of Business Associate under Section 5(c) of this Agreement shall survive the termination of this Agreement. 

 10. NO THIRD PARTY BENEFICIARIES 

Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 

 11. INTERPRETATION AND GOVERNANCE 

Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy and Security Rules. This Agreement shall be governed by and subject to the terms and conditions of the Services Agreement. In the event of any conflict or inconsistency between this Agreement and the Services Agreement, the Services Agreement shall govern. 

Last Modified on October 9, 2020

One Medical Passport (“1MP”) is the developer and owner of a proprietary Internet-based service that, among other functions, collects, processes, formats, stores and distributes patient medical information, scheduling information, and quality assurance information ("Service"). THE SERVICE THAT 1MP PROVIDES TO YOU IS SUBJECT TO THE FOLLOWING TERMS OF USE. PLEASE READ THE FOLLOWING INFORMATION CAREFULLY. IN COMPLIANCE WITH THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT, YOU MUST BE EIGHTEEN (18) YEARS OF AGE OR OLDER TO SUBMIT PERSONAL MEDICAL DATA AND INFORMATION. IN UTILIZING THIS SERVICE, YOU REPRESENT THAT YOU ARE OVER EIGHTEEN (18) YEARS OF AGE. BY CLICKING ON THE "I ACCEPT" BUTTON BELOW, YOU ACKNOWLEDGE THAT YOU UNDERSTAND AND ACCEPT THE FOLLOWING TERMS OF USE. IF YOU DO NOT ACCEPT THESE TERMS OF USE, YOU MAY NOT ACCESS THIS SITE OR UTILIZE ANY OF THE SERVICES PROVIDED ON OR THROUGH THIS SITE.

GENERAL

Access and Use of Service by Patient. 1MP shall provide to you the non-exclusive right to access the Service through 1MP's website. The Service will process medical data you input ("Processed Data"), for the limited purpose of maintenance and storage of your medical records. "Patient(s)" shall mean individuals like yourself and/or the legal guardians thereof, who utilize the Service; and the term "Patient Medical Data" shall mean your medical data and information as entered into the Service pursuant to the terms and conditions provided herein and which, upon authorization, will be shared with other healthcare providers.

 Information and Instructions to be Provided to the Patients. Information and instructions for inputting your Patient Medical Data into the Service are set forth on the website and are in addition to those instructions already provided to you.

 Limitations of Service. You are solely responsible for all equipment, software and connections to the Internet required to gain access to 1MP's website.

 Verification of Accuracy and Completeness of Patient Medical Data. The Service provides functionality that permits you to verify the accuracy and completeness of your Patient Medical Data. You shall be responsible for the accuracy and completeness of your inputted Patient Medical Data and Processed Data. 1MP is not responsible for the accuracy and completeness of all Processed Data, and for verifying such Processed Data with you.

SECURITY AND DATA RIGHTS

 Integrity and Confidentiality of Patient Medical Data and Processed Data. 1MP shall deploy commercially reasonable and available security measures to protect the integrity and confidentiality of your Patient Medical Data and Processed Data.

Security. You ensure that you will: (a) be responsible for the security and/or use of your user id and password; (b) not permit any other person or entity to use your user id and password; and (c) access and use the Service in accordance with these Terms of Use and all applicable local, state, and federal laws and regulations. You shall also be responsible for: (d) your obligations under these Terms of Use and the restrictions set forth in these Terms of Use; and (e) your use of the Service. 1MP reserves the right to deny or revoke access to the Service, in whole or in part, if 1MP reasonably believes that you are in breach of these Terms of Use or are otherwise using or accessing the Service inconsistent with the Terms of Use.

 Ownership and Use of Patient Medical Data. You own and retain all right, title and interest in and to all of your Patient Medical Data and 1MP shall obtain no other interest whatsoever in such Patient Medical Data, except as otherwise expressly provided herein and in the Privacy Policy. Provided that 1MP obtains prior authorization in writing or electronic form, and in compliance with applicable law, including the Health Insurance Portability and Accountability Act of 1996 and all regulations pertaining thereto (collectively, "HIPAA"), from you, 1MP may use your Patient Medical Data or Processed Data in connection with, or disclose your Patient Medical Data or Processed Data to, other 1MP clients.

PROPRIETARY RIGHTS

 1MP Materials. All materials, including without limitation, the Service, any computer software, web pages, web-based applications, Internet domain names, data or information developed or provided by 1MP, and any ideas, know-how, methodologies, equipment or processes conceived, developed or used to provide the Service or other deliverables or services including, without limitation, all copyrights, trademarks, patents, trade secrets and any other proprietary rights related to such materials (collectively, "1MP Materials") shall be and remain the sole and exclusive property of 1MP.

 General Restrictions. Commercial use of this Service is prohibited. Except as otherwise provided in these Terms of Use, you shall not: (a) provide, disclose, divulge or make available to or permit use of the Service by any third party; (b) copy or reproduce all or any part of the Service (except as expressly provided for herein); (c) interfere, or attempt to interfere, with the Service in any way; (d) distribute, market, sell, lease, transfer, license or sublicense the Service; (e) modify, change, alter, translate, create derivative works from, reverse engineer, disassemble or decompile the Service, or discover or attempt to discover the source code of all or any portion of the Service in any way for any reason; (f) engage in spamming, mailbombing, spoofing or any other fraudulent, illegal or unauthorized use of the Service or 1MP's systems; (g) introduce into or transmit through the Service any virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design; (h) attempt to provide or create a link to the Service, except as authorized by 1MP; (i) create any frames at any other web sites pertaining to or using any of the information provided by the Service; or (j) engage in or allow any action involving the Service that is inconsistent with these Terms of Use.

FEES

 Fees. Use of the Service is at no charge.

TERM AND TERMINATION

 Term. These Terms of Use will commence as soon as you access and use the service and continue for the duration of your access and use. 1MP shall have the right to terminate your access to all or part of this site at any time, with or without notice.

WARRANTIES

 Patient’s Warranties. You represent and warrant to 1MP that you have the capacity to understand and accept these terms. Furthermore, you represent and warrant that you are not accessing the service under misrepresentation or false identification. If you are inputting Patient Medical Data on behalf of another, you warrant and represent that you have the right to be binding to that other person.

 DISCLAIMER. 1MP AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD PARTY LICENSORS, IF ANY, MAKE NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY REGARDING OR RELATING TO THE SERVICE PROVIDED TO YOU UNDER THIS AGREEMENT, AND WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, 1MP SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. THE SERVICE IS PROVIDED "AS IS, AND WITH ALL FAULTS." 1MP DOES NOT GUARANTEE THAT YOUR ACCESS TO THE SERVICE PROVIDED UNDER THIS AGREEMENT WILL BE UNINTERRUPTED, ERROR FREE OR SECURE. 1MP IS NOT A HEALTH SERVICES PROVIDER AND MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO YOU OF THE SERVICE REGARDING THE COMPLETENESS OR ACCURACY OF THE PATIENT MEDICAL DATA YOU ENTER OR PROCESSED DATA, NOR ANY INTERPRETATION, MEDICAL DECISION OR COURSE OF MEDICAL TREATMENT RELATED THERETO. FURTHER, 1MP DOES NOT WARRANT TO YOU THE AVAILABILITY OF THE SERVICE AT ALL TIMES AND SPECIFICALLY EXCLUDES AVAILABILITY DURING SCHEDULED DOWNTIME FOR MAINTENANCE PURPOSES, UNSCHEDULED MAINTENANCE AND SYSTEM OUTAGES, AND/OR AVAILABILITY OF THE SERVICE FOR REASONS BEYOND 1MP’S CONTROL.

LIMITATION OF LIABILITY

 1MP AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD PARTY LICENSORS SHALL NOT BE LIABLE FOR ANY LOSS OF USE, BUSINESS INTERRUPTION, LOSS OF OR DAMAGE TO YOUR PATIENT MEDICAL DATA, COST OF COVER, DIRECT, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE FURNISHING, PERFORMANCE OR USE OF THE SERVICE UNDER THESE TERMS OF USE, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORT, INCLUDING NEGLIGENCE, EVEN IF 1MP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, 1MP WILL NOT BE LIABLE FOR ANY DAMAGES CAUSED BY ANY DELAY IN DELIVERY OR FURNISHING ACCESS TO THE SERVICE UNDER THESE TERMS OF USE. SINCE THE SERVICE IS PROVIDED TO YOU AT NO CHARGE, 1MP SHALL NOT BE LIABLE UNDER THESE TERMS OF USE FOR ANY DAMAGES OF ANY KIND.

INDEMNIFICATION

 Patient. 1MP does not have any responsibility for your medical treatment or care. You shall indemnify, defend and hold harmless 1MP, its directors, officers, employees, agents, successors and assigns and defend any action brought against same with respect to any claim, demand, cause of action, debt or liability, including reasonable attorneys' fees, arising out of or relating to: (a) any injury resulting from the use of your Patient Medical Data or Processed Data; (b) any claim that your Patient Medical Data and/or Processed Data is inaccurate or incomplete; (c) any non-compliance with the terms of the Verification of Accuracy and Completeness of Patient Medical Data; (d) claims that content or information provided by you infringes the intellectual property rights of a third party; or (e) any breach of these Terms of Use by you.

PRIVACY AND CONFIDENTIALTY

 One Medical Passport Privacy Policy. 1MP’s Privacy Policy is provided at the One Medical Passport website. By agreeing to these Terms of Use, you acknowledge that you have had prior access and agree to the terms of the Privacy Policy. You further acknowledge and agree that the terms of the Privacy Policy may be updated by 1MP from time to time, and that such updated Privacy Policy terms shall be incorporated into these Terms of Use.

 Privacy Terms. 1MP acknowledges that in carrying out its obligations under these Terms of Use, 1MP and its subcontractors, employees, affiliates, agents, or representatives may have access to your medical records and health information. 1MP will take all reasonable precautions necessary to safeguard the confidentiality of your Patient Medical Data and Processed Data, which will in no event be less than a reasonable degree of care. 1MP agrees to use reasonable efforts to comply with any local, state or federal law and regulations governing the privacy and confidentiality of the content of your Patient Medical Data and/or Processed Data including, without limitation, HIPAA.

MISCELLANEOUS

 Waiver and Severability. Any waiver or modification of these Terms of Use will not be effective unless executed in writing and signed by you and 1MP. The failure of either party to enforce, or the delay by either party in enforcing, any of its rights under these Terms of Use will not be deemed to be a waiver or modification by such party of any of its rights under this Agreement. If any provision of these Terms of Use is held to be unenforceable, in whole or in part, such holding will not affect the validity of the other provisions of the Terms of Use.

 Governing Law; Jurisdiction. These Terms of Use will be interpreted and construed in accordance with the laws of the Commonwealth of Massachusetts, without regard to conflict of law principles. All disputes arising out of these Terms of Use shall be brought only in the district and federal courts located in Norfolk County, Massachusetts. EACH

 PARTY CONSENTS TO THE EXCLUSIVE PERSONAL JURISDICTION AND VENUE OF THE COURTS, STATE AND FEDERAL, LOCATED IN NORFOLK COUNTY, MASSACHUSETTS.